Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? (https://www.trojaner-board.de/118413-gvu-bka-trojaner-weiss-wirklich-weg.html)

dobaliner 16.07.2012 19:31
hier das Ergebnis, ganz sauber scheints noch nicht zu sein?

Code:
14:43:52.0056 7316        TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
14:43:52.0196 7316        ============================================================
14:43:52.0196 7316        Current date / time: 2012/07/16 14:43:52.0196
14:43:52.0196 7316        SystemInfo:
14:43:52.0196 7316       
14:43:52.0196 7316        OS Version: 6.1.7600 ServicePack: 0.0
14:43:52.0196 7316        Product type: Workstation
14:43:52.0196 7316        ComputerName: xxxxxxxxx-PC
14:43:52.0196 7316        UserName: xxxx xxxxx
14:43:52.0196 7316        Windows directory: C:\Windows
14:43:52.0196 7316        System windows directory: C:\Windows
14:43:52.0196 7316        Running under WOW64
14:43:52.0196 7316        Processor architecture: Intel x64
14:43:52.0196 7316        Number of processors: 4
14:43:52.0196 7316        Page size: 0x1000
14:43:52.0196 7316        Boot type: Normal boot
14:43:52.0196 7316        ============================================================
14:43:52.0566 7316        Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:43:52.0576 7316        ============================================================
14:43:52.0576 7316        \Device\Harddisk0\DR0:
14:43:52.0576 7316        MBR partitions:
14:43:52.0576 7316        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F40800, BlocksNum 0x32000
14:43:52.0576 7316        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F72800, BlocksNum 0x2AA86800
14:43:52.0576 7316        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2C9F9000, BlocksNum 0x2AB4C800
14:43:52.0576 7316        ============================================================
14:43:52.0606 7316        C: <-> \Device\Harddisk0\DR0\Partition1
14:43:52.0736 7316        D: <-> \Device\Harddisk0\DR0\Partition2
14:43:52.0736 7316        ============================================================
14:43:52.0736 7316        Initialize success
14:43:52.0736 7316        ============================================================
14:44:28.0141 9656        ============================================================
14:44:28.0141 9656        Scan started
14:44:28.0141 9656        Mode: Manual; SigCheck; TDLFS;
14:44:28.0141 9656        ============================================================
14:44:29.0389 9656        1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
14:44:29.0452 9656        1394ohci - ok
14:44:29.0483 9656        ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
14:44:29.0499 9656        ACPI - ok
14:44:29.0530 9656        AcpiPmi        (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
14:44:29.0577 9656        AcpiPmi - ok
14:44:29.0670 9656        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:44:29.0670 9656        AdobeARMservice - ok
14:44:29.0795 9656        AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:44:29.0795 9656        AdobeFlashPlayerUpdateSvc - ok
14:44:29.0873 9656        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:44:29.0904 9656        adp94xx - ok
14:44:29.0951 9656        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:44:29.0967 9656        adpahci - ok
14:44:30.0013 9656        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:44:30.0029 9656        adpu320 - ok
14:44:30.0060 9656        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:44:30.0201 9656        AeLookupSvc - ok
14:44:30.0263 9656        AFD            (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
14:44:30.0310 9656        AFD - ok
14:44:30.0372 9656        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
14:44:30.0388 9656        agp440 - ok
14:44:30.0435 9656        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:44:30.0466 9656        ALG - ok
14:44:30.0513 9656        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
14:44:30.0528 9656        aliide - ok
14:44:30.0575 9656        AMD External Events Utility (893d2125996bb8b92054d743d75fdc09) C:\Windows\system32\atiesrxx.exe
14:44:30.0637 9656        AMD External Events Utility - ok
14:44:30.0684 9656        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
14:44:30.0684 9656        amdide - ok
14:44:30.0731 9656        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:44:30.0762 9656        AmdK8 - ok
14:44:31.0246 9656        amdkmdag        (6aa57c2c6b586cac8910a142928a79c7) C:\Windows\system32\DRIVERS\atikmdag.sys
14:44:31.0417 9656        amdkmdag - ok
14:44:31.0558 9656        amdkmdap        (2705b5af991eff9396109fbe63635fc9) C:\Windows\system32\DRIVERS\atikmpag.sys
14:44:31.0589 9656        amdkmdap - ok
14:44:31.0620 9656        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:44:31.0651 9656        AmdPPM - ok
14:44:31.0698 9656        amdsata        (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
14:44:31.0698 9656        amdsata - ok
14:44:31.0729 9656        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:44:31.0745 9656        amdsbs - ok
14:44:31.0776 9656        amdxata        (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
14:44:31.0776 9656        amdxata - ok
14:44:31.0901 9656        AntiVirFirewallService (6acc11e9d2f01c88251123d26c1c5489) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
14:44:31.0932 9656        AntiVirFirewallService - ok
14:44:31.0995 9656        AntiVirMailService (b7fa28aefa586fb5a04876c7b31d03e6) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
14:44:32.0010 9656        AntiVirMailService - ok
14:44:32.0073 9656        AntiVirSchedulerService (2e35310d600f4cc64624786a813a041e) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:44:32.0073 9656        AntiVirSchedulerService - ok
14:44:32.0119 9656        AntiVirService  (984102b9e2f6513008ed4e0c5ac4151d) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:44:32.0135 9656        AntiVirService - ok
14:44:32.0213 9656        AntiVirWebService (9bc7247fd7379307bcff92cf8eb64b87) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
14:44:32.0229 9656        AntiVirWebService - ok
14:44:32.0353 9656        AppID          (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
14:44:32.0385 9656        AppID - ok
14:44:32.0416 9656        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:44:32.0478 9656        AppIDSvc - ok
14:44:32.0525 9656        Appinfo        (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
14:44:32.0556 9656        Appinfo - ok
14:44:32.0603 9656        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:44:32.0619 9656        arc - ok
14:44:32.0634 9656        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:44:32.0650 9656        arcsas - ok
14:44:32.0681 9656        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:44:32.0728 9656        AsyncMac - ok
14:44:32.0775 9656        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
14:44:32.0790 9656        atapi - ok
14:44:32.0837 9656        AthBTPort      (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
14:44:32.0837 9656        AthBTPort - ok
14:44:32.0899 9656        AtherosSvc      (147d5c092d116e3e4768d7be532add79) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
14:44:32.0899 9656        AtherosSvc - ok
14:44:33.0040 9656        athr            (931884f5f2d7e6973366782690bf1754) C:\Windows\system32\DRIVERS\athrx.sys
14:44:33.0087 9656        athr - ok
14:44:33.0258 9656        AtiHdmiService  (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
14:44:33.0336 9656        AtiHdmiService - ok
14:44:33.0399 9656        AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
14:44:33.0461 9656        AudioEndpointBuilder - ok
14:44:33.0461 9656        AudioSrv        (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
14:44:33.0508 9656        AudioSrv - ok
14:44:33.0539 9656        avfwim          (f3a3859d006783a0e0d40e227e52c35c) C:\Windows\system32\DRIVERS\avfwim.sys
14:44:33.0555 9656        avfwim - ok
14:44:33.0617 9656        avfwot          (bc06315a7bdbcad0c7719d1c1306a4db) C:\Windows\system32\DRIVERS\avfwot.sys
14:44:33.0633 9656        avfwot - ok
14:44:33.0679 9656        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
14:44:33.0695 9656        avgntflt - ok
14:44:33.0742 9656        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
14:44:33.0742 9656        avipbb - ok
14:44:33.0773 9656        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
14:44:33.0789 9656        avkmgr - ok
14:44:33.0835 9656        AxInstSV        (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
14:44:33.0882 9656        AxInstSV - ok
14:44:33.0945 9656        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:44:33.0976 9656        b06bdrv - ok
14:44:33.0991 9656        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:44:34.0023 9656        b57nd60a - ok
14:44:34.0101 9656        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:44:34.0116 9656        BDESVC - ok
14:44:34.0147 9656        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:44:34.0194 9656        Beep - ok
14:44:34.0272 9656        BFE            (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
14:44:34.0319 9656        BFE - ok
14:44:34.0381 9656        BITS            (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
14:44:34.0444 9656        BITS - ok
14:44:34.0522 9656        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:44:34.0569 9656        blbdrive - ok
14:44:34.0615 9656        bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
14:44:34.0662 9656        bowser - ok
14:44:34.0693 9656        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:44:34.0725 9656        BrFiltLo - ok
14:44:34.0740 9656        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:44:34.0756 9656        BrFiltUp - ok
14:44:34.0787 9656        Browser        (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
14:44:34.0834 9656        Browser - ok
14:44:34.0881 9656        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:44:34.0896 9656        Brserid - ok
14:44:34.0912 9656        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:44:34.0927 9656        BrSerWdm - ok
14:44:34.0974 9656        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:44:35.0005 9656        BrUsbMdm - ok
14:44:35.0021 9656        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:44:35.0052 9656        BrUsbSer - ok
14:44:35.0099 9656        BTATH_A2DP      (2ecf188c1d4246efc6419f118f7b8ec6) C:\Windows\system32\drivers\btath_a2dp.sys
14:44:35.0115 9656        BTATH_A2DP - ok
14:44:35.0130 9656        BTATH_BUS      (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
14:44:35.0146 9656        BTATH_BUS - ok
14:44:35.0161 9656        BTATH_HCRP      (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
14:44:35.0177 9656        BTATH_HCRP - ok
14:44:35.0208 9656        BTATH_LWFLT    (701c4fd9e8f2315bb1732e24093e7e8b) C:\Windows\system32\DRIVERS\btath_lwflt.sys
14:44:35.0208 9656        BTATH_LWFLT - ok
14:44:35.0224 9656        BTATH_RCP      (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
14:44:35.0239 9656        BTATH_RCP - ok
14:44:35.0271 9656        BtFilter        (6e7427156de0f0601dc0df42caff971d) C:\Windows\system32\DRIVERS\btfilter.sys
14:44:35.0286 9656        BtFilter - ok
14:44:35.0317 9656        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
14:44:35.0333 9656        BthEnum - ok
14:44:35.0380 9656        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:44:35.0411 9656        BTHMODEM - ok
14:44:35.0442 9656        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:44:35.0473 9656        BthPan - ok
14:44:35.0520 9656        BTHPORT        (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
14:44:35.0551 9656        BTHPORT - ok
14:44:35.0598 9656        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:44:35.0645 9656        bthserv - ok
14:44:35.0676 9656        BTHUSB          (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
14:44:35.0707 9656        BTHUSB - ok
14:44:35.0739 9656        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:44:35.0785 9656        cdfs - ok
14:44:35.0832 9656        cdrom          (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
14:44:35.0895 9656        cdrom - ok
14:44:35.0941 9656        CertPropSvc    (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
14:44:35.0988 9656        CertPropSvc - ok
14:44:36.0035 9656        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:44:36.0066 9656        circlass - ok
14:44:36.0097 9656        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:44:36.0113 9656        CLFS - ok
14:44:36.0191 9656        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:44:36.0191 9656        clr_optimization_v2.0.50727_32 - ok
14:44:36.0253 9656        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:44:36.0253 9656        clr_optimization_v2.0.50727_64 - ok
14:44:36.0347 9656        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:44:36.0363 9656        clr_optimization_v4.0.30319_32 - ok
14:44:36.0409 9656        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:44:36.0425 9656        clr_optimization_v4.0.30319_64 - ok
14:44:36.0456 9656        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:44:36.0472 9656        CmBatt - ok
14:44:36.0503 9656        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
14:44:36.0503 9656        cmdide - ok
14:44:36.0581 9656        CNG            (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
14:44:36.0628 9656        CNG - ok
14:44:36.0643 9656        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:44:36.0659 9656        Compbatt - ok
14:44:36.0690 9656        CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:44:36.0721 9656        CompositeBus - ok
14:44:36.0737 9656        COMSysApp - ok
14:44:36.0753 9656        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:44:36.0753 9656        crcdisk - ok
14:44:36.0799 9656        CryptSvc        (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
14:44:36.0862 9656        CryptSvc - ok
14:44:36.0909 9656        DcomLaunch      (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
14:44:36.0955 9656        DcomLaunch - ok
14:44:36.0987 9656        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:44:37.0049 9656        defragsvc - ok
14:44:37.0096 9656        DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
14:44:37.0127 9656        DfsC - ok
14:44:37.0158 9656        Dhcp            (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
14:44:37.0236 9656        Dhcp - ok
14:44:37.0283 9656        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:44:37.0330 9656        discache - ok
14:44:37.0361 9656        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:44:37.0377 9656        Disk - ok
14:44:37.0408 9656        Dnscache        (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
14:44:37.0423 9656        Dnscache - ok
14:44:37.0470 9656        dot3svc        (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
14:44:37.0533 9656        dot3svc - ok
14:44:37.0548 9656        DPS            (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
14:44:37.0595 9656        DPS - ok
14:44:37.0626 9656        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:44:37.0642 9656        drmkaud - ok
14:44:37.0735 9656        DsiWMIService  (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
14:44:37.0751 9656        DsiWMIService - ok
14:44:37.0813 9656        DXGKrnl        (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys
14:44:37.0845 9656        DXGKrnl - ok
14:44:37.0891 9656        E1G60          (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
14:44:37.0923 9656        E1G60 - ok
14:44:37.0969 9656        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:44:38.0016 9656        EapHost - ok
14:44:38.0141 9656        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:44:38.0266 9656        ebdrv - ok
14:44:38.0359 9656        EFS            (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
14:44:38.0391 9656        EFS - ok
14:44:38.0453 9656        ehRecvr        (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
14:44:38.0484 9656        ehRecvr - ok
14:44:38.0515 9656        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:44:38.0531 9656        ehSched - ok
14:44:38.0625 9656        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:44:38.0640 9656        elxstor - ok
14:44:38.0734 9656        ePowerSvc      (eb78fbd1c3db8223eeb364d485627ef1) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
14:44:38.0765 9656        ePowerSvc - ok
14:44:38.0859 9656        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
14:44:38.0890 9656        ErrDev - ok
14:44:38.0937 9656        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:44:38.0983 9656        EventSystem - ok
14:44:39.0030 9656        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:44:39.0077 9656        exfat - ok
14:44:39.0108 9656        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:44:39.0155 9656        fastfat - ok
14:44:39.0217 9656        Fax            (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
14:44:39.0264 9656        Fax - ok
14:44:39.0264 9656        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:44:39.0295 9656        fdc - ok
14:44:39.0342 9656        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:44:39.0373 9656        fdPHost - ok
14:44:39.0389 9656        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:44:39.0420 9656        FDResPub - ok
14:44:39.0451 9656        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:44:39.0451 9656        FileInfo - ok
14:44:39.0467 9656        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:44:39.0514 9656        Filetrace - ok
14:44:39.0529 9656        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:44:39.0545 9656        flpydisk - ok
14:44:39.0561 9656        FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
14:44:39.0576 9656        FltMgr - ok
14:44:39.0623 9656        FontCache      (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
14:44:39.0670 9656        FontCache - ok
14:44:39.0779 9656        FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:44:39.0795 9656        FontCache3.0.0.0 - ok
14:44:39.0841 9656        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:44:39.0857 9656        FsDepends - ok
14:44:39.0904 9656        Fs_Rec          (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
14:44:39.0904 9656        Fs_Rec - ok
14:44:39.0951 9656        fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:44:39.0966 9656        fvevol - ok
14:44:40.0013 9656        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:44:40.0029 9656        gagp30kx - ok
14:44:40.0091 9656        gpsvc          (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
14:44:40.0138 9656        gpsvc - ok
14:44:40.0231 9656        GREGService    (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
14:44:40.0231 9656        GREGService - ok
14:44:40.0278 9656        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:44:40.0294 9656        hcw85cir - ok
14:44:40.0356 9656        HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
14:44:40.0403 9656        HdAudAddService - ok
14:44:40.0419 9656        HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:44:40.0450 9656        HDAudBus - ok
14:44:40.0481 9656        HECIx64        (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:44:40.0481 9656        HECIx64 - ok
14:44:40.0512 9656        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:44:40.0528 9656        HidBatt - ok
14:44:40.0543 9656        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:44:40.0575 9656        HidBth - ok
14:44:40.0590 9656        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:44:40.0606 9656        HidIr - ok
14:44:40.0637 9656        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:44:40.0684 9656        hidserv - ok
14:44:40.0715 9656        HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
14:44:40.0746 9656        HidUsb - ok
14:44:40.0777 9656        hkmsvc          (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
14:44:40.0824 9656        hkmsvc - ok
14:44:40.0855 9656        HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
14:44:40.0887 9656        HomeGroupListener - ok
14:44:40.0918 9656        HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
14:44:40.0933 9656        HomeGroupProvider - ok
14:44:40.0965 9656        HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
14:44:40.0980 9656        HpSAMD - ok
14:44:41.0027 9656        HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
14:44:41.0074 9656        HTTP - ok
14:44:41.0136 9656        hwdatacard      (cdaa8e257bb625b2387219e605dde37d) C:\Windows\system32\DRIVERS\ewusbmdm.sys
14:44:41.0152 9656        hwdatacard - ok
14:44:41.0183 9656        hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
14:44:41.0183 9656        hwpolicy - ok
14:44:41.0214 9656        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:44:41.0230 9656        i8042prt - ok
14:44:41.0277 9656        iaStor          (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
14:44:41.0292 9656        iaStor - ok
14:44:41.0386 9656        IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
14:44:41.0386 9656        IAStorDataMgrSvc - ok
14:44:41.0464 9656        iaStorV        (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
14:44:41.0479 9656        iaStorV - ok
14:44:41.0511 9656        IDMWFP          (a31673b073652f56571acae61c3c25e2) C:\Windows\system32\DRIVERS\idmwfp.sys
14:44:41.0526 9656        IDMWFP - ok
14:44:41.0651 9656        idsvc          (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:44:41.0682 9656        idsvc - ok
14:44:41.0713 9656        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:44:41.0729 9656        iirsp - ok
14:44:41.0791 9656        IKEEXT          (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
14:44:41.0838 9656        IKEEXT - ok
14:44:41.0901 9656        Impcd          (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys
14:44:41.0932 9656        Impcd - ok
14:44:42.0072 9656        IntcAzAudAddService (cb5fd9b681ad43b560490b5283ddc1c1) C:\Windows\system32\drivers\RTKVHD64.sys
14:44:42.0119 9656        IntcAzAudAddService - ok
14:44:42.0244 9656        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
14:44:42.0244 9656        intelide - ok
14:44:42.0681 9656        intelkmd        (b744e1375cd1db3eb7b89781b8c93d9f) C:\Windows\system32\DRIVERS\igdpmd64.sys
14:44:42.0899 9656        intelkmd - ok
14:44:43.0008 9656        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:44:43.0024 9656        intelppm - ok
14:44:43.0071 9656        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:44:43.0133 9656        IPBusEnum - ok
14:44:43.0149 9656        IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:44:43.0195 9656        IpFilterDriver - ok
14:44:43.0242 9656        iphlpsvc        (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
14:44:43.0289 9656        iphlpsvc - ok
14:44:43.0320 9656        IPMIDRV        (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:44:43.0336 9656        IPMIDRV - ok
14:44:43.0351 9656        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:44:43.0398 9656        IPNAT - ok
14:44:43.0429 9656        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:44:43.0445 9656        IRENUM - ok
14:44:43.0476 9656        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
14:44:43.0476 9656        isapnp - ok
14:44:43.0507 9656        iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
14:44:43.0523 9656        iScsiPrt - ok
14:44:43.0539 9656        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:44:43.0554 9656        kbdclass - ok
14:44:43.0585 9656        kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
14:44:43.0601 9656        kbdhid - ok
14:44:43.0632 9656        KeyIso          (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:44:43.0648 9656        KeyIso - ok
14:44:43.0679 9656        KSecDD          (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
14:44:43.0695 9656        KSecDD - ok
14:44:43.0710 9656        KSecPkg        (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
14:44:43.0710 9656        KSecPkg - ok
14:44:43.0741 9656        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:44:43.0804 9656        ksthunk - ok
14:44:43.0835 9656        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:44:43.0882 9656        KtmRm - ok
14:44:43.0913 9656        L1C            (a4a9ca24e54e81c6c3e469eaeb4b3f42) C:\Windows\system32\DRIVERS\L1C62x64.sys
14:44:43.0913 9656        L1C - ok
14:44:43.0975 9656        LanmanServer    (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
14:44:43.0991 9656        LanmanServer - ok
14:44:44.0022 9656        LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
14:44:44.0069 9656        LanmanWorkstation - ok
14:44:44.0100 9656        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:44:44.0147 9656        lltdio - ok
14:44:44.0178 9656        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:44:44.0225 9656        lltdsvc - ok
14:44:44.0256 9656        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:44:44.0287 9656        lmhosts - ok
14:44:44.0397 9656        LMS            (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:44:44.0428 9656        LMS ( UnsignedFile.Multi.Generic ) - warning
14:44:44.0428 9656        LMS - detected UnsignedFile.Multi.Generic (1)
14:44:44.0459 9656        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:44:44.0475 9656        LSI_FC - ok
14:44:44.0506 9656        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:44:44.0506 9656        LSI_SAS - ok
14:44:44.0537 9656        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:44:44.0537 9656        LSI_SAS2 - ok
14:44:44.0553 9656        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:44:44.0553 9656        LSI_SCSI - ok
14:44:44.0584 9656        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:44:44.0631 9656        luafv - ok
14:44:44.0693 9656        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
14:44:44.0709 9656        MBAMProtector - ok
14:44:44.0787 9656        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:44:44.0802 9656        MBAMService - ok
14:44:44.0833 9656        Mcx2Svc        (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
14:44:44.0865 9656        Mcx2Svc - ok
14:44:44.0896 9656        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:44:44.0911 9656        megasas - ok
14:44:44.0927 9656        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:44:44.0943 9656        MegaSR - ok
14:44:44.0974 9656        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:44:45.0021 9656        MMCSS - ok
14:44:45.0052 9656        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:44:45.0114 9656        Modem - ok
14:44:45.0145 9656        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:44:45.0161 9656        monitor - ok
14:44:45.0192 9656        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:44:45.0208 9656        mouclass - ok
14:44:45.0223 9656        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:44:45.0239 9656        mouhid - ok
14:44:45.0270 9656        mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
14:44:45.0270 9656        mountmgr - ok
14:44:45.0379 9656        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:44:45.0395 9656        MozillaMaintenance - ok
14:44:45.0411 9656        mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
14:44:45.0426 9656        mpio - ok
14:44:45.0457 9656        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:44:45.0489 9656        mpsdrv - ok
14:44:45.0551 9656        MpsSvc          (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
14:44:45.0629 9656        MpsSvc - ok
14:44:45.0645 9656        MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
14:44:45.0691 9656        MRxDAV - ok
14:44:45.0707 9656        mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:44:45.0754 9656        mrxsmb - ok
14:44:45.0785 9656        mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:44:45.0801 9656        mrxsmb10 - ok
14:44:45.0816 9656        mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:44:45.0832 9656        mrxsmb20 - ok
14:44:45.0832 9656        msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
14:44:45.0847 9656        msahci - ok
14:44:45.0863 9656        msdsm          (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
14:44:45.0879 9656        msdsm - ok
14:44:45.0910 9656        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:44:45.0941 9656        MSDTC - ok
14:44:45.0941 9656        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:44:45.0988 9656        Msfs - ok
14:44:46.0003 9656        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:44:46.0035 9656        mshidkmdf - ok
14:44:46.0035 9656        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
14:44:46.0050 9656        msisadrv - ok
14:44:46.0081 9656        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:44:46.0113 9656        MSiSCSI - ok
14:44:46.0113 9656        msiserver - ok
14:44:46.0144 9656        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:44:46.0175 9656        MSKSSRV - ok
14:44:46.0191 9656        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:44:46.0222 9656        MSPCLOCK - ok
14:44:46.0237 9656        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:44:46.0284 9656        MSPQM - ok
14:44:46.0300 9656        MsRPC          (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
14:44:46.0315 9656        MsRPC - ok
14:44:46.0331 9656        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:44:46.0347 9656        mssmbios - ok
14:44:46.0378 9656        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:44:46.0425 9656        MSTEE - ok
14:44:46.0440 9656        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:44:46.0471 9656        MTConfig - ok
14:44:46.0487 9656        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:44:46.0487 9656        Mup - ok
14:44:46.0534 9656        napagent        (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
14:44:46.0581 9656        napagent - ok
14:44:46.0643 9656        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:44:46.0659 9656        NativeWifiP - ok
14:44:46.0705 9656        NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
14:44:46.0737 9656        NDIS - ok
14:44:46.0783 9656        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:44:46.0830 9656        NdisCap - ok
14:44:46.0861 9656        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:44:46.0908 9656        NdisTapi - ok
14:44:46.0924 9656        Ndisuio        (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
14:44:46.0955 9656        Ndisuio - ok
14:44:46.0971 9656        NdisWan        (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:44:47.0002 9656        NdisWan - ok
14:44:47.0033 9656        NDProxy        (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
14:44:47.0064 9656        NDProxy - ok
14:44:47.0080 9656        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:44:47.0127 9656        NetBIOS - ok
14:44:47.0158 9656        NetBT          (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
14:44:47.0205 9656        NetBT - ok
14:44:47.0236 9656        Netlogon        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:44:47.0251 9656        Netlogon - ok
14:44:47.0298 9656        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:44:47.0345 9656        Netman - ok
14:44:47.0376 9656        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:44:47.0423 9656        netprofm - ok
14:44:47.0517 9656        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:44:47.0532 9656        NetTcpPortSharing - ok
14:44:47.0563 9656        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:44:47.0579 9656        nfrd960 - ok
14:44:47.0626 9656        NlaSvc          (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
14:44:47.0673 9656        NlaSvc - ok
14:44:47.0688 9656        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:44:47.0735 9656        Npfs - ok
14:44:47.0766 9656        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:44:47.0813 9656        nsi - ok
14:44:47.0829 9656        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:44:47.0860 9656        nsiproxy - ok
14:44:47.0938 9656        Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
14:44:47.0985 9656        Ntfs - ok
14:44:48.0078 9656        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:44:48.0125 9656        Null - ok
14:44:48.0156 9656        nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
14:44:48.0172 9656        nvraid - ok
14:44:48.0187 9656        nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
14:44:48.0203 9656        nvstor - ok
14:44:48.0219 9656        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
14:44:48.0234 9656        nv_agp - ok
14:44:48.0312 9656        ODDPwrSvc      (ba7dac1b8a86d9402c3e04e1fcaa600d) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
14:44:48.0328 9656        ODDPwrSvc - ok
14:44:48.0359 9656        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
14:44:48.0359 9656        ohci1394 - ok
14:44:48.0437 9656        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:44:48.0453 9656        ose - ok
14:44:48.0733 9656        osppsvc        (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:44:48.0843 9656        osppsvc - ok
14:44:48.0967 9656        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:44:48.0983 9656        p2pimsvc - ok
14:44:49.0014 9656        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:44:49.0030 9656        p2psvc - ok
14:44:49.0108 9656        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:44:49.0123 9656        Parport - ok
14:44:49.0170 9656        partmgr        (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
14:44:49.0170 9656        partmgr - ok
14:44:49.0201 9656        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:44:49.0233 9656        PcaSvc - ok
14:44:49.0233 9656        pci            (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
14:44:49.0248 9656        pci - ok
14:44:49.0264 9656        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
14:44:49.0279 9656        pciide - ok
14:44:49.0295 9656        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:44:49.0311 9656        pcmcia - ok
14:44:49.0326 9656        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:44:49.0326 9656        pcw - ok
14:44:49.0357 9656        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:44:49.0420 9656        PEAUTH - ok
14:44:49.0482 9656        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:44:49.0513 9656        PerfHost - ok
14:44:49.0591 9656        pla            (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
14:44:49.0669 9656        pla - ok
14:44:49.0732 9656        PlugPlay        (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
14:44:49.0763 9656        PlugPlay - ok
14:44:49.0779 9656        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:44:49.0810 9656        PNRPAutoReg - ok
14:44:49.0841 9656        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:44:49.0857 9656        PNRPsvc - ok
14:44:49.0903 9656        PolicyAgent    (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
14:44:49.0966 9656        PolicyAgent - ok
14:44:49.0997 9656        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:44:50.0028 9656        Power - ok
14:44:50.0091 9656        PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
14:44:50.0137 9656        PptpMiniport - ok
14:44:50.0153 9656        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:44:50.0184 9656        Processor - ok
14:44:50.0215 9656        ProfSvc        (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
14:44:50.0231 9656        ProfSvc - ok
14:44:50.0247 9656        ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:44:50.0262 9656        ProtectedStorage - ok
14:44:50.0309 9656        Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
14:44:50.0340 9656        Psched - ok
14:44:50.0387 9656        PSI            (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
14:44:50.0387 9656        PSI - ok
14:44:50.0465 9656        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:44:50.0512 9656        ql2300 - ok
14:44:50.0605 9656        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:44:50.0621 9656        ql40xx - ok
14:44:50.0652 9656        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:44:50.0683 9656        QWAVE - ok
14:44:50.0683 9656        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:44:50.0730 9656        QWAVEdrv - ok
14:44:50.0746 9656        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:44:50.0777 9656        RasAcd - ok
14:44:50.0824 9656        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:44:50.0855 9656        RasAgileVpn - ok
14:44:50.0886 9656        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:44:50.0933 9656        RasAuto - ok
14:44:50.0949 9656        Rasl2tp        (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:44:51.0011 9656        Rasl2tp - ok
14:44:51.0058 9656        RasMan          (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
14:44:51.0120 9656        RasMan - ok
14:44:51.0136 9656        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:44:51.0183 9656        RasPppoe - ok
14:44:51.0214 9656        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:44:51.0261 9656        RasSstp - ok
14:44:51.0292 9656        rdbss          (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
14:44:51.0339 9656        rdbss - ok
14:44:51.0370 9656        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:44:51.0386 9656        rdpbus - ok
14:44:51.0386 9656        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:44:51.0417 9656        RDPCDD - ok
14:44:51.0432 9656        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:44:51.0479 9656        RDPENCDD - ok
14:44:51.0479 9656        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:44:51.0510 9656        RDPREFMP - ok
14:44:51.0557 9656        RDPWD          (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
14:44:51.0573 9656        RDPWD - ok
14:44:51.0620 9656        rdyboost        (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
14:44:51.0635 9656        rdyboost - ok
14:44:51.0666 9656        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:44:51.0713 9656        RemoteAccess - ok
14:44:51.0744 9656        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:44:51.0791 9656        RemoteRegistry - ok
14:44:51.0838 9656        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
14:44:51.0869 9656        RFCOMM - ok
14:44:51.0963 9656        RichVideo      (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
14:44:51.0994 9656        RichVideo ( UnsignedFile.Multi.Generic ) - warning
14:44:51.0994 9656        RichVideo - detected UnsignedFile.Multi.Generic (1)
14:44:52.0025 9656        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:44:52.0072 9656        RpcEptMapper - ok
14:44:52.0088 9656        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:44:52.0103 9656        RpcLocator - ok
14:44:52.0134 9656        RpcSs          (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
14:44:52.0166 9656        RpcSs - ok
14:44:52.0212 9656        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:44:52.0259 9656        rspndr - ok
14:44:52.0290 9656        RS_Service      (7cb9f0fdd730f4a4ecf6cde15ea12e8a) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
14:44:52.0306 9656        RS_Service - ok
14:44:52.0337 9656        SaiK0CD5        (858c15a70af2900c03daa4419b973903) C:\Windows\system32\DRIVERS\SaiK0CD5.sys
14:44:52.0353 9656        SaiK0CD5 - ok
14:44:52.0400 9656        SaiMini        (e124bcfb55adcd4aa273e73c3d666f9f) C:\Windows\system32\DRIVERS\SaiMini.sys
14:44:52.0415 9656        SaiMini - ok
14:44:52.0431 9656        SaiNtBus        (94ab59e2d3f301dc2b6ea97a027cebfa) C:\Windows\system32\drivers\SaiBus.sys
14:44:52.0431 9656        SaiNtBus - ok
14:44:52.0462 9656        SaiU0CD5        (866efd804302483de27e3947b25d0fab) C:\Windows\system32\DRIVERS\SaiU0CD5.sys
14:44:52.0462 9656        SaiU0CD5 - ok
14:44:52.0493 9656        SamSs          (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:44:52.0509 9656        SamSs - ok
14:44:52.0524 9656        sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
14:44:52.0540 9656        sbp2port - ok
14:44:52.0571 9656        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:44:52.0618 9656        SCardSvr - ok
14:44:52.0649 9656        scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
14:44:52.0696 9656        scfilter - ok
14:44:52.0758 9656        Schedule        (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
14:44:52.0790 9656        Schedule - ok
14:44:52.0821 9656        SCPolicySvc    (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
14:44:52.0852 9656        SCPolicySvc - ok
14:44:52.0883 9656        SDRSVC          (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
14:44:52.0914 9656        SDRSVC - ok
14:44:52.0992 9656        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:44:53.0024 9656        secdrv - ok
14:44:53.0039 9656        seclogon        (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
14:44:53.0086 9656        seclogon - ok
14:44:53.0195 9656        Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
14:44:53.0226 9656        Secunia PSI Agent - ok
14:44:53.0320 9656        Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files (x86)\Secunia\PSI\sua.exe
14:44:53.0336 9656        Secunia Update Agent - ok
14:44:53.0429 9656        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:44:53.0476 9656        SENS - ok
14:44:53.0507 9656        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:44:53.0538 9656        SensrSvc - ok
14:44:53.0585 9656        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:44:53.0601 9656        Serenum - ok
14:44:53.0632 9656        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:44:53.0663 9656        Serial - ok
14:44:53.0694 9656        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:44:53.0710 9656        sermouse - ok
14:44:53.0757 9656        SessionEnv      (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
14:44:53.0788 9656        SessionEnv - ok
14:44:53.0819 9656        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
14:44:53.0850 9656        sffdisk - ok
14:44:53.0866 9656        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:44:53.0897 9656        sffp_mmc - ok
14:44:53.0913 9656        sffp_sd        (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:44:53.0913 9656        sffp_sd - ok
14:44:53.0928 9656        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:44:53.0944 9656        sfloppy - ok
14:44:53.0991 9656        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:44:54.0038 9656        SharedAccess - ok
14:44:54.0069 9656        ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
14:44:54.0100 9656        ShellHWDetection - ok
14:44:54.0162 9656        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:44:54.0162 9656        SiSRaid2 - ok
14:44:54.0178 9656        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:44:54.0194 9656        SiSRaid4 - ok
14:44:54.0287 9656        SkypeUpdate    (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
14:44:54.0303 9656        SkypeUpdate - ok
14:44:54.0365 9656        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:44:54.0412 9656        Smb - ok
14:44:54.0443 9656        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:44:54.0474 9656        SNMPTRAP - ok
14:44:54.0490 9656        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:44:54.0506 9656        spldr - ok
14:44:54.0537 9656        Spooler        (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
14:44:54.0568 9656        Spooler - ok
14:44:54.0724 9656        sppsvc          (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
14:44:54.0818 9656        sppsvc - ok
14:44:54.0911 9656        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:44:54.0942 9656        sppuinotify - ok
14:44:54.0989 9656        srv            (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
14:44:55.0052 9656        srv - ok
14:44:55.0067 9656        srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
14:44:55.0083 9656        srv2 - ok
14:44:55.0098 9656        srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
14:44:55.0114 9656        srvnet - ok
14:44:55.0176 9656        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:44:55.0223 9656        SSDPSRV - ok
14:44:55.0254 9656        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:44:55.0286 9656        SstpSvc - ok
14:44:55.0348 9656        Steam Client Service - ok
14:44:55.0379 9656        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:44:55.0395 9656        stexstor - ok
14:44:55.0457 9656        stisvc          (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
14:44:55.0473 9656        stisvc - ok
14:44:55.0488 9656        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:44:55.0504 9656        swenum - ok
14:44:55.0535 9656        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:44:55.0598 9656        swprv - ok
14:44:55.0660 9656        SynTP          (ce9b5a79aee330bc7e88c0441e5727bb) C:\Windows\system32\DRIVERS\SynTP.sys
14:44:55.0676 9656        SynTP - ok
14:44:55.0769 9656        SysMain        (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
14:44:55.0816 9656        SysMain - ok
14:44:55.0910 9656        TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
14:44:55.0956 9656        TabletInputService - ok
14:44:55.0972 9656        TapiSrv        (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
14:44:56.0019 9656        TapiSrv - ok
14:44:56.0034 9656        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:44:56.0066 9656        TBS - ok
14:44:56.0222 9656        Tcpip          (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
14:44:56.0253 9656        Tcpip - ok
14:44:56.0440 9656        TCPIP6          (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
14:44:56.0471 9656        TCPIP6 - ok
14:44:56.0534 9656        tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
14:44:56.0580 9656        tcpipreg - ok
14:44:56.0612 9656        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:44:56.0643 9656        TDPIPE - ok
14:44:56.0658 9656        TDTCP          (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
14:44:56.0690 9656        TDTCP - ok
14:44:56.0705 9656        tdx            (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
14:44:56.0752 9656        tdx - ok
14:44:56.0768 9656        TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
14:44:56.0783 9656        TermDD - ok
14:44:56.0846 9656        TermService    (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
14:44:56.0908 9656        TermService - ok
14:44:56.0924 9656        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:44:56.0955 9656        Themes - ok
14:44:56.0970 9656        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:44:57.0002 9656        THREADORDER - ok
14:44:57.0017 9656        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:44:57.0064 9656        TrkWks - ok
14:44:57.0111 9656        TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
14:44:57.0142 9656        TrustedInstaller - ok
14:44:57.0173 9656        tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:44:57.0204 9656        tssecsrv - ok
14:44:57.0407 9656        TuneUp.UtilitiesSvc (6dc7b7342148636c6751d9f7b8aaea91) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
14:44:57.0454 9656        TuneUp.UtilitiesSvc - ok
14:44:57.0548 9656        TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
14:44:57.0563 9656        TuneUpUtilitiesDrv - ok
14:44:57.0672 9656        tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
14:44:57.0735 9656        tunnel - ok
14:44:57.0766 9656        TurboB          (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
14:44:57.0766 9656        TurboB - ok
14:44:57.0813 9656        TurboBoost      (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
14:44:57.0828 9656        TurboBoost - ok
14:44:57.0844 9656        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:44:57.0844 9656        uagp35 - ok
14:44:57.0875 9656        udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
14:44:57.0922 9656        udfs - ok
14:44:57.0953 9656        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:44:57.0969 9656        UI0Detect - ok
14:44:58.0000 9656        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
14:44:58.0000 9656        uliagpkx - ok
14:44:58.0031 9656        umbus          (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
14:44:58.0062 9656        umbus - ok
14:44:58.0094 9656        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:44:58.0109 9656        UmPass - ok
14:44:58.0265 9656        UNS            (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
14:44:58.0296 9656        UNS ( UnsignedFile.Multi.Generic ) - warning
14:44:58.0296 9656        UNS - detected UnsignedFile.Multi.Generic (1)
14:44:58.0390 9656        Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
14:44:58.0406 9656        Updater Service - ok
14:44:58.0515 9656        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:44:58.0546 9656        upnphost - ok
14:44:58.0624 9656        usbaudio        (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
14:44:58.0655 9656        usbaudio - ok
14:44:58.0702 9656        usbccgp        (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
14:44:58.0718 9656        usbccgp - ok
14:44:58.0749 9656        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
14:44:58.0780 9656        usbcir - ok
14:44:58.0811 9656        usbehci        (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
14:44:58.0811 9656        usbehci - ok
14:44:58.0874 9656        usbhub          (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
14:44:58.0889 9656        usbhub - ok
14:44:58.0936 9656        usbkey          (a13334591800e55184857e4090e4bbe9) C:\Windows\system32\DRIVERS\USBKey64.sys
14:44:58.0936 9656        usbkey - ok
14:44:58.0967 9656        usbohci        (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
14:44:58.0998 9656        usbohci - ok
14:44:59.0030 9656        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:44:59.0045 9656        usbprint - ok
14:44:59.0076 9656        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:44:59.0092 9656        usbscan - ok
14:44:59.0123 9656        USBSTOR        (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:44:59.0139 9656        USBSTOR - ok
14:44:59.0154 9656        usbuhci        (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
14:44:59.0186 9656        usbuhci - ok
14:44:59.0248 9656        usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
14:44:59.0279 9656        usbvideo - ok
14:44:59.0310 9656        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:44:59.0342 9656        UxSms - ok
14:44:59.0373 9656        VaultSvc        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:44:59.0388 9656        VaultSvc - ok
14:44:59.0420 9656        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
14:44:59.0435 9656        vdrvroot - ok
14:44:59.0482 9656        vds            (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
14:44:59.0513 9656        vds - ok
14:44:59.0544 9656        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:44:59.0544 9656        vga - ok
14:44:59.0560 9656        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:44:59.0607 9656        VgaSave - ok
14:44:59.0638 9656        vhdmp          (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
14:44:59.0638 9656        vhdmp - ok
14:44:59.0654 9656        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
14:44:59.0654 9656        viaide - ok
14:44:59.0685 9656        volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
14:44:59.0685 9656        volmgr - ok
14:44:59.0700 9656        volmgrx        (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
14:44:59.0716 9656        volmgrx - ok
14:44:59.0732 9656        volsnap        (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
14:44:59.0747 9656        volsnap - ok
14:44:59.0841 9656        vpnagent        (3b98ab9849754cb88265111422441df7) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
14:44:59.0856 9656        vpnagent - ok
14:44:59.0903 9656        vpnva          (13e6d95e7ac67abb7a1196557ef8849f) C:\Windows\system32\DRIVERS\vpnva64.sys
14:44:59.0903 9656        vpnva - ok
14:44:59.0950 9656        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:44:59.0966 9656        vsmraid - ok
14:45:00.0059 9656        VSS            (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
14:45:00.0106 9656        VSS - ok
14:45:00.0200 9656        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:45:00.0215 9656        vwifibus - ok
14:45:00.0231 9656        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:45:00.0262 9656        vwififlt - ok
14:45:00.0324 9656        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:45:00.0356 9656        W32Time - ok
14:45:00.0387 9656        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:45:00.0418 9656        WacomPen - ok
14:45:00.0449 9656        WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:45:00.0480 9656        WANARP - ok
14:45:00.0480 9656        Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:45:00.0512 9656        Wanarpv6 - ok
14:45:00.0590 9656        wbengine        (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
14:45:00.0621 9656        wbengine - ok
14:45:00.0714 9656        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:45:00.0746 9656        WbioSrvc - ok
14:45:00.0777 9656        wcncsvc        (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
14:45:00.0808 9656        wcncsvc - ok
14:45:00.0808 9656        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:45:00.0824 9656        WcsPlugInService - ok
14:45:00.0870 9656        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:45:00.0886 9656        Wd - ok
14:45:00.0902 9656        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:45:00.0933 9656        Wdf01000 - ok
14:45:00.0948 9656        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:45:00.0980 9656        WdiServiceHost - ok
14:45:00.0980 9656        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:45:00.0995 9656        WdiSystemHost - ok
14:45:01.0042 9656        WebClient      (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
14:45:01.0058 9656        WebClient - ok
14:45:01.0104 9656        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:45:01.0151 9656        Wecsvc - ok
14:45:01.0167 9656        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:45:01.0229 9656        wercplsupport - ok
14:45:01.0245 9656        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:45:01.0276 9656        WerSvc - ok
14:45:01.0354 9656        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:45:01.0385 9656        WfpLwf - ok
14:45:01.0401 9656        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:45:01.0416 9656        WIMMount - ok
14:45:01.0463 9656        WinDefend - ok
14:45:01.0463 9656        WinHttpAutoProxySvc - ok
14:45:01.0541 9656        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:45:01.0572 9656        Winmgmt - ok
14:45:01.0666 9656        WinRM          (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
14:45:01.0728 9656        WinRM - ok
14:45:01.0884 9656        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:45:01.0900 9656        Wlansvc - ok
14:45:01.0962 9656        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:45:01.0962 9656        WmiAcpi - ok
14:45:02.0040 9656        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:45:02.0056 9656        wmiApSrv - ok
14:45:02.0134 9656        WMPNetworkSvc - ok
14:45:02.0165 9656        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:45:02.0181 9656        WPCSvc - ok
14:45:02.0196 9656        WPDBusEnum      (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
14:45:02.0228 9656        WPDBusEnum - ok
14:45:02.0243 9656        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:45:02.0306 9656        ws2ifsl - ok
14:45:02.0321 9656        wscsvc          (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
14:45:02.0352 9656        wscsvc - ok
14:45:02.0352 9656        WSearch - ok
14:45:02.0430 9656        WTGService      (d7e88349be0f01e4d8d776adb1f325bf) C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
14:45:02.0446 9656        WTGService - ok
14:45:02.0571 9656        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:45:02.0633 9656        wuauserv - ok
14:45:02.0742 9656        WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
14:45:02.0774 9656        WudfPf - ok
14:45:02.0820 9656        WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:45:02.0867 9656        WUDFRd - ok
14:45:02.0898 9656        wudfsvc        (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
14:45:02.0945 9656        wudfsvc - ok
14:45:02.0976 9656        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:45:03.0008 9656        WwanSvc - ok
14:45:03.0039 9656        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:45:03.0257 9656        \Device\Harddisk0\DR0 - ok
14:45:03.0257 9656        Boot (0x1200)  (a0f7c052509503fe32add634215fade1) \Device\Harddisk0\DR0\Partition0
14:45:03.0273 9656        \Device\Harddisk0\DR0\Partition0 - ok
14:45:03.0288 9656        Boot (0x1200)  (e6c66b71605680f02a9cbb6fdce8b0b3) \Device\Harddisk0\DR0\Partition1
14:45:03.0288 9656        \Device\Harddisk0\DR0\Partition1 - ok
14:45:03.0304 9656        Boot (0x1200)  (dbac78ea438e0cc864cba620e834fd17) \Device\Harddisk0\DR0\Partition2
14:45:03.0304 9656        \Device\Harddisk0\DR0\Partition2 - ok
14:45:03.0304 9656        ============================================================
14:45:03.0304 9656        Scan finished
14:45:03.0304 9656        ============================================================
14:45:03.0320 6880        Detected object count: 3
14:45:03.0320 6880        Actual detected object count: 3
14:45:53.0630 6880        LMS ( UnsignedFile.Multi.Generic ) - skipped by user
14:45:53.0630 6880        LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:45:53.0630 6880        RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
14:45:53.0630 6880        RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:45:53.0630 6880        UNS ( UnsignedFile.Multi.Generic ) - skipped by user
14:45:53.0630 6880        UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 17.07.2012 10:52
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

dobaliner 17.07.2012 18:35
Beim ersten Durchlauf von Combofix hatte ich leider vergessen den Windows Defender auszumachen:


Combofix Logfile:
Code:
ComboFix 12-07-16.01 - xxxx xxxxx 17.07.2012  12:00:47.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3767.2406 [GMT 2:00]
ausgeführt von:: c:\users\xxxx xxxxx\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\xxxx xxxxx\Documents\~WRL0412.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-17 bis 2012-07-17  ))))))))))))))))))))))))))))))
.
.
2012-07-17 10:06 . 2012-07-17 10:06        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-07-17 10:05 . 2012-07-17 10:05        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{18C86E3E-2C1A-4677-A04D-3591DDB2C790}\offreg.dll
2012-07-15 19:46 . 2012-07-15 19:46        --------        d-----w-        C:\_OTL
2012-07-13 20:13 . 2012-07-13 20:13        --------        d-----w-        c:\program files (x86)\ESET
2012-07-13 15:33 . 2012-05-31 04:04        9013136        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{18C86E3E-2C1A-4677-A04D-3591DDB2C790}\mpengine.dll
2012-07-12 09:55 . 2012-06-12 03:02        3147264        ----a-w-        c:\windows\system32\win32k.sys
2012-07-12 07:22 . 2012-06-06 05:50        1425408        ----a-w-        c:\program files\Common Files\System\ado\msado15.dll
2012-07-12 07:22 . 2012-06-06 05:09        987136        ----a-w-        c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-04 20:59 . 2012-07-04 20:59        --------        d-----w-        c:\users\xxxx xxxxx\AppData\Local\Skyrim
2012-07-04 18:07 . 2012-07-17 07:27        --------        d-----w-        c:\program files (x86)\Steam
2012-07-04 18:07 . 2012-07-04 18:32        --------        d-----w-        c:\program files (x86)\Common Files\Steam
2012-07-04 12:07 . 2012-07-04 12:07        --------        d--h--w-        c:\programdata\Common Files
2012-07-04 12:07 . 2004-03-08 23:00        662288        ----a-w-        c:\windows\SysWow64\MSCOMCT2.OCX
2012-07-04 12:07 . 1998-06-23 23:00        137000        ----a-w-        c:\windows\SysWow64\MSMAPI32.OCX
2012-07-04 12:06 . 2012-07-04 12:07        --------        d-----w-        c:\program files (x86)\PDFCreator
2012-07-04 12:06 . 1998-07-06 16:56        125712        ----a-w-        c:\windows\SysWow64\VB6DE.DLL
2012-07-04 12:06 . 1998-07-06 16:55        158208        ----a-w-        c:\windows\SysWow64\MSCMCDE.DLL
2012-07-04 12:06 . 1998-07-06 16:55        64512        ----a-w-        c:\windows\SysWow64\MSCC2DE.DLL
2012-07-04 12:06 . 1998-07-05 23:00        23552        ----a-w-        c:\windows\SysWow64\MSMPIDE.DLL
2012-07-04 12:03 . 2012-06-15 04:51        95232        ----a-w-        c:\windows\system32\pdfcmon.dll
2012-07-02 22:58 . 2012-07-02 22:58        476936        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2012-07-02 21:39 . 2012-07-02 21:39        --------        d-----w-        c:\users\xxxx xxxxx\AppData\Roaming\Malwarebytes
2012-07-02 21:39 . 2012-07-02 21:39        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-02 21:39 . 2012-07-02 21:39        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-02 21:39 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-24 08:03 . 2012-06-24 08:03        --------        d-----w-        c:\users\xxxx xxxxx\AppData\Local\Macromedia
2012-06-21 05:26 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-21 05:26 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-21 05:26 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-21 05:26 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-21 05:26 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-21 05:26 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-21 05:26 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-21 05:26 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-21 05:26 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-19 21:40 . 2012-06-19 21:40        770384        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-19 21:40 . 2012-06-19 21:40        421200        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 09:48 . 2012-04-15 14:36        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 09:48 . 2012-01-12 22:31        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-02 22:58 . 2012-02-28 15:05        472840        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-05-15 03:56 . 2012-06-13 05:31        1197568        ----a-w-        c:\windows\system32\wininet.dll
2012-05-15 03:08 . 2012-06-13 05:31        981504        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-05-14 13:52 . 2012-01-17 20:18        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-14 13:52 . 2012-01-17 20:18        139360        ----a-w-        c:\windows\system32\drivers\avfwot.sys
2012-05-14 13:52 . 2012-01-17 20:18        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-14 13:52 . 2012-01-17 20:18        114128        ----a-w-        c:\windows\system32\drivers\avfwim.sys
2012-05-04 10:52 . 2012-06-13 05:31        5505392        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-13 05:31        3958128        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-13 05:31        3902320        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32 . 2012-06-13 05:31        208896        ----a-w-        c:\windows\system32\profsvc.dll
2012-04-28 03:50 . 2012-06-13 05:31        204800        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:34 . 2012-06-13 05:31        76288        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-04-26 05:34 . 2012-06-13 05:31        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:28 . 2012-06-13 05:31        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:59 . 2012-06-13 05:31        182272        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-04-24 05:59 . 2012-06-13 05:31        1460224        ----a-w-        c:\windows\system32\crypt32.dll
2012-04-24 05:59 . 2012-06-13 05:31        140288        ----a-w-        c:\windows\system32\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 05:31        139264        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:47 . 2012-06-13 05:31        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 05:31        1156608        ----a-w-        c:\windows\SysWow64\crypt32.dll
2012-04-20 06:22 . 2012-06-13 05:31        57856        ----a-w-        c:\windows\system32\licmgr10.dll
2012-04-20 05:05 . 2012-06-13 05:31        44544        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2012-04-20 05:00 . 2012-06-13 05:31        482816        ----a-w-        c:\windows\system32\html.iec
2012-04-20 04:15 . 2012-06-13 05:31        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2012-04-20 03:58 . 2012-06-13 05:31        386048        ----a-w-        c:\windows\SysWow64\html.iec
2012-04-20 03:24 . 2012-06-13 05:31        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-01-16 3462552]
"SimpleSYN.NET"="c:\program files (x86)\creativbox.net\SimpleSYN 2.1\CBN.SimpleSYN.NET.exe" [2011-06-21 2275696]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-07-04 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-21 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2011-02-17 124136]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-14 348624]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-07-29 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-07-29 295072]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-07-29 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-07-29 51872]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-07-29 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-07-29 270496]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
R3 SaiK0CD5;SaiK0CD5;c:\windows\system32\DRIVERS\SaiK0CD5.sys [2011-09-20 183104]
R3 SaiU0CD5;SaiU0CD5;c:\windows\system32\DRIVERS\SaiU0CD5.sys [2011-09-20 47168]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 usbkey;USB Dongle;c:\windows\system32\DRIVERS\USBKey64.sys [2012-01-16 38496]
R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-07-29 52896]
R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2012-05-14 139360]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-20 203264]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-05-14 619472]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-05-14 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-14 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-14 465360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-06-11 821792]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-12-20 148104]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-09-22 645048]
S2 WTGService;WTGService;c:\program files (x86)\Verbindungsassistent\WTGService.exe [2009-03-03 296400]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-20 6856704]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-20 264704]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2012-05-14 114128]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-07-29 28832]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-10-20 10331840]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-18 c:\windows\Tasks\Acer Registration - Data Sending task.job
- c:\program files (x86)\Acer\Registration\GREG.exe [2010-04-28 02:47]
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 09:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-12-19 18:46        22408        ----a-w-        c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-20 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-20 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-20 414744]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-13 11046504]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-13 2103912]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-07-29 594080]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-07-29 377504]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-06-11 496160]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2782096]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-01-23 432640]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-01-23 158208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Download aller Links mit IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download mit IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: Interfaces\{7F66CAB7-3D90-4CF2-A86C-94A6431474BB}: NameServer = 130.75.1.32,130.75.1.40
FF - ProfilePath - c:\users\xxxx xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\bild4i5m.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-116830536-2991956333-4007676365-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8f,ff,7b,bf,d7,5f,b4,0b,d9,1a,03,12,1d,71,8b,a0,53,ca,0f,f4,33,
  8b,2f,75,5c,60,87,6c,1c,5b,30,b6,4d,79,52,2b,34,63,25,78,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-116830536-2991956333-4007676365-1001_Classes\Wow6432Node\CLSID\{95fef388-361b-4e2e-92ff-1fc552c6a1a3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000085
"Therad"=dword:0000001b
"MData"=hex(0):20,35,e9,2b,74,59,03,68,be,b2,5b,74,b4,62,9e,77,fc,22,df,59,02,
  94,28,03,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-17  12:09:09
ComboFix-quarantined-files.txt  2012-07-17 10:09
.
Vor Suchlauf: 10 Verzeichnis(se), 307.955.322.880 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 307.837.960.192 Bytes frei
.
- - End Of File - - 0D280481D3FA0D4CC83DA164D6E1D95D
--- --- ---




Dann habe ich gemerkt, dass der Windows Defender an war während Comnofix lief, hab den Defender Aus gemacht und Combofix nochmal laufen lassen:


Combofix Logfile:
Code:
ComboFix 12-07-16.01 - xxxx xxxxx 17.07.2012  12:20:14.2.4 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3767.2315 [GMT 2:00]
ausgeführt von:: c:\users\xxxx xxxxx\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-17 bis 2012-07-17  ))))))))))))))))))))))))))))))
.
.
2012-07-17 10:23 . 2012-07-17 10:23        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-07-15 19:46 . 2012-07-15 19:46        --------        d-----w-        C:\_OTL
2012-07-13 20:13 . 2012-07-13 20:13        --------        d-----w-        c:\program files (x86)\ESET
2012-07-13 15:33 . 2012-05-31 04:04        9013136        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{18C86E3E-2C1A-4677-A04D-3591DDB2C790}\mpengine.dll
2012-07-12 09:55 . 2012-06-12 03:02        3147264        ----a-w-        c:\windows\system32\win32k.sys
2012-07-12 07:22 . 2012-06-06 05:50        1425408        ----a-w-        c:\program files\Common Files\System\ado\msado15.dll
2012-07-12 07:22 . 2012-06-06 05:09        987136        ----a-w-        c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-04 20:59 . 2012-07-04 20:59        --------        d-----w-        c:\users\xxxx xxxxx\AppData\Local\Skyrim
2012-07-04 18:07 . 2012-07-17 07:27        --------        d-----w-        c:\program files (x86)\Steam
2012-07-04 18:07 . 2012-07-04 18:32        --------        d-----w-        c:\program files (x86)\Common Files\Steam
2012-07-04 12:07 . 2012-07-04 12:07        --------        d--h--w-        c:\programdata\Common Files
2012-07-04 12:07 . 2004-03-08 23:00        662288        ----a-w-        c:\windows\SysWow64\MSCOMCT2.OCX
2012-07-04 12:07 . 1998-06-23 23:00        137000        ----a-w-        c:\windows\SysWow64\MSMAPI32.OCX
2012-07-04 12:06 . 2012-07-04 12:07        --------        d-----w-        c:\program files (x86)\PDFCreator
2012-07-04 12:06 . 1998-07-06 16:56        125712        ----a-w-        c:\windows\SysWow64\VB6DE.DLL
2012-07-04 12:06 . 1998-07-06 16:55        158208        ----a-w-        c:\windows\SysWow64\MSCMCDE.DLL
2012-07-04 12:06 . 1998-07-06 16:55        64512        ----a-w-        c:\windows\SysWow64\MSCC2DE.DLL
2012-07-04 12:06 . 1998-07-05 23:00        23552        ----a-w-        c:\windows\SysWow64\MSMPIDE.DLL
2012-07-04 12:03 . 2012-06-15 04:51        95232        ----a-w-        c:\windows\system32\pdfcmon.dll
2012-07-02 22:58 . 2012-07-02 22:58        476936        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2012-07-02 21:39 . 2012-07-02 21:39        --------        d-----w-        c:\users\xxxx xxxxx\AppData\Roaming\Malwarebytes
2012-07-02 21:39 . 2012-07-02 21:39        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-02 21:39 . 2012-07-02 21:39        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-02 21:39 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-24 08:03 . 2012-06-24 08:03        --------        d-----w-        c:\users\xxxx xxxxx\AppData\Local\Macromedia
2012-06-21 05:26 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-21 05:26 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-21 05:26 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-21 05:26 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-21 05:26 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-21 05:26 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-21 05:26 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-21 05:26 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-21 05:26 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-19 21:40 . 2012-06-19 21:40        770384        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-19 21:40 . 2012-06-19 21:40        421200        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 09:48 . 2012-04-15 14:36        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 09:48 . 2012-01-12 22:31        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-02 22:58 . 2012-02-28 15:05        472840        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-05-15 03:56 . 2012-06-13 05:31        1197568        ----a-w-        c:\windows\system32\wininet.dll
2012-05-15 03:08 . 2012-06-13 05:31        981504        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-05-14 13:52 . 2012-01-17 20:18        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-14 13:52 . 2012-01-17 20:18        139360        ----a-w-        c:\windows\system32\drivers\avfwot.sys
2012-05-14 13:52 . 2012-01-17 20:18        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-14 13:52 . 2012-01-17 20:18        114128        ----a-w-        c:\windows\system32\drivers\avfwim.sys
2012-05-04 10:52 . 2012-06-13 05:31        5505392        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-13 05:31        3958128        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-13 05:31        3902320        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32 . 2012-06-13 05:31        208896        ----a-w-        c:\windows\system32\profsvc.dll
2012-04-28 03:50 . 2012-06-13 05:31        204800        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:34 . 2012-06-13 05:31        76288        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-04-26 05:34 . 2012-06-13 05:31        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:28 . 2012-06-13 05:31        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:59 . 2012-06-13 05:31        182272        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-04-24 05:59 . 2012-06-13 05:31        1460224        ----a-w-        c:\windows\system32\crypt32.dll
2012-04-24 05:59 . 2012-06-13 05:31        140288        ----a-w-        c:\windows\system32\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 05:31        139264        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:47 . 2012-06-13 05:31        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 05:31        1156608        ----a-w-        c:\windows\SysWow64\crypt32.dll
2012-04-20 06:22 . 2012-06-13 05:31        57856        ----a-w-        c:\windows\system32\licmgr10.dll
2012-04-20 05:05 . 2012-06-13 05:31        44544        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2012-04-20 05:00 . 2012-06-13 05:31        482816        ----a-w-        c:\windows\system32\html.iec
2012-04-20 04:15 . 2012-06-13 05:31        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2012-04-20 03:58 . 2012-06-13 05:31        386048        ----a-w-        c:\windows\SysWow64\html.iec
2012-04-20 03:24 . 2012-06-13 05:31        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((((  SnapShot@2012-07-17_10.07.02  )))))))))))))))))))))))))))))))))))))))))
.
- 2012-01-12 19:45 . 2012-07-17 09:02        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-12 19:45 . 2012-07-17 10:13        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-12 19:45 . 2012-07-17 10:13        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-12 19:45 . 2012-07-17 09:02        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-01-16 3462552]
"SimpleSYN.NET"="c:\program files (x86)\creativbox.net\SimpleSYN 2.1\CBN.SimpleSYN.NET.exe" [2011-06-21 2275696]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-07-04 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-21 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2011-02-17 124136]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-14 348624]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-07-29 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-07-29 295072]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-07-29 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-07-29 51872]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-07-29 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-07-29 270496]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
R3 SaiK0CD5;SaiK0CD5;c:\windows\system32\DRIVERS\SaiK0CD5.sys [2011-09-20 183104]
R3 SaiU0CD5;SaiU0CD5;c:\windows\system32\DRIVERS\SaiU0CD5.sys [2011-09-20 47168]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 usbkey;USB Dongle;c:\windows\system32\DRIVERS\USBKey64.sys [2012-01-16 38496]
R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-07-29 52896]
R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2012-05-14 139360]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-20 203264]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-05-14 619472]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-05-14 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-14 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-14 465360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-06-11 821792]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-12-20 148104]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-09-22 645048]
S2 WTGService;WTGService;c:\program files (x86)\Verbindungsassistent\WTGService.exe [2009-03-03 296400]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-20 6856704]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-20 264704]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2012-05-14 114128]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-07-29 28832]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-10-20 10331840]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-18 c:\windows\Tasks\Acer Registration - Data Sending task.job
- c:\program files (x86)\Acer\Registration\GREG.exe [2010-04-28 02:47]
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 09:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-12-19 18:46        22408        ----a-w-        c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-20 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-20 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-20 414744]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-13 11046504]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-13 2103912]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-07-29 594080]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-07-29 377504]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-06-11 496160]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2782096]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-01-23 432640]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-01-23 158208]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Download aller Links mit IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download mit IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: Interfaces\{7F66CAB7-3D90-4CF2-A86C-94A6431474BB}: NameServer = 130.75.1.32,130.75.1.40
FF - ProfilePath - c:\users\xxxx xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\bild4i5m.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-116830536-2991956333-4007676365-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8f,ff,7b,bf,d7,5f,b4,0b,d9,1a,03,12,1d,71,8b,a0,53,ca,0f,f4,33,
  8b,2f,75,5c,60,87,6c,1c,5b,30,b6,4d,79,52,2b,34,63,25,78,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-116830536-2991956333-4007676365-1001_Classes\Wow6432Node\CLSID\{95fef388-361b-4e2e-92ff-1fc552c6a1a3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000085
"Therad"=dword:0000001b
"MData"=hex(0):20,35,e9,2b,74,59,03,68,be,b2,5b,74,b4,62,9e,77,fc,22,df,59,02,
  94,28,03,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-17  12:24:59
ComboFix-quarantined-files.txt  2012-07-17 10:24
.
Vor Suchlauf: 15 Verzeichnis(se), 307.901.198.336 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 307.711.479.808 Bytes frei
.
- - End Of File - - BEFB51BDD65641397A468E56BAF895A5
--- --- ---


Wie geht´s weiter?

Viele Grüße,
Dirk

cosinus 18.07.2012 15:42
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

dobaliner 18.07.2012 19:47
Das GMER.log:


GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-18 18:46:45
Windows 6.1.7600 
Running: yyq9y06i.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18f46a95ca8a                     
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18f46a95ca8a (not active ControlSet) 

---- EOF - GMER 1.0.15 ----
--- --- ---


Das OSAM.log:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:57:52 on 18.07.2012

OS: Windows 7 Home Premium Edition (Build 7600), 64-bit
Default Browser: Mozilla Corporation Firefox 14.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Acer Registration - Data Sending task.job" - "Acer Incorporated" - C:\Program Files (x86)\Acer\Registration\GREG.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~3\Office14\MLCFG32.CPL
"Nero BackItUp and BurnRights" - "Nero AG" - C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BurnRights\NeroBurnRights_bb.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AvFw Packet Filter Miniport" (avfwim) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avfwim.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"IDMWFP" (IDMWFP) - "Tonec Inc." - C:\Windows\System32\DRIVERS\idmwfp.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"PSI" (PSI) - "Secunia" - C:\Windows\System32\DRIVERS\psi_mf.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -  (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~3\Office14\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\SDShelEx-win32.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{21347690-EC41-4F9A-8887-1F4AEE672439} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} "Canon Easy-WebPrint EX BHO" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{0055C089-8582-441B-A0BF-17B458C2A3A8} "IDM integration (IDMIEHlprObj Class)" - "Internet Download Manager, Tonec Inc." - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Secunia PSI Tray.lnk" - "Secunia" - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"IDMan" - "Tonec Inc." - C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
"SimpleSYN.NET" - "creativbox.net, Torsten Leithold & Georg von Kries GbR" - "C:\Program Files (x86)\creativbox.net\SimpleSYN 2.1\CBN.SimpleSYN.NET.exe"
"Steam" - "Valve Corporation" - "C:\Program Files (x86)\Steam\Steam.exe" -silent
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"ArcadeMovieService" - "CyberLink Corp." - "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"                                                                                                                                                                                         
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"CanonSolutionMenuEx" - "CANON INC." - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
"IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"LManager" - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\LManager.exe                                                                                                                                                                                                                     
"MDS_Menu" - "CyberLink Corp." - "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"                                             
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Canon BJNP Port" - "CANON INC." - C:\Windows\system32\CNMN6PPM.DLL
"HP Discovery Port Monitor (HP Deskjet 3050 J610 series)" - "Hewlett-Packard Co." - C:\Windows\system32\HPDiscoPM9311.dll
"pdfcmon" - "pdfforge GbR" - C:\Windows\system32\pdfcmon.dll
"RICOH Language Monitor2" - "RICOH CO.,Ltd." - C:\Windows\system32\rc4mon64.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
"Acer ODD Power Service" (ODDPwrSvc) - "Acer Incorporated" - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira Email Schutz" (AntiVirMailService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
"Avira FireWall" (AntiVirFirewallService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"Cisco AnyConnect VPN Agent" (vpnagent) - "Cisco Systems, Inc." - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
"Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
"Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
"Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Program Files (x86)\Secunia\PSI\sua.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
"TurboBoost" (TurboBoost) - "Intel(R) Corporation" - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
"Updater Service" (Updater Service) - "Acer Group" - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
"WTGService" (WTGService) - ? - C:\Program Files (x86)\Verbindungsassistent\WTGService.exe  (File found, but it contains no detailed information)

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - C:\Windows\System32\Acer.scr

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
und dann noch aswMBR.txt:

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-18 19:13:15
-----------------------------
19:13:15.998    OS Version: Windows x64 6.1.7600
19:13:15.998    Number of processors: 4 586 0x2505
19:13:15.998    ComputerName: xxxxxxxxx-PC  UserName: xxxx xxxxx
19:13:17.044    Initialize success
19:13:21.006    AVAST engine defs: 12071800
19:13:27.698    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:13:27.714    Disk 0 Vendor: SAMSUNG_ 2AR1 Size: 715404MB BusType: 3
19:13:27.730    Disk 0 MBR read successfully
19:13:27.730    Disk 0 MBR scan
19:13:27.745    Disk 0 Windows 7 default MBR code
19:13:27.745    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        16000 MB offset 2048
19:13:27.776    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 32770048
19:13:27.792    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      349453 MB offset 32974848
19:13:27.823    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS      349849 MB offset 748654592
19:13:27.839    Disk 0 scanning C:\Windows\system32\drivers
19:13:38.072    Service scanning
19:13:58.056    Modules scanning
19:13:58.056    Disk 0 trace - called modules:
19:13:58.087    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:13:58.087    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069c3060]
19:13:58.087    3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049a3050]
19:13:58.103    Scan finished successfully
19:14:12.720    Disk 0 MBR has been saved successfully to "C:\Users\xxxx xxxxx\Desktop\MBR.dat"
19:14:12.720    The log file has been saved successfully to "C:\Users\xxxx xxxxx\Desktop\aswMBR.txt"
Gruß
Dirk

cosinus 19.07.2012 11:11
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

dobaliner 19.07.2012 21:52
Das Malwarebyte Log:

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.19.07

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
xxxx xxxxx :: xxxxxxxxx-PC [Administrator]

19.07.2012 12:43:22
mbam-log-2012-07-19 (12-43-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 333594
Laufzeit: 31 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Das Superantispyware Log:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/19/2012 at 04:53 PM

Application Version : 5.5.1006

Core Rules Database Version : 8924
Trace Rules Database Version: 6736

Scan type      : Complete Scan
Total Scan Time : 01:17:09

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned      : 705
Memory threats detected  : 0
Registry items scanned    : 65625
Registry threats detected : 0
File items scanned        : 150239
File threats detected    : 34

Adware.Tracking Cookie
        C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\TAMP3IAE.txt [ /fastclick.net ]
        C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\MI5TGJAB.txt [ /ad.yieldmanager.com ]
        C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\5WES2EBW.txt [ /atdmt.com ]
        C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\35KCSXLE.txt [ /doubleclick.net ]
        C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\ABG74ZZF.txt [ /c.atdmt.com ]
        C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\T3YBU0K2.txt [ /msnportal.112.2o7.net ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@invitemedia[2].txt [ Cookie:xxxx xxxxx@invitemedia.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@perfectadserver[1].txt [ Cookie:xxxx xxxxx@perfectadserver.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@adx.chip[1].txt [ Cookie:xxxx xxxxx@adx.chip.de/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@www.adserver[1].txt [ Cookie:xxxx xxxxx@www.adserver.bz/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@ad.yieldmanager[2].txt [ Cookie:xxxx xxxxx@ad.yieldmanager.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@revsci[1].txt [ Cookie:xxxx xxxxx@revsci.net/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\P2D8K0VV.txt [ Cookie:xxxx xxxxx@apmebf.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@doubleclick[1].txt [ Cookie:xxxx xxxxx@doubleclick.net/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\MP2VJAUQ.txt [ Cookie:xxxx xxxxx@c.atdmt.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@adxpansion[2].txt [ Cookie:xxxx xxxxx@adxpansion.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@zedo[1].txt [ Cookie:xxxx xxxxx@zedo.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\A617VEFO.txt [ Cookie:xxxx xxxxx@overture.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@adfarm1.adition[1].txt [ Cookie:xxxx xxxxx@adfarm1.adition.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@exoclick[2].txt [ Cookie:xxxx xxxxx@exoclick.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@specificclick[1].txt [ Cookie:xxxx xxxxx@specificclick.net/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@ru4[2].txt [ Cookie:xxxx xxxxx@ru4.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@ad2.adfarm1.adition[1].txt [ Cookie:xxxx xxxxx@ad2.adfarm1.adition.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\UZQRDA07.txt [ Cookie:xxxx xxxxx@mediaplex.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@imrworldwide[2].txt [ Cookie:xxxx xxxxx@imrworldwide.com/cgi-bin ]
        C:\USERS\xxxx xxxxx\Cookies\TAMP3IAE.txt [ Cookie:xxxx xxxxx@fastclick.net/ ]
        C:\USERS\xxxx xxxxx\Cookies\MI5TGJAB.txt [ Cookie:xxxx xxxxx@ad.yieldmanager.com/ ]
        C:\USERS\xxxx xxxxx\Cookies\35KCSXLE.txt [ Cookie:xxxx xxxxx@doubleclick.net/ ]
        C:\USERS\xxxx xxxxx\Cookies\ABG74ZZF.txt [ Cookie:xxxx xxxxx@c.atdmt.com/ ]
        C:\USERS\xxxx xxxxx\Cookies\T3YBU0K2.txt [ Cookie:xxxx xxxxx@msnportal.112.2o7.net/ ]
        C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@ADS.FLING[2].TXT [ /ADS.FLING ]
        C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@ADS2.ZEUSCLICKS[1].TXT [ /ADS2.ZEUSCLICKS ]
        C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@ADS.CREATIVE-SERVING[1].TXT [ /ADS.CREATIVE-SERVING ]
        C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@AD3.ADFARM1.ADITION[1].TXT [ /AD3.ADFARM1.ADITION ]
Anscheinend nur noch ein paar cookies...(müssen die weg?)

cosinus 19.07.2012 22:23
Zitat:
UAC On - Limited User
Hm das fiel mir jetzt nicht nur bei dir auf :wtf:
Kannst du SASW per Rechtsklick als Adminstrator ausführen?

dobaliner 20.07.2012 07:55
Sorry, hier das ganze als Admin:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/20/2012 at 02:18 AM

Application Version : 5.5.1006

Core Rules Database Version : 8924
Trace Rules Database Version: 6736

Scan type      : Complete Scan
Total Scan Time : 01:18:04

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Administrator

Memory items scanned      : 704
Memory threats detected  : 0
Registry items scanned    : 65734
Registry threats detected : 0
File items scanned        : 150290
File threats detected    : 34

Adware.Tracking Cookie
        C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\TAMP3IAE.txt [ /fastclick.net ]
        C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\MI5TGJAB.txt [ /ad.yieldmanager.com ]
        C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\5WES2EBW.txt [ /atdmt.com ]
        C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\35KCSXLE.txt [ /doubleclick.net ]
        C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\ABG74ZZF.txt [ /c.atdmt.com ]
        C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\T3YBU0K2.txt [ /msnportal.112.2o7.net ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@invitemedia[2].txt [ Cookie:xxxx xxxxx@invitemedia.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@perfectadserver[1].txt [ Cookie:xxxx xxxxx@perfectadserver.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@adx.chip[1].txt [ Cookie:xxxx xxxxx@adx.chip.de/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@www.adserver[1].txt [ Cookie:xxxx xxxxx@www.adserver.bz/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@ad.yieldmanager[2].txt [ Cookie:xxxx xxxxx@ad.yieldmanager.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@revsci[1].txt [ Cookie:xxxx xxxxx@revsci.net/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\P2D8K0VV.txt [ Cookie:xxxx xxxxx@apmebf.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@doubleclick[1].txt [ Cookie:xxxx xxxxx@doubleclick.net/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\MP2VJAUQ.txt [ Cookie:xxxx xxxxx@c.atdmt.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@adxpansion[2].txt [ Cookie:xxxx xxxxx@adxpansion.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@zedo[1].txt [ Cookie:xxxx xxxxx@zedo.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\A617VEFO.txt [ Cookie:xxxx xxxxx@overture.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@adfarm1.adition[1].txt [ Cookie:xxxx xxxxx@adfarm1.adition.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@exoclick[2].txt [ Cookie:xxxx xxxxx@exoclick.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@specificclick[1].txt [ Cookie:xxxx xxxxx@specificclick.net/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@ru4[2].txt [ Cookie:xxxx xxxxx@ru4.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@ad2.adfarm1.adition[1].txt [ Cookie:xxxx xxxxx@ad2.adfarm1.adition.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\UZQRDA07.txt [ Cookie:xxxx xxxxx@mediaplex.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@imrworldwide[2].txt [ Cookie:xxxx xxxxx@imrworldwide.com/cgi-bin ]
        C:\USERS\xxxx xxxxx\Cookies\TAMP3IAE.txt [ Cookie:xxxx xxxxx@fastclick.net/ ]
        C:\USERS\xxxx xxxxx\Cookies\MI5TGJAB.txt [ Cookie:xxxx xxxxx@ad.yieldmanager.com/ ]
        C:\USERS\xxxx xxxxx\Cookies\35KCSXLE.txt [ Cookie:xxxx xxxxx@doubleclick.net/ ]
        C:\USERS\xxxx xxxxx\Cookies\ABG74ZZF.txt [ Cookie:xxxx xxxxx@c.atdmt.com/ ]
        C:\USERS\xxxx xxxxx\Cookies\T3YBU0K2.txt [ Cookie:xxxx xxxxx@msnportal.112.2o7.net/ ]
        C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@ADS.FLING[2].TXT [ /ADS.FLING ]
        C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@ADS2.ZEUSCLICKS[1].TXT [ /ADS2.ZEUSCLICKS ]
        C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@ADS.CREATIVE-SERVING[1].TXT [ /ADS.CREATIVE-SERVING ]
        C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@AD3.ADFARM1.ADITION[1].TXT [ /AD3.ADFARM1.ADITION ]

cosinus 20.07.2012 15:55
Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

dobaliner 22.07.2012 12:02
Servus,

das System läuft zurzeit einwandfrei.
Danke für die Hinweise mit den Cookies.

Hätte nochmal ne Frage zum Infektionsweg:
Hatte festgestellt, dass zum Zeitpunkt der Infektion Java und Flashplayer nicht auf dem neuesten Stand waren, das sind doch wahrscheinlich die wahrscheinlichsten Kandidaten, oder?

Flashplayer ist jetzt aktuell, Java habe ich deinstalliert (wie kann ich sicher gehen, das das wirklich komplett weg ist?)

Hast du ev. sonst noch Tips für die Zukunft?

Gruß
Dirk

cosinus 23.07.2012 14:28
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:16 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131