Trojaner Problem

Stewie · 26.03.2012, 10:32

Guten Tag.

Ich hab seit gestern abend ein problem.

Ich habe eine e-mail geöffnet (gmx virenprüfer sagte das nichts ist) und kurz darauf bekam ich nur noch fehler meldungen (fatal error, critical error usw) leider ist das alles auf englisch und ich bin da nicht so bewandert. Der Desktop ist auch komplett weg, also die symbole. Es kommt dann ein feld mit der aufforderung zur system überprüfung, was ich auch gemacht habe und nach abschluss komme ich auf eine webseite für ein programm was helfen soll, aber 50 US Doller kostet (habe ich nicht gemacht). Also in dem Feld was man dazu anklicken musste steht :

Files indexation process faild.

Indexation process failure may cause:
File may became unreadable
Files and Documents can be lost
Operation System may slow down dramatically

To prevent possible damage to this PC follow the recommendations

Recommendations:

It´s highly recommended to run file integrity checker now and resolve this issue.

Ich weis nicht ob das durch die e-mail kam oder sonst irgendwie, nur ich bin damit ziemlich überfordert

aja es geht dann auch zig mal ein fehlerfenster auf in dem steht:

"Windows delayed Write Failed"

Faild to save all the components for the file \\System32\\00001df1. This file is corrupted or unreadable. This error my be caused by a PC hardware problem.

Hab dann jetzt mit OTL einen scan gemacht, hier die auswertung:

OTL logfile created on: 26.03.2012 10:59:08 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Daniel\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,75 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 44,66% Memory free
7,68 Gb Paging File | 5,02 Gb Available in Paging File | 65,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,63 Gb Total Space | 50,14 Gb Free Space | 21,55% Space Free | Partition Type: NTFS
Drive D: | 348,89 Gb Total Space | 324,15 Gb Free Space | 92,91% Space Free | Partition Type: NTFS
Drive E: | 435,53 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.03.26 10:58:50 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Downloads\OTL.exe
PRC - [2012.03.26 00:12:35 | 000,361,984 | -H-- | M] ( ) -- C:\ProgramData\8LLKZv7qc71KTl.exe
PRC - [2012.03.26 00:04:14 | 000,453,120 | -H-- | M] ( ) -- C:\ProgramData\bYXmuYDuwsvN.exe
PRC - [2012.02.28 18:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.02.14 13:35:36 | 000,924,632 | -H-- | M] (Mozilla Corporation) -- C:\Users\Daniel\Documents\Firefox Browser\App\firefox\firefox.exe
PRC - [2012.02.14 13:35:33 | 000,016,856 | -H-- | M] (Mozilla Corporation) -- C:\Users\Daniel\Documents\Firefox Browser\App\firefox\plugin-container.exe
PRC - [2012.02.02 13:58:06 | 001,196,168 | ---- | M] (SPAMfighter) -- C:\Program Files (x86)\Fighters\SPYWAREfighter\swproTray.exe
PRC - [2012.02.02 13:26:38 | 000,666,200 | ---- | M] (Preventon Technologies Limited) -- C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe
PRC - [2012.02.02 13:26:38 | 000,204,760 | ---- | M] (Preventon Technologies Limited) -- C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe
PRC - [2012.01.23 13:40:12 | 001,324,680 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe
PRC - [2012.01.18 17:36:46 | 001,452,680 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
PRC - [2011.12.09 19:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011.12.06 12:17:56 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2011.11.09 04:21:50 | 000,178,568 | -H-- | M] (PortableApps.com) -- C:\Users\Daniel\Documents\Firefox Browser\FirefoxPortable.exe
PRC - [2011.06.28 21:57:28 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.28 08:10:59 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.04 14:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.01.05 10:18:50 | 000,133,432 | -H-- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.1\ICQ.exe
PRC - [2010.12.14 01:50:13 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010.12.14 01:50:02 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.09.10 18:35:48 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.08.03 10:44:28 | 000,858,696 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
PRC - [2010.08.03 10:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2010.03.18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.10.27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
PRC - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2009.10.07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009.07.16 15:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
PRC - [2009.07.08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
PRC - [2009.06.30 09:50:42 | 001,811,728 | ---- | M] (Logitech(c)) -- C:\Program Files (x86)\Logitech\G35\G35.exe
PRC - [2008.07.29 18:53:00 | 000,500,784 | -H-- | M] (Egis Incorporated) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.07.29 18:52:56 | 000,454,704 | -H-- | M] (Egis inc.) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
PRC - [2008.05.20 18:50:50 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008.01.21 04:49:12 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe

========== Modules (No Company Name) ==========

MOD - [2012.03.26 10:25:38 | 000,011,264 | -H-- | M] () -- C:\Users\Daniel\AppData\Local\Temp\nsn7A01.tmp\System.dll
MOD - [2012.03.26 10:25:37 | 000,029,696 | -H-- | M] () -- C:\Users\Daniel\AppData\Local\Temp\nsn7A01.tmp\registry.dll
MOD - [2012.03.26 10:25:37 | 000,008,704 | -H-- | M] () -- C:\Users\Daniel\AppData\Local\Temp\nsn7A01.tmp\newadvsplash.dll
MOD - [2012.02.14 13:35:35 | 001,911,768 | -H-- | M] () -- C:\Users\Daniel\Documents\Firefox Browser\App\firefox\mozjs.dll
MOD - [2012.01.31 16:23:47 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011.01.05 10:18:56 | 000,733,184 | -H-- | M] () -- C:\Program Files (x86)\ICQ7.1\MDb.dll
MOD - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
MOD - [2009.07.16 15:36:20 | 000,138,000 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
MOD - [2009.07.16 15:36:16 | 000,035,088 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
MOD - [2009.07.16 15:36:16 | 000,028,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
MOD - [2009.07.16 15:35:30 | 000,027,408 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\SDL.dll
MOD - [2009.07.16 15:35:20 | 000,363,792 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtXml4.dll
MOD - [2009.07.16 15:35:08 | 011,311,888 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtWebKit4.dll
MOD - [2009.07.16 15:34:56 | 000,199,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtSql4.dll
MOD - [2009.07.16 15:34:46 | 000,475,408 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtOpenGL4.dll
MOD - [2009.07.16 15:34:34 | 000,968,976 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtNetwork4.dll
MOD - [2009.07.16 15:34:22 | 007,704,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtGui4.dll
MOD - [2009.07.16 15:34:22 | 002,140,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtCore4.dll
MOD - [2009.07.16 15:34:12 | 000,291,600 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\phonon4.dll
MOD - [2008.04.28 10:49:20 | 000,003,072 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008.08.21 04:12:14 | 000,904,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2012.02.28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.02.02 13:26:38 | 000,666,200 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe -- (AV Engine Scanning Service)
SRV - [2012.02.02 13:26:38 | 000,204,760 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe -- (AV Watch Service)
SRV - [2012.01.23 13:40:12 | 001,324,680 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe -- (Suite Service)
SRV - [2011.10.12 14:29:54 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.06.28 21:57:28 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 08:10:59 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.14 01:50:13 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010.12.14 01:50:02 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.12.08 15:25:28 | 000,110,312 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009.10.27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009.10.07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe -- (McProxy)
SRV - [2008.07.29 18:53:00 | 000,500,784 | -H-- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.07.27 20:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.06.02 09:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.05.20 18:50:50 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.02.02 13:26:40 | 000,013,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avfsfilter.sys -- (AVFSFilter)
DRV:64bit: - [2011.06.28 21:57:28 | 000,123,784 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.28 21:57:28 | 000,088,288 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.03.10 13:29:30 | 000,626,208 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009.11.23 18:38:00 | 000,016,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.23 18:37:50 | 000,022,408 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.10.07 10:47:44 | 000,327,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009.10.07 08:49:28 | 006,379,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech Webcam Pro 9000(UVC)
DRV:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009.09.23 10:42:58 | 000,033,856 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.07.16 13:32:26 | 000,176,144 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2009.07.01 12:54:54 | 000,030,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009.05.28 11:07:14 | 000,376,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2009.05.28 11:07:14 | 000,061,712 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2009.04.30 22:56:34 | 000,588,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LV561V64.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV:64bit: - [2008.08.21 06:54:36 | 004,707,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008.07.29 18:53:50 | 000,060,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\psdvdisk.sys -- (psdvdisk)
DRV:64bit: - [2008.07.29 18:53:50 | 000,021,040 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSDNServ.sys -- (PSDNServ)
DRV:64bit: - [2008.07.29 18:53:48 | 000,022,064 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV:64bit: - [2008.04.28 15:25:06 | 000,016,400 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008.04.02 06:40:18 | 000,215,568 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2008.01.31 02:48:32 | 000,016,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2008.01.31 02:48:16 | 000,016,384 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.01.21 04:51:07 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2007.12.28 04:51:00 | 000,391,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2007.10.12 03:40:14 | 000,010,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\amdide64.sys -- (amdide64)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.10.29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\massfilter.sys -- (massfilter)
DRV - [2008.06.02 09:20:12 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120129131142623&tb_oid=22-11-2009&tb_mrud=29-01-2012

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66016
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.crawler.com/homepage.aspx?tbid=66016
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\ctbr.dll (Crawler.com)
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=NRO2&o=15418&src=crm&q={searchTerms}&locale=de_DE
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=66016
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120129131142623&tb_oid=22-11-2009&tb_mrud=29-01-2012
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010.04.21 01:25:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\firefox\ [2011.08.24 10:47:25 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.26 02:47:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.29 15:11:43 | 000,000,000 | ---D | M]

[2012.03.26 10:25:47 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions
[2012.01.11 04:46:09 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable
[2009.11.19 17:39:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.05.27 17:00:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\4ehn3k9y.default\extensions
[2010.05.27 17:00:34 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\4ehn3k9y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.10.14 21:05:10 | 000,000,000 | -H-D | M] (Nero Toolbar) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\4ehn3k9y.default\extensions\toolbar@ask.com
[2012.01.29 15:11:59 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\osl1cgs6.default\extensions
[2012.01.29 15:11:59 | 000,000,000 | -H-D | M] (Winamp Toolbar) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\osl1cgs6.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2012.01.26 02:47:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\osl1cgs6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.19 11:08:03 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\osl1cgs6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(397)
[2011.05.03 11:47:31 | 000,000,000 | -H-D | M] (MediaBar) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\osl1cgs6.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
[2011.05.04 11:11:03 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\osl1cgs6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.02.18 12:13:53 | 000,000,000 | -H-D | M] ("StOgame") -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\osl1cgs6.default\extensions\{4217f6d7-406e-4b66-856d-d1a373e4f41a}
[2012.01.26 02:47:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\osl1cgs6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.08.19 11:08:04 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\osl1cgs6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(398)
[2012.01.26 02:47:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\osl1cgs6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.19 11:08:11 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\osl1cgs6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(399)
[2012.01.11 04:45:52 | 000,000,000 | -H-D | M] (Searchqu Toolbar) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\osl1cgs6.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}(80)
[2010.02.18 12:01:41 | 000,000,000 | -H-D | M] (FoxGame) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\osl1cgs6.default\extensions\{b66bc4c3-6d25-4a10-8c59-01daa9063051}
[2011.11.15 22:45:34 | 000,000,000 | -H-D | M] (eType Toolbar) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\osl1cgs6.default\extensions\{BDE58274-7A2A-4682-8C47-A379DD9E36CB}
[2010.02.04 16:45:40 | 000,002,254 | -H-- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4ehn3k9y.default\searchplugins\askcom.xml
[2010.02.03 14:37:50 | 000,000,947 | -H-- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4ehn3k9y.default\searchplugins\icqplugin.xml
[2012.01.24 15:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.08.20 18:31:52 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.01.26 02:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2012.01.26 02:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.01.26 02:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.05.10 15:34:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.01.24 15:21:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.10 15:34:57 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.01.24 15:21:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2009.09.21 12:24:16 | 000,001,329 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml
[2012.01.24 15:21:25 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.02 10:09:28 | 000,002,486 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\iMeshWebSearch.xml
[2012.01.24 15:21:24 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.11 04:45:42 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012.01.24 15:21:24 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.24 15:21:24 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI371A~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media, inc)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\ctbr.dll (Crawler.com)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI371A~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ATICustomerCare] c:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\WI371A~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SWPROguard] C:\Program Files (x86)\Fighters\SPYWAREfighter\swprotray.exe (SPAMfighter)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [bYXmuYDuwsvN.exe] C:\ProgramData\bYXmuYDuwsvN.exe ( )
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Valve\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Vidalia] C:\Program Files (x86)\Vidalia\vidalia.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Crawler Search - tbr:iemenu File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/1.3/jinstall-11-win.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA8ADC0F-CA17-47F0-8461-A51055E5CD73}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tbr - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\ctbr.dll (Crawler.com)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\datamngr.dll) - C:\PROGRA~2\WI371A~1\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll) - C:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.06.14 11:09:16 | 000,000,446 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012.02.14 16:42:39 | 000,000,012 | R--- | M] () - E:\autorun.tag -- [ CDFS ]
O33 - MountPoints2\{3332bc5f-d500-11de-abe3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3332bc5f-d500-11de-abe3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe -- [2009.02.13 11:59:52 | 000,935,768 | R--- | M] (mirabyte GmbH & Co. KG)
O33 - MountPoints2\{be847021-96a6-11df-8a3b-001fe202f206}\Shell - "" = AutoRun
O33 - MountPoints2\{be847021-96a6-11df-8a3b-001fe202f206}\Shell\AutoRun\command - "" = K:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.03.26 01:02:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindowsSearch
[2012.03.26 00:29:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\clp
[2012.03.26 00:29:27 | 000,000,000 | -H-D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fighters
[2012.03.26 00:28:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Common Toolkit Suite
[2012.03.26 00:28:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Toolkit Suite
[2012.03.26 00:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fighters
[2012.03.26 00:27:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\Fighters
[2012.03.26 00:12:50 | 000,000,000 | -H-D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.19 23:24:31 | 000,000,000 | -H-D | C] -- C:\ATISupport
[2012.03.19 23:24:20 | 000,000,000 | -H-D | C] -- C:\Windows\MiniDump
[2012.03.19 23:20:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\{4E78170A-6049-4586-A083-3AECE1A687E4}
[2012.03.19 23:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\WinSysClean X2
[2012.03.19 23:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultimate Systems
[2012.03.19 17:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2 Runtime Environment
[2012.03.19 17:13:07 | 000,024,660 | ---- | C] (Sun Microsystems) -- C:\Windows\SysWow64\plugincpl.cpl
[2012.03.19 17:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JavaSoft
[2012.03.19 17:13:01 | 000,304,128 | -H-- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2012.03.19 17:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Byte
[2012.03.19 17:11:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battle Isle - Der Andosia Konflikt
[2012.03.19 17:10:54 | 000,305,664 | -H-- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[2012.03.14 18:52:54 | 000,000,000 | -H-D | C] -- C:\Users\Daniel\Desktop\Westernhagen_-_Wunschkonzert-DE-2008-PiTsPa
[2012.03.09 00:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.03.26 10:24:38 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.26 10:24:38 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.26 10:24:38 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.26 10:24:38 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.26 10:24:38 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.26 10:21:28 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Registry Reviver64-Daniel-Startup.job
[2012.03.26 10:18:49 | 000,011,385 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2012.03.26 10:18:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2012.03.26 10:18:18 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.26 10:18:18 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.26 10:18:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.26 00:40:35 | 000,000,140 | -H-- | M] () -- C:\Windows\wininit.ini
[2012.03.26 00:29:28 | 000,001,975 | -H-- | M] () -- C:\Users\Daniel\Desktop\SPYWAREfighter.lnk
[2012.03.26 00:15:04 | 000,000,440 | -H-- | M] () -- C:\ProgramData\8LLKZv7qc71KTl
[2012.03.26 00:12:52 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~8LLKZv7qc71KTl
[2012.03.26 00:12:51 | 000,000,609 | -H-- | M] () -- C:\Users\Daniel\Desktop\System Check.lnk
[2012.03.26 00:12:51 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~8LLKZv7qc71KTlr
[2012.03.26 00:12:35 | 000,361,984 | -H-- | M] ( ) -- C:\ProgramData\8LLKZv7qc71KTl.exe
[2012.03.26 00:04:14 | 000,453,120 | -H-- | M] ( ) -- C:\ProgramData\bYXmuYDuwsvN.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.03.26 00:40:35 | 000,000,140 | -H-- | C] () -- C:\Windows\wininit.ini
[2012.03.26 00:29:28 | 000,001,975 | -H-- | C] () -- C:\Users\Daniel\Desktop\SPYWAREfighter.lnk
[2012.03.26 00:12:51 | 000,000,609 | -H-- | C] () -- C:\Users\Daniel\Desktop\System Check.lnk
[2012.03.26 00:12:51 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~8LLKZv7qc71KTl
[2012.03.26 00:12:51 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~8LLKZv7qc71KTlr
[2012.03.26 00:12:48 | 000,000,440 | -H-- | C] () -- C:\ProgramData\8LLKZv7qc71KTl
[2012.03.26 00:12:35 | 000,361,984 | -H-- | C] ( ) -- C:\ProgramData\8LLKZv7qc71KTl.exe
[2012.03.26 00:07:20 | 000,453,120 | -H-- | C] ( ) -- C:\ProgramData\bYXmuYDuwsvN.exe
[2012.03.19 17:13:07 | 000,020,556 | ---- | C] () -- C:\Windows\SysWow64\ActPanel.dll
[2011.11.24 23:22:49 | 000,020,544 | ---- | C] () -- C:\Windows\SysWow64\javaw.exe
[2011.11.24 23:22:49 | 000,020,542 | ---- | C] () -- C:\Windows\SysWow64\java.exe
[2011.05.12 23:30:40 | 000,000,680 | -H-- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.12.14 01:50:01 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.05.05 03:23:19 | 000,000,268 | -H-- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.04.21 18:21:11 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP

1B5B4F1

< End of report >

Ich hoffe mir kann dabei jemand weiterhelfen.

markusg · 26.03.2012, 10:46

hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
PRC - [2012.03.26 00:12:35 | 000,361,984 | -H-- | M] ( ) -- C:\ProgramData\8LLKZv7qc71KTl.exe
PRC - [2012.03.26 00:04:14 | 000,453,120 | -H-- | M] ( ) -- C:\ProgramData\bYXmuYDuwsvN.exe
O4 - HKCU..\Run: [bYXmuYDuwsvN.exe] C:\ProgramData\bYXmuYDuwsvN.exe ( )
[2012.03.26 00:12:50 | 000,000,000 | -H-D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.26 00:15:04 | 000,000,440 | -H-- | M] () -- C:\ProgramData\8LLKZv7qc71KTl
[2012.03.26 00:12:52 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~8LLKZv7qc71KTl
[2012.03.26 00:12:51 | 000,000,609 | -H-- | M] () -- C:\Users\Daniel\Desktop\System Check.lnk
[2012.03.26 00:12:51 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~8LLKZv7qc71KTlr
[2012.03.26 00:12:35 | 000,361,984 | -H-- | M] ( ) -- C:\ProgramData\8LLKZv7qc71KTl.exe
[2012.03.26 00:04:14 | 000,453,120 | -H-- | M] ( ) -- C:\ProgramData\bYXmuYDuwsvN.exe

 :Files
C:\ProgramData\bYXmuYDuwsvN.exe
C:\ProgramData\8LLKZv7qc71KTl.exe
:Commands
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

lade unhide:
http://filepony.de/download-unhide/
doppelklicken, dateien werden sichtbar

Stewie · 26.03.2012, 11:26

ok hab ich gemacht, also bei euch hochgelden.

soll ich das was in dem ordner steht auch hier posten?

markusg · 26.03.2012, 15:29

ist io so.
unhide ausgeführt?

Stewie · 26.03.2012, 15:34

ja ist ausgeführt

markusg · 26.03.2012, 15:36

gut.

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
Tool

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

Stewie · 26.03.2012, 17:11

omboFix 12-03-26.02 - Daniel 26.03.2012 17:15:48.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3838.1684 [GMT 2:00]
ausgeführt von:: c:\users\Daniel\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: SPYWAREfighter *Disabled/Updated* {2CA2BED9-C3E1-63C9-3FCE-3527C816A7C9}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Daniel\AppData\Roaming\.#
c:\users\Daniel\AppData\Roaming\.#\MBX@3EC@28F2990.###
c:\users\Daniel\AppData\Roaming\.#\MBX@3EC@28F29C0.###
c:\users\Daniel\AppData\Roaming\.#\MBX@3EC@28F29F0.###
c:\windows\IsUn0407.exe
c:\windows\TEMP\0owdu0i0.vbt
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Nicht in der Lage zu löschen
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Nicht in der Lage zu löschen
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-26 bis 2012-03-26 ))))))))))))))))))))))))))))))
.
.
2012-03-26 15:50 . 2012-03-26 15:53 -------- d-----w- c:\users\Daniel\AppData\Local\temp
2012-03-26 15:50 . 2012-03-26 15:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-26 10:02 . 2012-03-26 10:11 -------- d-----w- C:\_OTL
2012-03-25 23:02 . 2012-03-25 23:02 -------- d--h--w- c:\programdata\WindowsSearch
2012-03-25 22:28 . 2012-03-25 22:28 -------- d-----w- c:\program files (x86)\Common Files\Common Toolkit Suite
2012-03-25 22:28 . 2012-03-25 22:29 -------- d-----w- c:\program files (x86)\Fighters
2012-03-25 22:28 . 2012-03-25 22:28 -------- d--h--w- c:\programdata\Common Toolkit Suite
2012-03-25 22:27 . 2012-03-25 22:29 -------- d--h--w- c:\programdata\Fighters
2012-03-23 08:20 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{937EB960-75D9-47AB-86DB-34FD3B7E00CC}\mpengine.dll
2012-03-19 21:24 . 2012-03-19 21:24 -------- d-----w- C:\ATISupport
2012-03-19 21:20 . 2012-03-19 21:20 -------- dc-h--w- c:\programdata\{4E78170A-6049-4586-A083-3AECE1A687E4}
2012-03-19 21:19 . 2012-03-19 21:19 -------- d-----w- c:\program files\WinSysClean X2
2012-03-19 15:13 . 2000-06-02 12:03 24660 ----a-w- c:\windows\SysWow64\plugincpl.cpl
2012-03-19 15:13 . 2000-06-02 12:02 20556 ------w- c:\windows\SysWow64\ActPanel.dll
2012-03-19 15:13 . 2012-03-19 15:13 -------- d-----w- c:\program files (x86)\JavaSoft
2012-03-19 15:13 . 1998-01-23 12:22 304128 ---ha-w- c:\windows\IsUninst.exe
2012-03-19 15:11 . 2012-03-19 15:12 -------- d-----w- c:\program files (x86)\Battle Isle - Der Andosia Konflikt
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2010-06-01 10:15 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-02 11:26 . 2012-02-02 11:26 13720 ----a-w- c:\windows\system32\drivers\avfsfilter.sys
2012-01-31 14:23 . 2012-01-31 14:23 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files (x86)\Winamp Toolbar\winamptb.dll" [2011-09-28 1937736]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-06-10 15:28 1233288 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52 121392 ---ha-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"Steam"="c:\program files (x86)\Valve\Steam\Steam.exe" [2011-08-04 1242448]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Logitech Vid"="c:\program files (x86)\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"Vidalia"="c:\program files (x86)\Vidalia\vidalia.exe" [2010-09-01 6300049]
"ICQ"="c:\program files (x86)\ICQ7.1\ICQ.exe" [2011-01-05 133432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BkupTray"="c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2008-05-02 307200]
"PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-20 204908]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2009-06-30 1811728]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"CommonToolkitTray"="c:\program files (x86)\Fighters\Tray\FightersTray.exe" [2012-01-18 1452680]
"SWPROguard"="c:\program files (x86)\Fighters\SPYWAREfighter\swprotray.exe" [2012-02-02 1196168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\WI371A~1\Datamngr\datamngr.dll c:\progra~2\WI371A~1\Datamngr\IEBHO.dll
.
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-20 269448]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:53 50736 ---ha-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-05-20 6296064]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-06-02 319488]
"eDataSecurity Loader"="c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe" [2008-07-29 561200]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\WI371A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI371A~1\Datamngr\x64\IEBHO.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=66016
mStart Page = hxxp://de.intl.acer.yahoo.com
mLocal Page = %SystemRoot%\system32\blank.htm
IE: Crawler Search - tbr:iemenu
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files (x86)\ICQ7.1\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\ctbr.dll
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\osl1cgs6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-eRecoveryService - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Battle Isle - Der Andosia Konflikt - c:\windows\IsUn0407.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-SpeedSim - c:\program files (x86)\SpeedSim\uninst.exe
AddRemove-TmNationsForever_is1 - c:\program files (x86)\TmNationsForever\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AV Engine Scanning Service]
"ImagePath"="C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AV Watch Service]
"ImagePath"="C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AV Engine Scanning Service]
"ImagePath"="C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AV Watch Service]
"ImagePath"="C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1995638736-1415422197-1724874504-1000\Software\SecuROM\License information*]
"datasecu"=hex:16,3e,28,d8,03,98,b7,e3,ab,83,44,26,e2,49,66,75,ab,79,9a,fc,47,
f4,54,6b,8e,1a,e5,8f,9a,76,7a,4e,d1,65,28,e8,c2,43,b3,24,01,4b,a0,e5,ce,33,\
"rkeysecu"=hex:8d,e2,a9,ac,8b,69,d1,44,da,79,e5,79,22,2e,62,6c
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe
c:\program files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe
c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\progra~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\McAfee\MPF\MPFSrv.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Fighters\FighterSuiteService.exe
c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDMedia.exe
c:\program files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
c:\program files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
c:\program files (x86)\Vidalia Bundle\Polipo\polipo.exe
c:\program files (x86)\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-26 18:04:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-26 16:04
.
Vor Suchlauf: 7 Verzeichnis(se), 58.861.486.080 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 63.442.165.760 Bytes frei
.
- - End Of File - - 4A34A25EC8365DE43AE903082272DC46

markusg · 26.03.2012, 20:09

malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Stewie · 26.03.2012, 22:41

Malwarebytes Anti-Malware (Test) 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.03.26.06

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 7.0.6001.18000
Daniel :: DANIEL-PC [Administrator]

Schutz: Aktiviert

26.03.2012 21:36:25
mbam-log-2012-03-26 (21-36-25).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 428076
Laufzeit: 1 Stunde(n), 23 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\_OTL\MovedFiles\03262012_120220\C_ProgramData\bYXmuYDuwsvN.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Daniel\AppData\Roaming\Help\comm.tll (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg · 27.03.2012, 09:16

hi,
hast du die e-mail noch und kannst mir den dortigen link als private nachicht senden? oder war es eine mail mit anhang?

in der mail konnte ich nichts finden, danke
tdss killer laden log posten:
http://www.trojaner-board.de/82358-t...entfernen.html

Stewie · 27.03.2012, 10:18

[InfectedObject]
Type: Service
Name: AV Watch Service
Type: n/a (0x10)
Start: Auto (0x2)
ImagePath: C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe

[InfectedFile]
Type: Raw image
Src: C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe
md5: 4fa9fffdec24c1e99ce0a1dd1434b314

[InfectedObject]
Type: Service
Name: AV Engine Scanning Service
Type: n/a (0x10)
Start: Auto (0x2)
ImagePath: C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe

[InfectedFile]
Type: Raw image
Src: C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe
md5: 38f4848f948c94f0acb1df47940c7862

11:09:47.0793 5988 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
11:09:48.0829 5988 ============================================================
11:09:48.0829 5988 Current date / time: 2012/03/27 11:09:48.0829
11:09:48.0829 5988 SystemInfo:
11:09:48.0829 5988
11:09:48.0830 5988 OS Version: 6.0.6001 ServicePack: 1.0
11:09:48.0830 5988 Product type: Workstation
11:09:48.0830 5988 ComputerName: DANIEL-PC
11:09:48.0830 5988 UserName: Daniel
11:09:48.0830 5988 Windows directory: C:\Windows
11:09:48.0830 5988 System windows directory: C:\Windows
11:09:48.0830 5988 Running under WOW64
11:09:48.0830 5988 Processor architecture: Intel x64
11:09:48.0830 5988 Number of processors: 4
11:09:48.0830 5988 Page size: 0x1000
11:09:48.0830 5988 Boot type: Normal boot
11:09:48.0830 5988 ============================================================
11:09:49.0868 5988 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:09:49.0905 5988 \Device\Harddisk0\DR0:
11:09:49.0905 5988 MBR used
11:09:49.0905 5988 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1D4C800, BlocksNum 0x1D141000
11:09:49.0905 5988 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1EE8D800, BlocksNum 0x2B9CA000
11:09:49.0961 5988 Initialize success
11:09:49.0961 5988 ============================================================
11:09:51.0971 1992 ============================================================
11:09:51.0971 1992 Scan started
11:09:51.0971 1992 Mode: Manual;
11:09:51.0971 1992 ============================================================
11:09:52.0868 1992 Acer HomeMedia Connect Service (517d30057c726c797764bfd70a55d82a) C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
11:09:52.0872 1992 Acer HomeMedia Connect Service - ok
11:09:52.0933 1992 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
11:09:52.0937 1992 ACPI - ok
11:09:52.0988 1992 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
11:09:53.0019 1992 adp94xx - ok
11:09:53.0040 1992 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
11:09:53.0058 1992 adpahci - ok
11:09:53.0083 1992 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
11:09:53.0090 1992 adpu160m - ok
11:09:53.0114 1992 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
11:09:53.0127 1992 adpu320 - ok
11:09:53.0168 1992 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
11:09:53.0169 1992 AeLookupSvc - ok
11:09:53.0199 1992 AFD (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys
11:09:53.0231 1992 AFD - ok
11:09:53.0262 1992 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
11:09:53.0269 1992 agp440 - ok
11:09:53.0301 1992 ahcix64s (f114aabfde93a8ef2b4988eb29d14306) C:\Windows\system32\drivers\ahcix64s.sys
11:09:53.0342 1992 ahcix64s - ok
11:09:53.0366 1992 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
11:09:53.0376 1992 aic78xx - ok
11:09:53.0395 1992 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
11:09:53.0396 1992 ALG - ok
11:09:53.0412 1992 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
11:09:53.0419 1992 aliide - ok
11:09:53.0434 1992 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
11:09:53.0441 1992 amdide - ok
11:09:53.0487 1992 amdide64 (d52a2e98c5eeff88ced28793b6b04d84) C:\Windows\system32\DRIVERS\amdide64.sys
11:09:53.0492 1992 amdide64 - ok
11:09:53.0551 1992 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
11:09:53.0561 1992 AmdK8 - ok
11:09:53.0632 1992 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11:09:53.0645 1992 AntiVirSchedulerService - ok
11:09:53.0672 1992 AntiVirService (72d90e56563165984224493069c69ed4) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11:09:53.0675 1992 AntiVirService - ok
11:09:53.0708 1992 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
11:09:53.0709 1992 Appinfo - ok
11:09:53.0739 1992 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
11:09:53.0751 1992 arc - ok
11:09:53.0781 1992 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
11:09:53.0793 1992 arcsas - ok
11:09:53.0814 1992 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
11:09:53.0820 1992 AsyncMac - ok
11:09:53.0834 1992 atapi (62bd869afa2bf2e30f9d3ff428c87d5c) C:\Windows\system32\drivers\atapi.sys
11:09:53.0835 1992 atapi - ok
11:09:53.0888 1992 Ati External Event Utility (aacb4e6173ef832dd76b2833b8035395) C:\Windows\system32\Ati2evxx.exe
11:09:53.0898 1992 Ati External Event Utility - ok
11:09:54.0016 1992 atikmdag (6d88ada1d1ebd75e075ae167408a425c) C:\Windows\system32\DRIVERS\atikmdag.sys
11:09:54.0108 1992 atikmdag - ok
11:09:54.0143 1992 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys
11:09:54.0150 1992 AtiPcie - ok
11:09:54.0177 1992 AudioEndpointBuilder (2a54b6a48ab6d2166271b05e9469326e) C:\Windows\System32\Audiosrv.dll
11:09:54.0192 1992 AudioEndpointBuilder - ok
11:09:54.0209 1992 AudioSrv (2a54b6a48ab6d2166271b05e9469326e) C:\Windows\System32\Audiosrv.dll
11:09:54.0214 1992 AudioSrv - ok
11:09:54.0304 1992 AV Engine Scanning Service (38f4848f948c94f0acb1df47940c7862) C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe
11:09:54.0314 1992 AV Engine Scanning Service ( Rootkit.Win32.PMax.gen ) - infected
11:09:54.0314 1992 AV Engine Scanning Service - detected Rootkit.Win32.PMax.gen (0)
11:09:54.0338 1992 AV Watch Service (4fa9fffdec24c1e99ce0a1dd1434b314) C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe
11:09:54.0340 1992 AV Watch Service ( Rootkit.Win32.PMax.gen ) - infected
11:09:54.0340 1992 AV Watch Service - detected Rootkit.Win32.PMax.gen (0)
11:09:54.0381 1992 AVFSFilter (7c9eb330a6eb7b6abfa7b0593899e2de) C:\Windows\system32\DRIVERS\avfsfilter.sys
11:09:54.0387 1992 AVFSFilter - ok
11:09:54.0412 1992 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
11:09:54.0422 1992 avgntflt - ok
11:09:54.0437 1992 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
11:09:54.0448 1992 avipbb - ok
11:09:54.0473 1992 Beep - ok
11:09:54.0512 1992 BFE (bc4737aaffa5964e4f8827c9b8c0eb8e) C:\Windows\System32\bfe.dll
11:09:54.0528 1992 BFE - ok
11:09:54.0579 1992 BITS (d896a0d43f8ab81ecb1fc6c24decfd58) C:\Windows\system32\qmgr.dll
11:09:54.0603 1992 BITS - ok
11:09:54.0629 1992 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
11:09:54.0637 1992 blbdrive - ok
11:09:54.0678 1992 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
11:09:54.0687 1992 bowser - ok
11:09:54.0710 1992 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
11:09:54.0715 1992 BrFiltLo - ok
11:09:54.0729 1992 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
11:09:54.0734 1992 BrFiltUp - ok
11:09:54.0751 1992 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
11:09:54.0753 1992 Browser - ok
11:09:54.0770 1992 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
11:09:54.0780 1992 Brserid - ok
11:09:54.0795 1992 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
11:09:54.0803 1992 BrSerWdm - ok
11:09:54.0817 1992 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
11:09:54.0823 1992 BrUsbMdm - ok
11:09:54.0839 1992 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
11:09:54.0845 1992 BrUsbSer - ok
11:09:54.0865 1992 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
11:09:54.0873 1992 BTHMODEM - ok
11:09:54.0909 1992 BUNAgentSvc (09e6affae6c0e9158bf05c7d08d0107a) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
11:09:54.0916 1992 BUNAgentSvc - ok
11:09:54.0929 1992 catchme - ok
11:09:54.0954 1992 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
11:09:54.0962 1992 cdfs - ok
11:09:54.0977 1992 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
11:09:54.0987 1992 cdrom - ok
11:09:55.0013 1992 CertPropSvc (edfffc8b6afb609bf33dbe0a900426b6) C:\Windows\System32\certprop.dll
11:09:55.0014 1992 CertPropSvc - ok
11:09:55.0033 1992 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
11:09:55.0043 1992 circlass - ok
11:09:55.0057 1992 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys
11:09:55.0075 1992 CLFS - ok
11:09:55.0132 1992 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:09:55.0145 1992 clr_optimization_v2.0.50727_32 - ok
11:09:55.0176 1992 clr_optimization_v2.0.50727_64 (fa58b51ed71c9133e141164eaa7c54eb) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:09:55.0187 1992 clr_optimization_v2.0.50727_64 - ok
11:09:55.0229 1992 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:09:55.0231 1992 clr_optimization_v4.0.30319_32 - ok
11:09:55.0269 1992 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:09:55.0271 1992 clr_optimization_v4.0.30319_64 - ok
11:09:55.0290 1992 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
11:09:55.0297 1992 cmdide - ok
11:09:55.0313 1992 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
11:09:55.0320 1992 Compbatt - ok
11:09:55.0331 1992 COMSysApp - ok
11:09:55.0353 1992 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
11:09:55.0361 1992 crcdisk - ok
11:09:55.0386 1992 CryptSvc (4374f784121d8b3bb466b03f5e5ebd33) C:\Windows\system32\cryptsvc.dll
11:09:55.0389 1992 CryptSvc - ok
11:09:55.0424 1992 DcomLaunch (52cdade8289ff21f1f2215ff51a5f36c) C:\Windows\system32\rpcss.dll
11:09:55.0430 1992 DcomLaunch - ok
11:09:55.0461 1992 DfsC (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys
11:09:55.0469 1992 DfsC - ok
11:09:55.0556 1992 DFSR (1781f99840979ee7b126c9073c377fd0) C:\Windows\system32\DFSR.exe
11:09:55.0615 1992 DFSR - ok
11:09:55.0650 1992 Dhcp (fdaa0edfcfb70cd529589ad654651b40) C:\Windows\System32\dhcpcsvc.dll
11:09:55.0653 1992 Dhcp - ok
11:09:55.0681 1992 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
11:09:55.0688 1992 disk - ok
11:09:55.0718 1992 Dnscache (daf05293c1264e251d3a25e7e24b2ddf) C:\Windows\System32\dnsrslvr.dll
11:09:55.0720 1992 Dnscache - ok
11:09:55.0740 1992 dot3svc (cc661867677627f2911c2a4970dee0f1) C:\Windows\System32\dot3svc.dll
11:09:55.0756 1992 dot3svc - ok
11:09:55.0772 1992 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
11:09:55.0775 1992 DPS - ok
11:09:55.0809 1992 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
11:09:55.0813 1992 drmkaud - ok
11:09:55.0852 1992 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
11:09:55.0869 1992 DXGKrnl - ok
11:09:55.0906 1992 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
11:09:55.0917 1992 E1G60 - ok
11:09:55.0940 1992 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
11:09:55.0942 1992 EapHost - ok
11:09:55.0970 1992 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
11:09:55.0993 1992 Ecache - ok
11:09:56.0064 1992 eDataSecurity Service (b1f2503e23425b386df0f3413b2596f3) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
11:09:56.0084 1992 eDataSecurity Service - ok
11:09:56.0110 1992 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
11:09:56.0141 1992 ehRecvr - ok
11:09:56.0157 1992 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
11:09:56.0172 1992 ehSched - ok
11:09:56.0187 1992 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
11:09:56.0188 1992 ehstart - ok
11:09:56.0220 1992 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
11:09:56.0249 1992 elxstor - ok
11:09:56.0284 1992 EMDMgmt (e4eb76d0a8fc43db7f36302e1f33791f) C:\Windows\system32\emdmgmt.dll
11:09:56.0301 1992 EMDMgmt - ok
11:09:56.0319 1992 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
11:09:56.0325 1992 ErrDev - ok
11:09:56.0366 1992 ETService (27d2754314d12eb27d81d462fd0d86c0) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
11:09:56.0370 1992 ETService - ok
11:09:56.0438 1992 EventSystem (6b1a97bf9fefbdc83f3c7c7d0f826c66) C:\Windows\system32\es.dll
11:09:56.0471 1992 EventSystem - ok
11:09:56.0504 1992 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
11:09:56.0521 1992 exfat - ok
11:09:56.0542 1992 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
11:09:56.0558 1992 fastfat - ok
11:09:56.0575 1992 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
11:09:56.0581 1992 fdc - ok
11:09:56.0596 1992 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
11:09:56.0598 1992 fdPHost - ok
11:09:56.0612 1992 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
11:09:56.0614 1992 FDResPub - ok
11:09:56.0633 1992 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
11:09:56.0634 1992 FileInfo - ok
11:09:56.0656 1992 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
11:09:56.0663 1992 Filetrace - ok
11:09:56.0677 1992 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
11:09:56.0683 1992 flpydisk - ok
11:09:56.0698 1992 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
11:09:56.0715 1992 FltMgr - ok
11:09:56.0769 1992 FontCache3.0.0.0 (73d0f1d32edae3dcc4e84468bf910add) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:09:56.0778 1992 FontCache3.0.0.0 - ok
11:09:56.0787 1992 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
11:09:56.0791 1992 Fs_Rec - ok
11:09:56.0814 1992 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
11:09:56.0823 1992 gagp30kx - ok
11:09:56.0863 1992 gpsvc (9e5b254d58232ec8921ec3c5a94c81ed) C:\Windows\System32\gpsvc.dll
11:09:56.0895 1992 gpsvc - ok
11:09:56.0919 1992 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
11:09:56.0926 1992 hamachi - ok
11:09:57.0046 1992 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
11:09:57.0127 1992 Hamachi2Svc - ok
11:09:57.0161 1992 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
11:09:57.0184 1992 HdAudAddService - ok
11:09:57.0204 1992 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:09:57.0205 1992 HDAudBus - ok
11:09:57.0219 1992 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
11:09:57.0226 1992 HidBth - ok
11:09:57.0245 1992 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
11:09:57.0251 1992 HidIr - ok
11:09:57.0276 1992 hidserv (0aa154538544e988429da2d5aa803a6c) C:\Windows\System32\hidserv.dll
11:09:57.0278 1992 hidserv - ok
11:09:57.0303 1992 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
11:09:57.0308 1992 HidUsb - ok
11:09:57.0329 1992 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
11:09:57.0331 1992 hkmsvc - ok
11:09:57.0361 1992 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
11:09:57.0371 1992 HpCISSs - ok
11:09:57.0398 1992 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
11:09:57.0434 1992 HTTP - ok
11:09:57.0450 1992 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
11:09:57.0459 1992 i2omp - ok
11:09:57.0492 1992 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
11:09:57.0501 1992 i8042prt - ok
11:09:57.0522 1992 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
11:09:57.0538 1992 iaStorV - ok
11:09:57.0617 1992 ICQ Service (848edebb3c1d6fec50e09eda95c21e84) C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
11:09:57.0634 1992 ICQ Service - ok
11:09:57.0712 1992 idsvc (76ea63cdb2d88dae7209691d089bef1d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:09:57.0758 1992 idsvc - ok
11:09:57.0785 1992 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
11:09:57.0791 1992 iirsp - ok
11:09:57.0826 1992 IKEEXT (3a3b232140c33376e134e7b61a0eaa44) C:\Windows\System32\ikeext.dll
11:09:57.0833 1992 IKEEXT - ok
11:09:57.0876 1992 int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys
11:09:57.0881 1992 int15 - ok
11:09:57.0927 1992 IntcAzAudAddService (ffc65872f4b0a1075b2ab16c676a4aec) C:\Windows\system32\drivers\RTKVHD64.sys
11:09:58.0002 1992 IntcAzAudAddService - ok
11:09:58.0031 1992 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
11:09:58.0039 1992 intelide - ok
11:09:58.0061 1992 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
11:09:58.0070 1992 intelppm - ok
11:09:58.0092 1992 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
11:09:58.0095 1992 IPBusEnum - ok
11:09:58.0117 1992 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:09:58.0126 1992 IpFilterDriver - ok
11:09:58.0153 1992 iphlpsvc (3a0427f35e7f8c16bbc5b1be32b8de76) C:\Windows\System32\iphlpsvc.dll
11:09:58.0157 1992 iphlpsvc - ok
11:09:58.0166 1992 IpInIp - ok
11:09:58.0202 1992 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
11:09:58.0214 1992 IPMIDRV - ok
11:09:58.0233 1992 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
11:09:58.0243 1992 IPNAT - ok
11:09:58.0268 1992 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
11:09:58.0274 1992 IRENUM - ok
11:09:58.0311 1992 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
11:09:58.0319 1992 isapnp - ok
11:09:58.0338 1992 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
11:09:58.0340 1992 iScsiPrt - ok
11:09:58.0361 1992 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
11:09:58.0373 1992 iteatapi - ok
11:09:58.0397 1992 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
11:09:58.0405 1992 iteraid - ok
11:09:58.0437 1992 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
11:09:58.0450 1992 kbdclass - ok
11:09:58.0463 1992 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
11:09:58.0469 1992 kbdhid - ok
11:09:58.0494 1992 KeyIso (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
11:09:58.0496 1992 KeyIso - ok
11:09:58.0528 1992 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
11:09:58.0564 1992 KSecDD - ok
11:09:58.0582 1992 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
11:09:58.0588 1992 ksthunk - ok
11:09:58.0622 1992 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
11:09:58.0638 1992 KtmRm - ok
11:09:58.0673 1992 LADF_DHP2 (883e2bc3e28458f17b02df95ce46c4d6) C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys
11:09:58.0683 1992 LADF_DHP2 - ok
11:09:58.0711 1992 LADF_SBVM (b012b0402856eefe7e9527b4086a1388) C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys
11:09:58.0731 1992 LADF_SBVM - ok
11:09:58.0778 1992 LanmanServer (3f27c9cdae606d74431e3ab39571a7f3) C:\Windows\System32\srvsvc.dll
11:09:58.0782 1992 LanmanServer - ok
11:09:58.0811 1992 LanmanWorkstation (6e25ffc6fead6544c6e9f1d23329570c) C:\Windows\System32\wkssvc.dll
11:09:58.0816 1992 LanmanWorkstation - ok
11:09:58.0843 1992 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
11:09:58.0850 1992 LGBusEnum - ok
11:09:58.0878 1992 LGPBTDD (f705a641c18df31b48b5dbda94b425e4) C:\Windows\system32\Drivers\LGPBTDD.sys
11:09:58.0885 1992 LGPBTDD - ok
11:09:58.0898 1992 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
11:09:58.0899 1992 LGVirHid - ok
11:09:58.0965 1992 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
11:09:58.0975 1992 LightScribeService - ok
11:09:59.0004 1992 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
11:09:59.0013 1992 lltdio - ok
11:09:59.0051 1992 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
11:09:59.0068 1992 lltdsvc - ok
11:09:59.0085 1992 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
11:09:59.0087 1992 lmhosts - ok
11:09:59.0111 1992 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
11:09:59.0122 1992 LSI_FC - ok
11:09:59.0142 1992 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
11:09:59.0153 1992 LSI_SAS - ok
11:09:59.0182 1992 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
11:09:59.0192 1992 LSI_SCSI - ok
11:09:59.0204 1992 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
11:09:59.0215 1992 luafv - ok
11:09:59.0255 1992 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
11:09:59.0263 1992 LVPr2M64 - ok
11:09:59.0268 1992 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
11:09:59.0269 1992 LVPr2Mon - ok
11:09:59.0310 1992 LVPrcS64 (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
11:09:59.0312 1992 LVPrcS64 - ok
11:09:59.0345 1992 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
11:09:59.0365 1992 LVRS64 - ok
11:09:59.0510 1992 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
11:09:59.0672 1992 LVUVC64 - ok
11:09:59.0689 1992 massfilter - ok
11:09:59.0718 1992 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
11:09:59.0725 1992 MBAMProtector - ok
11:09:59.0784 1992 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:09:59.0792 1992 MBAMService - ok
11:09:59.0852 1992 McAfee SiteAdvisor Service (f8040a47a0e447f96144a8d3e1170119) C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
11:09:59.0865 1992 McAfee SiteAdvisor Service - ok
11:09:59.0901 1992 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
11:09:59.0904 1992 McComponentHostService - ok
11:09:59.0961 1992 McProxy (c85968d24449e37653b891b03188140c) c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
11:09:59.0965 1992 McProxy - ok
11:10:00.0015 1992 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
11:10:00.0026 1992 Mcx2Svc - ok
11:10:00.0065 1992 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
11:10:00.0074 1992 megasas - ok
11:10:00.0104 1992 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
11:10:00.0129 1992 MegaSR - ok
11:10:00.0151 1992 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
11:10:00.0154 1992 MMCSS - ok
11:10:00.0168 1992 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
11:10:00.0175 1992 Modem - ok
11:10:00.0199 1992 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
11:10:00.0201 1992 monitor - ok
11:10:00.0221 1992 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
11:10:00.0230 1992 mouclass - ok
11:10:00.0257 1992 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
11:10:00.0263 1992 mouhid - ok
11:10:00.0279 1992 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
11:10:00.0289 1992 MountMgr - ok
11:10:00.0318 1992 MPFP (ae2e68527013eb4f761eccc630f7f1a3) C:\Windows\system32\Drivers\Mpfp.sys
11:10:00.0329 1992 MPFP - ok
11:10:00.0382 1992 MpfService (db4d0dfe069e995b3f45ce4623abfdd9) C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
11:10:00.0408 1992 MpfService - ok
11:10:00.0437 1992 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
11:10:00.0452 1992 mpio - ok
11:10:00.0473 1992 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
11:10:00.0483 1992 mpsdrv - ok
11:10:00.0512 1992 MpsSvc (8a670648c755867a3aa38da50ba569aa) C:\Windows\system32\mpssvc.dll
11:10:00.0530 1992 MpsSvc - ok
11:10:00.0551 1992 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
11:10:00.0557 1992 Mraid35x - ok
11:10:00.0580 1992 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
11:10:00.0591 1992 MRxDAV - ok
11:10:00.0622 1992 mrxsmb (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:10:00.0630 1992 mrxsmb - ok
11:10:00.0663 1992 mrxsmb10 (9a797e27fd28500ee13d43000c931435) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:10:00.0687 1992 mrxsmb10 - ok
11:10:00.0699 1992 mrxsmb20 (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:10:00.0709 1992 mrxsmb20 - ok
11:10:00.0721 1992 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
11:10:00.0727 1992 msahci - ok
11:10:00.0745 1992 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
11:10:00.0756 1992 msdsm - ok
11:10:00.0776 1992 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
11:10:00.0784 1992 MSDTC - ok
11:10:00.0811 1992 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
11:10:00.0817 1992 Msfs - ok
11:10:00.0838 1992 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
11:10:00.0846 1992 msisadrv - ok
11:10:00.0873 1992 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
11:10:00.0883 1992 MSiSCSI - ok
11:10:00.0891 1992 msiserver - ok
11:10:00.0911 1992 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
11:10:00.0916 1992 MSKSSRV - ok
11:10:00.0948 1992 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
11:10:00.0952 1992 MSPCLOCK - ok
11:10:00.0967 1992 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
11:10:00.0971 1992 MSPQM - ok
11:10:00.0998 1992 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
11:10:01.0012 1992 MsRPC - ok
11:10:01.0032 1992 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
11:10:01.0033 1992 mssmbios - ok
11:10:01.0070 1992 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
11:10:01.0075 1992 MSTEE - ok
11:10:01.0086 1992 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
11:10:01.0097 1992 Mup - ok
11:10:01.0131 1992 napagent (c25022cdd18980846973b598900915f8) C:\Windows\system32\qagentRT.dll
11:10:01.0148 1992 napagent - ok
11:10:01.0191 1992 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
11:10:01.0202 1992 NativeWifiP - ok
11:10:01.0244 1992 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys
11:10:01.0260 1992 NDIS - ok
11:10:01.0280 1992 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
11:10:01.0286 1992 NdisTapi - ok
11:10:01.0306 1992 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
11:10:01.0312 1992 Ndisuio - ok
11:10:01.0329 1992 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
11:10:01.0340 1992 NdisWan - ok
11:10:01.0356 1992 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
11:10:01.0364 1992 NDProxy - ok
11:10:01.0382 1992 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
11:10:01.0389 1992 NetBIOS - ok
11:10:01.0412 1992 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
11:10:01.0437 1992 netbt - ok
11:10:01.0460 1992 Netlogon (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
11:10:01.0462 1992 Netlogon - ok
11:10:01.0563 1992 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
11:10:01.0579 1992 Netman - ok
11:10:01.0607 1992 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
11:10:01.0616 1992 netprofm - ok
11:10:01.0782 1992 NetTcpPortSharing (b84613b469b98e09f50a748c1d02e132) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:10:01.0845 1992 NetTcpPortSharing - ok
11:10:02.0036 1992 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
11:10:02.0095 1992 nfrd960 - ok
11:10:02.0150 1992 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
11:10:02.0155 1992 NlaSvc - ok
11:10:02.0194 1992 NMSAccess (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
11:10:02.0204 1992 NMSAccess - ok
11:10:02.0218 1992 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
11:10:02.0226 1992 Npfs - ok
11:10:02.0247 1992 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
11:10:02.0249 1992 nsi - ok
11:10:02.0273 1992 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
11:10:02.0279 1992 nsiproxy - ok
11:10:02.0336 1992 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
11:10:02.0398 1992 Ntfs - ok
11:10:02.0420 1992 NTIBackupSvc (a2b6583a5652a385dff5e4f49ad48761) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
11:10:02.0421 1992 NTIBackupSvc - ok
11:10:02.0441 1992 NTIDrvr (7d397449aaf52b0e7c79b64f6ad4473e) C:\Windows\system32\Drivers\NTIDrvr.sys
11:10:02.0446 1992 NTIDrvr - ok
11:10:02.0452 1992 NTISchedulerSvc (40b87fe8a1a9a5ac9e5a91d96f212bcd) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
11:10:02.0454 1992 NTISchedulerSvc - ok
11:10:02.0464 1992 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
11:10:02.0468 1992 Null - ok
11:10:02.0490 1992 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
11:10:02.0501 1992 nvraid - ok
11:10:02.0517 1992 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
11:10:02.0526 1992 nvstor - ok
11:10:02.0541 1992 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
11:10:02.0554 1992 nv_agp - ok
11:10:02.0563 1992 NwlnkFlt - ok
11:10:02.0574 1992 NwlnkFwd - ok
11:10:02.0660 1992 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:10:02.0746 1992 odserv - ok
11:10:02.0777 1992 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
11:10:02.0778 1992 ohci1394 - ok
11:10:02.0799 1992 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:10:02.0813 1992 ose - ok
11:10:02.0862 1992 p2pimsvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
11:10:02.0887 1992 p2pimsvc - ok
11:10:02.0910 1992 p2psvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
11:10:02.0921 1992 p2psvc - ok
11:10:02.0938 1992 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
11:10:02.0948 1992 Parport - ok
11:10:02.0965 1992 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
11:10:02.0978 1992 partmgr - ok
11:10:02.0996 1992 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
11:10:02.0999 1992 PcaSvc - ok
11:10:03.0027 1992 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
11:10:03.0030 1992 pci - ok
11:10:03.0069 1992 pciide (4423e6d4d20c5d9ae27608bbe55347f7) C:\Windows\system32\drivers\pciide.sys
11:10:03.0076 1992 pciide - ok
11:10:03.0098 1992 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
11:10:03.0122 1992 pcmcia - ok
11:10:03.0215 1992 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
11:10:03.0254 1992 PEAUTH - ok
11:10:03.0317 1992 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
11:10:03.0320 1992 PerfHost - ok
11:10:03.0378 1992 PID_0928 (b47dee29b5e6e1939567a926c7a3e6a4) C:\Windows\system32\DRIVERS\LV561V64.SYS
11:10:03.0409 1992 PID_0928 - ok
11:10:03.0459 1992 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
11:10:03.0492 1992 pla - ok
11:10:03.0526 1992 PlugPlay (5aaa0c5534b05ed49919fcd9dbd11a5b) C:\Windows\system32\umpnpmgr.dll
11:10:03.0534 1992 PlugPlay - ok
11:10:03.0551 1992 PnkBstrA - ok
11:10:03.0564 1992 PnkBstrB - ok
11:10:03.0604 1992 PNRPAutoReg (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
11:10:03.0615 1992 PNRPAutoReg - ok
11:10:03.0637 1992 PNRPsvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
11:10:03.0648 1992 PNRPsvc - ok
11:10:03.0676 1992 PolicyAgent (eef3688d5e9592cbbbed00de71dda1ef) C:\Windows\System32\ipsecsvc.dll
11:10:03.0692 1992 PolicyAgent - ok
11:10:03.0716 1992 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
11:10:03.0726 1992 PptpMiniport - ok
11:10:03.0746 1992 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
11:10:03.0747 1992 Processor - ok
11:10:03.0771 1992 ProfSvc (b21fe10dad3ab59e78df7aa3fbf41e70) C:\Windows\system32\profsvc.dll
11:10:03.0776 1992 ProfSvc - ok
11:10:03.0794 1992 ProtectedStorage (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
11:10:03.0796 1992 ProtectedStorage - ok
11:10:03.0814 1992 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
11:10:03.0825 1992 PSched - ok
11:10:03.0850 1992 PSDFilter (2cfd31d41cde75328acaeee2d4f4b836) C:\Windows\system32\DRIVERS\psdfilter.sys
11:10:03.0858 1992 PSDFilter - ok
11:10:03.0888 1992 PSDNServ (51a585f999672d8bb07f22ae12b40846) C:\Windows\system32\drivers\PSDNServ.sys
11:10:03.0895 1992 PSDNServ - ok
11:10:03.0911 1992 psdvdisk (db50d3f5c31b1a848b04f7f2a6ff2709) C:\Windows\system32\drivers\psdvdisk.sys
11:10:03.0920 1992 psdvdisk - ok
11:10:03.0967 1992 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
11:10:04.0025 1992 ql2300 - ok
11:10:04.0047 1992 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
11:10:04.0059 1992 ql40xx - ok
11:10:04.0085 1992 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
11:10:04.0093 1992 QWAVE - ok
11:10:04.0112 1992 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
11:10:04.0120 1992 QWAVEdrv - ok
11:10:04.0134 1992 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
11:10:04.0139 1992 RasAcd - ok
11:10:04.0169 1992 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
11:10:04.0173 1992 RasAuto - ok
11:10:04.0193 1992 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:10:04.0203 1992 Rasl2tp - ok
11:10:04.0225 1992 RasMan (2a63d46b01685fd4be9778ca3c231c2d) C:\Windows\System32\rasmans.dll
11:10:04.0251 1992 RasMan - ok
11:10:04.0273 1992 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
11:10:04.0280 1992 RasPppoe - ok
11:10:04.0292 1992 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
11:10:04.0301 1992 RasSstp - ok
11:10:04.0320 1992 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
11:10:04.0344 1992 rdbss - ok
11:10:04.0363 1992 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:10:04.0367 1992 RDPCDD - ok
11:10:04.0400 1992 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
11:10:04.0417 1992 rdpdr - ok
11:10:04.0428 1992 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
11:10:04.0433 1992 RDPENCDD - ok
11:10:04.0456 1992 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
11:10:04.0473 1992 RDPWD - ok
11:10:04.0504 1992 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
11:10:04.0506 1992 RemoteAccess - ok
11:10:04.0527 1992 RemoteRegistry (416c611369cbe49074b89cee2f83abef) C:\Windows\system32\regsvc.dll
11:10:04.0544 1992 RemoteRegistry - ok
11:10:04.0587 1992 RichVideo (a035a7bf5132682f53f1e7b955690ce7) C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
11:10:04.0602 1992 RichVideo - ok
11:10:04.0628 1992 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
11:10:04.0630 1992 RpcLocator - ok
11:10:04.0668 1992 RpcSs (52cdade8289ff21f1f2215ff51a5f36c) C:\Windows\system32\rpcss.dll
11:10:04.0678 1992 RpcSs - ok
11:10:04.0697 1992 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
11:10:04.0706 1992 rspndr - ok
11:10:04.0750 1992 RTL8192su (9da68896221b558b6ec71d1aaca9336a) C:\Windows\system32\DRIVERS\RTL8192su.sys
11:10:04.0784 1992 RTL8192su - ok
11:10:04.0810 1992 SamSs (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
11:10:04.0812 1992 SamSs - ok
11:10:04.0835 1992 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
11:10:04.0846 1992 sbp2port - ok
11:10:04.0881 1992 SCardSvr (f024d560fea06f8b56d673849eb89ae6) C:\Windows\System32\SCardSvr.dll
11:10:04.0885 1992 SCardSvr - ok
11:10:05.0006 1992 Schedule (ce75d26e0a1106129f4d156851e298ed) C:\Windows\system32\schedsvc.dll
11:10:05.0021 1992 Schedule - ok
11:10:05.0046 1992 SCPolicySvc (edfffc8b6afb609bf33dbe0a900426b6) C:\Windows\System32\certprop.dll
11:10:05.0047 1992 SCPolicySvc - ok
11:10:05.0076 1992 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
11:10:05.0081 1992 SDRSVC - ok
11:10:05.0098 1992 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:10:05.0104 1992 secdrv - ok
11:10:05.0118 1992 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
11:10:05.0120 1992 seclogon - ok
11:10:05.0134 1992 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
11:10:05.0136 1992 SENS - ok
11:10:05.0149 1992 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
11:10:05.0153 1992 Serenum - ok
11:10:05.0173 1992 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
11:10:05.0182 1992 Serial - ok
11:10:05.0198 1992 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
11:10:05.0203 1992 sermouse - ok
11:10:05.0229 1992 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
11:10:05.0231 1992 SessionEnv - ok
11:10:05.0253 1992 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
11:10:05.0257 1992 sffdisk - ok
11:10:05.0271 1992 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
11:10:05.0276 1992 sffp_mmc - ok
11:10:05.0294 1992 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
11:10:05.0297 1992 sffp_sd - ok
11:10:05.0314 1992 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
11:10:05.0318 1992 sfloppy - ok
11:10:05.0354 1992 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
11:10:05.0358 1992 SharedAccess - ok
11:10:05.0398 1992 ShellHWDetection (9235ec680d3db17464b39c7c7decb4dd) C:\Windows\System32\shsvcs.dll
11:10:05.0401 1992 ShellHWDetection - ok
11:10:05.0416 1992 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
11:10:05.0426 1992 SiSRaid2 - ok
11:10:05.0444 1992 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
11:10:05.0454 1992 SiSRaid4 - ok
11:10:05.0518 1992 slsvc (a301d2cefb4747dfe0c24425dcbe0b78) C:\Windows\system32\SLsvc.exe
11:10:05.0544 1992 slsvc - ok
11:10:05.0566 1992 SLUINotify (f5ddf7c0af85eb72cb295171f8c3cb35) C:\Windows\system32\SLUINotify.dll
11:10:05.0577 1992 SLUINotify - ok
11:10:05.0597 1992 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
11:10:05.0606 1992 Smb - ok
11:10:05.0631 1992 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
11:10:05.0634 1992 SNMPTRAP - ok
11:10:05.0648 1992 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
11:10:05.0656 1992 spldr - ok
11:10:05.0691 1992 Spooler (92e6738d25c2123be9515c0eac0776cd) C:\Windows\System32\spoolsv.exe
11:10:05.0697 1992 Spooler - ok
11:10:05.0728 1992 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
11:10:05.0759 1992 srv - ok
11:10:05.0787 1992 srv2 (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys
11:10:05.0798 1992 srv2 - ok
11:10:05.0828 1992 srvnet (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys
11:10:05.0837 1992 srvnet - ok
11:10:05.0856 1992 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
11:10:05.0859 1992 SSDPSRV - ok
11:10:05.0892 1992 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
11:10:05.0894 1992 SstpSvc - ok
11:10:05.0921 1992 StarOpen (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
11:10:05.0925 1992 StarOpen - ok
11:10:05.0980 1992 Steam Client Service - ok
11:10:06.0012 1992 stisvc (f14f7d7d68a66777fb999d5d0f21138d) C:\Windows\System32\wiaservc.dll
11:10:06.0026 1992 stisvc - ok
11:10:06.0103 1992 Suite Service (a7e21e907c39fab021ced41296fc8019) C:\Program Files (x86)\Fighters\FighterSuiteService.exe
11:10:06.0134 1992 Suite Service - ok
11:10:06.0144 1992 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
11:10:06.0149 1992 swenum - ok
11:10:06.0172 1992 swprv (da34d6eb4a3154c0bebaeb0a2483ef3e) C:\Windows\System32\swprv.dll
11:10:06.0180 1992 swprv - ok
11:10:06.0201 1992 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
11:10:06.0209 1992 Symc8xx - ok
11:10:06.0224 1992 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
11:10:06.0230 1992 Sym_hi - ok
11:10:06.0252 1992 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
11:10:06.0257 1992 Sym_u3 - ok
11:10:06.0284 1992 SysMain (bea0d5521ed21df8f6ffeed86daede7b) C:\Windows\system32\sysmain.dll
11:10:06.0318 1992 SysMain - ok
11:10:06.0343 1992 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
11:10:06.0345 1992 TabletInputService - ok
11:10:06.0361 1992 TapiSrv (52091001caf20ae84cf47023ee21b4bb) C:\Windows\System32\tapisrv.dll
11:10:06.0365 1992 TapiSrv - ok
11:10:06.0381 1992 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
11:10:06.0383 1992 TBS - ok
11:10:06.0433 1992 Tcpip (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys
11:10:06.0484 1992 Tcpip - ok
11:10:06.0511 1992 Tcpip6 (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys
11:10:06.0519 1992 Tcpip6 - ok
11:10:06.0530 1992 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
11:10:06.0536 1992 tcpipreg - ok
11:10:06.0550 1992 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
11:10:06.0554 1992 TDPIPE - ok
11:10:06.0573 1992 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
11:10:06.0578 1992 TDTCP - ok
11:10:06.0594 1992 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
11:10:06.0601 1992 tdx - ok
11:10:06.0644 1992 TeamViewer5 (d91cb8a2d5a0f60e53eb7a0b0bc2e0f0) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
11:10:06.0659 1992 TeamViewer5 - ok
11:10:06.0677 1992 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
11:10:06.0687 1992 TermDD - ok
11:10:06.0712 1992 TermService (f870a5589d6a94b426efb13689023946) C:\Windows\System32\termsrv.dll
11:10:06.0728 1992 TermService - ok
11:10:06.0757 1992 Themes (9235ec680d3db17464b39c7c7decb4dd) C:\Windows\system32\shsvcs.dll
11:10:06.0763 1992 Themes - ok
11:10:06.0784 1992 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
11:10:06.0787 1992 THREADORDER - ok
11:10:06.0812 1992 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
11:10:06.0816 1992 TrkWks - ok
11:10:06.0838 1992 TrustedInstaller (ac6ff1df22ed90bad6417ee5a4c6e2f0) C:\Windows\servicing\TrustedInstaller.exe
11:10:06.0840 1992 TrustedInstaller - ok
11:10:06.0863 1992 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:10:06.0869 1992 tssecsrv - ok
11:10:06.0900 1992 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
11:10:06.0906 1992 tunmp - ok
11:10:06.0934 1992 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
11:10:06.0940 1992 tunnel - ok
11:10:06.0961 1992 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
11:10:06.0971 1992 uagp35 - ok
11:10:06.0998 1992 UBHelper (00c8ce31657624a125fdb90efd554371) C:\Windows\system32\drivers\UBHelper.sys
11:10:07.0004 1992 UBHelper - ok
11:10:07.0061 1992 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
11:10:07.0141 1992 udfs - ok
11:10:07.0175 1992 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
11:10:07.0179 1992 UI0Detect - ok
11:10:07.0195 1992 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
11:10:07.0205 1992 uliagpkx - ok
11:10:07.0232 1992 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
11:10:07.0248 1992 uliahci - ok
11:10:07.0274 1992 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
11:10:07.0286 1992 UlSata - ok
11:10:07.0321 1992 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
11:10:07.0330 1992 ulsata2 - ok
11:10:07.0352 1992 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
11:10:07.0359 1992 umbus - ok
11:10:07.0379 1992 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
11:10:07.0395 1992 upnphost - ok
11:10:07.0423 1992 usbaudio (c899fb269be4740dbe2801b204cd71d4) C:\Windows\system32\drivers\usbaudio.sys
11:10:07.0432 1992 usbaudio - ok
11:10:07.0471 1992 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
11:10:07.0480 1992 usbccgp - ok
11:10:07.0498 1992 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
11:10:07.0511 1992 usbcir - ok
11:10:07.0530 1992 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys
11:10:07.0536 1992 usbehci - ok
11:10:07.0577 1992 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys
11:10:07.0593 1992 usbhub - ok
11:10:07.0611 1992 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys
11:10:07.0615 1992 usbohci - ok
11:10:07.0637 1992 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
11:10:07.0641 1992 usbprint - ok
11:10:07.0660 1992 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
11:10:07.0668 1992 usbscan - ok
11:10:07.0703 1992 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:10:07.0712 1992 USBSTOR - ok
11:10:07.0726 1992 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
11:10:07.0731 1992 usbuhci - ok
11:10:07.0765 1992 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
11:10:07.0773 1992 usbvideo - ok
11:10:07.0804 1992 UxSms (9190f03c82547afa87367f1ceca88f3b) C:\Windows\System32\uxsms.dll
11:10:07.0806 1992 UxSms - ok
11:10:07.0833 1992 vds (c15a4a550cba7b9f1f68b72528e04ce1) C:\Windows\System32\vds.exe
11:10:07.0848 1992 vds - ok
11:10:07.0873 1992 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
11:10:07.0880 1992 vga - ok
11:10:07.0891 1992 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
11:10:07.0898 1992 VgaSave - ok
11:10:07.0914 1992 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
11:10:07.0922 1992 viaide - ok
11:10:07.0951 1992 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
11:10:07.0962 1992 volmgr - ok
11:10:07.0983 1992 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
11:10:08.0013 1992 volmgrx - ok
11:10:08.0039 1992 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
11:10:08.0058 1992 volsnap - ok
11:10:08.0080 1992 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
11:10:08.0092 1992 vsmraid - ok
11:10:08.0130 1992 VSS (186bd53f8a408ad20f5a056c05678629) C:\Windows\system32\vssvc.exe
11:10:08.0178 1992 VSS - ok
11:10:08.0198 1992 W32Time (ba29f34a61cb55c0dee29e787542edf4) C:\Windows\system32\w32time.dll
11:10:08.0202 1992 W32Time - ok
11:10:08.0222 1992 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
11:10:08.0226 1992 WacomPen - ok
11:10:08.0240 1992 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
11:10:08.0250 1992 Wanarp - ok
11:10:08.0255 1992 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
11:10:08.0256 1992 Wanarpv6 - ok
11:10:08.0280 1992 wcncsvc (055449247c490e24b968b44fe8a969eb) C:\Windows\System32\wcncsvc.dll
11:10:08.0297 1992 wcncsvc - ok
11:10:08.0326 1992 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
11:10:08.0328 1992 WcsPlugInService - ok
11:10:08.0344 1992 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
11:10:08.0349 1992 Wd - ok
11:10:08.0377 1992 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
11:10:08.0410 1992 Wdf01000 - ok
11:10:08.0428 1992 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
11:10:08.0432 1992 WdiServiceHost - ok
11:10:08.0438 1992 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
11:10:08.0440 1992 WdiSystemHost - ok
11:10:08.0462 1992 WebClient (3d4ab55f8178fd0cd3ca45cd0ec9cf5b) C:\Windows\System32\webclnt.dll
11:10:08.0467 1992 WebClient - ok
11:10:08.0492 1992 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
11:10:08.0495 1992 Wecsvc - ok
11:10:08.0510 1992 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
11:10:08.0514 1992 wercplsupport - ok
11:10:08.0533 1992 WerSvc (fc25242b3bcaf7e84d9184082274ae08) C:\Windows\System32\WerSvc.dll
11:10:08.0535 1992 WerSvc - ok
11:10:08.0556 1992 WinDefend - ok
11:10:08.0567 1992 WinHttpAutoProxySvc - ok
11:10:08.0600 1992 Winmgmt (ac98f38feab066a8f983d54ff3f4fd4c) C:\Windows\system32\wbem\WMIsvc.dll
11:10:08.0616 1992 Winmgmt - ok
11:10:08.0668 1992 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
11:10:08.0701 1992 WinRM - ok
11:10:08.0742 1992 Wlansvc (0a69955261c1b54206adc9beb89517de) C:\Windows\System32\wlansvc.dll
11:10:08.0758 1992 Wlansvc - ok
11:10:08.0846 1992 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:10:08.0860 1992 wlidsvc - ok
11:10:08.0892 1992 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:10:08.0893 1992 WmiAcpi - ok
11:10:08.0920 1992 wmiApSrv (d303322dd577c3deda1251ed2e7a496c) C:\Windows\system32\wbem\WmiApSrv.exe
11:10:08.0929 1992 wmiApSrv - ok
11:10:08.0956 1992 WMPNetworkSvc - ok
11:10:08.0981 1992 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
11:10:08.0986 1992 WPCSvc - ok
11:10:09.0001 1992 WPDBusEnum (a27c8f92d84e2ddc151978e4692c978e) C:\Windows\system32\wpdbusenum.dll
11:10:09.0003 1992 WPDBusEnum - ok
11:10:09.0100 1992 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:10:09.0144 1992 WPFFontCache_v0400 - ok
11:10:09.0179 1992 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
11:10:09.0185 1992 ws2ifsl - ok
11:10:09.0196 1992 wscsvc (cb8ea6d95949384925ccfca21cc6dfd8) C:\Windows\system32\wscsvc.dll
11:10:09.0201 1992 wscsvc - ok
11:10:09.0211 1992 WSearch - ok
11:10:09.0288 1992 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
11:10:09.0338 1992 wuauserv - ok
11:10:09.0392 1992 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:10:09.0402 1992 WUDFRd - ok
11:10:09.0417 1992 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
11:10:09.0421 1992 wudfsvc - ok
11:10:09.0445 1992 yukonx64 (2ae06b41b36549fabf0886b2af89a599) C:\Windows\system32\DRIVERS\yk60x64.sys
11:10:09.0462 1992 yukonx64 - ok
11:10:09.0482 1992 ZTEusbmdm6k - ok
11:10:09.0497 1992 ZTEusbser6k - ok
11:10:09.0526 1992 MBR (0x1B8) (ef932eaa6ef4c94e66a7f6ceec7eb422) \Device\Harddisk0\DR0
11:10:12.0774 1992 \Device\Harddisk0\DR0 - ok
11:10:12.0795 1992 Boot (0x1200) (2347fc409c94f9d1c9567c24011f1a09) \Device\Harddisk0\DR0\Partition0
11:10:12.0797 1992 \Device\Harddisk0\DR0\Partition0 - ok
11:10:12.0818 1992 Boot (0x1200) (6012cdea6047713764f5c876f21e2e12) \Device\Harddisk0\DR0\Partition1
11:10:12.0819 1992 \Device\Harddisk0\DR0\Partition1 - ok
11:10:12.0820 1992 ============================================================
11:10:12.0820 1992 Scan finished
11:10:12.0820 1992 ============================================================
11:10:12.0834 0856 Detected object count: 2
11:10:12.0834 0856 Actual detected object count: 2
11:10:24.0009 0856 C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe - copied to quarantine
11:10:24.0012 0856 HKLM\SYSTEM\ControlSet001\services\AV Engine Scanning Service - will be deleted on reboot
11:10:24.0044 0856 HKLM\SYSTEM\ControlSet002\services\AV Engine Scanning Service - will be deleted on reboot
11:10:24.0224 0856 C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe - will be deleted on reboot
11:10:24.0224 0856 AV Engine Scanning Service ( Rootkit.Win32.PMax.gen ) - User select action: Delete
11:10:24.0318 0856 C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe - copied to quarantine
11:10:24.0321 0856 HKLM\SYSTEM\ControlSet001\services\AV Watch Service - will be deleted on reboot
11:10:24.0331 0856 HKLM\SYSTEM\ControlSet002\services\AV Watch Service - will be deleted on reboot
11:10:24.0337 0856 C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe - will be deleted on reboot
11:10:24.0337 0856 AV Watch Service ( Rootkit.Win32.PMax.gen ) - User select action: Delete
11:10:31.0705 6108 Deinitialize success

Also ich hab soweit bisher alles gemacht, die meisten fehlermeldungen bleiben auch aus. Der Desktop ist noch nicht wieder vollständig hergestellt, allerdings hab ich ein neues icon, schaut aus wie des windows fenster und nennt sich "system check"! wenn ich drauf klicke beginnt eine system überprüfung (wie ganz am anfang) wo ich dann später auf eine seite weitergeleitet werde wo man die 50 us doller zahlen soll. allerdings spring sofort das anti malware an und sagt fremdzugriff abgewehrt....

markusg · 27.03.2012, 17:59

nutzt du den pc für onlinebanking einkäufe, sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches?

Stewie · 27.03.2012, 21:32

Das hab ich bis vor ca 1 jahr noch gemacht, der letzte online einkauf war september/dezember letzten jahres

markusg · 28.03.2012, 10:12

laut tdss killer hast du ein rootkit, dieses system ist also nicht mehr vertrauenswürdig.
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:

deaktiviere Autorun: http://www.trojaner-board.de/83238-a...sschalten.html
dann sichere Daten auf einen externen Datenträger (USB-Platte): http://www.trojaner-board.de/82533-d...ted-magic.html
Bider, Dokumente, Musik, Videos (persönliches) http://www.trojaner-board.de/71715-k...iendungen.html

2. Formatieren, Windows neuinstallieren:

nutzt du eine Windows CD: http://www.trojaner-board.de/51262-a...sicherung.html
Recovery CD oder Recovery Partition?
falls dies ein Fertig-PC ist, nenne Hersteller + Typ.
Keine Windows 7 DVD? http://www.trojaner-board.de/100776-...-download.html

3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

26.03.2012, 15:29	#4
markusg /// Malware-holic	Trojaner Problem ist io so. unhide ausgeführt? __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Trojaner Problem

Log-Analyse und Auswertung: Trojaner Problem