Sirefef und weitere auf Win7 64-bit

poldikater · 09.06.2012, 18:17

Die .dll Datei kann ich nicht in das Virustool hochladen, weil es von diesem nicht gesehen wird (?!) - ich sehs auf meiner Festplatte, aknns aber vom Virustool aus nicht aufrufen - siehe dazu die 2 screenshots im Anhang.
Die .exe scheint bös zu sein - hier der Link:
https://www.virustotal.com/file/6df94b7fa33f1b87142adc39b3db0613fc520d9e7a5fd6a5301dd7f51f8d0386/analysis/1339261736/

SystemLook:

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 19:14 on 09/06/2012 by sandra
Administrator - Elevation successful

========== folderfind ==========

Searching for "{ce099c72-c4e1-bfe6-1767-79315802bb67}"
C:\FRST\Quarantine\{ce099c72-c4e1-bfe6-1767-79315802bb67}	d--hs--	[17:23 11/01/2012]

========== regfind ==========

Searching for "{ce099c72-c4e1-bfe6-1767-79315802bb67}"
No data found.

-= EOF =-

Larusso · 09.06.2012, 18:27

Danke.

Hattest du mal sowas wie Parental Control installiert ? Ich finde zu der Datei keine Informationen.

Edit
Ich hab im Skript was ausgebessert. Bitte, wenn noch nicht getan, dass aktuelle nehmen !!!

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, dass kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com - ForoSpyware.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die

+ R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

ATTFilter

http://www.trojaner-board.de/116862-sirefef-win7-64-bit-2.html#post843084

Collect::
c:\users\sandra\AppData\Roaming\Microsoft\6CEE\995u.exe
c:\users\sandra\AppData\Roaming\Microsoft\6CEE\995.exe

Folder::
c:\users\sandra\AppData\Roaming\Microsoft\6CEE

FCopy::
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe | c:\windows\system32\services.exe

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:52444

FireFox::
FF - ProfilePath - c:\users\sandra\AppData\Roaming\Mozilla\Firefox\Profiles\4krip5g8.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.id - e016886c000000000000deaf78303f35
FF - user.js: extensions.BabylonToolbar_i.hardId - e016886c000000000000deaf78303f35
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15428
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:39
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111015
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

DirLook::
c:\users\sandra\AppData\Local

FileLook::
C:\Windows\System32\pouazns6k.dll
c:\windows\system32\DRIVERS\pjdcoemi.sys
c:\windows\system32\DRIVERS\totrsdiy.sys

Speichere dies als CFScript.txt auf deinem Desktop.
Wichtig:

Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern. Danach wieder anstellen nicht vergessen!
Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
Schließe alle laufenden Programme. Gehe sicher, dass ComboFix ungehindert arbeiten kann.
Mache nichts am PC solange ComboFix läuft.

In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.

poldikater · 09.06.2012, 20:04

Hallo,
bevor ich den MSE deaktiviert hab, gab es nochmal Meldungen über div. Sirefef-Versionen.

ich hab combofix mit dem editierten script ausgeführt.

Das logfile ist zu groß zum Posten und auch zu groß für den Anhang (716KB), winrar und 7zip geben eine Fehlermeldung aus, dass das file nicht gezippt werden kann ...jetzt bin ich ratlos

LG

Larusso · 09.06.2012, 20:19

Lade die Logfiles bitte bei File-Upload.net und poste die mir den Downloadlink.

poldikater · 09.06.2012, 20:45

File-Upload.net - ComboFix.txt
hxxp://www.file-upload.net/download-4431576/ComboFix.txt.html

Larusso · 10.06.2012, 04:03

Die OTL.txt fehlt noch

Nebenbei, wie läuft der Rechner ?

poldikater · 10.06.2012, 06:31

Oh sorry - überlesen.
Der Rechner läuft gut, das war aber eh nie ein Problem, trotz Infektion.

Hier das fehlende logfile:

Code:

ATTFilter

OTL logfile created on: 10.06.2012 07:16:47 - Run 2
OTL by OldTimer - Version 3.2.47.0     Folder = C:\Users\sandra\Documents\tools
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,85 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 54,49% Memory free
7,71 Gb Paging File | 5,87 Gb Available in Paging File | 76,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,66 Gb Total Space | 357,82 Gb Free Space | 79,40% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 26,92 Gb Free Space | 11,56% Space Free | Partition Type: NTFS
 
Computer Name: NOTEBOOK_SP | User Name: sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.09 12:12:10 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.06.08 17:30:31 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\sandra\Documents\tools\OTL.exe
PRC - [2012.01.19 13:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.01.19 13:47:18 | 011,171,712 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012.01.19 13:26:18 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\SecuniaPSI\PSIA.exe
PRC - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\SecuniaPSI\sua.exe
PRC - [2011.10.14 08:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\SecuniaPSI\psi_tray.exe
PRC - [2011.03.14 13:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011.03.14 13:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011.03.14 13:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011.03.14 13:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011.02.22 10:02:16 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011.02.22 10:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011.02.15 20:36:10 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011.02.15 20:35:34 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011.01.31 22:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.12.20 12:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.20 12:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.10 09:59:50 | 000,140,616 | ---- | M] (Neuber Software - www.neuber.com) -- C:\Program Files (x86)\Security Task Manager\SpyProtector.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.09 12:12:10 | 002,000,352 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.10.05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2011.06.22 12:46:12 | 000,434,016 | ---- | M] () -- C:\PROGRA~2\MICROS~4\Office12\ADDINS\UMOUTL~1.DLL
MOD - [2011.02.22 10:01:38 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011.02.22 10:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011.02.15 20:37:10 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
MOD - [2009.02.26 14:46:56 | 000,064,344 | ---- | M] () -- C:\PROGRA~2\MICROS~4\Office12\ADDINS\COLLEA~1.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.06.02 16:08:01 | 000,354,304 | ---- | M] (Parental Solutions Inc.) [Auto | Running] -- C:\Windows\SysNative\pouazns6k.dll -- (Dnscache)
SRV - [2012.06.09 12:12:10 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.30 15:59:36 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.01.19 13:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.12.06 20:21:57 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\SysWOW64\UpdSvc.dll -- (Update-Service)
SRV - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\SecuniaPSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\SecuniaPSI\sua.exe -- (Secunia Update Agent)
SRV - [2011.07.08 11:12:36 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.03.14 13:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011.02.22 21:00:46 | 000,873,064 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2011.02.15 20:36:10 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011.01.31 22:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2011.01.20 18:23:22 | 000,076,448 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2010.12.20 12:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.12.20 12:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 23:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.16 00:24:40 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2012.02.16 00:24:38 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.12.19 14:45:22 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.08.01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.07.28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 06:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011.03.10 06:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011.01.25 05:48:02 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.01.20 18:23:52 | 000,279,200 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011.01.20 18:23:52 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.01.20 18:23:52 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011.01.20 18:23:50 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011.01.20 18:23:50 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.01.20 18:23:50 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011.01.20 18:23:50 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.12.23 03:44:20 | 012,260,000 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.12.17 03:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.09 12:26:46 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.11.05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.29 16:19:20 | 000,326,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010.10.19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,;Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,;Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=111015&mntrId=e016886c000000000000deaf78303f35
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=111015&mntrId=e016886c000000000000deaf78303f35
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searc}
IE - HKCU\..\SearchScopes\{86A91538-3C04-4F21-9016-4BCC68AB26E7}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "hxxp://www.google.com/search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/ig"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES (X86)\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.09 12:12:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.03.29 15:39:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sandra\AppData\Roaming\mozilla\Extensions
[2012.06.05 20:51:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sandra\AppData\Roaming\mozilla\Firefox\Profiles\4krip5g8.default\extensions
[2011.12.09 18:10:55 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\sandra\AppData\Roaming\mozilla\Firefox\Profiles\4krip5g8.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012.04.20 17:22:22 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\sandra\AppData\Roaming\mozilla\Firefox\Profiles\4krip5g8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.09.27 16:16:34 | 000,005,551 | ---- | M] () -- C:\Users\sandra\AppData\Roaming\Mozilla\Firefox\Profiles\4krip5g8.default\searchplugins\google-maps.xml
[2011.09.27 16:17:00 | 000,002,467 | ---- | M] () -- C:\Users\sandra\AppData\Roaming\Mozilla\Firefox\Profiles\4krip5g8.default\searchplugins\googleat.xml
[2011.09.27 16:16:16 | 000,004,140 | ---- | M] () -- C:\Users\sandra\AppData\Roaming\Mozilla\Firefox\Profiles\4krip5g8.default\searchplugins\youtube.xml
[2012.03.02 22:25:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.09 12:12:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012.01.06 10:55:47 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4KRIP5G8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.05.04 22:21:54 | 000,047,822 | ---- | M] () (No name found) -- C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4KRIP5G8.DEFAULT\EXTENSIONS\BROWSERPROTECT@BROWSERPROTECT.COM.XPI
[2011.09.25 19:32:00 | 000,330,316 | ---- | M] () (No name found) -- C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4KRIP5G8.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2012.03.24 21:53:52 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4KRIP5G8.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2011.09.25 19:32:01 | 000,011,510 | ---- | M] () (No name found) -- C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4KRIP5G8.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2012.06.09 12:12:10 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.12 10:40:14 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.29 15:39:11 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.03.12 10:40:14 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.12 10:40:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.12 10:40:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.12 10:40:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.12 10:40:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.06.09 20:44:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Plugin for Media Finder) - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\sandra\AppData\Roaming\Media Finder\Extensions\IEPlugin64.dll (Media Finder)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Spy Protector] C:\Program Files (x86)\Security Task Manager\SpyProtector.exe (Neuber Software - www.neuber.com)
O4 - Startup: C:\Users\sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Programme\Rainmeter\Rainmeter.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000011 [] - C:\Windows\SysWOW64\UDDI8peno.dll (IMS, Inc.)
O15 - HKCU\..Trusted Domains: secunia.com ([]https in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.237.176.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B681534-F07C-4B01-9D26-9C6A9C5F12E9}: DhcpNameServer = 80.237.176.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65D86AF2-0420-4498-B99A-8F80EA61D48A}: DhcpNameServer = 192.168.43.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.10 02:19:00 | 000,000,000 | ---D | C] -- C:\FRST
[2012.06.09 20:49:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.06.09 20:00:53 | 004,539,936 | R--- | C] (Swearware) -- C:\Users\sandra\Desktop\ComboFix.exe
[2012.06.09 18:43:00 | 000,000,000 | ---D | C] -- C:\Users\sandra\Documents\tools
[2012.06.09 18:08:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.06.09 18:08:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.06.09 18:08:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.06.09 18:07:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.06.09 18:07:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.06.09 12:15:39 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.06.07 21:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012.06.07 19:43:01 | 000,000,000 | ---D | C] -- C:\Users\sandra\AppData\Roaming\ImgBurn
[2012.06.07 19:32:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2012.06.07 19:30:03 | 000,000,000 | ---D | C] -- C:\Users\sandra\AppData\Roaming\Malwarebytes
[2012.06.07 19:29:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.07 19:06:25 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.06.07 18:37:44 | 000,000,000 | ---D | C] -- C:\Users\sandra\AppData\Local\ElevatedDiagnostics
[2012.06.07 18:25:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012.06.07 18:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.06.07 18:15:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[2012.06.05 18:34:30 | 000,000,000 | ---D | C] -- C:\Users\sandra\AppData\Roaming\TOMI3
[2012.06.05 18:33:50 | 000,000,000 | ---D | C] -- C:\Users\sandra\AppData\Roaming\Persha Studia
[2012.06.05 18:32:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Dying for Daylight
[2012.06.03 11:46:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1049
[2012.06.02 16:08:01 | 000,354,304 | ---- | C] (Parental Solutions Inc.) -- C:\Windows\SysNative\pouazns6k.dll
[2012.05.19 12:12:35 | 000,000,000 | ---D | C] -- C:\Users\sandra\Desktop\tmp
[2012.05.15 18:41:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1093
[2012.05.12 03:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.12 03:01:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.05.06 13:26:41 | 000,167,936 | ---- | C] (www.ipauly.com) -- C:\Program Files (x86)\BOOTICE_0.9.EXE
[2011.12.06 20:03:10 | 000,658,944 | ---- | C] (Coder for Life) -- C:\Program Files (x86)\Win7BootUpdater.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.10 06:42:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.09 22:18:37 | 000,001,701 | ---- | M] () -- C:\Users\sandra\Desktop\SecretsOfTheDark2_EclipseMountain_CE.exe - Verknüpfung.lnk
[2012.06.09 21:05:24 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.09 21:05:24 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.09 21:02:29 | 001,627,732 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.09 21:02:29 | 000,702,508 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.09 21:02:29 | 000,657,180 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.09 21:02:29 | 000,150,172 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.09 21:02:29 | 000,122,952 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.09 20:58:09 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2012.06.09 20:58:01 | 3103,838,208 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.09 20:44:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.06.09 20:05:32 | 004,539,936 | R--- | M] (Swearware) -- C:\Users\sandra\Desktop\ComboFix.exe
[2012.06.09 19:29:33 | 000,004,096 | -H-- | M] () -- C:\Users\sandra\AppData\Local\keyfile3.drm
[2012.06.08 18:53:25 | 000,002,006 | ---- | M] () -- C:\Users\sandra\Desktop\Rite of Passage - The Perfect Show Collector's Edition.lnk
[2012.06.08 17:26:33 | 000,000,000 | ---- | M] () -- C:\Users\sandra\defogger_reenable
[2012.06.07 21:21:22 | 002,125,824 | ---- | M] () -- C:\Users\sandra\s-1-5-21-3302248352-1844511566-3404724950-1000.rrr
[2012.06.07 20:08:31 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012.06.07 18:25:38 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.06.07 18:25:12 | 001,650,254 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.02 16:08:01 | 000,354,304 | ---- | M] (Parental Solutions Inc.) -- C:\Windows\SysNative\pouazns6k.dll
[2012.05.17 15:21:37 | 000,461,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.09 22:18:37 | 000,001,701 | ---- | C] () -- C:\Users\sandra\Desktop\SecretsOfTheDark2_EclipseMountain_CE.exe - Verknüpfung.lnk
[2012.06.09 19:29:33 | 000,004,096 | -H-- | C] () -- C:\Users\sandra\AppData\Local\keyfile3.drm
[2012.06.09 18:08:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.06.09 18:08:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.06.09 18:08:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.06.09 18:08:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.06.09 18:08:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.06.08 18:53:25 | 000,002,006 | ---- | C] () -- C:\Users\sandra\Desktop\Rite of Passage - The Perfect Show Collector's Edition.lnk
[2012.06.08 17:26:33 | 000,000,000 | ---- | C] () -- C:\Users\sandra\defogger_reenable
[2012.05.17 15:21:24 | 000,461,552 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.23 18:24:43 | 000,860,667 | ---- | C] () -- C:\Users\sandra\AppData\Local\census.cache
[2012.03.23 18:23:57 | 000,097,634 | ---- | C] () -- C:\Users\sandra\AppData\Local\ars.cache
[2012.02.25 23:29:21 | 000,000,036 | ---- | C] () -- C:\Users\sandra\AppData\Local\housecall.guid.cache
[2012.02.16 20:09:44 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012.02.15 04:00:51 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\mshhtmled.dll
[2012.02.13 17:23:56 | 000,000,059 | ---- | C] () -- C:\ProgramData\user.ini
[2012.02.13 17:18:01 | 000,001,892 | ---- | C] () -- C:\Windows\wininit.ini
[2011.12.27 11:37:47 | 000,018,944 | ---- | C] () -- C:\Windows\eraser.exe
[2011.12.06 21:00:37 | 001,650,254 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.06 19:40:26 | 000,000,017 | ---- | C] () -- C:\Users\sandra\AppData\Local\resmon.resmoncfg
[2011.11.29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.05.09 11:37:10 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.05.09 11:36:21 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.05.09 11:36:20 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.05.09 11:36:19 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2010.11.21 05:25:09 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\mobssync.exe
[2010.11.21 05:24:24 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\RMActivate_sssp.exe
[2010.11.21 05:24:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\fttp.exe
[2010.11.21 05:24:02 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\cscaapi.dll
[2010.11.21 05:24:00 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\mssinfo32.exe
 
========== LOP Check ==========
 
[2012.03.11 20:20:56 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\AckiSoft
[2012.01.24 20:36:04 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Amazon
[2011.12.27 11:23:38 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Artisteer
[2012.05.22 22:22:40 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Audacity
[2012.03.03 21:03:27 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Big Fish Games
[2012.06.09 16:10:59 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\BitTorrent
[2011.12.06 20:00:20 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\ClipboardPath
[2012.06.08 07:28:12 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\E0168
[2012.03.06 19:56:26 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\everlight
[2011.12.31 20:38:25 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Foxit Software
[2012.04.04 19:36:59 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\gtk-2.0
[2012.06.07 19:45:43 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\ImgBurn
[2012.06.09 22:22:11 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Mad Head Games
[2012.03.29 15:39:33 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Media Finder
[2012.04.21 16:42:10 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Mp3tag
[2012.06.05 18:33:50 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Persha Studia
[2012.06.07 18:16:16 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\QuickScan
[2012.03.03 23:40:53 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Rainmeter
[2012.05.17 15:13:55 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Registry Mechanic
[2011.12.06 15:21:47 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Samsung
[2012.04.07 00:57:14 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Temp
[2012.06.08 20:01:53 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\TOMI3
[2012.06.09 12:20:53 | 000,022,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 253 bytes -> C:\ProgramData\Temp:6A9CA6CB
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:F84B8DB5
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:D3A89E47
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:4F852702
@Alternate Data Stream - 198 bytes -> C:\ProgramData\Temp:28CDD861
@Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:51873282
@Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:F26F5952
@Alternate Data Stream - 177 bytes -> C:\ProgramData\Temp:2D133896
@Alternate Data Stream - 176 bytes -> C:\ProgramData\Temp:58E38390
@Alternate Data Stream - 168 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:5925E400
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:700B9342
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:9B750A13
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:A6F30843
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:C46995DA
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:5D458568
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:1D6686D8
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:EE69D7DF
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:569CEE83

< End of report >

Danke!

Larusso · 10.06.2012, 10:09

Mir scheint, weil sich die Infektion nich so wirklich eingenistet hat

Update bitte Malwarebytes und lass einen QuickScan laufen. Poste die Logfile bitte hier.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

poldikater · 10.06.2012, 17:10

MWB schaut gut aus:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.10.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
sandra :: NOTEBOOK_SP [Administrator]

Schutz: Deaktiviert

10.06.2012 17:59:59
mbam-log-2012-06-10 (17-59-59).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 211982
Laufzeit: 2 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

MSE hat vorm Abschalten auch nix mehr angezeigt.

ESET mag nicht, sagt

Zitat:

cannot get update is proxy configured

- habs gegoogelt, bin aber nicht weitergekommen - ich hab weder in FF noch in IE einen Proxy an.

VLG

Larusso · 10.06.2012, 19:59

Hast du den Scan mit dem IE oder / und FF versucht ?

Ich seh auch keinen Proxy in den Logs ( hab ich schon gekillt

)

poldikater · 10.06.2012, 20:47

Hallo Daniel,
ich habs mit beiden Browsern probiert - gleiches Ergebnis

Larusso · 11.06.2012, 06:06

Sonst irgendwelche Probleme mit dem Internet ?

Downloade dir bitte dds ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.

dds.com
dds.scr

Schließe alle laufenden Programme.
Starte DDS mit Doppelklick.
Es wird 2 Logfiles erstellen.
- dds.txt
- attach.txt
Speichere beide Logfiles auf deinem Desktop
Poste beide Logfiles hier.

poldikater · 11.06.2012, 07:41

Guten Morgen!
Keine Internetprobleme soweit...

Hier kommen die files:
DDS Logfile:

Code:

ATTFilter

DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 06.12.2011 18:24:13
System Uptime: 09.06.2012 20:57:55 (36 hours ago)
.
Motherboard: Acer |  | JE30_HR
Processor: Intel(R) Pentium(R) CPU B940 @ 2.00GHz | CPU1 | 2000/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 355,511 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 233 GiB total, 26,993 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP122: 29.05.2012 02:00:31 - Windows-Sicherung
RP123: 05.06.2012 02:00:21 - Windows-Sicherung
RP124: 05.06.2012 03:00:11 - Windows Update
RP125: 07.06.2012 17:59:45 - Made by Registry Mechanic                                       
RP126: 07.06.2012 18:02:31 - Datei in Quarantäne Ordner verschieben:  
RP127: 07.06.2012 20:11:19 - Removed Curse at Twilight - Thief of Souls Collectors Edition
RP128: 07.06.2012 20:17:15 - Removed Everlight.
RP129: 07.06.2012 20:24:33 - Removed newsXpresso
RP130: 07.06.2012 21:20:10 - Made by Registry Mechanic                                       
RP131: 08.06.2012 17:43:59 - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
Adobe Shockwave Player 11.6
Amazon MP3-Downloader 1.0.9
Apple Application Support
Apple Software Update
Artisteer 3
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Audacity 1.3.13 (Unicode)
Backup Manager V3
Big Fish Games: Game Manager
BitTorrent
clear.fi
clear.fi Client
ClipboardPath (Aktueller Benutzer)
D3DX10
Drawn 2 Dark Flight Collector's Edition [Updated]
ESET Online Scanner v3
Everlight
FinanzmanagerV8
Fotogalerija Windows Live
Foxit Reader 5.1
Free M4a to MP3 Converter 7.0
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galeria fotogràfica del Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
GIMP 2.6.12-2
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Deskjet 2050 J510 series Hilfe
Identity Card
ImgBurn
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
LAME v3.98.3 for Audacity
Launch Manager
LeechFTP 
Malwarebytes Anti-Malware Version 1.61.0.1400
MediaEspresso
Mesh Runtime
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (German) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office Language Pack 2007 - German/Deutsch
Microsoft Office Live Add-in 1.5
Microsoft Office O MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office SharePoint Designer MUI (German) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Office X MUI (German) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MightyUninstaller
Mozilla Firefox 14.0 (x86 de)
Mozilla Maintenance Service
Mp3tag v2.50
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
MyTomTom 3.2.0.700
NTI Media Maker 9
OpenAL
Phase 5 HTML-Editor
Picasa 3
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Porta
Pošta Windows Live
QuickTime
Raccolta foto di Windows Live
Rainmeter
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Registry Mechanic 10.0
Rite of Passage - The Perfect Show Collector's Edition
S?????? f?t???af??? t?? Windows Live
Samsung Kies
Secunia PSI (2.0.0.4003)
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition 
Surface - Mystery of Another World CE
swMSM
System Requirements Lab for Intel
TeamViewer 7
The Treasures of Mystery Island Ghost Ship 1.00
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio C++ 10.0 Runtime
VLC media player 2.0.1
Welcome Center
Whispered Stories Sandman 1.00
Windows Live
Windows Live ???
Windows Live ????
Windows Live Argazki Galeria
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
Witches' Legacy - The Charleston Curse CE V2
.
==== End Of File ===========================

Code:

ATTFilter

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_31
Run by sandra at 8:35:43 on 2012-06-11
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.3947.2395 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SecuniaPSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\SysWOW64\svchost.exe -k Update-Service
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Program Files (x86)\SecuniaPSI\sua.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\SecuniaPSI\psi_tray.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Security Task Manager\SpyProtector.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
c:\program files (x86)\teamviewer\version7\TeamViewer_Desktop.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
mStart Page = hxxp://acer.msn.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Spy Protector] C:\Program Files (x86)\Security Task Manager\SpyProtector.exe /autostart
mRunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\Users\sandra\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\SecuniaPSI\psi_tray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
Trusted Zone: secunia.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 80.237.176.196
TCP: Interfaces\{1B681534-F07C-4B01-9D26-9C6A9C5F12E9} : DhcpNameServer = 80.237.176.196
TCP: Interfaces\{65D86AF2-0420-4498-B99A-8F80EA61D48A} : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{65D86AF2-0420-4498-B99A-8F80EA61D48A}\E44535D274163747 : DhcpNameServer = 172.30.3.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Spy Protector] C:\Program Files (x86)\Security Task Manager\SpyProtector.exe /autostart
mRunOnce-x64: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\sandra\AppData\Roaming\Mozilla\Firefox\Profiles\4krip5g8.default\
FF - prefs.js: browser.search.selectedEngine - hxxp://www.google.com/search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\PROGRAM FILES (X86)\FOXIT READER\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\sandra\AppData\Roaming\Mozilla\Firefox\Profiles\4krip5g8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-1-20 76448]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-5-9 352336]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-7-8 873064]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-5-9 244624]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-2-15 257344]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\SecuniaPSI\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\SecuniaPSI\sua.exe [2011-10-14 399416]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-19 3027840]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-5-9 2656280]
R2 Update-Service;Update-Service;C:\Windows\System32\svchost.exe -k Update-Service [2009-7-14 20992]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 IntcDAud;Intel(R) Display-Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 253600]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-3-22 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft-Netzwerkinspektion;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-06-11 06:35:14	--------	d--h--w-	C:\Windows\PIF
2012-06-11 06:34:30	8955792	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{005DBC48-C479-416A-90AA-7FADC6B37495}\mpengine.dll
2012-06-10 16:11:31	8955792	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-10 15:56:28	--------	d-----w-	C:\Program Files (x86)\ESET
2012-06-10 15:54:41	24904	----a-w-	C:\Windows\System32\drivers\mbam.sys
2012-06-10 15:54:41	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-10 00:19:00	--------	d-----w-	C:\FRST
2012-06-09 20:22:11	--------	d-----w-	C:\Users\sandra\AppData\Roaming\Mad Head Games
2012-06-09 18:49:28	--------	d-sh--w-	C:\$RECYCLE.BIN
2012-06-09 16:24:23	8199504	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-06-09 16:24:20	8955792	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8BE9851D-E97D-473A-A257-7AECA0192ACF}\mpengine.dll
2012-06-09 16:08:32	98816	----a-w-	C:\Windows\sed.exe
2012-06-09 16:08:32	518144	----a-w-	C:\Windows\SWREG.exe
2012-06-09 16:08:32	256000	----a-w-	C:\Windows\PEV.exe
2012-06-09 16:08:32	208896	----a-w-	C:\Windows\MBR.exe
2012-06-09 12:05:05	8955792	------w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2012-06-07 19:15:05	--------	d-----w-	C:\Program Files (x86)\Emsisoft Anti-Malware
2012-06-07 17:30:03	--------	d-----w-	C:\Users\sandra\AppData\Roaming\Malwarebytes
2012-06-07 17:29:55	--------	d-----w-	C:\ProgramData\Malwarebytes
2012-06-07 17:06:25	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-06-07 16:37:44	--------	d-----w-	C:\Users\sandra\AppData\Local\ElevatedDiagnostics
2012-06-07 16:27:26	927800	------w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB015A82-0430-4127-AD9D-9E18BDCA62D2}\gapaengine.dll
2012-06-07 16:25:09	--------	d-----w-	C:\Program Files (x86)\Microsoft Security Client
2012-06-07 16:25:08	--------	d-----w-	C:\Program Files\Microsoft Security Client
2012-06-05 16:34:30	--------	d-----w-	C:\Users\sandra\AppData\Roaming\TOMI3
2012-06-05 16:33:50	--------	d-----w-	C:\Users\sandra\AppData\Roaming\Persha Studia
2012-06-05 16:32:10	--------	d-----w-	C:\ProgramData\Dying for Daylight
2012-06-03 09:46:16	--------	d-----w-	C:\Windows\SysWow64\1049
2012-06-02 14:08:01	354304	----a-w-	C:\Windows\System32\pouazns6k.dll
2012-05-15 16:41:49	--------	d-----w-	C:\Windows\SysWow64\1093
.
==================== Find3M  ====================
.
2012-05-11 14:15:34	70304	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-11 14:15:34	419488	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-06 19:05:13	466456	----a-w-	C:\Windows\System32\wrap_oal.dll
2012-05-06 19:05:13	444952	----a-w-	C:\Windows\SysWow64\wrap_oal.dll
2012-05-06 19:05:13	122904	----a-w-	C:\Windows\System32\OpenAL32.dll
2012-05-06 19:05:13	109080	----a-w-	C:\Windows\SysWow64\OpenAL32.dll
2012-05-06 11:26:43	167936	----a-w-	C:\Program Files (x86)\BOOTICE_0.9.EXE
2012-03-31 06:05:57	5559664	----a-w-	C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37	3968368	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37	3913072	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03	3146240	----a-w-	C:\Windows\System32\win32k.sys
2012-03-30 11:35:47	1918320	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2012-03-22 19:12:12	4435968	----a-w-	C:\Windows\SysWow64\GPhotos.scr
2012-03-20 18:44:12	98688	----a-w-	C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-20 18:44:12	203888	----a-w-	C:\Windows\System32\drivers\MpFilter.sys
2012-03-17 07:58:57	75120	----a-w-	C:\Windows\System32\drivers\partmgr.sys
2011-12-04 16:41:08	658944	----a-w-	C:\Program Files (x86)\Win7BootUpdater.exe
.
============= FINISH:  8:36:06,32 ===============

--- --- ---

--- --- ---

--- --- ---

Larusso · 11.06.2012, 10:35

Zitat:

Seit ein paar Tagen ist die Firewall offline und läßt sich nicht mehr aktivieren - Fehlercode 0x8007042c

Kannst du die Firewall wieder anstellen ?

poldikater · 11.06.2012, 10:51

jep - das geht schon seit gestern wieder.

09.06.2012, 20:19	#19
Larusso /// Selecta Jahrusso	Sirefef und weitere auf Win7 64-bit Lade die Logfiles bitte bei File-Upload.net und poste die mir den Downloadlink. __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

10.06.2012, 04:03	#21
Larusso /// Selecta Jahrusso	Sirefef und weitere auf Win7 64-bit Die OTL.txt fehlt noch Nebenbei, wie läuft der Rechner ? __________________ --> Sirefef und weitere auf Win7 64-bit

10.06.2012, 19:59	#25
Larusso /// Selecta Jahrusso	Sirefef und weitere auf Win7 64-bit Hast du den Scan mit dem IE oder / und FF versucht ? Ich seh auch keinen Proxy in den Logs ( hab ich schon gekillt ) __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

Sirefef und weitere auf Win7 64-bit

Plagegeister aller Art und deren Bekämpfung: Sirefef und weitere auf Win7 64-bit