Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Smart Fortress 2012-Befall (https://www.trojaner-board.de/113093-smart-fortress-2012-befall.html)

Dominik55118 03.04.2012 22:58
Smart Fortress 2012-Befall
 
Hallo,

ich habe ein kleines Problem und hoffe, dass mir jemand helfen kann. Ansonsten habe ich bald ein größeres Problem mit meinen Arbeiten an der Uni... :eek: Aber ich will ja nicht rumheulen.

Problem:
Mein Computer von Smart Fortress befallen, was bisher jedoch noch keine gravierenden Auswirkungen auf die Funktionsfähigkeit des Computers im Normalmodus zu haben scheint.
Es kam zu einer englischsprachigen Meldung, die auf vermeintlichen Schadsoftwarebefall hinwies. Als erste Reaktion habe ich darauf Smart Fortress in der Systemsteuerung deinstalliert, da ich in diesem Moment weder auf Antivir noch auf die Prozesskontrolle im TaskManager zugreifen konnte. Danach konnte ich dies wieder.
Antivir hat keinerlei Meldung gemacht.

Generelle Computerinfos
System: Windows 7 64bit
Gerät: Acer Aspire 5920G
Bisher standardmäßig verwendeter Virenscanner: AntiVir
Firewall: Windows Defender (beide regelmäßig aktualisiert)

Erste Maßnahmen in chronologischer Reihenfolge

Zunächst habe ich den Computer mit Malwarebytes und darauf mit ESET Online-Scan auf Malware gescannt. Danach habe ich einen OTL-Log erstellt sowie das Rootkill-Tool angewendet. Die Viren/Malware-Scanns liefen bis zum Ende durch und letzteren beiden Programme funktionierten.

Im Folgenden die Logs:
Malwarebytes:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.03.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dominik :: DOMINIK-PC [Administrator]

03.04.2012 17:55:50
mbam-log-2012-04-03 (17-55-50).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 382835
Laufzeit: 1 Stunde(n), 6 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
In der Folge habe ich nochmal einen Scan mit ESET online Scanner gemacht.

Dieser fand 2 Dinge:
C:\Users\Dominik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\7ff8dfd3-70881085 a variant of Java/TrojanDownloader.Agent.NCJ trojan
C:\Users\Dominik\Downloads\SoftonicDownloader_fuer_burn4free.exe a variant of Win32/SoftonicDownloader.A application
Nächste Handlung: OTL-Scan

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 03.04.2012 22:29:48 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Dominik\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 66,02% Memory free
6,00 Gb Paging File | 4,70 Gb Available in Paging File | 78,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 228,60 Gb Free Space | 76,69% Space Free | Partition Type: NTFS
 
Computer Name: DOMINIK-PC | User Name: Dominik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4178791177-2408624748-2417051294-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{377672F0-6B8A-467D-8DDC-79338BCCD531}" = 64 Bit HP CIO Components Installer
"{4B0373F5-8401-5B8B-43CE-99501128E470}" = ccc-utility64
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5B210B8A-B66E-4702-B44D-0D6F388D29EB}" = SpyHunter
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B3F0A88-790D-3AD9-9F96-B19CF2746452}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{E4C65E9C-1DC8-1F28-CDF8-D808B210E4F3}" = ATI Catalyst Install Manager
"{F00E8682-43E6-4D3C-C695-9FD56617877F}" = ATI AVIVO64 Codecs
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F4ADD72-A2A9-F6E1-25D4-2BE67EECF488}" = Catalyst Control Center Graphics Light
"{17B2670B-DB33-4F5E-9273-0E5CDF39DA5F}" = Windows Phone Intro Video (DEU)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF6E75E-5717-AC97-4F5A-C40B4678D3A6}" = Catalyst Control Center Core Implementation
"{21D98271-AFC5-CF76-D141-A01CB1913066}" = CCC Help Chinese Standard
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{27335674-0E4D-1762-CEC5-6C7FBD7994E7}" = CCC Help Spanish
"{275D0AE3-B9B4-22AB-3C7F-2DD1D6B1C9F1}" = CCC Help German
"{2D3858B1-226A-420D-9C9D-B51864E85429}" = Nuvoton CIR Device Driver
"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding
"{36E15666-43C1-91A7-0281-498F9D383B2C}" = simfy
"{3E3B1A7E-04C4-1BEB-4725-94B1457F2844}" = CCC Help Japanese
"{463D45C1-3C87-D10A-9445-A51EB0D54BA9}" = CCC Help Czech
"{47C8D2F6-E62F-11E2-8611-C8782E5435E6}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C3B172A-7D5E-23A5-9FE7-8187D39E610B}" = CCC Help French
"{4D6ED6C6-CE6C-1A27-827D-6C5F14E230A9}" = CCC Help Russian
"{51611411-AB18-D3A4-0226-DD59AD9B6795}" = Catalyst Control Center Localization All
"{55958C76-EAC8-5E5B-E555-18E5384A5FBA}" = CCC Help Turkish
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{5FB36A4E-C181-0500-E8EF-4041961D49B7}" = CCC Help Italian
"{68E1D296-666D-64FE-1F94-7068FF9D8F6F}" = CCC Help Finnish
"{693EA431-2EE9-A392-AD07-89B7459CDA60}" = CCC Help Polish
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{72C0C051-4B7B-1078-BEC3-F6F8B69A61E7}" = CCC Help Danish
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{77DE7C44-9539-B54F-B4D7-44CFE5CF34D2}" = CCC Help Portuguese
"{79F2C94B-3FFE-0091-AFA9-9F107DE76683}" = Catalyst Control Center Graphics Previews Vista
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8978B727-244B-998B-7964-08D2C163C5B4}" = CCC Help English
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C7F5C58-5193-841E-70FA-A5F4DDA4BA20}" = CCC Help Swedish
"{8D4EA8D8-6573-5942-B15A-A8DF17AD1B65}" = Catalyst Control Center Graphics Full Existing
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010
"{90140000-0017-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{0F513B77-0D84-4615-87F7-B814D1FC64F5}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.de-de_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.de-de_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OMUI.de-de_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010
"{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{90D3D490-F6C4-4F4A-971B-93D0A66F2E2E}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010
"{90140000-0101-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4733E76A-5F12-4513-9CA8-DB2540A74EDA}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.07.07
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{B0AE10DB-3C4E-14D0-1D5D-BE8CCFFA657F}" = ccc-core-static
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C47B4C99-9181-6C1E-DFA1-D9DB91E77DC3}" = Catalyst Control Center Graphics Full New
"{C9C98419-970E-464A-1E81-B20D7EDF4A9A}" = CCC Help Hungarian
"{CA36A06F-C898-C109-FDC3-1F7083327244}" = CCC Help Korean
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D4AAA6F1-8230-2931-0CBC-0E959731063E}" = CCC Help Greek
"{D89BB13D-474A-FA51-07D2-86D633FA8032}" = CCC Help Thai
"{DD38F611-6F62-0F01-B8A7-8E54A7723823}" = CCC Help Norwegian
"{DD5FB3E8-643B-6764-7AFD-C834DD0D411B}" = CCC Help Dutch
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{F0EE142F-6CA2-3FCB-20A3-9111E750BE65}" = CCC Help Chinese Traditional
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF1C72E2-203C-4E95-8D24-735196D29E04}" = HP Install Network Printer Wizard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Burn4Free DVD Burning_is1" = Burn4Free DVD Burning 5.5.0.0
"Freecorder5.01" = Freecorder 5
"HP Download Manager" = HP Download Manager
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 11.0 (x86 fr)" = Mozilla Firefox 11.0 (x86 fr)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"Office14.OMUI.de-de" = Microsoft Office Language Pack 2010 - German/Deutsch
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Simfy" = simfy
"UltraISO_is1" = UltraISO Premium V9.12
"Winamp" = Winamp
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4178791177-2408624748-2417051294-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Détection de l'application Winamp
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---


Schließlich noch die Ergebnisse der Rootkill-Durchläufe


1
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03.04.2012 at 22:46:38.
Operating System: Windows 7 Professional


Processes terminated by Rkill or while it was running:



Rkill completed on 03.04.2012 at 22:46:46.

2

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03.04.2012 at 22:48:32.
Operating System: Windows 7 Professional


Processes terminated by Rkill or while it was running:

C:\Windows\SysWOW64\grpconv.exe


Rkill completed on 03.04.2012 at 22:49:57.
3
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03.04.2012 at 22:51:40.
Operating System: Windows 7 Professional


Processes terminated by Rkill or while it was running:



Rkill completed on 03.04.2012 at 22:53:14.
4
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03.04.2012 at 22:54:39.
Operating System: Windows 7 Professional


Processes terminated by Rkill or while it was running:

C:\Windows\SysWOW64\grpconv.exe


Rkill completed on 03.04.2012 at 22:54:47.

5
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03.04.2012 at 22:58:22.
Operating System: Windows 7 Professional


Processes terminated by Rkill or while it was running:



Rkill completed on 03.04.2012 at 22:58:31.


Offene Fragen

Ehrlich gesagt bin ich völlig ahnungslos, was weiter zu tun ist und für jede Hilfe dankbar.

Der Antivir-Schirm ist grafisch in der Taskleiste als geschlossen dargestellt, obwohl das Programm läuft, aktiviert ist und reagiert. In der Auswahlliste für Benachrichtigungen in der Task-Leiste ist mehrmals ein Programm namens Proxy-Check aufgeführt (Proxyeinstellungen im Internetexplorer allerdings nicht definiert), und ein Programm, dessen Name aus folgender Zahlen-Buchstaben-Kombi besteht: F4D55F3E000C4EBP0060677DB4EB2331


Wer kann helfen? Was soll ich tun? Ich hoffe jemand kann helfen....
Liebe Grüße und vielen Dank im Voraus,

Dominik

cosinus 04.04.2012 14:35
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Dominik55118 04.04.2012 14:56
Lieber Arne,

erstmal danke, dass du dich meines Problems angenommen hast.

Vorher hatte ich noch nicht mit Malwarebytes gescannt, aber nach dem veröffentlichten Log noch mehrmals.

Hier alle Logs, die im Reiter stehen
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.03.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dominik :: DOMINIK-PC [Administrator]

03.04.2012 17:55:50
mbam-log-2012-04-03 (17-55-50).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 382835
Laufzeit: 1 Stunde(n), 6 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Zweiter log
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.03.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dominik :: DOMINIK-PC [Administrator]

03.04.2012 23:00:41
mbam-log-2012-04-03 (23-00-41).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 194226
Laufzeit: 3 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
dritter Log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.03.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dominik :: DOMINIK-PC [Administrator]

03.04.2012 23:05:00
mbam-log-2012-04-03 (23-05-00).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 383751
Laufzeit: 1 Stunde(n), 30 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

und vierter (letzter) Log
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.03.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dominik :: DOMINIK-PC [Administrator]

03.04.2012 23:05:00
mbam-log-2012-04-03 (23-05-00).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 383751
Laufzeit: 1 Stunde(n), 30 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

.... Hoppla, ein Log (3 und 4) ist wohl doppelt (hatte wohl manuell gespeichert)... sry


Was könnte ich noch tun?

Merci und LG,

Dominik

cosinus 04.04.2012 15:14
Hätte da mal dreiFragen bevor es weiter geht

1.) Geht der normale Modus wieder uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
3.) Du hast nur das Extras Log von OTL gepostet, wo ist das Log OTL.txt?

Dominik55118 04.04.2012 15:49
Hello Arne,

zu 1) ja, der normale Modus funktioniert uneingeschränkt.

zu 2) alles da im Startmenü, keine Verluste von Einträgen.

zu 3) hmmm gute Frage. Den finde ich nicht. Ich führe einen neuen OTS-Scan durch. Hier das Resultat:

OTL Logfile:
Code:
OTL logfile created on: 04.04.2012 16:39:35 - Run 2
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Dominik\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 47,99% Memory free
6,00 Gb Paging File | 3,97 Gb Available in Paging File | 66,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 229,13 Gb Free Space | 76,87% Space Free | Partition Type: NTFS
 
Computer Name: DOMINIK-PC | User Name: Dominik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dominik\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
PRC - C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
PRC - C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\PLFSetI.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\IEAWSDC.DLL ()
MOD - C:\Windows\PLFSetI.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (ZuneWlanCfgSvc) -- c:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- c:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- c:\Programme\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ThreatFire) -- C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TfSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys (PC Tools)
DRV:64bit: - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys (PC Tools)
DRV:64bit: - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys (PC Tools)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (nuvotoncir) -- C:\Windows\SysNative\drivers\nuvotoncir.sys (Nuvoton Technology Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4178791177-2408624748-2417051294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4178791177-2408624748-2417051294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-4178791177-2408624748-2417051294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 48 E6 FA BC 11 CD 01  [binary data]
IE - HKU\S-1-5-21-4178791177-2408624748-2417051294-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4178791177-2408624748-2417051294-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4178791177-2408624748-2417051294-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.01 20:14:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.09 22:28:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.10.29 12:52:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.01.28 00:28:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\Extensions
[2011.01.28 00:28:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.04.01 20:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\Firefox\Profiles\ik12mzv0.default\extensions
[2012.04.01 20:14:56 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Dominik\AppData\Roaming\mozilla\Firefox\Profiles\ik12mzv0.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.11.11 02:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\DOMINIK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IK12MZV0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\DOMINIK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IK12MZV0.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.04.01 20:14:53 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.02.03 22:53:07 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.09.26 19:22:31 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
[2011.09.26 19:22:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.26 19:22:31 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011.09.26 19:22:31 | 000,001,154 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
[2011.09.26 19:22:31 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
[2011.09.26 19:22:31 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKU\S-1-5-21-4178791177-2408624748-2417051294-1000\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4780B17-0A95-423A-A887-C9723D7415DA}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.04 13:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThreatFire
[2012.04.04 13:06:06 | 000,074,824 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys
[2012.04.04 13:06:06 | 000,065,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys
[2012.04.04 13:06:06 | 000,041,888 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys
[2012.04.04 13:06:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ThreatFire
[2012.04.04 13:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012.04.04 01:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.04.03 21:41:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Desktop\Logs
[2012.04.03 20:16:50 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Dominik\Desktop\OTL.exe
[2012.04.03 19:15:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.04.03 17:50:16 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Malwarebytes
[2012.04.03 17:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.03 17:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.03 17:50:03 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.03 17:50:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.04.03 09:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3E000C4EBD0060677DB4EB2331
[2012.04.01 03:49:15 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.04.01 03:49:13 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.04.01 03:49:13 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.03.31 18:39:26 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.31 18:38:59 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.03.31 18:38:59 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.03.31 18:38:59 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.03.31 18:38:48 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.03.31 18:38:48 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.04 13:03:51 | 000,021,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.04 13:03:51 | 000,021,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.04 13:01:02 | 001,512,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.04 13:01:02 | 000,659,238 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.04 13:01:02 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.04 13:01:02 | 000,132,776 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.04 13:01:02 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.04 12:56:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.04 12:56:10 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.03 22:45:48 | 001,008,141 | ---- | M] () -- C:\Users\Dominik\Desktop\rkill.com
[2012.04.03 20:16:55 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Dominik\Desktop\OTL.exe
[2012.04.03 17:50:08 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.01 20:12:46 | 000,414,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.03 22:45:40 | 001,008,141 | ---- | C] () -- C:\Users\Dominik\Desktop\rkill.com
[2012.04.03 17:50:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011.08.16 12:30:45 | 000,000,092 | ---- | C] () -- C:\Windows\TraceSrv.ini
[2011.08.16 12:23:37 | 000,835,584 | ---- | C] () -- C:\Windows\tls7912d.dll
[2011.08.16 12:23:37 | 000,040,960 | ---- | C] () -- C:\Windows\uninstallrq.exe
[2011.07.11 16:16:09 | 000,007,597 | ---- | C] () -- C:\Users\Dominik\AppData\Local\Resmon.ResmonCfg
[2011.01.26 19:57:13 | 000,015,656 | ---- | C] () -- C:\Windows\SysWow64\drivers\int15_64.sys
[2011.01.26 19:51:36 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\Interop.Shell32.dll
[2011.01.26 19:51:27 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\ScrollBarLib.dll
[2011.01.26 16:36:51 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011.01.26 12:28:03 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2011.01.26 12:28:03 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011.01.26 12:28:03 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2011.01.26 12:28:03 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2011.01.26 12:04:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

< End of report >
--- --- ---


Nochmals dankeschön für die Hilfe!!

LG,

Dom

cosinus 04.04.2012 21:04
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O2:64bit: - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKU\S-1-5-21-4178791177-2408624748-2417051294-1000\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
[2012.04.03 09:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3E000C4EBD0060677DB4EB2331
[2011.08.16 12:30:45 | 000,000,092 | ---- | C] () -- C:\Windows\TraceSrv.ini
[2011.08.16 12:23:37 | 000,835,584 | ---- | C] () -- C:\Windows\tls7912d.dll
[2011.08.16 12:23:37 | 000,040,960 | ---- | C] () -- C:\Windows\uninstallrq.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Dominik55118 05.04.2012 13:12
Hallo nochmal,

danke für die Antwort. Ich hab den Fix ausgeführt.

Hier der Log

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4178791177-2408624748-2417051294-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Folder C:\ProgramData\F4D55F3E000C4EBD0060677DB4EB2331\ not found.
C:\Windows\TraceSrv.ini moved successfully.
C:\Windows\tls7912d.dll moved successfully.
C:\Windows\uninstallrq.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dominik
->Temp folder emptied: 932302336 bytes
->Temporary Internet Files folder emptied: 110997038 bytes
->Java cache emptied: 2996750 bytes
->FireFox cache emptied: 49877714 bytes
->Flash cache emptied: 67640 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1523485 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1017856 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 193922964 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028471 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.267,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Dominik
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.39.2 log created on 04052012_140316

Files\Folders moved on Reboot...
C:\Users\Dominik\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Dominik\AppData\Local\Temp\RtkBtMnt.exe moved successfully.

Registry entries deleted on Reboot...


Alles Richtig gelaufen?

LG,

Dominik

cosinus 05.04.2012 14:12
Die Logs bitte in CODE-Tags posten!!

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Dominik55118 05.04.2012 14:34
Ok, wurde gemacht.

Hier der Log

Code:
15:26:16.0377 5036        TDSS rootkit removing tool 2.7.26.0 Apr  4 2012 19:52:02
15:26:16.0388 5036        ============================================================
15:26:16.0388 5036        Current date / time: 2012/04/05 15:26:16.0388
15:26:16.0388 5036        SystemInfo:
15:26:16.0388 5036       
15:26:16.0388 5036        OS Version: 6.1.7601 ServicePack: 1.0
15:26:16.0388 5036        Product type: Workstation
15:26:16.0389 5036        ComputerName: DOMINIK-PC
15:26:16.0389 5036        UserName: Dominik
15:26:16.0389 5036        Windows directory: C:\Windows
15:26:16.0389 5036        System windows directory: C:\Windows
15:26:16.0389 5036        Running under WOW64
15:26:16.0389 5036        Processor architecture: Intel x64
15:26:16.0389 5036        Number of processors: 2
15:26:16.0389 5036        Page size: 0x1000
15:26:16.0389 5036        Boot type: Normal boot
15:26:16.0389 5036        ============================================================
15:26:17.0418 5036        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:26:17.0471 5036        \Device\Harddisk0\DR0:
15:26:17.0472 5036        MBR used
15:26:17.0472 5036        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
15:26:17.0505 5036        Initialize success
15:26:17.0505 5036        ============================================================
15:27:16.0432 3880        ============================================================
15:27:16.0432 3880        Scan started
15:27:16.0432 3880        Mode: Manual; SigCheck; TDLFS;
15:27:16.0432 3880        ============================================================
15:27:16.0993 3880        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:27:17.0149 3880        1394ohci - ok
15:27:17.0181 3880        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:27:17.0212 3880        ACPI - ok
15:27:17.0259 3880        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:27:17.0337 3880        AcpiPmi - ok
15:27:17.0383 3880        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:27:17.0415 3880        adp94xx - ok
15:27:17.0430 3880        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:27:17.0461 3880        adpahci - ok
15:27:17.0493 3880        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:27:17.0508 3880        adpu320 - ok
15:27:17.0555 3880        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:27:17.0711 3880        AeLookupSvc - ok
15:27:17.0867 3880        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:27:17.0961 3880        AFD - ok
15:27:17.0992 3880        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:27:18.0023 3880        agp440 - ok
15:27:18.0070 3880        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:27:18.0148 3880        ALG - ok
15:27:18.0179 3880        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:27:18.0210 3880        aliide - ok
15:27:18.0241 3880        AMD External Events Utility (322a2c5d390109a4e50679ab58dea870) C:\Windows\system32\atiesrxx.exe
15:27:18.0304 3880        AMD External Events Utility - ok
15:27:18.0335 3880        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:27:18.0351 3880        amdide - ok
15:27:18.0397 3880        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:27:18.0491 3880        AmdK8 - ok
15:27:18.0507 3880        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:27:18.0569 3880        AmdPPM - ok
15:27:18.0631 3880        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:27:18.0663 3880        amdsata - ok
15:27:18.0678 3880        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:27:18.0694 3880        amdsbs - ok
15:27:18.0709 3880        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:27:18.0725 3880        amdxata - ok
15:27:18.0834 3880        AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:27:18.0850 3880        AntiVirSchedulerService - ok
15:27:18.0912 3880        AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:27:18.0943 3880        AntiVirService - ok
15:27:19.0053 3880        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:27:19.0209 3880        AppID - ok
15:27:19.0333 3880        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:27:19.0396 3880        AppIDSvc - ok
15:27:19.0474 3880        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:27:19.0552 3880        Appinfo - ok
15:27:19.0630 3880        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:27:19.0692 3880        AppMgmt - ok
15:27:19.0770 3880        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:27:19.0786 3880        arc - ok
15:27:19.0801 3880        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:27:19.0817 3880        arcsas - ok
15:27:19.0848 3880        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:27:19.0911 3880        AsyncMac - ok
15:27:19.0942 3880        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:27:19.0973 3880        atapi - ok
15:27:20.0129 3880        atikmdag        (de0ede41bc530f1759c6fffcb8c7a0cf) C:\Windows\system32\DRIVERS\atikmdag.sys
15:27:20.0332 3880        atikmdag - ok
15:27:20.0488 3880        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:27:20.0566 3880        AudioEndpointBuilder - ok
15:27:20.0581 3880        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:27:20.0628 3880        AudioSrv - ok
15:27:20.0722 3880        avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
15:27:20.0769 3880        avgntflt - ok
15:27:20.0800 3880        avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
15:27:20.0800 3880        avipbb - ok
15:27:20.0987 3880        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:27:21.0112 3880        AxInstSV - ok
15:27:21.0283 3880        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:27:21.0361 3880        b06bdrv - ok
15:27:21.0424 3880        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:27:21.0502 3880        b57nd60a - ok
15:27:21.0564 3880        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:27:21.0611 3880        BDESVC - ok
15:27:21.0642 3880        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:27:21.0736 3880        Beep - ok
15:27:21.0814 3880        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:27:21.0876 3880        BFE - ok
15:27:21.0907 3880        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:27:21.0985 3880        BITS - ok
15:27:22.0079 3880        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:27:22.0141 3880        blbdrive - ok
15:27:22.0188 3880        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:27:22.0251 3880        bowser - ok
15:27:22.0297 3880        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:27:22.0391 3880        BrFiltLo - ok
15:27:22.0407 3880        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:27:22.0422 3880        BrFiltUp - ok
15:27:22.0469 3880        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:27:22.0563 3880        Browser - ok
15:27:22.0594 3880        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:27:22.0672 3880        Brserid - ok
15:27:22.0687 3880        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:27:22.0719 3880        BrSerWdm - ok
15:27:22.0750 3880        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:27:22.0781 3880        BrUsbMdm - ok
15:27:22.0797 3880        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:27:22.0812 3880        BrUsbSer - ok
15:27:22.0843 3880        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:27:22.0875 3880        BTHMODEM - ok
15:27:22.0937 3880        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:27:23.0031 3880        bthserv - ok
15:27:23.0077 3880        CAXHWAZL        (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
15:27:23.0155 3880        CAXHWAZL - ok
15:27:23.0187 3880        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:27:23.0265 3880        cdfs - ok
15:27:23.0327 3880        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:27:23.0374 3880        cdrom - ok
15:27:23.0452 3880        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:27:23.0514 3880        CertPropSvc - ok
15:27:23.0561 3880        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:27:23.0608 3880        circlass - ok
15:27:23.0655 3880        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:27:23.0670 3880        CLFS - ok
15:27:23.0748 3880        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:27:23.0779 3880        clr_optimization_v2.0.50727_32 - ok
15:27:23.0857 3880        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:27:23.0873 3880        clr_optimization_v2.0.50727_64 - ok
15:27:23.0967 3880        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:27:24.0029 3880        clr_optimization_v4.0.30319_32 - ok
15:27:24.0060 3880        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:27:24.0091 3880        clr_optimization_v4.0.30319_64 - ok
15:27:24.0201 3880        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:27:24.0247 3880        CmBatt - ok
15:27:24.0294 3880        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:27:24.0310 3880        cmdide - ok
15:27:24.0357 3880        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:27:24.0388 3880        CNG - ok
15:27:24.0419 3880        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:27:24.0435 3880        Compbatt - ok
15:27:24.0466 3880        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:27:24.0513 3880        CompositeBus - ok
15:27:24.0528 3880        COMSysApp - ok
15:27:24.0684 3880        cpuz135 - ok
15:27:24.0731 3880        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:27:24.0762 3880        crcdisk - ok
15:27:24.0809 3880        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:27:24.0887 3880        CryptSvc - ok
15:27:24.0934 3880        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:27:24.0996 3880        CSC - ok
15:27:25.0043 3880        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:27:25.0090 3880        CscService - ok
15:27:25.0137 3880        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:27:25.0199 3880        DcomLaunch - ok
15:27:25.0246 3880        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:27:25.0339 3880        defragsvc - ok
15:27:25.0417 3880        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:27:25.0495 3880        DfsC - ok
15:27:25.0573 3880        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:27:25.0651 3880        Dhcp - ok
15:27:25.0683 3880        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:27:25.0745 3880        discache - ok
15:27:25.0776 3880        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:27:25.0792 3880        Disk - ok
15:27:25.0901 3880        DKbFltr        (d5bcb77be83cf99f508943945d46343d) C:\Windows\syswow64\Drivers\DKbFltr.sys
15:27:25.0917 3880        DKbFltr - ok
15:27:25.0948 3880        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:27:26.0041 3880        Dnscache - ok
15:27:26.0088 3880        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:27:26.0197 3880        dot3svc - ok
15:27:26.0229 3880        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:27:26.0291 3880        DPS - ok
15:27:26.0385 3880        DritekPortIO - ok
15:27:26.0463 3880        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:27:26.0509 3880        drmkaud - ok
15:27:26.0572 3880        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:27:26.0603 3880        DXGKrnl - ok
15:27:26.0650 3880        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:27:26.0728 3880        EapHost - ok
15:27:26.0853 3880        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:27:26.0946 3880        ebdrv - ok
15:27:27.0055 3880        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:27:27.0102 3880        EFS - ok
15:27:27.0180 3880        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:27:27.0274 3880        ehRecvr - ok
15:27:27.0321 3880        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:27:27.0399 3880        ehSched - ok
15:27:27.0508 3880        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:27:27.0539 3880        elxstor - ok
15:27:27.0679 3880        eNet Service    (fc8671bd2363bffa29c2217d882c227a) C:\Acer\Empowering Technology\eNet\eNet Service.exe
15:27:27.0695 3880        eNet Service ( UnsignedFile.Multi.Generic ) - warning
15:27:27.0695 3880        eNet Service - detected UnsignedFile.Multi.Generic (1)
15:27:27.0711 3880        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:27:27.0757 3880        ErrDev - ok
15:27:27.0835 3880        eSettingsService (a9745687a57cdd71237915859aba8dac) C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
15:27:27.0867 3880        eSettingsService ( UnsignedFile.Multi.Generic ) - warning
15:27:27.0867 3880        eSettingsService - detected UnsignedFile.Multi.Generic (1)
15:27:27.0913 3880        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:27:28.0007 3880        EventSystem - ok
15:27:28.0069 3880        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:27:28.0163 3880        exfat - ok
15:27:28.0194 3880        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:27:28.0257 3880        fastfat - ok
15:27:28.0319 3880        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:27:28.0397 3880        Fax - ok
15:27:28.0413 3880        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:27:28.0444 3880        fdc - ok
15:27:28.0491 3880        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:27:28.0600 3880        fdPHost - ok
15:27:28.0631 3880        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:27:28.0725 3880        FDResPub - ok
15:27:28.0740 3880        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:27:28.0756 3880        FileInfo - ok
15:27:28.0787 3880        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:27:28.0818 3880        Filetrace - ok
15:27:28.0849 3880        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:27:28.0865 3880        flpydisk - ok
15:27:29.0349 3880        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:27:29.0380 3880        FltMgr - ok
15:27:29.0442 3880        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:27:29.0520 3880        FontCache - ok
15:27:29.0645 3880        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:27:29.0661 3880        FontCache3.0.0.0 - ok
15:27:29.0754 3880        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:27:29.0785 3880        FsDepends - ok
15:27:29.0817 3880        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:27:29.0817 3880        Fs_Rec - ok
15:27:29.0863 3880        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:27:29.0910 3880        fvevol - ok
15:27:29.0926 3880        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:27:29.0941 3880        gagp30kx - ok
15:27:29.0988 3880        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:27:30.0051 3880        gpsvc - ok
15:27:30.0082 3880        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:27:30.0144 3880        hcw85cir - ok
15:27:30.0191 3880        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:27:30.0222 3880        HdAudAddService - ok
15:27:30.0269 3880        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:27:30.0300 3880        HDAudBus - ok
15:27:30.0347 3880        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:27:30.0378 3880        HidBatt - ok
15:27:30.0409 3880        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:27:30.0456 3880        HidBth - ok
15:27:30.0503 3880        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:27:30.0534 3880        HidIr - ok
15:27:30.0581 3880        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:27:30.0643 3880        hidserv - ok
15:27:30.0706 3880        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
15:27:30.0737 3880        HidUsb - ok
15:27:30.0784 3880        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:27:30.0862 3880        hkmsvc - ok
15:27:30.0893 3880        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:27:30.0971 3880        HomeGroupListener - ok
15:27:31.0018 3880        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:27:31.0049 3880        HomeGroupProvider - ok
15:27:31.0127 3880        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:27:31.0143 3880        HpSAMD - ok
15:27:31.0267 3880        HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll
15:27:31.0314 3880        HsfXAudioService - ok
15:27:31.0377 3880        HSF_DPV        (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
15:27:31.0439 3880        HSF_DPV - ok
15:27:31.0626 3880        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:27:31.0704 3880        HTTP - ok
15:27:31.0751 3880        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:27:31.0767 3880        hwpolicy - ok
15:27:31.0798 3880        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:27:31.0813 3880        i8042prt - ok
15:27:31.0860 3880        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:27:31.0907 3880        iaStorV - ok
15:27:32.0063 3880        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:27:32.0110 3880        idsvc - ok
15:27:32.0235 3880        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:27:32.0250 3880        iirsp - ok
15:27:32.0328 3880        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:27:32.0391 3880        IKEEXT - ok
15:27:32.0515 3880        int15          (91b61589bb2915e81d436efe07548507) C:\Windows\SysWOW64\drivers\int15_64.sys
15:27:32.0547 3880        int15 - ok
15:27:32.0671 3880        IntcAzAudAddService (1a6241b70453a6629a83db942aa6b08c) C:\Windows\system32\drivers\RTKVHD64.sys
15:27:32.0718 3880        IntcAzAudAddService - ok
15:27:32.0874 3880        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:27:32.0890 3880        intelide - ok
15:27:32.0937 3880        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:27:32.0983 3880        intelppm - ok
15:27:33.0046 3880        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:27:33.0108 3880        IPBusEnum - ok
15:27:33.0171 3880        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:27:33.0264 3880        IpFilterDriver - ok
15:27:33.0311 3880        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:27:33.0358 3880        iphlpsvc - ok
15:27:33.0389 3880        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:27:33.0436 3880        IPMIDRV - ok
15:27:33.0467 3880        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:27:33.0561 3880        IPNAT - ok
15:27:33.0592 3880        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:27:33.0639 3880        IRENUM - ok
15:27:33.0701 3880        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:27:33.0717 3880        isapnp - ok
15:27:33.0732 3880        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:27:33.0748 3880        iScsiPrt - ok
15:27:33.0873 3880        ISODrive        (7ebda65260289c9043ba48b85135702c) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
15:27:33.0904 3880        ISODrive - ok
15:27:33.0919 3880        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:27:33.0935 3880        kbdclass - ok
15:27:33.0966 3880        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:27:34.0013 3880        kbdhid - ok
15:27:34.0044 3880        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:27:34.0075 3880        KeyIso - ok
15:27:34.0075 3880        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:27:34.0091 3880        KSecDD - ok
15:27:34.0107 3880        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:27:34.0122 3880        KSecPkg - ok
15:27:34.0169 3880        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:27:34.0231 3880        ksthunk - ok
15:27:34.0278 3880        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:27:34.0341 3880        KtmRm - ok
15:27:34.0387 3880        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:27:34.0465 3880        LanmanServer - ok
15:27:34.0512 3880        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:27:34.0590 3880        LanmanWorkstation - ok
15:27:34.0699 3880        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:27:34.0762 3880        lltdio - ok
15:27:34.0824 3880        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:27:34.0902 3880        lltdsvc - ok
15:27:34.0933 3880        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:27:34.0980 3880        lmhosts - ok
15:27:35.0011 3880        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:27:35.0027 3880        LSI_FC - ok
15:27:35.0058 3880        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:27:35.0074 3880        LSI_SAS - ok
15:27:35.0105 3880        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:27:35.0121 3880        LSI_SAS2 - ok
15:27:35.0136 3880        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:27:35.0152 3880        LSI_SCSI - ok
15:27:35.0167 3880        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:27:35.0230 3880        luafv - ok
15:27:35.0370 3880        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:27:35.0495 3880        Mcx2Svc - ok
15:27:35.0542 3880        mdmxsdk        (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:27:35.0573 3880        mdmxsdk - ok
15:27:35.0604 3880        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:27:35.0620 3880        megasas - ok
15:27:35.0635 3880        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:27:35.0651 3880        MegaSR - ok
15:27:35.0760 3880        Microsoft SharePoint Workspace Audit Service - ok
15:27:35.0807 3880        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:27:35.0916 3880        MMCSS - ok
15:27:35.0932 3880        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:27:35.0994 3880        Modem - ok
15:27:36.0025 3880        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:27:36.0088 3880        monitor - ok
15:27:36.0150 3880        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:27:36.0166 3880        mouclass - ok
15:27:36.0213 3880        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:27:36.0259 3880        mouhid - ok
15:27:36.0306 3880        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:27:36.0322 3880        mountmgr - ok
15:27:36.0369 3880        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:27:36.0400 3880        mpio - ok
15:27:36.0415 3880        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:27:36.0462 3880        mpsdrv - ok
15:27:36.0509 3880        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:27:36.0603 3880        MpsSvc - ok
15:27:36.0649 3880        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:27:36.0665 3880        MRxDAV - ok
15:27:36.0712 3880        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:27:36.0774 3880        mrxsmb - ok
15:27:36.0821 3880        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:27:36.0868 3880        mrxsmb10 - ok
15:27:36.0883 3880        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:27:36.0915 3880        mrxsmb20 - ok
15:27:36.0946 3880        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:27:36.0961 3880        msahci - ok
15:27:36.0993 3880        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:27:37.0008 3880        msdsm - ok
15:27:37.0055 3880        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:27:37.0117 3880        MSDTC - ok
15:27:37.0180 3880        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:27:37.0227 3880        Msfs - ok
15:27:37.0242 3880        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:27:37.0305 3880        mshidkmdf - ok
15:27:37.0351 3880        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:27:37.0367 3880        msisadrv - ok
15:27:37.0414 3880        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:27:37.0476 3880        MSiSCSI - ok
15:27:37.0492 3880        msiserver - ok
15:27:37.0539 3880        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:27:37.0617 3880        MSKSSRV - ok
15:27:37.0617 3880        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:27:37.0663 3880        MSPCLOCK - ok
15:27:37.0695 3880        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:27:37.0757 3880        MSPQM - ok
15:27:37.0819 3880        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:27:37.0851 3880        MsRPC - ok
15:27:37.0897 3880        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:27:37.0913 3880        mssmbios - ok
15:27:37.0929 3880        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:27:38.0007 3880        MSTEE - ok
15:27:38.0007 3880        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:27:38.0022 3880        MTConfig - ok
15:27:38.0069 3880        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:27:38.0100 3880        Mup - ok
15:27:38.0147 3880        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:27:38.0209 3880        napagent - ok
15:27:38.0287 3880        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:27:38.0365 3880        NativeWifiP - ok
15:27:38.0443 3880        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:27:38.0490 3880        NDIS - ok
15:27:38.0537 3880        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:27:38.0584 3880        NdisCap - ok
15:27:38.0631 3880        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:27:38.0693 3880        NdisTapi - ok
15:27:38.0740 3880        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:27:38.0802 3880        Ndisuio - ok
15:27:38.0833 3880        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:27:38.0927 3880        NdisWan - ok
15:27:38.0974 3880        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:27:39.0021 3880        NDProxy - ok
15:27:39.0099 3880        Net Driver HPZ12 (2c723e42fc8d7b0209492828f921fb50) C:\Windows\system32\HPZinw12.dll
15:27:39.0130 3880        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:27:39.0130 3880        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:27:39.0177 3880        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:27:39.0270 3880        NetBIOS - ok
15:27:39.0317 3880        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:27:39.0348 3880        NetBT - ok
15:27:39.0379 3880        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:27:39.0395 3880        Netlogon - ok
15:27:39.0457 3880        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:27:39.0535 3880        Netman - ok
15:27:39.0567 3880        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:27:39.0645 3880        netprofm - ok
15:27:39.0769 3880        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:27:39.0801 3880        NetTcpPortSharing - ok
15:27:39.0988 3880        netw5v64        (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:27:40.0175 3880        netw5v64 - ok
15:27:40.0315 3880        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:27:40.0347 3880        nfrd960 - ok
15:27:40.0393 3880        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:27:40.0456 3880        NlaSvc - ok
15:27:40.0471 3880        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:27:40.0518 3880        Npfs - ok
15:27:40.0659 3880        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:27:40.0737 3880        nsi - ok
15:27:40.0768 3880        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:27:40.0815 3880        nsiproxy - ok
15:27:40.0908 3880        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:27:40.0971 3880        Ntfs - ok
15:27:41.0017 3880        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:27:41.0111 3880        Null - ok
15:27:41.0173 3880        nuvotoncir      (6f09cb36c344b98356978b37ba9ad42b) C:\Windows\system32\DRIVERS\nuvotoncir.sys
15:27:41.0236 3880        nuvotoncir - ok
15:27:41.0283 3880        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:27:41.0314 3880        nvraid - ok
15:27:41.0329 3880        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:27:41.0345 3880        nvstor - ok
15:27:41.0392 3880        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:27:41.0407 3880        nv_agp - ok
15:27:41.0423 3880        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:27:41.0470 3880        ohci1394 - ok
15:27:41.0548 3880        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:27:41.0579 3880        ose - ok
15:27:41.0797 3880        osppsvc        (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:27:41.0953 3880        osppsvc - ok
15:27:42.0094 3880        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:27:42.0156 3880        p2pimsvc - ok
15:27:42.0203 3880        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:27:42.0234 3880        p2psvc - ok
15:27:42.0328 3880        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:27:42.0359 3880        Parport - ok
15:27:42.0390 3880        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:27:42.0406 3880        partmgr - ok
15:27:42.0421 3880        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:27:42.0468 3880        PcaSvc - ok
15:27:42.0515 3880        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:27:42.0531 3880        pci - ok
15:27:42.0546 3880        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:27:42.0562 3880        pciide - ok
15:27:42.0577 3880        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:27:42.0593 3880        pcmcia - ok
15:27:42.0624 3880        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:27:42.0640 3880        pcw - ok
15:27:42.0671 3880        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:27:42.0733 3880        PEAUTH - ok
15:27:42.0796 3880        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:27:42.0874 3880        PeerDistSvc - ok
15:27:42.0999 3880        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:27:43.0045 3880        PerfHost - ok
15:27:43.0170 3880        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:27:43.0264 3880        pla - ok
15:27:43.0373 3880        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:27:43.0435 3880        PlugPlay - ok
15:27:43.0498 3880        Pml Driver HPZ12 (171e6d91a20aac8d02172a64e82ce90b) C:\Windows\system32\HPZipm12.dll
15:27:43.0513 3880        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:27:43.0513 3880        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:27:43.0560 3880        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:27:43.0607 3880        PNRPAutoReg - ok
15:27:43.0654 3880        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:27:43.0685 3880        PNRPsvc - ok
15:27:43.0747 3880        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:27:43.0810 3880        PolicyAgent - ok
15:27:43.0857 3880        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:27:43.0919 3880        Power - ok
15:27:43.0997 3880        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:27:44.0091 3880        PptpMiniport - ok
15:27:44.0122 3880        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:27:44.0169 3880        Processor - ok
15:27:44.0215 3880        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:27:44.0293 3880        ProfSvc - ok
15:27:44.0340 3880        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:27:44.0356 3880        ProtectedStorage - ok
15:27:44.0449 3880        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:27:44.0527 3880        Psched - ok
15:27:44.0590 3880        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:27:44.0621 3880        ql2300 - ok
15:27:44.0652 3880        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:27:44.0668 3880        ql40xx - ok
15:27:44.0699 3880        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:27:44.0746 3880        QWAVE - ok
15:27:44.0777 3880        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:27:44.0808 3880        QWAVEdrv - ok
15:27:44.0902 3880        RapiMgr        (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
15:27:44.0917 3880        RapiMgr - ok
15:27:44.0949 3880        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:27:45.0027 3880        RasAcd - ok
15:27:45.0089 3880        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:27:45.0136 3880        RasAgileVpn - ok
15:27:45.0167 3880        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:27:45.0229 3880        RasAuto - ok
15:27:45.0276 3880        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:27:45.0354 3880        Rasl2tp - ok
15:27:45.0417 3880        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:27:45.0495 3880        RasMan - ok
15:27:45.0557 3880        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:27:45.0635 3880        RasPppoe - ok
15:27:45.0682 3880        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:27:45.0729 3880        RasSstp - ok
15:27:45.0775 3880        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:27:45.0853 3880        rdbss - ok
15:27:45.0885 3880        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:27:45.0931 3880        rdpbus - ok
15:27:45.0963 3880        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:27:46.0025 3880        RDPCDD - ok
15:27:46.0072 3880        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:27:46.0103 3880        RDPDR - ok
15:27:46.0119 3880        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:27:46.0181 3880        RDPENCDD - ok
15:27:46.0212 3880        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:27:46.0259 3880        RDPREFMP - ok
15:27:46.0290 3880        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:27:46.0353 3880        RDPWD - ok
15:27:46.0399 3880        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:27:46.0415 3880        rdyboost - ok
15:27:46.0446 3880        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:27:46.0509 3880        RemoteAccess - ok
15:27:46.0555 3880        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:27:46.0633 3880        RemoteRegistry - ok
15:27:46.0696 3880        rimmptsk        (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
15:27:46.0743 3880        rimmptsk - ok
15:27:46.0774 3880        rimsptsk        (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
15:27:46.0821 3880        rimsptsk - ok
15:27:46.0852 3880        rismxdp        (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
15:27:46.0899 3880        rismxdp - ok
15:27:46.0945 3880        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:27:47.0023 3880        RpcEptMapper - ok
15:27:47.0055 3880        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:27:47.0101 3880        RpcLocator - ok
15:27:47.0148 3880        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:27:47.0195 3880        RpcSs - ok
15:27:47.0257 3880        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:27:47.0351 3880        rspndr - ok
15:27:47.0413 3880        RTHDMIAzAudService (7421a35c45484b95e83b5e9e107cefc2) C:\Windows\system32\drivers\RtHDMIVX.sys
15:27:47.0429 3880        RTHDMIAzAudService - ok
15:27:47.0476 3880        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:27:47.0538 3880        s3cap - ok
15:27:47.0554 3880        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:27:47.0569 3880        SamSs - ok
15:27:47.0616 3880        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:27:47.0632 3880        sbp2port - ok
15:27:47.0663 3880        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:27:47.0725 3880        SCardSvr - ok
15:27:47.0757 3880        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:27:47.0850 3880        scfilter - ok
15:27:47.0897 3880        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:27:47.0975 3880        Schedule - ok
15:27:48.0006 3880        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:27:48.0053 3880        SCPolicySvc - ok
15:27:48.0147 3880        sdbus          (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
15:27:48.0193 3880        sdbus - ok
15:27:48.0225 3880        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:27:48.0287 3880        SDRSVC - ok
15:27:48.0334 3880        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:27:48.0381 3880        secdrv - ok
15:27:48.0412 3880        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:27:48.0505 3880        seclogon - ok
15:27:48.0537 3880        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:27:48.0568 3880        SENS - ok
15:27:48.0599 3880        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:27:48.0646 3880        SensrSvc - ok
15:27:48.0661 3880        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:27:48.0677 3880        Serenum - ok
15:27:48.0708 3880        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:27:48.0739 3880        Serial - ok
15:27:48.0786 3880        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:27:48.0802 3880        sermouse - ok
15:27:48.0849 3880        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:27:48.0911 3880        SessionEnv - ok
15:27:48.0958 3880        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:27:48.0989 3880        sffdisk - ok
15:27:49.0005 3880        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:27:49.0051 3880        sffp_mmc - ok
15:27:49.0067 3880        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:27:49.0114 3880        sffp_sd - ok
15:27:49.0145 3880        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:27:49.0161 3880        sfloppy - ok
15:27:49.0207 3880        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:27:49.0270 3880        SharedAccess - ok
15:27:49.0317 3880        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:27:49.0363 3880        ShellHWDetection - ok
15:27:49.0379 3880        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:27:49.0395 3880        SiSRaid2 - ok
15:27:49.0410 3880        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:27:49.0426 3880        SiSRaid4 - ok
15:27:49.0457 3880        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:27:49.0519 3880        Smb - ok
15:27:49.0582 3880        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:27:49.0613 3880        SNMPTRAP - ok
15:27:49.0644 3880        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:27:49.0660 3880        spldr - ok
15:27:49.0707 3880        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:27:49.0769 3880        Spooler - ok
15:27:49.0878 3880        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:27:49.0987 3880        sppsvc - ok
15:27:50.0112 3880        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:27:50.0190 3880        sppuinotify - ok
15:27:50.0284 3880        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:27:50.0362 3880        srv - ok
15:27:50.0377 3880        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:27:50.0424 3880        srv2 - ok
15:27:50.0502 3880        SrvHsfHDA      (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:27:50.0533 3880        SrvHsfHDA - ok
15:27:50.0580 3880        SrvHsfV92      (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:27:50.0627 3880        SrvHsfV92 - ok
15:27:50.0674 3880        SrvHsfWinac    (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:27:50.0705 3880        SrvHsfWinac - ok
15:27:50.0752 3880        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:27:50.0783 3880        srvnet - ok
15:27:50.0845 3880        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:27:50.0939 3880        SSDPSRV - ok
15:27:50.0970 3880        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:27:51.0017 3880        SstpSvc - ok
15:27:51.0064 3880        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:27:51.0079 3880        stexstor - ok
15:27:51.0142 3880        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:27:51.0189 3880        stisvc - ok
15:27:51.0235 3880        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:27:51.0251 3880        storflt - ok
15:27:51.0282 3880        StorSvc        (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
15:27:51.0345 3880        StorSvc - ok
15:27:51.0376 3880        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:27:51.0391 3880        storvsc - ok
15:27:51.0407 3880        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:27:51.0423 3880        swenum - ok
15:27:51.0501 3880        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:27:51.0594 3880        swprv - ok
15:27:51.0672 3880        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:27:51.0735 3880        SysMain - ok
15:27:51.0859 3880        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:27:51.0922 3880        TabletInputService - ok
15:27:51.0969 3880        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:27:52.0031 3880        TapiSrv - ok
15:27:52.0078 3880        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:27:52.0156 3880        TBS - ok
15:27:52.0281 3880        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:27:52.0327 3880        Tcpip - ok
15:27:52.0515 3880        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:27:52.0561 3880        TCPIP6 - ok
15:27:52.0702 3880        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:27:52.0795 3880        tcpipreg - ok
15:27:52.0827 3880        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:27:52.0842 3880        TDPIPE - ok
15:27:52.0889 3880        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:27:52.0936 3880        TDTCP - ok
15:27:52.0998 3880        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:27:53.0061 3880        tdx - ok
15:27:53.0092 3880        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:27:53.0123 3880        TermDD - ok
15:27:53.0170 3880        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:27:53.0232 3880        TermService - ok
15:27:53.0263 3880        TfFsMon        (fa5bfb71e561d279edae7e118435c1c9) C:\Windows\system32\drivers\TfFsMon.sys
15:27:53.0279 3880        TfFsMon - ok
15:27:53.0310 3880        TfNetMon        (fa8400d74345ec4bf10e476ca0aaa2df) C:\Windows\system32\drivers\TfNetMon.sys
15:27:53.0326 3880        TfNetMon - ok
15:27:53.0373 3880        TfSysMon        (f11aa1a704a4c027e5e8e0f355523834) C:\Windows\system32\drivers\TfSysMon.sys
15:27:53.0388 3880        TfSysMon - ok
15:27:53.0435 3880        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:27:53.0482 3880        Themes - ok
15:27:53.0513 3880        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:27:53.0575 3880        THREADORDER - ok
15:27:53.0638 3880        ThreatFire - ok
15:27:53.0685 3880        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:27:53.0747 3880        TrkWks - ok
15:27:53.0825 3880        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:27:53.0903 3880        TrustedInstaller - ok
15:27:53.0965 3880        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:27:54.0012 3880        tssecsrv - ok
15:27:54.0043 3880        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:27:54.0121 3880        TsUsbFlt - ok
15:27:54.0184 3880        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:27:54.0262 3880        tunnel - ok
15:27:54.0293 3880        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:27:54.0309 3880        uagp35 - ok
15:27:54.0355 3880        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:27:54.0433 3880        udfs - ok
15:27:54.0480 3880        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:27:54.0527 3880        UI0Detect - ok
15:27:54.0589 3880        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:27:54.0605 3880        uliagpkx - ok
15:27:54.0652 3880        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:27:54.0699 3880        umbus - ok
15:27:54.0745 3880        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:27:54.0777 3880        UmPass - ok
15:27:54.0808 3880        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:27:54.0839 3880        UmRdpService - ok
15:27:54.0886 3880        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:27:54.0933 3880        upnphost - ok
15:27:54.0979 3880        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:27:55.0026 3880        usbccgp - ok
15:27:55.0089 3880        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:27:55.0120 3880        usbcir - ok
15:27:55.0135 3880        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:27:55.0182 3880        usbehci - ok
15:27:55.0245 3880        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:27:55.0307 3880        usbhub - ok
15:27:55.0338 3880        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:27:55.0369 3880        usbohci - ok
15:27:55.0416 3880        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:27:55.0432 3880        usbprint - ok
15:27:55.0463 3880        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
15:27:55.0525 3880        USBSTOR - ok
15:27:55.0557 3880        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:27:55.0588 3880        usbuhci - ok
15:27:55.0650 3880        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:27:55.0681 3880        usbvideo - ok
15:27:55.0728 3880        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:27:55.0759 3880        UxSms - ok
15:27:55.0806 3880        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:27:55.0822 3880        VaultSvc - ok
15:27:55.0869 3880        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:27:55.0884 3880        vdrvroot - ok
15:27:55.0947 3880        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:27:55.0993 3880        vds - ok
15:27:56.0040 3880        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:27:56.0056 3880        vga - ok
15:27:56.0071 3880        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:27:56.0149 3880        VgaSave - ok
15:27:56.0196 3880        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:27:56.0227 3880        vhdmp - ok
15:27:56.0259 3880        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:27:56.0259 3880        viaide - ok
15:27:56.0290 3880        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:27:56.0305 3880        vmbus - ok
15:27:56.0321 3880        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:27:56.0368 3880        VMBusHID - ok
15:27:56.0415 3880        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:27:56.0430 3880        volmgr - ok
15:27:56.0477 3880        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:27:56.0508 3880        volmgrx - ok
15:27:56.0555 3880        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:27:56.0586 3880        volsnap - ok
15:27:56.0617 3880        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:27:56.0633 3880        vsmraid - ok
15:27:56.0727 3880        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:27:56.0805 3880        VSS - ok
15:27:56.0883 3880        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:27:56.0929 3880        vwifibus - ok
15:27:57.0007 3880        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:27:57.0039 3880        W32Time - ok
15:27:57.0070 3880        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:27:57.0117 3880        WacomPen - ok
15:27:57.0179 3880        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:27:57.0257 3880        WANARP - ok
15:27:57.0288 3880        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:27:57.0319 3880        Wanarpv6 - ok
15:27:57.0413 3880        WatAdminSvc    (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:27:57.0475 3880        WatAdminSvc - ok
15:27:57.0522 3880        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:27:57.0585 3880        wbengine - ok
15:27:57.0631 3880        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:27:57.0663 3880        WbioSrvc - ok
15:27:57.0725 3880        WcesComm        (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
15:27:57.0756 3880        WcesComm - ok
15:27:57.0803 3880        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:27:57.0850 3880        wcncsvc - ok
15:27:57.0881 3880        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:27:57.0912 3880        WcsPlugInService - ok
15:27:57.0975 3880        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:27:58.0006 3880        Wd - ok
15:27:58.0037 3880        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:27:58.0053 3880        Wdf01000 - ok
15:27:58.0068 3880        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:27:58.0177 3880        WdiServiceHost - ok
15:27:58.0177 3880        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:27:58.0193 3880        WdiSystemHost - ok
15:27:58.0240 3880        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:27:58.0287 3880        WebClient - ok
15:27:58.0333 3880        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:27:58.0396 3880        Wecsvc - ok
15:27:58.0427 3880        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:27:58.0474 3880        wercplsupport - ok
15:27:58.0505 3880        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:27:58.0552 3880        WerSvc - ok
15:27:58.0645 3880        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:27:58.0692 3880        WfpLwf - ok
15:27:58.0723 3880        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:27:58.0739 3880        WIMMount - ok
15:27:58.0801 3880        winachsf        (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
15:27:58.0833 3880        winachsf - ok
15:27:58.0895 3880        WinDefend - ok
15:27:58.0911 3880        WinHttpAutoProxySvc - ok
15:27:58.0989 3880        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:27:59.0035 3880        Winmgmt - ok
15:27:59.0129 3880        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:27:59.0207 3880        WinRM - ok
15:27:59.0815 3880        winusb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\drivers\WinUSB.SYS
15:27:59.0862 3880        winusb - ok
15:27:59.0925 3880        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:27:59.0987 3880        Wlansvc - ok
15:28:00.0034 3880        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:28:00.0065 3880        WmiAcpi - ok
15:28:00.0143 3880        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:28:00.0205 3880        wmiApSrv - ok
15:28:00.0315 3880        WMIService      (eee826cad5ae9eb3d226deb576027d10) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
15:28:00.0330 3880        WMIService ( UnsignedFile.Multi.Generic ) - warning
15:28:00.0330 3880        WMIService - detected UnsignedFile.Multi.Generic (1)
15:28:00.0393 3880        WMPNetworkSvc - ok
15:28:00.0533 3880        WMZuneComm      (83b6ca03c846fcd47f9883d77d1eb27b) c:\Program Files\Zune\WMZuneComm.exe
15:28:00.0564 3880        WMZuneComm - ok
15:28:00.0673 3880        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:28:00.0720 3880        WPCSvc - ok
15:28:00.0767 3880        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:28:00.0814 3880        WPDBusEnum - ok
15:28:00.0892 3880        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:28:00.0954 3880        ws2ifsl - ok
15:28:00.0985 3880        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:28:01.0017 3880        wscsvc - ok
15:28:01.0032 3880        WSearch - ok
15:28:01.0110 3880        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:28:01.0188 3880        wuauserv - ok
15:28:01.0329 3880        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:28:01.0407 3880        WudfPf - ok
15:28:01.0453 3880        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:28:01.0500 3880        WUDFRd - ok
15:28:01.0563 3880        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:28:01.0609 3880        wudfsvc - ok
15:28:01.0641 3880        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:28:01.0703 3880        WwanSvc - ok
15:28:01.0750 3880        XAudio          (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
15:28:01.0797 3880        XAudio - ok
15:28:02.0093 3880        ZuneNetworkSvc  (67b787c34fb2888d01b130ae007042d8) c:\Program Files\Zune\ZuneNss.exe
15:28:02.0358 3880        ZuneNetworkSvc - ok
15:28:02.0499 3880        ZuneWlanCfgSvc  (4d89fc1c20cf655739efac5da81a67bc) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
15:28:02.0530 3880        ZuneWlanCfgSvc - ok
15:28:02.0561 3880        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:28:02.0701 3880        \Device\Harddisk0\DR0 - ok
15:28:02.0701 3880        Boot (0x1200)  (b69035dd48ee5857f68dc83b44d46484) \Device\Harddisk0\DR0\Partition0
15:28:02.0701 3880        \Device\Harddisk0\DR0\Partition0 - ok
15:28:02.0701 3880        ============================================================
15:28:02.0701 3880        Scan finished
15:28:02.0701 3880        ============================================================
15:28:02.0733 5052        Detected object count: 5
15:28:02.0733 5052        Actual detected object count: 5
15:28:28.0535 5052        eNet Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:28.0535 5052        eNet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:28:28.0535 5052        eSettingsService ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:28.0535 5052        eSettingsService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:28:28.0535 5052        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:28.0535 5052        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:28:28.0535 5052        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:28.0535 5052        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:28:28.0535 5052        WMIService ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:28.0535 5052        WMIService ( UnsignedFile.Multi.Generic ) - User select action: Skip

Vielen Dank nochmal.

Ich hoffe es wird richtig als Code-Box angezeigt....

LG,

Dom

cosinus 05.04.2012 14:40
Ja ist richtig so, siehst du doch :D

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Dominik55118 05.04.2012 15:37
Hello,

hat alles prima funktioniert.

Hier der Log:


Combofix Logfile:
Code:
ComboFix 12-04-05.06 - Dominik 05.04.2012  15:58:19.1.2 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.3070.2013 [GMT 2:00]
ausgeführt von:: c:\users\Dominik\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dominik\AppData\Local\Temp\RtkBtMnt.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-03-05 bis 2012-04-05  ))))))))))))))))))))))))))))))
.
.
2012-04-05 14:11 . 2012-04-05 14:11        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-04-05 12:03 . 2012-04-05 12:03        --------        d-----w-        C:\_OTL
2012-04-04 11:06 . 2011-02-22 11:57        74824        ----a-w-        c:\windows\system32\drivers\TfSysMon.sys
2012-04-04 11:06 . 2011-02-22 11:57        41888        ----a-w-        c:\windows\system32\drivers\TfNetMon.sys
2012-04-04 11:06 . 2011-02-22 11:57        65072        ----a-w-        c:\windows\system32\drivers\TfFsMon.sys
2012-04-04 11:06 . 2012-04-04 11:06        --------        d-----w-        c:\program files (x86)\ThreatFire
2012-04-04 11:06 . 2012-04-04 11:06        --------        d-----w-        c:\programdata\PC Tools
2012-04-03 23:19 . 2012-04-03 23:19        --------        d-----w-        c:\programdata\Kaspersky Lab
2012-04-03 17:15 . 2012-04-03 17:15        --------        d-----w-        c:\program files (x86)\Common Files\Wise Installation Wizard
2012-04-03 15:50 . 2012-04-03 15:50        --------        d-----w-        c:\users\Dominik\AppData\Roaming\Malwarebytes
2012-04-03 15:50 . 2012-04-03 15:50        --------        d-----w-        c:\programdata\Malwarebytes
2012-04-03 15:50 . 2012-04-03 15:50        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-03 15:50 . 2011-12-10 13:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-04-03 07:59 . 2012-03-20 01:51        8669240        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0CB5BE9-8BA2-49C6-82D7-00C23DFD2B82}\mpengine.dll
2012-04-03 07:47 . 2012-04-03 07:53        --------        d-----w-        c:\programdata\F4D55F3E000C4EBD0060677DB4EB2331
2012-04-01 18:14 . 2012-04-01 18:14        592824        ----a-w-        c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-01 18:14 . 2012-04-01 18:14        44472        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-04-01 01:49 . 2011-11-19 15:20        5559152        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-04-01 01:49 . 2011-11-19 14:50        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-04-01 01:49 . 2011-11-19 14:50        3913584        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 16:39 . 2012-02-03 04:34        3145728        ----a-w-        c:\windows\system32\win32k.sys
2012-03-31 16:39 . 2012-02-10 06:36        1544192        ----a-w-        c:\windows\system32\DWrite.dll
2012-03-31 16:39 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-03-31 16:38 . 2012-01-25 06:38        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-03-31 16:38 . 2012-01-25 06:38        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-03-31 16:38 . 2012-01-25 06:33        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-03-31 16:38 . 2012-02-17 06:38        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
2012-03-31 16:38 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2012-03-31 16:38 . 2012-02-17 04:58        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-31 16:38 . 2012-02-17 04:57        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 09:00 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2012-02-29 09:00 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2012-02-23 07:18 . 2011-01-26 14:32        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-02-22 08:45 . 2012-02-22 08:45        86528        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2012-02-22 08:45 . 2012-02-22 08:45        76800        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-22 08:45 . 2012-02-22 08:45        74752        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-22 08:45 . 2012-02-22 08:45        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2012-02-22 08:45 . 2012-02-22 08:45        1798656        ----a-w-        c:\windows\SysWow64\jscript9.dll
2012-02-22 08:45 . 2012-02-22 08:45        161792        ----a-w-        c:\windows\SysWow64\msls31.dll
2012-02-22 08:45 . 2012-02-22 08:45        1127424        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-02-22 08:45 . 2012-02-22 08:45        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2012-02-22 08:45 . 2012-02-22 08:45        89088        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2012-02-22 08:45 . 2012-02-22 08:45        74752        ----a-w-        c:\windows\SysWow64\iesetup.dll
2012-02-22 08:45 . 2012-02-22 08:45        63488        ----a-w-        c:\windows\SysWow64\tdc.ocx
2012-02-22 08:45 . 2012-02-22 08:45        49664        ----a-w-        c:\windows\system32\imgutil.dll
2012-02-22 08:45 . 2012-02-22 08:45        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2012-02-22 08:45 . 2012-02-22 08:45        367104        ----a-w-        c:\windows\SysWow64\html.iec
2012-02-22 08:45 . 2012-02-22 08:45        35840        ----a-w-        c:\windows\SysWow64\imgutil.dll
2012-02-22 08:45 . 2012-02-22 08:45        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2012-02-22 08:45 . 2012-02-22 08:45        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-02-22 08:45 . 2012-02-22 08:45        23552        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2012-02-22 08:45 . 2012-02-22 08:45        2308096        ----a-w-        c:\windows\system32\jscript9.dll
2012-02-22 08:45 . 2012-02-22 08:45        222208        ----a-w-        c:\windows\system32\msls31.dll
2012-02-22 08:45 . 2012-02-22 08:45        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-02-22 08:45 . 2012-02-22 08:45        152064        ----a-w-        c:\windows\SysWow64\wextract.exe
2012-02-22 08:45 . 2012-02-22 08:45        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2012-02-22 08:45 . 2012-02-22 08:45        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2012-02-22 08:45 . 2012-02-22 08:45        1427456        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2012-02-22 08:45 . 2012-02-22 08:45        1390080        ----a-w-        c:\windows\system32\wininet.dll
2012-02-22 08:45 . 2012-02-22 08:45        135168        ----a-w-        c:\windows\system32\IEAdvpack.dll
2012-02-22 08:45 . 2012-02-22 08:45        12288        ----a-w-        c:\windows\system32\mshta.exe
2012-02-22 08:45 . 2012-02-22 08:45        11776        ----a-w-        c:\windows\SysWow64\mshta.exe
2012-02-22 08:45 . 2012-02-22 08:45        114176        ----a-w-        c:\windows\system32\admparse.dll
2012-02-22 08:45 . 2012-02-22 08:45        101888        ----a-w-        c:\windows\SysWow64\admparse.dll
2012-02-22 08:45 . 2012-02-22 08:45        91648        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2012-02-22 08:45 . 2012-02-22 08:45        85504        ----a-w-        c:\windows\system32\iesetup.dll
2012-02-22 08:45 . 2012-02-22 08:45        76800        ----a-w-        c:\windows\system32\tdc.ocx
2012-02-22 08:45 . 2012-02-22 08:45        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2012-02-22 08:45 . 2012-02-22 08:45        448512        ----a-w-        c:\windows\system32\html.iec
2012-02-22 08:45 . 2012-02-22 08:45        111616        ----a-w-        c:\windows\system32\iesysprep.dll
2012-02-22 08:45 . 2012-02-22 08:45        603648        ----a-w-        c:\windows\system32\vbscript.dll
2012-02-22 08:45 . 2012-02-22 08:45        30720        ----a-w-        c:\windows\system32\licmgr10.dll
2012-02-22 08:45 . 2012-02-22 08:45        165888        ----a-w-        c:\windows\system32\iexpress.exe
2012-02-22 08:45 . 2012-02-22 08:45        160256        ----a-w-        c:\windows\system32\wextract.exe
2012-02-22 08:45 . 2012-02-22 08:45        1493504        ----a-w-        c:\windows\system32\inetcpl.cpl
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-10 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-24 1190920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2011-02-22 378128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2011-1-26 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz135;cpuz135;c:\users\Dominik\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-23 7981600]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
FF - ProfilePath - c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\ik12mzv0.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\ThreatFire\TFService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-05  16:27:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-05 14:27
.
Vor Suchlauf: 14 Verzeichnis(se), 246.968.156.160 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 246.574.608.384 Bytes frei
.
- - End Of File - - 5366063E5CF978EF33D14076C6654E7D
--- --- ---


und nun?

THX nochmal.... weiß zwar nicht, was das Programm konkret gemacht hat... sieht aber gut aus :)

cosinus 05.04.2012 16:56
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Folder::
c:\programdata\F4D55F3E000C4EBD0060677DB4EB2331
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Dominik55118 05.04.2012 20:01
Ok. Gemacht. Hier der Log. Sry für die Verspätung.

[CODE] Combofix Logfile:
Code:
ComboFix 12-04-05.06 - Dominik 05.04.2012  20:27:16.2.2 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.3070.2090 [GMT 2:00]
ausgeführt von:: c:\users\Dominik\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Dominik\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\F4D55F3E000C4EBD0060677DB4EB2331
c:\programdata\F4D55F3E000C4EBD0060677DB4EB2331\F4D55F3E000C4EBD0060677DB4EB2331
c:\users\Dominik\AppData\Local\Temp\RtkBtMnt.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-03-05 bis 2012-04-05  ))))))))))))))))))))))))))))))
.
.
2012-04-05 18:39 . 2012-04-05 18:39        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-04-05 12:03 . 2012-04-05 12:03        --------        d-----w-        C:\_OTL
2012-04-04 11:06 . 2011-02-22 11:57        74824        ----a-w-        c:\windows\system32\drivers\TfSysMon.sys
2012-04-04 11:06 . 2011-02-22 11:57        41888        ----a-w-        c:\windows\system32\drivers\TfNetMon.sys
2012-04-04 11:06 . 2011-02-22 11:57        65072        ----a-w-        c:\windows\system32\drivers\TfFsMon.sys
2012-04-04 11:06 . 2012-04-04 11:06        --------        d-----w-        c:\program files (x86)\ThreatFire
2012-04-04 11:06 . 2012-04-04 11:06        --------        d-----w-        c:\programdata\PC Tools
2012-04-03 23:19 . 2012-04-03 23:19        --------        d-----w-        c:\programdata\Kaspersky Lab
2012-04-03 17:15 . 2012-04-03 17:15        --------        d-----w-        c:\program files (x86)\Common Files\Wise Installation Wizard
2012-04-03 15:50 . 2012-04-03 15:50        --------        d-----w-        c:\users\Dominik\AppData\Roaming\Malwarebytes
2012-04-03 15:50 . 2012-04-03 15:50        --------        d-----w-        c:\programdata\Malwarebytes
2012-04-03 15:50 . 2012-04-03 15:50        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-03 15:50 . 2011-12-10 13:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-04-03 07:59 . 2012-03-20 01:51        8669240        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0CB5BE9-8BA2-49C6-82D7-00C23DFD2B82}\mpengine.dll
2012-04-01 18:14 . 2012-04-01 18:14        592824        ----a-w-        c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-01 18:14 . 2012-04-01 18:14        44472        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-04-01 01:49 . 2011-11-19 15:20        5559152        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-04-01 01:49 . 2011-11-19 14:50        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-04-01 01:49 . 2011-11-19 14:50        3913584        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 16:39 . 2012-02-03 04:34        3145728        ----a-w-        c:\windows\system32\win32k.sys
2012-03-31 16:39 . 2012-02-10 06:36        1544192        ----a-w-        c:\windows\system32\DWrite.dll
2012-03-31 16:39 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-03-31 16:38 . 2012-01-25 06:38        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-03-31 16:38 . 2012-01-25 06:38        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-03-31 16:38 . 2012-01-25 06:33        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-03-31 16:38 . 2012-02-17 06:38        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
2012-03-31 16:38 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2012-03-31 16:38 . 2012-02-17 04:58        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-31 16:38 . 2012-02-17 04:57        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 09:00 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2012-02-29 09:00 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2012-02-23 07:18 . 2011-01-26 14:32        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-02-22 08:45 . 2012-02-22 08:45        86528        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2012-02-22 08:45 . 2012-02-22 08:45        76800        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-22 08:45 . 2012-02-22 08:45        74752        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-22 08:45 . 2012-02-22 08:45        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2012-02-22 08:45 . 2012-02-22 08:45        1798656        ----a-w-        c:\windows\SysWow64\jscript9.dll
2012-02-22 08:45 . 2012-02-22 08:45        161792        ----a-w-        c:\windows\SysWow64\msls31.dll
2012-02-22 08:45 . 2012-02-22 08:45        1127424        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-02-22 08:45 . 2012-02-22 08:45        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2012-02-22 08:45 . 2012-02-22 08:45        89088        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2012-02-22 08:45 . 2012-02-22 08:45        74752        ----a-w-        c:\windows\SysWow64\iesetup.dll
2012-02-22 08:45 . 2012-02-22 08:45        63488        ----a-w-        c:\windows\SysWow64\tdc.ocx
2012-02-22 08:45 . 2012-02-22 08:45        49664        ----a-w-        c:\windows\system32\imgutil.dll
2012-02-22 08:45 . 2012-02-22 08:45        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2012-02-22 08:45 . 2012-02-22 08:45        367104        ----a-w-        c:\windows\SysWow64\html.iec
2012-02-22 08:45 . 2012-02-22 08:45        35840        ----a-w-        c:\windows\SysWow64\imgutil.dll
2012-02-22 08:45 . 2012-02-22 08:45        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2012-02-22 08:45 . 2012-02-22 08:45        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-02-22 08:45 . 2012-02-22 08:45        23552        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2012-02-22 08:45 . 2012-02-22 08:45        2308096        ----a-w-        c:\windows\system32\jscript9.dll
2012-02-22 08:45 . 2012-02-22 08:45        222208        ----a-w-        c:\windows\system32\msls31.dll
2012-02-22 08:45 . 2012-02-22 08:45        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-02-22 08:45 . 2012-02-22 08:45        152064        ----a-w-        c:\windows\SysWow64\wextract.exe
2012-02-22 08:45 . 2012-02-22 08:45        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2012-02-22 08:45 . 2012-02-22 08:45        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2012-02-22 08:45 . 2012-02-22 08:45        1427456        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2012-02-22 08:45 . 2012-02-22 08:45        1390080        ----a-w-        c:\windows\system32\wininet.dll
2012-02-22 08:45 . 2012-02-22 08:45        135168        ----a-w-        c:\windows\system32\IEAdvpack.dll
2012-02-22 08:45 . 2012-02-22 08:45        12288        ----a-w-        c:\windows\system32\mshta.exe
2012-02-22 08:45 . 2012-02-22 08:45        11776        ----a-w-        c:\windows\SysWow64\mshta.exe
2012-02-22 08:45 . 2012-02-22 08:45        114176        ----a-w-        c:\windows\system32\admparse.dll
2012-02-22 08:45 . 2012-02-22 08:45        101888        ----a-w-        c:\windows\SysWow64\admparse.dll
2012-02-22 08:45 . 2012-02-22 08:45        91648        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2012-02-22 08:45 . 2012-02-22 08:45        85504        ----a-w-        c:\windows\system32\iesetup.dll
2012-02-22 08:45 . 2012-02-22 08:45        76800        ----a-w-        c:\windows\system32\tdc.ocx
2012-02-22 08:45 . 2012-02-22 08:45        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2012-02-22 08:45 . 2012-02-22 08:45        448512        ----a-w-        c:\windows\system32\html.iec
2012-02-22 08:45 . 2012-02-22 08:45        111616        ----a-w-        c:\windows\system32\iesysprep.dll
2012-02-22 08:45 . 2012-02-22 08:45        603648        ----a-w-        c:\windows\system32\vbscript.dll
2012-02-22 08:45 . 2012-02-22 08:45        30720        ----a-w-        c:\windows\system32\licmgr10.dll
2012-02-22 08:45 . 2012-02-22 08:45        165888        ----a-w-        c:\windows\system32\iexpress.exe
2012-02-22 08:45 . 2012-02-22 08:45        160256        ----a-w-        c:\windows\system32\wextract.exe
2012-02-22 08:45 . 2012-02-22 08:45        1493504        ----a-w-        c:\windows\system32\inetcpl.cpl
.
.
(((((((((((((((((((((((((((((  SnapShot@2012-04-05_14.18.45  )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-26 17:05 . 2012-04-05 14:34        35002              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-05 18:44        40046              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-26 14:19 . 2012-04-05 18:44        12778              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4178791177-2408624748-2417051294-1000_UserData.bin
- 2012-04-05 14:17 . 2012-04-05 14:17        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-05 18:42 . 2012-04-05 18:42        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-05 14:17 . 2012-04-05 14:17        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-05 18:42 . 2012-04-05 18:42        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-27 15:07 . 2012-04-05 17:56        280308              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 02:36 . 2012-04-05 12:10        620384              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-05 14:36        620384              c:\windows\system32\perfh009.dat
- 2009-07-14 17:58 . 2012-04-05 12:10        659238              c:\windows\system32\perfh007.dat
+ 2009-07-14 17:58 . 2012-04-05 14:36        659238              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-04-05 14:36        108566              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-05 12:10        108566              c:\windows\system32\perfc009.dat
- 2009-07-14 17:58 . 2012-04-05 12:10        132776              c:\windows\system32\perfc007.dat
+ 2009-07-14 17:58 . 2012-04-05 14:36        132776              c:\windows\system32\perfc007.dat
- 2009-07-14 05:01 . 2012-04-05 14:12        385004              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-05 18:39        385004              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-10 00:37 . 2012-04-05 18:39        1456308              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4178791177-2408624748-2417051294-1000-8192.dat
- 2011-07-10 00:37 . 2012-04-05 14:12        1456308              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4178791177-2408624748-2417051294-1000-8192.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-10 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-24 1190920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2011-02-22 378128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2011-1-26 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz135;cpuz135;c:\users\Dominik\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-23 7981600]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
FF - ProfilePath - c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\ik12mzv0.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\ThreatFire\TFService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-05  20:51:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-05 18:51
ComboFix2.txt  2012-04-05 14:27
.
Vor Suchlauf: 18 Verzeichnis(se), 246.636.650.496 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 246.577.725.440 Bytes frei
.
- - End Of File - - 3F4DD0846BAF7EA7130951A931392BBB
--- --- ---


LG,

DOm

cosinus 05.04.2012 20:31
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Dominik55118 05.04.2012 20:54
ok. gemacht :)

Hier der Log:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-05 21:51:33
-----------------------------
21:51:33.128    OS Version: Windows x64 6.1.7601 Service Pack 1
21:51:33.128    Number of processors: 2 586 0xF0D
21:51:33.128    ComputerName: DOMINIK-PC  UserName: Dominik
21:51:33.752    Initialize success
21:51:38.074    AVAST engine defs: 12040501
21:51:53.284    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
21:51:53.299    Disk 0 Vendor: SAMSUNG_HM321HI 2AJ10001 Size: 305245MB BusType: 11
21:51:53.315    Disk 0 MBR read successfully
21:51:53.315    Disk 0 MBR scan
21:51:53.315    Disk 0 Windows 7 default MBR code
21:51:53.330    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      305243 MB offset 2048
21:51:53.346    Disk 0 scanning C:\Windows\system32\drivers
21:52:06.356    Service scanning
21:52:35.716    Modules scanning
21:52:35.731    Disk 0 trace - called modules:
21:52:35.778    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:52:35.794    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003430060]
21:52:35.794    3 CLASSPNP.SYS[fffff8800195a43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8002ea0680]
21:52:35.809    Scan finished successfully
21:52:58.710    Disk 0 MBR has been saved successfully to "C:\Users\Dominik\Desktop\Logs\MBR.dat"
21:52:58.710    The log file has been saved successfully to "C:\Users\Dominik\Desktop\Logs\aswMBR.txt"
LG,

Dom


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:30 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131