Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Sirefef und weitere auf Win7 64-bit (https://www.trojaner-board.de/116862-sirefef-win7-64-bit.html)

poldikater 08.06.2012 16:42
Sirefef und weitere auf Win7 64-bit
 
Liebe Community,
nach viel google und Suche in eurem board (wonach ich dann einige eurer tipps und tricks und anti-malware-Progs ausprobiert habe) muss ich euch leider doch "bemühen":
Ich hab einen acer Laptop mit Win7 64bit und allen updates.
Seit ein paar Tagen ist die Firewall offline und läßt sich nicht mehr aktivieren - Fehlercode 0x8007042c
Mein Securityprogramm ist MS Security Essentials, welche der Schädling auch deaktiviert hat. Ich mußte es neu installieren und bekomme nun ständig Benachrichtigungen über schwere Bedrohungen Sirefef, Alureon, Cybot.cfg). Removen nützt nichts, es kommt dieselbe Meldung wieder.
Mittlerweile habe ich MWB probiert, Kaspersky Security Disk (über boot-CD), Emsisoft und was weiß ich alles.
Die logfiles vom OTL hab ich euch angehängt.
- defogger bringt keine Fehlermeldung
ich habe keine Cracks oder sowas wissentlich runtergeladen, ich hoffe es findet sich nichts derartiges auf dem log.

Vielen Dank für eure Hilfe im voraus!

Larusso 09.06.2012 07:55
:hallo:

Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  • Sollte ich auf diese, sowie allen weiteren Antworten, innerhalb von 3 Tagen keine Antwort von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
  • Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.


Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.

poldikater 09.06.2012 10:24
Servus Daniel, vielen Dank für die schnelle Antwort!
Hier kommt mein logfile, gefunden hat das tool nichts.
Code:
11:20:02.0679 3436        TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
11:20:02.0944 3436        ============================================================
11:20:02.0944 3436        Current date / time: 2012/06/09 11:20:02.0944
11:20:02.0944 3436        SystemInfo:
11:20:02.0944 3436       
11:20:02.0944 3436        OS Version: 6.1.7601 ServicePack: 1.0
11:20:02.0944 3436        Product type: Workstation
11:20:02.0944 3436        ComputerName: NOTEBOOK_SP
11:20:02.0944 3436        UserName: sandra
11:20:02.0944 3436        Windows directory: C:\Windows
11:20:02.0944 3436        System windows directory: C:\Windows
11:20:02.0944 3436        Running under WOW64
11:20:02.0944 3436        Processor architecture: Intel x64
11:20:02.0944 3436        Number of processors: 2
11:20:02.0944 3436        Page size: 0x1000
11:20:02.0944 3436        Boot type: Normal boot
11:20:02.0944 3436        ============================================================
11:20:03.0568 3436        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:20:04.0098 3436        Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:20:04.0114 3436        ============================================================
11:20:04.0114 3436        \Device\Harddisk0\DR0:
11:20:04.0114 3436        MBR partitions:
11:20:04.0114 3436        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
11:20:04.0114 3436        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x38553830
11:20:04.0114 3436        \Device\Harddisk1\DR1:
11:20:04.0114 3436        MBR partitions:
11:20:04.0114 3436        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C41BF
11:20:04.0114 3436        ============================================================
11:20:04.0145 3436        C: <-> \Device\Harddisk0\DR0\Partition1
11:20:04.0176 3436        E: <-> \Device\Harddisk1\DR1\Partition0
11:20:04.0176 3436        ============================================================
11:20:04.0176 3436        Initialize success
11:20:04.0176 3436        ============================================================
11:20:06.0641 4344        ============================================================
11:20:06.0641 4344        Scan started
11:20:06.0641 4344        Mode: Manual;
11:20:06.0641 4344        ============================================================
11:20:07.0031 4344        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:20:07.0047 4344        1394ohci - ok
11:20:07.0093 4344        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:20:07.0109 4344        ACPI - ok
11:20:07.0125 4344        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:20:07.0125 4344        AcpiPmi - ok
11:20:07.0281 4344        AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:20:07.0296 4344        AdobeFlashPlayerUpdateSvc - ok
11:20:07.0359 4344        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
11:20:07.0374 4344        adp94xx - ok
11:20:07.0437 4344        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
11:20:07.0452 4344        adpahci - ok
11:20:07.0483 4344        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
11:20:07.0483 4344        adpu320 - ok
11:20:07.0530 4344        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:20:07.0546 4344        AeLookupSvc - ok
11:20:07.0608 4344        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:20:07.0624 4344        AFD - ok
11:20:07.0671 4344        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:20:07.0686 4344        agp440 - ok
11:20:07.0733 4344        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:20:07.0733 4344        ALG - ok
11:20:07.0764 4344        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:20:07.0764 4344        aliide - ok
11:20:07.0780 4344        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:20:07.0780 4344        amdide - ok
11:20:07.0795 4344        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
11:20:07.0795 4344        AmdK8 - ok
11:20:07.0811 4344        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
11:20:07.0811 4344        AmdPPM - ok
11:20:07.0842 4344        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:20:07.0858 4344        amdsata - ok
11:20:07.0889 4344        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
11:20:07.0905 4344        amdsbs - ok
11:20:07.0920 4344        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:20:07.0920 4344        amdxata - ok
11:20:07.0951 4344        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:20:07.0951 4344        AppID - ok
11:20:07.0983 4344        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:20:07.0983 4344        AppIDSvc - ok
11:20:07.0998 4344        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:20:07.0998 4344        Appinfo - ok
11:20:08.0123 4344        Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:20:08.0139 4344        Apple Mobile Device - ok
11:20:08.0170 4344        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
11:20:08.0170 4344        arc - ok
11:20:08.0201 4344        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
11:20:08.0217 4344        arcsas - ok
11:20:08.0341 4344        aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:20:08.0341 4344        aspnet_state - ok
11:20:08.0373 4344        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:20:08.0373 4344        AsyncMac - ok
11:20:08.0419 4344        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:20:08.0419 4344        atapi - ok
11:20:08.0451 4344        AthBTPort      (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
11:20:08.0451 4344        AthBTPort - ok
11:20:08.0513 4344        AtherosSvc      (fbbe79d7445aa4494e069a0b91f9417b) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
11:20:08.0513 4344        AtherosSvc - ok
11:20:08.0653 4344        athr            (c8679a07267f030704168e45e27c3d43) C:\Windows\system32\DRIVERS\athrx.sys
11:20:08.0747 4344        athr - ok
11:20:08.0887 4344        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:20:08.0950 4344        AudioEndpointBuilder - ok
11:20:08.0965 4344        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:20:08.0965 4344        AudioSrv - ok
11:20:09.0012 4344        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:20:09.0012 4344        AxInstSV - ok
11:20:09.0106 4344        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
11:20:09.0121 4344        b06bdrv - ok
11:20:09.0184 4344        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:20:09.0199 4344        b57nd60a - ok
11:20:09.0231 4344        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:20:09.0246 4344        BDESVC - ok
11:20:09.0262 4344        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:20:09.0262 4344        Beep - ok
11:20:09.0340 4344        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:20:09.0387 4344        BFE - ok
11:20:09.0449 4344        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
11:20:09.0511 4344        BITS - ok
11:20:09.0589 4344        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
11:20:09.0605 4344        blbdrive - ok
11:20:09.0714 4344        Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:20:09.0730 4344        Bonjour Service - ok
11:20:09.0777 4344        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:20:09.0777 4344        bowser - ok
11:20:09.0823 4344        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
11:20:09.0823 4344        BrFiltLo - ok
11:20:09.0823 4344        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
11:20:09.0823 4344        BrFiltUp - ok
11:20:09.0870 4344        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:20:09.0870 4344        Browser - ok
11:20:09.0901 4344        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:20:09.0933 4344        Brserid - ok
11:20:09.0933 4344        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:20:09.0933 4344        BrSerWdm - ok
11:20:09.0948 4344        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:20:09.0948 4344        BrUsbMdm - ok
11:20:09.0948 4344        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:20:09.0948 4344        BrUsbSer - ok
11:20:10.0011 4344        BTATH_A2DP      (227c8f308de4af4808e587465ceab838) C:\Windows\system32\drivers\btath_a2dp.sys
11:20:10.0026 4344        BTATH_A2DP - ok
11:20:10.0073 4344        BTATH_BUS      (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
11:20:10.0089 4344        BTATH_BUS - ok
11:20:10.0120 4344        BTATH_HCRP      (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
11:20:10.0135 4344        BTATH_HCRP - ok
11:20:10.0167 4344        BTATH_LWFLT    (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys
11:20:10.0167 4344        BTATH_LWFLT - ok
11:20:10.0182 4344        BTATH_RCP      (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
11:20:10.0198 4344        BTATH_RCP - ok
11:20:10.0245 4344        BtFilter        (ff8b065f96e4d9525aa7227299fbd05c) C:\Windows\system32\DRIVERS\btfilter.sys
11:20:10.0260 4344        BtFilter - ok
11:20:10.0307 4344        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
11:20:10.0307 4344        BthEnum - ok
11:20:10.0338 4344        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
11:20:10.0354 4344        BTHMODEM - ok
11:20:10.0385 4344        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
11:20:10.0385 4344        BthPan - ok
11:20:10.0447 4344        BTHPORT        (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
11:20:10.0463 4344        BTHPORT - ok
11:20:10.0525 4344        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:20:10.0525 4344        bthserv - ok
11:20:10.0557 4344        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
11:20:10.0557 4344        BTHUSB - ok
11:20:10.0603 4344        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:20:10.0603 4344        cdfs - ok
11:20:10.0635 4344        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:20:10.0650 4344        cdrom - ok
11:20:10.0697 4344        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:20:10.0697 4344        CertPropSvc - ok
11:20:10.0728 4344        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
11:20:10.0728 4344        circlass - ok
11:20:10.0775 4344        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:20:10.0791 4344        CLFS - ok
11:20:10.0869 4344        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:20:10.0869 4344        clr_optimization_v2.0.50727_32 - ok
11:20:10.0915 4344        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:20:10.0931 4344        clr_optimization_v2.0.50727_64 - ok
11:20:11.0056 4344        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:20:11.0056 4344        clr_optimization_v4.0.30319_32 - ok
11:20:11.0103 4344        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:20:11.0118 4344        clr_optimization_v4.0.30319_64 - ok
11:20:11.0149 4344        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
11:20:11.0149 4344        CmBatt - ok
11:20:11.0165 4344        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:20:11.0165 4344        cmdide - ok
11:20:11.0243 4344        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:20:11.0259 4344        CNG - ok
11:20:11.0290 4344        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
11:20:11.0290 4344        Compbatt - ok
11:20:11.0337 4344        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:20:11.0337 4344        CompositeBus - ok
11:20:11.0352 4344        COMSysApp - ok
11:20:11.0368 4344        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
11:20:11.0368 4344        crcdisk - ok
11:20:11.0430 4344        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:20:11.0446 4344        CryptSvc - ok
11:20:11.0493 4344        dc3d            (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
11:20:11.0493 4344        dc3d - ok
11:20:11.0555 4344        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:20:11.0586 4344        DcomLaunch - ok
11:20:11.0649 4344        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:20:11.0664 4344        defragsvc - ok
11:20:11.0695 4344        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:20:11.0695 4344        DfsC - ok
11:20:11.0742 4344        dg_ssudbus      (113212d25d0c9bb8901a9833774da97f) C:\Windows\system32\DRIVERS\ssudbus.sys
11:20:11.0742 4344        dg_ssudbus - ok
11:20:11.0820 4344        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:20:11.0851 4344        Dhcp - ok
11:20:11.0883 4344        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:20:11.0883 4344        discache - ok
11:20:11.0914 4344        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
11:20:11.0914 4344        Disk - ok
11:20:11.0992 4344        Dnscache        (143d5e4f6b1c58774efca1bc7cebff2e) C:\Windows\System32\pouazns6k.dll
11:20:12.0023 4344        Dnscache - ok
11:20:12.0085 4344        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:20:12.0101 4344        dot3svc - ok
11:20:12.0132 4344        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:20:12.0132 4344        DPS - ok
11:20:12.0163 4344        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:20:12.0179 4344        drmkaud - ok
11:20:12.0273 4344        DsiWMIService  (4ab2a58816cc6be771f1d8c768b804c5) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
11:20:12.0304 4344        DsiWMIService - ok
11:20:12.0382 4344        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:20:12.0429 4344        DXGKrnl - ok
11:20:12.0475 4344        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:20:12.0475 4344        EapHost - ok
11:20:12.0631 4344        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
11:20:12.0741 4344        ebdrv - ok
11:20:12.0850 4344        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:20:12.0865 4344        EFS - ok
11:20:12.0928 4344        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:20:12.0959 4344        ehRecvr - ok
11:20:12.0975 4344        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:20:12.0975 4344        ehSched - ok
11:20:13.0053 4344        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
11:20:13.0084 4344        elxstor - ok
11:20:13.0177 4344        ePowerSvc      (eb1c213a8550f066b2ccc29c9f41e2ae) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
11:20:13.0224 4344        ePowerSvc - ok
11:20:13.0333 4344        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:20:13.0349 4344        ErrDev - ok
11:20:13.0396 4344        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:20:13.0427 4344        EventSystem - ok
11:20:13.0458 4344        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:20:13.0474 4344        exfat - ok
11:20:13.0521 4344        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:20:13.0536 4344        fastfat - ok
11:20:13.0599 4344        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:20:13.0645 4344        Fax - ok
11:20:13.0661 4344        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
11:20:13.0661 4344        fdc - ok
11:20:13.0677 4344        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:20:13.0692 4344        fdPHost - ok
11:20:13.0708 4344        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:20:13.0708 4344        FDResPub - ok
11:20:13.0755 4344        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:20:13.0755 4344        FileInfo - ok
11:20:13.0770 4344        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:20:13.0770 4344        Filetrace - ok
11:20:13.0895 4344        FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:20:13.0911 4344        FLEXnet Licensing Service - ok
11:20:13.0957 4344        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
11:20:13.0957 4344        flpydisk - ok
11:20:13.0989 4344        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:20:13.0989 4344        FltMgr - ok
11:20:14.0051 4344        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:20:14.0098 4344        FontCache - ok
11:20:14.0160 4344        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:20:14.0160 4344        FontCache3.0.0.0 - ok
11:20:14.0207 4344        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:20:14.0207 4344        FsDepends - ok
11:20:14.0254 4344        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:20:14.0254 4344        Fs_Rec - ok
11:20:14.0301 4344        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:20:14.0301 4344        fvevol - ok
11:20:14.0347 4344        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
11:20:14.0347 4344        gagp30kx - ok
11:20:14.0394 4344        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:20:14.0394 4344        GEARAspiWDM - ok
11:20:14.0457 4344        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:20:14.0503 4344        gpsvc - ok
11:20:14.0581 4344        GREGService    (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
11:20:14.0581 4344        GREGService - ok
11:20:14.0628 4344        gusvc          (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:20:14.0628 4344        gusvc - ok
11:20:14.0675 4344        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:20:14.0675 4344        hcw85cir - ok
11:20:14.0722 4344        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:20:14.0753 4344        HdAudAddService - ok
11:20:14.0784 4344        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:20:14.0800 4344        HDAudBus - ok
11:20:14.0800 4344        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
11:20:14.0800 4344        HidBatt - ok
11:20:14.0815 4344        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
11:20:14.0815 4344        HidBth - ok
11:20:14.0847 4344        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
11:20:14.0847 4344        HidIr - ok
11:20:14.0878 4344        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
11:20:14.0893 4344        hidserv - ok
11:20:14.0909 4344        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:20:14.0909 4344        HidUsb - ok
11:20:14.0925 4344        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:20:14.0925 4344        hkmsvc - ok
11:20:14.0956 4344        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:20:14.0956 4344        HomeGroupListener - ok
11:20:14.0987 4344        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:20:15.0003 4344        HomeGroupProvider - ok
11:20:15.0034 4344        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:20:15.0034 4344        HpSAMD - ok
11:20:15.0081 4344        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:20:15.0112 4344        HTTP - ok
11:20:15.0127 4344        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:20:15.0127 4344        hwpolicy - ok
11:20:15.0143 4344        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:20:15.0159 4344        i8042prt - ok
11:20:15.0205 4344        iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
11:20:15.0221 4344        iaStor - ok
11:20:15.0283 4344        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:20:15.0315 4344        iaStorV - ok
11:20:15.0424 4344        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:20:15.0455 4344        idsvc - ok
11:20:15.0954 4344        igfx            (553228e67639f52c9bd86362c0c64f85) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:20:16.0235 4344        igfx - ok
11:20:16.0344 4344        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
11:20:16.0344 4344        iirsp - ok
11:20:16.0407 4344        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:20:16.0485 4344        IKEEXT - ok
11:20:16.0641 4344        IntcAzAudAddService (16c324e22208e6e8336c3f2da14cfe2d) C:\Windows\system32\drivers\RTKVHD64.sys
11:20:16.0734 4344        IntcAzAudAddService - ok
11:20:16.0875 4344        IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
11:20:16.0890 4344        IntcDAud - ok
11:20:16.0906 4344        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:20:16.0921 4344        intelide - ok
11:20:16.0953 4344        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:20:16.0953 4344        intelppm - ok
11:20:16.0984 4344        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:20:16.0984 4344        IPBusEnum - ok
11:20:16.0999 4344        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:20:17.0031 4344        IpFilterDriver - ok
11:20:17.0031 4344        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:20:17.0046 4344        IPMIDRV - ok
11:20:17.0077 4344        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:20:17.0077 4344        IPNAT - ok
11:20:17.0218 4344        iPod Service    (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
11:20:17.0265 4344        iPod Service - ok
11:20:17.0296 4344        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:20:17.0296 4344        IRENUM - ok
11:20:17.0327 4344        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:20:17.0327 4344        isapnp - ok
11:20:17.0343 4344        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:20:17.0374 4344        iScsiPrt - ok
11:20:17.0405 4344        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:20:17.0405 4344        kbdclass - ok
11:20:17.0421 4344        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:20:17.0421 4344        kbdhid - ok
11:20:17.0483 4344        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:20:17.0483 4344        KeyIso - ok
11:20:17.0514 4344        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:20:17.0514 4344        KSecDD - ok
11:20:17.0530 4344        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:20:17.0545 4344        KSecPkg - ok
11:20:17.0577 4344        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:20:17.0577 4344        ksthunk - ok
11:20:17.0639 4344        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:20:17.0655 4344        KtmRm - ok
11:20:17.0686 4344        L1C            (6dd5383c9413aae3113faf89e345663d) C:\Windows\system32\DRIVERS\L1C62x64.sys
11:20:17.0701 4344        L1C - ok
11:20:17.0748 4344        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
11:20:17.0764 4344        LanmanServer - ok
11:20:17.0795 4344        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:20:17.0811 4344        LanmanWorkstation - ok
11:20:17.0873 4344        Live Updater Service (6bcee9c766815bfff89de7d81af34ce1) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
11:20:17.0889 4344        Live Updater Service - ok
11:20:17.0935 4344        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:20:17.0935 4344        lltdio - ok
11:20:17.0998 4344        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:20:18.0013 4344        lltdsvc - ok
11:20:18.0029 4344        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:20:18.0045 4344        lmhosts - ok
11:20:18.0138 4344        LMS            (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
11:20:18.0154 4344        LMS - ok
11:20:18.0185 4344        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
11:20:18.0201 4344        LSI_FC - ok
11:20:18.0232 4344        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
11:20:18.0232 4344        LSI_SAS - ok
11:20:18.0247 4344        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
11:20:18.0247 4344        LSI_SAS2 - ok
11:20:18.0294 4344        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
11:20:18.0310 4344        LSI_SCSI - ok
11:20:18.0341 4344        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:20:18.0341 4344        luafv - ok
11:20:18.0403 4344        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
11:20:18.0403 4344        MBAMProtector - ok
11:20:18.0481 4344        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:20:18.0528 4344        MBAMService - ok
11:20:18.0575 4344        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:20:18.0575 4344        Mcx2Svc - ok
11:20:18.0622 4344        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
11:20:18.0622 4344        megasas - ok
11:20:18.0669 4344        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
11:20:18.0684 4344        MegaSR - ok
11:20:18.0731 4344        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
11:20:18.0731 4344        MEIx64 - ok
11:20:18.0762 4344        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:20:18.0762 4344        MMCSS - ok
11:20:18.0793 4344        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:20:18.0793 4344        Modem - ok
11:20:18.0825 4344        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:20:18.0825 4344        monitor - ok
11:20:18.0856 4344        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:20:18.0856 4344        mouclass - ok
11:20:18.0871 4344        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:20:18.0871 4344        mouhid - ok
11:20:18.0918 4344        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:20:18.0918 4344        mountmgr - ok
11:20:19.0027 4344        MozillaMaintenance (d9378fedbdb9895444ca07c761136106) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:20:19.0027 4344        MozillaMaintenance - ok
11:20:19.0105 4344        MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
11:20:19.0105 4344        MpFilter - ok
11:20:19.0152 4344        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:20:19.0168 4344        mpio - ok
11:20:19.0183 4344        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:20:19.0183 4344        mpsdrv - ok
11:20:19.0293 4344        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:20:19.0355 4344        MpsSvc - ok
11:20:19.0371 4344        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:20:19.0386 4344        MRxDAV - ok
11:20:19.0417 4344        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:20:19.0417 4344        mrxsmb - ok
11:20:19.0449 4344        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:20:19.0464 4344        mrxsmb10 - ok
11:20:19.0495 4344        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:20:19.0495 4344        mrxsmb20 - ok
11:20:19.0527 4344        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:20:19.0527 4344        msahci - ok
11:20:19.0542 4344        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:20:19.0558 4344        msdsm - ok
11:20:19.0589 4344        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:20:19.0605 4344        MSDTC - ok
11:20:19.0620 4344        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:20:19.0620 4344        Msfs - ok
11:20:19.0636 4344        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:20:19.0651 4344        mshidkmdf - ok
11:20:19.0651 4344        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:20:19.0651 4344        msisadrv - ok
11:20:19.0683 4344        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:20:19.0683 4344        MSiSCSI - ok
11:20:19.0683 4344        msiserver - ok
11:20:19.0729 4344        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:20:19.0729 4344        MSKSSRV - ok
11:20:19.0839 4344        MsMpSvc        (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:20:19.0839 4344        MsMpSvc - ok
11:20:19.0839 4344        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:20:19.0854 4344        MSPCLOCK - ok
11:20:19.0854 4344        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:20:19.0854 4344        MSPQM - ok
11:20:19.0901 4344        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:20:19.0932 4344        MsRPC - ok
11:20:19.0948 4344        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:20:19.0948 4344        mssmbios - ok
11:20:19.0963 4344        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:20:19.0963 4344        MSTEE - ok
11:20:19.0979 4344        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
11:20:19.0979 4344        MTConfig - ok
11:20:19.0995 4344        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:20:19.0995 4344        Mup - ok
11:20:20.0057 4344        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:20:20.0073 4344        napagent - ok
11:20:20.0135 4344        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:20:20.0151 4344        NativeWifiP - ok
11:20:20.0229 4344        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:20:20.0291 4344        NDIS - ok
11:20:20.0322 4344        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:20:20.0322 4344        NdisCap - ok
11:20:20.0353 4344        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:20:20.0353 4344        NdisTapi - ok
11:20:20.0369 4344        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:20:20.0369 4344        Ndisuio - ok
11:20:20.0400 4344        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:20:20.0400 4344        NdisWan - ok
11:20:20.0416 4344        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:20:20.0416 4344        NDProxy - ok
11:20:20.0447 4344        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:20:20.0447 4344        NetBIOS - ok
11:20:20.0478 4344        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:20:20.0494 4344        NetBT - ok
11:20:20.0556 4344        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:20:20.0556 4344        Netlogon - ok
11:20:20.0603 4344        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:20:20.0634 4344        Netman - ok
11:20:20.0759 4344        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:20:20.0775 4344        NetMsmqActivator - ok
11:20:20.0790 4344        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:20:20.0790 4344        NetPipeActivator - ok
11:20:20.0853 4344        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:20:20.0884 4344        netprofm - ok
11:20:20.0899 4344        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:20:20.0899 4344        NetTcpActivator - ok
11:20:20.0899 4344        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:20:20.0899 4344        NetTcpPortSharing - ok
11:20:20.0962 4344        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
11:20:20.0962 4344        nfrd960 - ok
11:20:21.0009 4344        NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:20:21.0024 4344        NisDrv - ok
11:20:21.0149 4344        NisSrv          (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
11:20:21.0180 4344        NisSrv - ok
11:20:21.0243 4344        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:20:21.0274 4344        NlaSvc - ok
11:20:21.0274 4344        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:20:21.0274 4344        Npfs - ok
11:20:21.0305 4344        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:20:21.0305 4344        nsi - ok
11:20:21.0321 4344        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:20:21.0321 4344        nsiproxy - ok
11:20:21.0445 4344        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:20:21.0492 4344        Ntfs - ok
11:20:21.0617 4344        NTI IScheduleSvc (773eed20bbf50809437373c0285bfa5e) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
11:20:21.0617 4344        NTI IScheduleSvc - ok
11:20:21.0742 4344        NTIDrvr        (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
11:20:21.0757 4344        NTIDrvr - ok
11:20:21.0773 4344        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:20:21.0773 4344        Null - ok
11:20:21.0820 4344        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:20:21.0820 4344        nvraid - ok
11:20:21.0835 4344        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:20:21.0851 4344        nvstor - ok
11:20:21.0867 4344        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:20:21.0867 4344        nv_agp - ok
11:20:21.0991 4344        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:20:22.0007 4344        odserv - ok
11:20:22.0038 4344        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:20:22.0038 4344        ohci1394 - ok
11:20:22.0085 4344        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:20:22.0101 4344        ose - ok
11:20:22.0147 4344        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:20:22.0163 4344        p2pimsvc - ok
11:20:22.0225 4344        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:20:22.0241 4344        p2psvc - ok
11:20:22.0288 4344        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
11:20:22.0288 4344        Parport - ok
11:20:22.0335 4344        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
11:20:22.0350 4344        partmgr - ok
11:20:22.0366 4344        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:20:22.0381 4344        PcaSvc - ok
11:20:22.0413 4344        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:20:22.0428 4344        pci - ok
11:20:22.0459 4344        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:20:22.0459 4344        pciide - ok
11:20:22.0491 4344        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
11:20:22.0506 4344        pcmcia - ok
11:20:22.0537 4344        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:20:22.0537 4344        pcw - ok
11:20:22.0584 4344        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:20:22.0631 4344        PEAUTH - ok
11:20:22.0709 4344        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:20:22.0709 4344        PerfHost - ok
11:20:22.0771 4344        pjdcoemi        (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\pjdcoemi.sys
11:20:22.0803 4344        pjdcoemi - ok
11:20:22.0881 4344        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:20:22.0943 4344        pla - ok
11:20:22.0990 4344        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:20:23.0005 4344        PlugPlay - ok
11:20:23.0021 4344        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:20:23.0021 4344        PNRPAutoReg - ok
11:20:23.0068 4344        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:20:23.0068 4344        PNRPsvc - ok
11:20:23.0161 4344        Point64        (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
11:20:23.0161 4344        Point64 - ok
11:20:23.0224 4344        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:20:23.0255 4344        PolicyAgent - ok
11:20:23.0302 4344        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:20:23.0317 4344        Power - ok
11:20:23.0349 4344        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:20:23.0349 4344        PptpMiniport - ok
11:20:23.0364 4344        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
11:20:23.0380 4344        Processor - ok
11:20:23.0427 4344        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:20:23.0442 4344        ProfSvc - ok
11:20:23.0489 4344        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:20:23.0489 4344        ProtectedStorage - ok
11:20:23.0536 4344        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:20:23.0536 4344        Psched - ok
11:20:23.0567 4344        PSI            (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
11:20:23.0567 4344        PSI - ok
11:20:23.0661 4344        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
11:20:23.0707 4344        ql2300 - ok
11:20:23.0817 4344        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
11:20:23.0817 4344        ql40xx - ok
11:20:23.0863 4344        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:20:23.0895 4344        QWAVE - ok
11:20:23.0910 4344        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:20:23.0910 4344        QWAVEdrv - ok
11:20:23.0926 4344        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:20:23.0926 4344        RasAcd - ok
11:20:23.0973 4344        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:20:23.0973 4344        RasAgileVpn - ok
11:20:24.0004 4344        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:20:24.0004 4344        RasAuto - ok
11:20:24.0035 4344        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:20:24.0035 4344        Rasl2tp - ok
11:20:24.0066 4344        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:20:24.0097 4344        RasMan - ok
11:20:24.0113 4344        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:20:24.0113 4344        RasPppoe - ok
11:20:24.0144 4344        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:20:24.0144 4344        RasSstp - ok
11:20:24.0175 4344        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:20:24.0191 4344        rdbss - ok
11:20:24.0207 4344        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
11:20:24.0207 4344        rdpbus - ok
11:20:24.0238 4344        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:20:24.0238 4344        RDPCDD - ok
11:20:24.0269 4344        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:20:24.0269 4344        RDPENCDD - ok
11:20:24.0285 4344        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:20:24.0285 4344        RDPREFMP - ok
11:20:24.0331 4344        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
11:20:24.0347 4344        RDPWD - ok
11:20:24.0378 4344        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:20:24.0394 4344        rdyboost - ok
11:20:24.0441 4344        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:20:24.0456 4344        RemoteAccess - ok
11:20:24.0472 4344        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:20:24.0503 4344        RemoteRegistry - ok
11:20:24.0534 4344        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
11:20:24.0550 4344        RFCOMM - ok
11:20:24.0565 4344        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:20:24.0565 4344        RpcEptMapper - ok
11:20:24.0597 4344        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:20:24.0612 4344        RpcLocator - ok
11:20:24.0643 4344        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:20:24.0659 4344        RpcSs - ok
11:20:24.0753 4344        RSPCIESTOR      (85b325723f67ef80927326fd7eb1cc10) C:\Windows\system32\DRIVERS\RtsPStor.sys
11:20:24.0768 4344        RSPCIESTOR - ok
11:20:24.0815 4344        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:20:24.0815 4344        rspndr - ok
11:20:24.0862 4344        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:20:24.0862 4344        SamSs - ok
11:20:24.0893 4344        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:20:24.0893 4344        sbp2port - ok
11:20:24.0940 4344        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:20:24.0955 4344        SCardSvr - ok
11:20:24.0971 4344        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:20:24.0971 4344        scfilter - ok
11:20:25.0049 4344        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:20:25.0111 4344        Schedule - ok
11:20:25.0143 4344        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:20:25.0143 4344        SCPolicySvc - ok
11:20:25.0158 4344        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:20:25.0189 4344        SDRSVC - ok
11:20:25.0252 4344        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:20:25.0252 4344        secdrv - ok
11:20:25.0283 4344        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:20:25.0299 4344        seclogon - ok
11:20:25.0423 4344        Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files (x86)\SecuniaPSI\PSIA.exe
11:20:25.0470 4344        Secunia PSI Agent - ok
11:20:25.0533 4344        Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files (x86)\SecuniaPSI\sua.exe
11:20:25.0548 4344        Secunia Update Agent - ok
11:20:25.0657 4344        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
11:20:25.0657 4344        SENS - ok
11:20:25.0689 4344        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:20:25.0689 4344        SensrSvc - ok
11:20:25.0735 4344        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
11:20:25.0735 4344        Serenum - ok
11:20:25.0767 4344        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
11:20:25.0767 4344        Serial - ok
11:20:25.0782 4344        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
11:20:25.0782 4344        sermouse - ok
11:20:25.0845 4344        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:20:25.0860 4344        SessionEnv - ok
11:20:25.0876 4344        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:20:25.0891 4344        sffdisk - ok
11:20:25.0907 4344        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:20:25.0907 4344        sffp_mmc - ok
11:20:25.0907 4344        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:20:25.0923 4344        sffp_sd - ok
11:20:25.0923 4344        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
11:20:25.0923 4344        sfloppy - ok
11:20:25.0969 4344        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:20:25.0985 4344        ShellHWDetection - ok
11:20:26.0001 4344        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
11:20:26.0001 4344        SiSRaid2 - ok
11:20:26.0032 4344        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
11:20:26.0032 4344        SiSRaid4 - ok
11:20:26.0047 4344        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:20:26.0047 4344        Smb - ok
11:20:26.0094 4344        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:20:26.0094 4344        SNMPTRAP - ok
11:20:26.0110 4344        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:20:26.0110 4344        spldr - ok
11:20:26.0157 4344        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:20:26.0188 4344        Spooler - ok
11:20:26.0359 4344        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:20:26.0453 4344        sppsvc - ok
11:20:26.0547 4344        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:20:26.0562 4344        sppuinotify - ok
11:20:26.0640 4344        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:20:26.0656 4344        srv - ok
11:20:26.0703 4344        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:20:26.0718 4344        srv2 - ok
11:20:26.0749 4344        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:20:26.0749 4344        srvnet - ok
11:20:26.0812 4344        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:20:26.0827 4344        SSDPSRV - ok
11:20:26.0843 4344        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:20:26.0843 4344        SstpSvc - ok
11:20:26.0921 4344        ssudmdm        (78cd64791f8634cf7b582fd085e57c4b) C:\Windows\system32\DRIVERS\ssudmdm.sys
11:20:26.0937 4344        ssudmdm - ok
11:20:26.0968 4344        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
11:20:26.0968 4344        stexstor - ok
11:20:27.0046 4344        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:20:27.0093 4344        stisvc - ok
11:20:27.0108 4344        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:20:27.0108 4344        swenum - ok
11:20:27.0171 4344        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:20:27.0202 4344        swprv - ok
11:20:27.0327 4344        SynTP          (b0c7d4dcf4800df2f2145b500d0161e8) C:\Windows\system32\DRIVERS\SynTP.sys
11:20:27.0389 4344        SynTP - ok
11:20:27.0592 4344        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:20:27.0670 4344        SysMain - ok
11:20:27.0826 4344        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:20:27.0826 4344        TabletInputService - ok
11:20:27.0873 4344        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:20:27.0888 4344        TapiSrv - ok
11:20:27.0904 4344        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:20:27.0919 4344        TBS - ok
11:20:28.0091 4344        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
11:20:28.0169 4344        Tcpip - ok
11:20:28.0403 4344        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
11:20:28.0419 4344        TCPIP6 - ok
11:20:28.0543 4344        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:20:28.0543 4344        tcpipreg - ok
11:20:28.0559 4344        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:20:28.0559 4344        TDPIPE - ok
11:20:28.0590 4344        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:20:28.0606 4344        TDTCP - ok
11:20:28.0637 4344        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:20:28.0637 4344        tdx - ok
11:20:28.0855 4344        TeamViewer7    (3e85bdd019e3db66d9471dad7fd6a887) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
11:20:28.0949 4344        TeamViewer7 - ok
11:20:29.0058 4344        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:20:29.0058 4344        TermDD - ok
11:20:29.0136 4344        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:20:29.0167 4344        TermService - ok
11:20:29.0199 4344        Themes          (9201be2bab8a9ff8e20d8439ae3bb04d) C:\Windows\system32\themeservice.dll
11:20:29.0245 4344        Themes - ok
11:20:29.0277 4344        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:20:29.0277 4344        THREADORDER - ok
11:20:29.0339 4344        totrsdiy        (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\totrsdiy.sys
11:20:29.0370 4344        totrsdiy - ok
11:20:29.0401 4344        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:20:29.0401 4344        TrkWks - ok
11:20:29.0464 4344        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:20:29.0479 4344        TrustedInstaller - ok
11:20:29.0495 4344        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:20:29.0511 4344        tssecsrv - ok
11:20:29.0542 4344        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:20:29.0542 4344        TsUsbFlt - ok
11:20:29.0557 4344        TsUsbGD        (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
11:20:29.0573 4344        TsUsbGD - ok
11:20:29.0604 4344        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:20:29.0604 4344        tunnel - ok
11:20:29.0620 4344        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
11:20:29.0635 4344        uagp35 - ok
11:20:29.0682 4344        UBHelper        (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
11:20:29.0682 4344        UBHelper - ok
11:20:29.0729 4344        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:20:29.0745 4344        udfs - ok
11:20:29.0776 4344        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:20:29.0776 4344        UI0Detect - ok
11:20:29.0791 4344        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:20:29.0791 4344        uliagpkx - ok
11:20:29.0823 4344        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:20:29.0823 4344        umbus - ok
11:20:29.0838 4344        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
11:20:29.0838 4344        UmPass - ok
11:20:29.0916 4344        UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) C:\Program Files\Unlocker\UnlockerDriver5.sys
11:20:29.0916 4344        UnlockerDriver5 - ok
11:20:30.0119 4344        UNS            (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
11:20:30.0213 4344        UNS - ok
11:20:30.0306 4344        Update-Service - ok
11:20:30.0353 4344        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:20:30.0384 4344        upnphost - ok
11:20:30.0431 4344        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:20:30.0431 4344        usbccgp - ok
11:20:30.0462 4344        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:20:30.0478 4344        usbcir - ok
11:20:30.0509 4344        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:20:30.0509 4344        usbehci - ok
11:20:30.0556 4344        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:20:30.0587 4344        usbhub - ok
11:20:30.0603 4344        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:20:30.0603 4344        usbohci - ok
11:20:30.0634 4344        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:20:30.0634 4344        usbprint - ok
11:20:30.0665 4344        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:20:30.0665 4344        usbscan - ok
11:20:30.0696 4344        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:20:30.0696 4344        USBSTOR - ok
11:20:30.0727 4344        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:20:30.0727 4344        usbuhci - ok
11:20:30.0759 4344        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
11:20:30.0759 4344        usbvideo - ok
11:20:30.0805 4344        usb_rndisx      (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
11:20:30.0805 4344        usb_rndisx - ok
11:20:30.0821 4344        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:20:30.0837 4344        UxSms - ok
11:20:30.0883 4344        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:20:30.0883 4344        VaultSvc - ok
11:20:30.0961 4344        VBoxDrv        (c30f3d43ceb6f79ade9b805387e5f63c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
11:20:30.0977 4344        VBoxDrv - ok
11:20:31.0008 4344        VBoxNetAdp      (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
11:20:31.0024 4344        VBoxNetAdp - ok
11:20:31.0039 4344        VBoxNetFlt      (7b657669c53a0e6583f07ebaa303d9ea) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
11:20:31.0039 4344        VBoxNetFlt - ok
11:20:31.0071 4344        VBoxUSBMon      (cf3ee68cd9723e9f21e3198a0f690400) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
11:20:31.0071 4344        VBoxUSBMon - ok
11:20:31.0086 4344        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:20:31.0086 4344        vdrvroot - ok
11:20:31.0149 4344        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:20:31.0180 4344        vds - ok
11:20:31.0211 4344        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:20:31.0211 4344        vga - ok
11:20:31.0242 4344        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:20:31.0242 4344        VgaSave - ok
11:20:31.0273 4344        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:20:31.0289 4344        vhdmp - ok
11:20:31.0305 4344        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:20:31.0305 4344        viaide - ok
11:20:31.0336 4344        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:20:31.0336 4344        volmgr - ok
11:20:31.0367 4344        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:20:31.0383 4344        volmgrx - ok
11:20:31.0398 4344        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:20:31.0414 4344        volsnap - ok
11:20:31.0445 4344        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
11:20:31.0461 4344        vsmraid - ok
11:20:31.0554 4344        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:20:31.0601 4344        VSS - ok
11:20:31.0710 4344        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:20:31.0710 4344        vwifibus - ok
11:20:31.0741 4344        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:20:31.0741 4344        vwififlt - ok
11:20:31.0788 4344        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
11:20:31.0788 4344        vwifimp - ok
11:20:31.0851 4344        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:20:31.0882 4344        W32Time - ok
11:20:31.0913 4344        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
11:20:31.0913 4344        WacomPen - ok
11:20:31.0929 4344        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:20:31.0944 4344        WANARP - ok
11:20:31.0960 4344        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:20:31.0960 4344        Wanarpv6 - ok
11:20:32.0053 4344        WatAdminSvc    (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:20:32.0116 4344        WatAdminSvc - ok
11:20:32.0209 4344        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:20:32.0272 4344        wbengine - ok
11:20:32.0365 4344        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:20:32.0381 4344        WbioSrvc - ok
11:20:32.0412 4344        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:20:32.0428 4344        wcncsvc - ok
11:20:32.0443 4344        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:20:32.0459 4344        WcsPlugInService - ok
11:20:32.0490 4344        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
11:20:32.0490 4344        Wd - ok
11:20:32.0537 4344        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:20:32.0568 4344        Wdf01000 - ok
11:20:32.0584 4344        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:20:32.0584 4344        WdiServiceHost - ok
11:20:32.0599 4344        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:20:32.0599 4344        WdiSystemHost - ok
11:20:32.0646 4344        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:20:32.0662 4344        WebClient - ok
11:20:32.0693 4344        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:20:32.0709 4344        Wecsvc - ok
11:20:32.0724 4344        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:20:32.0724 4344        wercplsupport - ok
11:20:32.0771 4344        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:20:32.0771 4344        WerSvc - ok
11:20:32.0849 4344        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:20:32.0849 4344        WfpLwf - ok
11:20:32.0865 4344        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:20:32.0865 4344        WIMMount - ok
11:20:32.0880 4344        WinHttpAutoProxySvc - ok
11:20:32.0943 4344        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:20:32.0958 4344        Winmgmt - ok
11:20:33.0083 4344        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:20:33.0130 4344        WinRM - ok
11:20:33.0255 4344        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:20:33.0270 4344        WinUsb - ok
11:20:33.0348 4344        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:20:33.0379 4344        Wlansvc - ok
11:20:33.0473 4344        wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:20:33.0473 4344        wlcrasvc - ok
11:20:33.0629 4344        wlidsvc        (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:20:33.0691 4344        wlidsvc - ok
11:20:33.0801 4344        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:20:33.0816 4344        WmiAcpi - ok
11:20:33.0879 4344        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:20:33.0894 4344        wmiApSrv - ok
11:20:33.0957 4344        WMPNetworkSvc - ok
11:20:33.0988 4344        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:20:33.0988 4344        WPCSvc - ok
11:20:34.0019 4344        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:20:34.0019 4344        WPDBusEnum - ok
11:20:34.0050 4344        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:20:34.0050 4344        ws2ifsl - ok
11:20:34.0050 4344        WSearch - ok
11:20:34.0191 4344        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:20:34.0269 4344        wuauserv - ok
11:20:34.0378 4344        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:20:34.0393 4344        WudfPf - ok
11:20:34.0425 4344        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:20:34.0440 4344        WUDFRd - ok
11:20:34.0487 4344        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:20:34.0503 4344        wudfsvc - ok
11:20:34.0534 4344        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:20:34.0549 4344        WwanSvc - ok
11:20:34.0659 4344        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:20:34.0830 4344        \Device\Harddisk0\DR0 - ok
11:20:35.0205 4344        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
11:20:35.0314 4344        \Device\Harddisk1\DR1 - ok
11:20:35.0329 4344        Boot (0x1200)  (ac5db4b66a4c509054b8a7ed6df0c99c) \Device\Harddisk0\DR0\Partition0
11:20:35.0329 4344        \Device\Harddisk0\DR0\Partition0 - ok
11:20:35.0361 4344        Boot (0x1200)  (64f51fccd4f72a0dd2e4450eb4fbc777) \Device\Harddisk0\DR0\Partition1
11:20:35.0361 4344        \Device\Harddisk0\DR0\Partition1 - ok
11:20:35.0361 4344        Boot (0x1200)  (d14a14fbc7a4ca1d38c81792d916a205) \Device\Harddisk1\DR1\Partition0
11:20:35.0376 4344        \Device\Harddisk1\DR1\Partition0 - ok
11:20:35.0376 4344        ============================================================
11:20:35.0376 4344        Scan finished
11:20:35.0376 4344        ============================================================
11:20:35.0376 4792        Detected object count: 0
11:20:35.0376 4792        Actual detected object count: 0
11:20:44.0300 2652        Deinitialize success
Liebe Grüße
Sandra

Larusso 09.06.2012 10:32
[code]
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Larusso 09.06.2012 10:33
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

poldikater 09.06.2012 11:30
Hi,
combofix hat keine Meldungen gebracht, dafür meinen Desktop zerschossen (schwarzer Bildschirm) - hab dann neu gestartet, dann ist alles was ich gestartet habe, eingefroren, jetzt läuft alles wieder normal (meine Security Progs sind noch alle deaktiviert)
combofix hat weder unter C:\ noch am Desktop eine logdatei angelegt.
LG

Larusso 09.06.2012 11:32
Gehe in den abgesicherten Modus (Link bitte unbedingt anklicken & lesen!) von windows
  • Starte den Rechner neu auf.
  • Sobald du den Rechner das erste mal piepen hörst, drücke die F8 Taste. ( Dies kann von System zu System variieren )
  • Windows wird dir ein Auswahlmenu geben anstatt sich normal zu starten.
  • Wähle hier Abgesicherter Modus und drücke Enter.



Starte bitte Combofix erneut

poldikater 09.06.2012 13:09
Hallo, leider noch immer keine log-Datei, die so heißt. Dafür kommt mir mein Rechner sehr schnell vor *g*
Combofix öffnet eine art bash-Fenster, da läuft dann ein scan durch, dann schließt sich das programm, ohne dass ich was bestätigen muss, und leider keine log-Datei.
Ich glaub ich steig wieder auf Linux um :D

Larusso 09.06.2012 14:17
Hy.

Sieh mal bitte unter C:\Qoobox nach, ob da eine Combofix.txt ist

poldikater 09.06.2012 14:49
Das Verzeichnis gibts leider nicht - ich hab auch schon das LW durchsucht nach der Datei...

Larusso 09.06.2012 14:58
Na dann müssen wir anders ran.
Scheint die neue Version zu sein.


Downloade dir bitte Farbar's Recovery Scan Tool x64 und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

poldikater 09.06.2012 15:25
Servus Daniel - hier der log:
Code:
Scan result of Farbar Recovery Scan Tool Version: 09-06-2012 01
Ran by SYSTEM at 09-06-2012 16:19:04
Running from H:\
Windows 7 Home Premium  Service Pack 1 (X64) OS Language: German Standard
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2010-12-29] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2010-12-29] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418328 2010-12-29] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-16] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11775592 2011-01-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4  [2186856 2011-01-09] (Realtek Semiconductor)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379552 2011-01-20] (Atheros Commnucations)
HKLM\...\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)
HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k [297280 2011-02-15] (NTI Corporation)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Spy Protector] C:\Program Files (x86)\Security Task Manager\SpyProtector.exe /autostart [140616 2010-11-09] (Neuber Software - www.neuber.com)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 80.237.176.196
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\SecuniaPSI\psi_tray.exe (Secunia)

==================== Services (Whitelisted) ======

2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-01-20] (Atheros Commnucations)
2 Dnscache; C:\Windows\System32\pouazns6k.dll [354304 2012-06-02] (Parental Solutions Inc.)
2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [352336 2011-03-14] (Dritek System Inc.)
2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [873064 2011-02-22] (Acer Incorporated)
2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [244624 2011-01-31] (Acer Incorporated)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)
2 Secunia PSI Agent; "C:\Program Files (x86)\SecuniaPSI\PSIA.exe" --start-service [994360 2011-10-13] (Secunia)
2 Secunia Update Agent; "C:\Program Files (x86)\SecuniaPSI\sua.exe" --start-service [399416 2011-10-13] (Secunia)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)
2 Update-Service; C:\Windows\SysWow64\UpdSvc.dll [114000 2011-12-06] (Joosoft.com GmbH)
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [36000 2011-01-20] (Atheros)
3 BTATH_A2DP; C:\Windows\System32\Drivers\BTATH_A2DP.sys [298144 2011-01-20] (Atheros)
3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [28832 2011-01-20] (Atheros)
3 BTATH_HCRP; C:\Windows\System32\Drivers\BTATH_HCRP.sys [201376 2011-01-20] (Atheros)
3 BTATH_LWFLT; C:\Windows\System32\Drivers\BTATH_LWFLT.sys [55456 2011-01-20] (Atheros)
3 BTATH_RCP; C:\Windows\System32\Drivers\BTATH_RCP.sys [154272 2011-01-20] (Atheros)
3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [279200 2011-01-20] (Atheros)
3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2011-03-09] (NTI Corporation)
3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [17408 2011-03-09] (NTI Corporation)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-09 16:19 - 2012-06-09 16:19 - 00000000 ____D C:\FRST
2012-06-09 06:13 - 2012-06-09 06:14 - 01399435 ____A C:\Users\sandra\Downloads\FRST64.exe
2012-06-09 05:55 - 2012-06-09 06:07 - 673229715 ____A C:\Users\sandra\Downloads\Secrets of the Dark 2 Eclipse Mountain CE.rar
2012-06-09 03:54 - 2012-06-09 04:00 - 00269820 ____A C:\Windows\ntbtlog.txt
2012-06-09 02:15 - 2012-06-09 03:56 - 00000000 ___SD C:\32788R22FWJFW
2012-06-09 02:07 - 2012-06-09 02:07 - 04538510 ____R (Swearware) C:\Users\sandra\Desktop\ComboFix.exe
2012-06-09 01:20 - 2012-06-09 01:20 - 00133168 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_11.20.02_log.txt
2012-06-09 01:18 - 2012-06-09 01:18 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\sandra\Desktop\tdsskiller.exe
2012-06-08 08:53 - 2012-06-08 08:53 - 00002006 ____A C:\Users\sandra\Desktop\Rite of Passage - The Perfect Show Collector's Edition.lnk
2012-06-08 07:38 - 2012-06-08 07:38 - 00034934 ____A C:\Users\sandra\Downloads\OTL.zip
2012-06-08 07:35 - 2012-06-08 07:35 - 00114350 ____A C:\Users\sandra\Downloads\Extras.Txt
2012-06-08 07:34 - 2012-06-08 07:34 - 00098090 ____A C:\Users\sandra\Downloads\OTL.Txt
2012-06-08 07:30 - 2012-06-08 07:30 - 00595456 ____A (OldTimer Tools) C:\Users\sandra\Downloads\OTL.exe
2012-06-08 07:26 - 2012-06-08 07:26 - 00000474 ____A C:\Users\sandra\Downloads\defogger_disable.log
2012-06-08 07:26 - 2012-06-08 07:26 - 00000000 ____A C:\Users\sandra\defogger_reenable
2012-06-08 07:25 - 2012-06-08 07:25 - 00050477 ____A C:\Users\sandra\Downloads\Defogger.exe
2012-06-07 11:15 - 2012-06-09 02:10 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2012-06-07 11:15 - 2012-06-08 07:44 - 00000000 ____D C:\Users\sandra\Documents\Anti-Malware
2012-06-07 09:43 - 2012-06-07 09:45 - 00000000 ____D C:\Users\sandra\AppData\Roaming\ImgBurn
2012-06-07 09:32 - 2012-06-07 09:32 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2012-06-07 09:30 - 2012-06-07 09:30 - 00000000 ____D C:\Users\sandra\AppData\Roaming\Malwarebytes
2012-06-07 09:29 - 2012-06-07 09:29 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-07 09:06 - 2012-06-07 09:06 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-07 08:37 - 2012-06-07 08:40 - 00000000 ____D C:\Users\sandra\AppData\Local\ElevatedDiagnostics
2012-06-07 08:25 - 2012-06-07 08:25 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-07 08:25 - 2012-06-07 08:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-05 08:34 - 2012-06-08 10:01 - 00000000 ____D C:\Users\sandra\AppData\Roaming\TOMI3
2012-06-05 08:33 - 2012-06-05 08:33 - 00000000 ____D C:\Users\sandra\AppData\Roaming\Persha Studia
2012-06-05 08:32 - 2012-06-05 08:32 - 00000000 ____D C:\Users\All Users\Dying for Daylight
2012-06-05 02:43 - 2012-06-05 02:43 - 00001039 ____A C:\Users\sandra\Desktop\TeslasTower_TheWardenclyffeMystery.exe - Verknüpfung.lnk
2012-06-03 01:46 - 2012-06-03 01:46 - 00000000 ____D C:\Windows\SysWOW64\1049
2012-06-02 06:08 - 2012-06-02 06:08 - 00354304 ____A (Parental Solutions Inc.) C:\Windows\System32\pouazns6k.dll
2012-05-25 10:33 - 2012-05-25 10:33 - 00000000 ____A C:\Users\sandra\AppData\Roaming\BrgNm.txt
2012-05-19 02:12 - 2012-05-22 12:23 - 00000000 ____D C:\Users\sandra\Desktop\tmp
2012-05-17 05:22 - 2012-05-17 05:22 - 00114904 ____A C:\Users\sandra\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-17 05:21 - 2012-06-09 04:01 - 00003454 ____A C:\Windows\setupact.log
2012-05-17 05:21 - 2012-06-09 03:54 - 00035716 ____A C:\Windows\PFRO.log
2012-05-17 05:21 - 2012-05-17 05:21 - 00461552 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-17 05:21 - 2012-05-17 05:21 - 00000000 ____A C:\Windows\setuperr.log
2012-05-15 08:41 - 2012-05-15 08:41 - 00000000 ____D C:\Windows\SysWOW64\1093
2012-05-11 17:01 - 2012-05-11 17:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-11 17:01 - 2012-05-11 17:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

============ 3 Months Modified Files and Folders =============

2012-06-09 16:19 - 2012-06-09 16:19 - 00000000 ____D C:\FRST
2012-06-09 06:15 - 2011-07-08 00:57 - 01486038 ____A C:\Windows\WindowsUpdate.log
2012-06-09 06:14 - 2012-06-09 06:13 - 01399435 ____A C:\Users\sandra\Downloads\FRST64.exe
2012-06-09 06:12 - 2011-07-08 10:48 - 00702508 ____A C:\Windows\System32\perfh007.dat
2012-06-09 06:12 - 2011-07-08 10:48 - 00150172 ____A C:\Windows\System32\perfc007.dat
2012-06-09 06:12 - 2009-07-13 21:13 - 01627732 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-09 06:10 - 2011-12-06 09:32 - 00000000 ____D C:\Users\sandra\AppData\Roaming\BitTorrent
2012-06-09 06:07 - 2012-06-09 05:55 - 673229715 ____A C:\Users\sandra\Downloads\Secrets of the Dark 2 Eclipse Mountain CE.rar
2012-06-09 05:42 - 2012-03-30 05:59 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-09 04:08 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-09 04:08 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-09 04:01 - 2012-05-17 05:21 - 00003454 ____A C:\Windows\setupact.log
2012-06-09 04:01 - 2011-12-06 05:22 - 00000000 ____D C:\Users\All Users\clear.fi
2012-06-09 04:01 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-09 04:00 - 2012-06-09 03:54 - 00269820 ____A C:\Windows\ntbtlog.txt
2012-06-09 03:56 - 2012-06-09 02:15 - 00000000 ___SD C:\32788R22FWJFW
2012-06-09 03:54 - 2012-05-17 05:21 - 00035716 ____A C:\Windows\PFRO.log
2012-06-09 02:20 - 2012-03-21 22:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-09 02:20 - 2009-07-13 21:08 - 00020246 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-09 02:12 - 2011-12-06 05:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-09 02:10 - 2012-06-07 11:15 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2012-06-09 02:09 - 2011-12-06 09:57 - 00000000 ____D C:\Program Files (x86)\SecuniaPSI
2012-06-09 02:07 - 2012-06-09 02:07 - 04538510 ____R (Swearware) C:\Users\sandra\Desktop\ComboFix.exe
2012-06-09 01:20 - 2012-06-09 01:20 - 00133168 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_11.20.02_log.txt
2012-06-09 01:18 - 2012-06-09 01:18 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\sandra\Desktop\tdsskiller.exe
2012-06-08 10:01 - 2012-06-05 08:34 - 00000000 ____D C:\Users\sandra\AppData\Roaming\TOMI3
2012-06-08 08:53 - 2012-06-08 08:53 - 00002006 ____A C:\Users\sandra\Desktop\Rite of Passage - The Perfect Show Collector's Edition.lnk
2012-06-08 08:51 - 2011-12-06 13:38 - 00000000 ____D C:\Spiele
2012-06-08 07:44 - 2012-06-07 11:15 - 00000000 ____D C:\Users\sandra\Documents\Anti-Malware
2012-06-08 07:38 - 2012-06-08 07:38 - 00034934 ____A C:\Users\sandra\Downloads\OTL.zip
2012-06-08 07:35 - 2012-06-08 07:35 - 00114350 ____A C:\Users\sandra\Downloads\Extras.Txt
2012-06-08 07:34 - 2012-06-08 07:34 - 00098090 ____A C:\Users\sandra\Downloads\OTL.Txt
2012-06-08 07:30 - 2012-06-08 07:30 - 00595456 ____A (OldTimer Tools) C:\Users\sandra\Downloads\OTL.exe
2012-06-08 07:26 - 2012-06-08 07:26 - 00000474 ____A C:\Users\sandra\Downloads\defogger_disable.log
2012-06-08 07:26 - 2012-06-08 07:26 - 00000000 ____A C:\Users\sandra\defogger_reenable
2012-06-08 07:26 - 2011-12-06 09:24 - 00000000 ____D C:\users\sandra
2012-06-08 07:25 - 2012-06-08 07:25 - 00050477 ____A C:\Users\sandra\Downloads\Defogger.exe
2012-06-07 21:28 - 2012-02-24 09:20 - 00000000 ____D C:\Users\sandra\AppData\Roaming\E0168
2012-06-07 11:21 - 2011-12-07 16:22 - 02125824 ____A C:\Users\sandra\s-1-5-21-3302248352-1844511566-3404724950-1000.rrr
2012-06-07 10:24 - 2011-05-09 00:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-07 10:15 - 2012-04-15 09:27 - 00000000 ____D C:\Users\All Users\Deadtime Stories
2012-06-07 10:08 - 2011-07-08 01:09 - 00000035 ____A C:\Users\Public\Documents\AtherosServiceConfig.ini
2012-06-07 09:45 - 2012-06-07 09:43 - 00000000 ____D C:\Users\sandra\AppData\Roaming\ImgBurn
2012-06-07 09:32 - 2012-06-07 09:32 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2012-06-07 09:30 - 2012-06-07 09:30 - 00000000 ____D C:\Users\sandra\AppData\Roaming\Malwarebytes
2012-06-07 09:29 - 2012-06-07 09:29 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-07 09:06 - 2012-06-07 09:06 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-07 08:40 - 2012-06-07 08:37 - 00000000 ____D C:\Users\sandra\AppData\Local\ElevatedDiagnostics
2012-06-07 08:25 - 2012-06-07 08:25 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-07 08:25 - 2012-06-07 08:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-07 08:25 - 2011-12-06 11:00 - 01650254 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-07 08:25 - 2011-12-06 11:00 - 00001912 ____A C:\Windows\epplauncher.mif
2012-06-07 08:16 - 2012-03-23 08:09 - 00000000 ____D C:\Users\sandra\AppData\Roaming\QuickScan
2012-06-07 08:14 - 2012-04-28 00:18 - 00000000 ____D C:\Program Files (x86)\MyTomTom 3
2012-06-07 08:04 - 2011-12-07 14:26 - 00000000 ____D C:\Users\All Users\SecTaskMan
2012-06-07 06:22 - 2011-12-06 09:24 - 00000000 ____D C:\Users\sandra\AppData\Local\VirtualStore
2012-06-05 08:33 - 2012-06-05 08:33 - 00000000 ____D C:\Users\sandra\AppData\Roaming\Persha Studia
2012-06-05 08:32 - 2012-06-05 08:32 - 00000000 ____D C:\Users\All Users\Dying for Daylight
2012-06-05 02:43 - 2012-06-05 02:43 - 00001039 ____A C:\Users\sandra\Desktop\TeslasTower_TheWardenclyffeMystery.exe - Verknüpfung.lnk
2012-06-03 01:46 - 2012-06-03 01:46 - 00000000 ____D C:\Windows\SysWOW64\1049
2012-06-02 06:08 - 2012-06-02 06:08 - 00354304 ____A (Parental Solutions Inc.) C:\Windows\System32\pouazns6k.dll
2012-05-31 11:38 - 2011-12-06 13:28 - 00000000 ____D C:\Users\sandra\Documents\daten
2012-05-27 11:02 - 2011-12-19 13:52 - 00000000 ____D C:\Users\sandra\AppData\Local\CrashDumps
2012-05-25 10:33 - 2012-05-25 10:33 - 00000000 ____A C:\Users\sandra\AppData\Roaming\BrgNm.txt
2012-05-22 12:52 - 2011-12-07 16:18 - 00000000 ____D C:\Users\sandra\AppData\Roaming\vlc
2012-05-22 12:23 - 2012-05-19 02:12 - 00000000 ____D C:\Users\sandra\Desktop\tmp
2012-05-22 12:22 - 2011-12-09 13:25 - 00000000 ____D C:\Users\sandra\AppData\Roaming\Audacity
2012-05-21 11:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-05-17 05:22 - 2012-05-17 05:22 - 00114904 ____A C:\Users\sandra\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-17 05:21 - 2012-05-17 05:21 - 00461552 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-17 05:21 - 2012-05-17 05:21 - 00000000 ____A C:\Windows\setuperr.log
2012-05-17 05:13 - 2011-12-07 16:22 - 00000000 ____D C:\Users\sandra\AppData\Roaming\Registry Mechanic
2012-05-17 05:13 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2012-05-17 05:06 - 2011-12-06 09:33 - 00000000 ____D C:\Program Files (x86)\BitTorrent
2012-05-15 08:41 - 2012-05-15 08:41 - 00000000 ____D C:\Windows\SysWOW64\1093
2012-05-11 17:01 - 2012-05-11 17:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-11 17:01 - 2012-05-11 17:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-11 06:15 - 2012-03-30 05:59 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-11 06:15 - 2011-12-07 14:39 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-10 17:13 - 2011-12-06 10:07 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-10 17:13 - 2011-12-06 09:12 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-10 17:00 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-10 09:55 - 2012-01-08 11:27 - 00000000 ____D C:\Users\All Users\Elephant Games
2012-05-06 11:05 - 2012-05-06 11:05 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-05-06 11:05 - 2012-05-06 11:05 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-05-06 11:05 - 2012-05-06 11:05 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-05-06 11:05 - 2012-05-06 11:05 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-05-06 11:05 - 2012-05-06 11:05 - 00000000 ____D C:\Program Files (x86)\OpenAL
2012-05-06 03:26 - 2012-05-06 03:26 - 00167936 ____A (www.ipauly.com) C:\Program Files (x86)\BOOTICE_0.9.EXE
2012-05-05 02:50 - 2011-12-06 06:26 - 00000000 ____D C:\Users\sandra\Documents\Bluetooth Folder
2012-05-05 02:41 - 2011-12-06 09:54 - 00000000 ____D C:\Program Files (x86)\Picasa3
2012-05-05 02:40 - 2011-12-06 09:55 - 00000000 ____D C:\Users\sandra\AppData\Local\Google
2012-05-04 12:13 - 2012-02-25 13:29 - 00000000 ____D C:\Program Files\CCleaner
2012-04-30 09:20 - 2012-04-30 09:20 - 00000000 ____D C:\Users\All Users\DailyMagic
2012-04-28 00:18 - 2012-04-28 00:18 - 00000000 ____D C:\Users\sandra\AppData\Local\TomTom
2012-04-28 00:18 - 2012-04-28 00:18 - 00000000 ____D C:\Program Files (x86)\TomTom International B.V
2012-04-24 22:31 - 2012-04-24 22:31 - 00000000 ____D C:\Windows\SysWOW64\1009
2012-04-22 08:21 - 2012-04-22 08:21 - 00000000 ____D C:\Users\All Users\Meridian93
2012-04-21 06:42 - 2012-02-04 04:47 - 00000000 ____D C:\Users\sandra\AppData\Roaming\Mp3tag
2012-04-21 06:38 - 2011-12-06 09:54 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2012-04-18 10:12 - 2012-04-18 10:12 - 00000000 ____D C:\Windows\SysWOW64\1044
2012-04-15 10:54 - 2012-04-15 10:04 - 00000000 ____D C:\Users\sandra\AppData\Local\Deadtime Stories
2012-04-15 09:27 - 2012-02-13 07:18 - 00001892 ____A C:\Windows\wininit.ini
2012-04-06 05:55 - 2012-04-06 05:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2012-04-04 10:12 - 2012-04-04 09:05 - 00000000 ____D C:\Users\sandra\.gimp-2.6
2012-04-04 09:36 - 2012-04-04 09:09 - 00000000 ____D C:\Users\sandra\AppData\Roaming\gtk-2.0
2012-04-04 09:21 - 2012-04-04 09:21 - 00000000 ____D C:\Users\sandra\.thumbnails
2012-04-04 09:05 - 2012-04-04 09:05 - 00000000 ____D C:\Users\sandra\Documents\gegl-0.0
2012-04-03 10:57 - 2012-04-03 10:53 - 00000000 ____D C:\Program Files (x86)\phase5
2012-03-31 03:10 - 2012-03-31 03:10 - 00000000 ____D C:\Program Files (x86)\Visual CertExam Suite
2012-03-31 03:05 - 2012-03-31 03:04 - 00000000 ____D C:\Users\All Users\Visual CertExam Suite
2012-03-30 22:05 - 2012-05-09 20:21 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-09 20:21 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-09 20:21 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-09 20:21 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 05:41 - 2012-03-30 05:41 - 00000000 ____D C:\Program Files (x86)\Mighty Uninstaller
2012-03-30 03:35 - 2012-05-09 20:21 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 05:39 - 2012-03-29 05:39 - 00000237 ____A C:\user.js
2012-03-29 05:39 - 2012-03-29 05:39 - 00000000 ____D C:\Users\sandra\AppData\Roaming\Media Finder
2012-03-29 05:39 - 2012-03-29 05:39 - 00000000 ____D C:\Users\sandra\AppData\Local\Babylon
2012-03-29 05:39 - 2012-03-29 05:39 - 00000000 ____D C:\Users\All Users\Babylon
2012-03-23 08:24 - 2012-03-23 08:24 - 00860667 ____A C:\Users\sandra\AppData\Local\census.cache
2012-03-23 08:23 - 2012-03-23 08:23 - 00097634 ____A C:\Users\sandra\AppData\Local\ars.cache
2012-03-22 11:12 - 2012-03-22 11:12 - 04435968 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2012-03-21 22:47 - 2012-03-21 22:47 - 00000000 ____D C:\Users\All Users\Mozilla
2012-03-20 10:44 - 2012-03-20 10:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 10:44 - 2012-03-20 10:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-18 12:06 - 2012-03-18 12:03 - 00000000 ____D C:\Users\All Users\Floodlight Games
2012-03-16 23:58 - 2012-05-09 20:21 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-16 11:48 - 2012-03-16 11:48 - 00000000 ____D C:\Windows\SysWOW64\2097
2012-03-15 13:36 - 2012-03-15 13:36 - 00000000 ____A C:\Users\sandra\AppData\Roaming\OhgVE.txt
2012-03-15 13:36 - 2012-03-15 13:36 - 00000000 ____A C:\Users\sandra\AppData\Roaming\NbarN.txt
2012-03-12 00:40 - 2012-03-11 10:20 - 00000000 ____D C:\Program Files (x86)\FinanzmanagerV8

ZeroAccess:
C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}
C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\@
C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\L
C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\U
C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\L\00000004.@
C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\L\00000008.@
C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\U\00000004.@
C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\U\00000008.@
C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\U\000000cb.@
C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\U\80000000.@
C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\U\80000032.@
C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\U\80000064.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2011-12-06 09:59] - [2011-12-06 11:28] - 2871808 ____A (Microsoft Corporation) 5ABE1764163E19A6F83A5574B7184231

C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 3946.73 MB
Available physical RAM: 3245.82 MB
Total Pagefile: 3944.93 MB
Available Pagefile: 3230.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Notebook_SP) (Fixed) (Total:450.66 GB) (Free:365.99 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:1.04 GB) NTFS
4 Drive g: (HDD_ext) (Fixed) (Total:232.88 GB) (Free:26.99 GB) NTFS
5 Drive h: () (Removable) (Total:0.96 GB) (Free:0.95 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  Datentr„ger ###  Status        Gr”áe    Frei    Dyn  GPT
  ---------------  -------------  -------  -------  ---  ---
  Datentr„ger 0    Online          465 GB      0 B       
  Datentr„ger 1    Online          232 GB  1024 KB       
  Datentr„ger 2    Online          981 MB      0 B       

Partitions of Disk 0:
===============

  Partition ###  Typ              Gr”áe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Wiederherstellun    15 GB  1024 KB
  Partition 2    Prim„r            100 MB    15 GB
  Partition 3    Prim„r            450 GB    15 GB

======================================================================================================

Disk: 0
Partition 1
Typ      : 27
Versteckt: Ja
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS    Typ        Gr”áe    Status    Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3    E  PQSERVICE    NTFS  Partition    15 GB  Fehlerfre  Versteck

======================================================================================================

Disk: 0
Partition 2
Typ      : 07
Versteckt: Nein
Aktiv    : Ja

  Volume ###  Bst  Bezeichnung  DS    Typ        Gr”áe    Status    Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1    Y  SYSTEM RESE  NTFS  Partition    100 MB  Fehlerfre         

======================================================================================================

Disk: 0
Partition 3
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS    Typ        Gr”áe    Status    Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2    C  Notebook_SP  NTFS  Partition    450 GB  Fehlerfre         

======================================================================================================

Partitions of Disk 1:
===============

  Partition ###  Typ              Gr”áe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r            232 GB    31 KB

======================================================================================================

Disk: 1
Partition 1
Typ      : 07
Versteckt: Nein
Aktiv    : Ja

  Volume ###  Bst  Bezeichnung  DS    Typ        Gr”áe    Status    Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4    G  HDD_ext      NTFS  Partition    232 GB  Fehlerfre         

======================================================================================================

Partitions of Disk 2:
===============

  Partition ###  Typ              Gr”áe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r            980 MB    31 KB

======================================================================================================

Disk: 2
Partition 1
Typ      : 0C
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS    Typ        Gr”áe    Status    Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5    H                FAT32  Wechselmed  980 MB  Fehlerfre         

======================================================================================================

==========================================================

Last Boot: 2012-06-07 22:40

======================= End Of Log ==========================
Da steht irgendwas mit "ZeroAccess" - kann es das sein?

Larusso 09.06.2012 16:51
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.



Starte bitte Combofix sofort nach dem Neustart erneut und poste die Logfile hier.

poldikater 09.06.2012 17:29
es hat funktioniert - combofix hat ein update gemacht und dann ging's!

fixlog.txt:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-06-2012 01
Ran by SYSTEM at 2012-06-09 18:04:24 Run:1
Running from H:\

==============================================

C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67} moved successfully.

==== End of Fixlog ====
combofix.txt:
Code:
ComboFix 12-06-09.01 - sandra 09.06.2012  18:10:21.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.43.1031.18.3947.2262 [GMT 2:00]
ausgeführt von:: c:\users\sandra\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\SysWow64\C_0037.NLS
c:\windows\SysWow64\muzapp.exe
.
Infizierte Kopie von c:\windows\explorer.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-09 bis 2012-06-09  ))))))))))))))))))))))))))))))
.
.
2012-06-10 00:19 . 2012-06-10 00:19        --------        d-----w-        C:\FRST
2012-06-09 16:16 . 2012-06-09 16:16        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-06-08 15:44 . 2012-05-08 08:02        8955792        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F430A3C9-5BD8-4ED8-A707-59289F17293B}\mpengine.dll
2012-06-07 19:15 . 2012-06-09 10:10        --------        d-----w-        c:\program files (x86)\Emsisoft Anti-Malware
2012-06-07 17:43 . 2012-06-07 17:45        --------        d-----w-        c:\users\sandra\AppData\Roaming\ImgBurn
2012-06-07 17:32 . 2012-06-07 17:32        --------        d-----w-        c:\program files (x86)\ImgBurn
2012-06-07 17:30 . 2012-06-07 17:30        --------        d-----w-        c:\users\sandra\AppData\Roaming\Malwarebytes
2012-06-07 17:29 . 2012-06-07 17:29        --------        d-----w-        c:\programdata\Malwarebytes
2012-06-07 17:06 . 2012-06-07 17:06        --------        d-----w-        C:\TDSSKiller_Quarantine
2012-06-07 16:37 . 2012-06-07 16:40        --------        d-----w-        c:\users\sandra\AppData\Local\ElevatedDiagnostics
2012-06-07 16:27 . 2012-06-07 16:27        927800        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB015A82-0430-4127-AD9D-9E18BDCA62D2}\gapaengine.dll
2012-06-07 16:27 . 2012-05-08 08:02        8955792        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-07 16:25 . 2012-06-07 16:25        --------        d-----w-        c:\program files (x86)\Microsoft Security Client
2012-06-07 16:25 . 2012-06-07 16:25        --------        d-----w-        c:\program files\Microsoft Security Client
2012-06-05 16:34 . 2012-06-08 18:01        --------        d-----w-        c:\users\sandra\AppData\Roaming\TOMI3
2012-06-05 16:33 . 2012-06-05 16:33        --------        d-----w-        c:\users\sandra\AppData\Roaming\Persha Studia
2012-06-05 16:32 . 2012-06-05 16:32        --------        d-----w-        c:\programdata\Dying for Daylight
2012-06-03 09:46 . 2012-06-03 09:46        --------        d-----w-        c:\windows\SysWow64\1049
2012-06-02 14:08 . 2012-06-02 14:08        354304        ----a-w-        c:\windows\system32\pouazns6k.dll
2012-05-15 16:41 . 2012-05-15 16:41        --------        d-----w-        c:\windows\SysWow64\1093
2012-05-12 01:01 . 2012-05-12 01:01        --------        d-----w-        c:\program files\Microsoft Silverlight
2012-05-12 01:01 . 2012-05-12 01:01        --------        d-----w-        c:\program files (x86)\Microsoft Silverlight
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-11 14:15 . 2012-03-30 13:59        419488        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-11 14:15 . 2011-12-07 22:39        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 19:05 . 2012-05-06 19:05        466456        ----a-w-        c:\windows\system32\wrap_oal.dll
2012-05-06 19:05 . 2012-05-06 19:05        444952        ----a-w-        c:\windows\SysWow64\wrap_oal.dll
2012-05-06 19:05 . 2012-05-06 19:05        122904        ----a-w-        c:\windows\system32\OpenAL32.dll
2012-05-06 19:05 . 2012-05-06 19:05        109080        ----a-w-        c:\windows\SysWow64\OpenAL32.dll
2012-05-06 11:26 . 2012-05-06 11:26        167936        ----a-w-        c:\program files (x86)\BOOTICE_0.9.EXE
2012-03-31 06:05 . 2012-05-10 04:21        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-10 04:21        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-10 04:21        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-10 04:21        3146240        ----a-w-        c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-10 04:21        1918320        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-03-22 19:12 . 2012-03-22 19:12        4435968        ----a-w-        c:\windows\SysWow64\GPhotos.scr
2012-03-20 18:44 . 2012-03-20 18:44        98688        ----a-w-        c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 18:44 . 2012-03-20 18:44        203888        ----a-w-        c:\windows\system32\drivers\MpFilter.sys
2012-03-17 07:58 . 2012-05-10 04:21        75120        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-03-15 21:36 . 2012-03-15 21:41        1169224        ----a-w-        c:\users\sandra\AppData\Roaming\Microsoft\6CEE\995u.exe
2012-03-15 21:36 . 2012-02-24 17:20        1169224        ----a-w-        c:\users\sandra\AppData\Roaming\Microsoft\6CEE\995.exe
2011-12-04 16:41 . 2011-12-06 18:03        658944        ----a-w-        c:\program files (x86)\Win7BootUpdater.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[-] 2009-07-14 . 50BEA589F7D7958BDD2528A8F69D05CC . 329216 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-02-15 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Spy Protector"="c:\program files (x86)\Security Task Manager\SpyProtector.exe" [2010-11-10 140616]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-2-26 98504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\SecuniaPSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 253600]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-09 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-20 76448]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-02-22 873064]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-02-15 257344]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\SecuniaPSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\SecuniaPSI\sua.exe [2011-10-14 399416]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S2 Update-Service;Update-Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service        REG_MULTI_SZ          Update-Service-Installer-Service
Update-Service        REG_MULTI_SZ          Update-Service
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 13:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}]
2011-12-07 16:28        414720        ----a-w-        c:\users\sandra\AppData\Roaming\Media Finder\Extensions\IEPlugin64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-30 418328]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-12 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-10 2186856]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-20 379552]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-22 1796200]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:52444
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
LSP: mswsock.dll
Trusted Zone: secunia.com
TCP: DhcpNameServer = 80.237.176.196
FF - ProfilePath - c:\users\sandra\AppData\Roaming\Mozilla\Firefox\Profiles\4krip5g8.default\
FF - prefs.js: browser.search.selectedEngine - hxxp://www.google.com/search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.id - e016886c000000000000deaf78303f35
FF - user.js: extensions.BabylonToolbar_i.hardId - e016886c000000000000deaf78303f35
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15428
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:39
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111015
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Witches' Legacy - The Charleston Curse CE V21.0 - c:\spiele\Witches Legacy - The Charleston Curse CE\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-09  18:22:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-09 16:22
.
Vor Suchlauf: 13 Verzeichnis(se), 392.722.391.040 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 392.340.054.016 Bytes frei
.
- - End Of File - - 5027AA4CB2AB7CFEF8374227E60107E9
Firewall geht wieder und Security Essentials auch!

Larusso 09.06.2012 17:40
Sieht schon mal ganz gut aus :)


Bevor wir uns an die Reste machen, brauche ich noch ein paar Details



Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Durchsuchen
  • Kopiere nun folgendes in die Suchleiste.
    Code:
    C:\Windows\System32\pouazns6k.dll
  • und klicke auf Öffnen.
  • Klicke auf Send File.
Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen.
Zitat:
File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
klicke auf Reanalyse.
Warte bis unter Current status: Finished steht.

Kopiere den Link aus deiner Adresszeile und poste ihn hier.

Wiederhole diese Schritte bitte mit folgender Datei:
c:\users\sandra\AppData\Roaming\Microsoft\6CEE\995u.exe



Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1
  • Doppelklick auf die SystemLook.exe, um das Tool zu starten.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    :folderfind
    {ce099c72-c4e1-bfe6-1767-79315802bb67}
    :regfind
    {ce099c72-c4e1-bfe6-1767-79315802bb67}
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:45 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131