Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist? (https://www.trojaner-board.de/118413-gvu-bka-trojaner-weiss-wirklich-weg.html)

dobaliner 03.07.2012 14:46
GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist?
 
Hallo liebe Leute,

nun hatte ich also gestern abend aus heiteren Himmel dann auch diesen Ukash/BKA/GVU-Trojaner (das Bild das ich auf dem Bildschrim hatte sah im Prinzip so aus wie das was im Internet als Version 2.04 bezeichnet wird, zusätlich durfte ich jedoch noch meine eigenes Konterfei, aufgenommen mittels der integrierten Webcam, in der oberen rechten Ecke bewundern). Ein aktives und täglich aktualisiertes Avira Premium Suite hat da anscheinend nichts geholfen.

Soweit ich das beurteilen kann hat der Trojaner zum Glück nichts verschlüsselt und lies sich durch starten im abgesichterten Modus und anschliessende Deaktivierung eines entsprechend merkwürdigen Autostarteintrags und anschliessendes normales booten auch relativ einfach "deaktivieren".

Ich habe dann noch die entsprechende .exe Datei gelöscht und ebenso diejenigen Einträge in der Registry die auf diese .exe-Datei (ich glaube 0_0u_l.exe o.ä., ich weiß es leider nicht mehr so genau...) verwiesen haben.

Zurzeit habe ich also wieder volle Kontrolle über das System und ein Vollscan mittels Avira (aus dem normalen Betriebssystem heraus) sowie ein Vollscan mittels Kaspersky-Rescue-Disk brachten keine Befunde.

Malwarebeytes Anti-Malware hatte direkt nach dem "per Hand löschen" des Trojaners (wie oben beschrieben) folgendes gefunden:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.02.05

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
xxx xxxx :: xxx-PC [Administrator]

Schutz: Aktiviert

03.07.2012 00:34:19
mbam-log-2012-07-03 (00-34-19).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 343433
Laufzeit: 59 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\xxx xxxx\Downloads\Programs\Codec-C.exe (Affiliate.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\xxx xxxx\Downloads\Programs\Codec-C_2.exe (Affiliate.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)



_______________________________

Heute habe ich Malwarebytes dann nochmal vollständig prüfen lassen:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.03.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
xxx xxxx :: xxx-PC [Administrator]

Schutz: Deaktiviert

03.07.2012 10:33:26
mbam-log-2012-07-03 (10-33-26).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 335187
Laufzeit: 49 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

_________________________________________



Nach allem was ich bisher so gelesen habe, reicht das aber wohl nicht aus um wirklich sicher zu sein, dass mein System wieder sauber ist.
Ich werde nun heute abend erst einmal in ruhe alles wichtige sichern (das wichtigste habe ich zum Glück schon gesichert) und wäre dann sehr dankbar wenn mir hier ein Experte sagen könnte wie ich sicherstellen kann, dass mein System wieder sauber ist, bzw. wie ich es sauber bekomme (ausser durch Neuinstallation).

Vielen Dank für eure Mühe,

dobaliner

dobaliner 03.07.2012 18:58
Hier gleich noch die Log-files von OTL.EXE...

cosinus 09.07.2012 09:02
Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
Poste nun den Inhalt der log.txt.

dobaliner 14.07.2012 07:40
Vielen Dank erstmal und entschuldige, dass das jetzt so lange gedauert hat. ESET hat tatsächlich wieder was gefunden (hatte es zweimal laufen lassen weil ich es beim ersten durchlauf aus versehen abgenrochen hatte). Hier das log.txt:

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e6d3cd814509cf4eb837b346d736ecaf
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-13 09:10:28
# local_time=2012-07-13 11:10:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 15382975 15382975 0 0
# compatibility_mode=5893 16776574 100 94 17269 93840718 0 0
# compatibility_mode=8192 67108863 100 0 438 438 0 0
# scanned=64405
# found=1
# cleaned=0
# scan_time=2980
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\6f97464d-6ba3062d Java/Exploit.CVE-2012-0507.CU trojan (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e6d3cd814509cf4eb837b346d736ecaf
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-13 10:11:28
# local_time=2012-07-14 12:11:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 15386080 15386080 0 0
# compatibility_mode=5893 16776574 100 94 20374 93843823 0 0
# compatibility_mode=8192 67108863 100 0 3543 3543 0 0
# scanned=153987
# found=1
# cleaned=0
# scan_time=3536
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\6f97464d-6ba3062d Java/Exploit.CVE-2012-0507.CU trojan (unable to clean) 00000000000000000000000000000000

cosinus 14.07.2012 14:39
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

dobaliner 14.07.2012 16:37
Hier das Ergebnis:

# AdwCleaner v1.702 - Logfile created 07/14/2012 at 17:31:19
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : xxxx xxxxx - xxxxxxxxx-PC
# Running from : C:\Users\xxxx xxxxx\Desktop\adwcleaner0.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\xxxx xxxxx\AppData\Local\Conduit
Folder Found : C:\Users\xxxxxx~1\AppData\Local\Temp\avg@toolbar
Folder Found : C:\Users\xxxx xxxxx\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\xxxx xxxxx\AppData\LocalLow\Conduit
Folder Found : C:\Users\xxxx xxxxx\AppData\Roaming\loadtbs
Folder Found : C:\Users\xxxx xxxxx\AppData\Roaming\OpenCandy
Folder Found : C:\Users\xxxx xxxxx\AppData\Roaming\pdfforge
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\Program Files (x86)\Conduit
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Incredibar.com
Key Found : HKLM\SOFTWARE\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\SmartBar
[x64] Key Found : HKCU\Software\IGearSettings
[x64] Key Found : HKCU\Software\Incredibar.com

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={11A57226-FB1D-4813-93BA-F682218B0663}&mid=1e742850fbd347d0b265b1a22f71f660-ab587d7da498d4c7fef8f32c0bd7335f74d835c4&lang=de&ds=od011&pr=sa&d=2012-07-04 14:07:22&v=10.2.0.3&sap=hp

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\xxxx xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\bild4i5m.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("extensions.nurit5562nurit235.scode", "(function(){try{if('mystart.incredibar.com,premiumr[...]
Found : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bcff864fa-ff49-4ba2-8288-294cdef6f272%[...]
Found : user_pref("tfp.CT2319825", true);

*************************

AdwCleaner[R1].txt - [5220 octets] - [14/07/2012 17:31:19]

########## EOF - C:\AdwCleaner[R1].txt - [5348 octets] ##########

cosinus 14.07.2012 19:43
Bitte in CODE-Tags posten!!

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

dobaliner 14.07.2012 21:12
Sorry für das posten ohne Code-Tags, hier das neue Ergebnis:

Code:
# AdwCleaner v1.702 - Logfile created 07/14/2012 at 22:03:14
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium  (64 bits)
# User : xxxx xxxxx - xxxxxxxxx-PC
# Running from : C:\Users\xxxx xxxxx\Desktop\adwcleaner0.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\xxxx xxxxx\AppData\Local\Conduit
Folder Deleted : C:\Users\xxxxxx~1\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\xxxx xxxxx\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\xxxx xxxxx\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\xxxx xxxxx\AppData\Roaming\loadtbs
Folder Deleted : C:\Users\xxxx xxxxx\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\xxxx xxxxx\AppData\Roaming\pdfforge
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Program Files (x86)\Conduit
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Incredibar.com
Key Deleted : HKLM\SOFTWARE\Conduit

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={11A57226-FB1D-4813-93BA-F682218B0663}&mid=1e742850fbd347d0b265b1a22f71f660-ab587d7da498d4c7fef8f32c0bd7335f74d835c4&lang=de&ds=od011&pr=sa&d=2012-07-04 14:07:22&v=10.2.0.3&sap=hp --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\xxxx xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\bild4i5m.default\prefs.js

C:\Users\xxxx xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\bild4i5m.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("extensions.nurit5562nurit235.scode", "(function(){try{if('mystart.incredibar.com,premiumr[...]
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bcff864fa-ff49-4ba2-8288-294cdef6f272%[...]
Deleted : user_pref("tfp.CT2319825", true);

*************************

AdwCleaner[R1].txt - [5319 octets] - [14/07/2012 17:31:19]
AdwCleaner[R2].txt - [5379 octets] - [14/07/2012 17:42:12]
AdwCleaner[S1].txt - [4253 octets] - [14/07/2012 22:03:14]

########## EOF - C:\AdwCleaner[S1].txt - [4381 octets] ##########
Vielen Dank für die Hilfe schonmal!

cosinus 14.07.2012 22:56
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

dobaliner 15.07.2012 07:25
Hallo,

1. der normale Modus funktioniert uneingeschränkt soweit ich das beurteilen kann

2. auch das Startmenu erscheint mit vollständig. Leere Ordner gibt es definitiv nicht.

Viele Grüße,
Dirk

cosinus 15.07.2012 16:44
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

dobaliner 15.07.2012 19:00
Vielen Dank nochmal für die Geduld soweit und hier das Ergebnis von OTL.exe:

OTL Logfile:
Code:
OTL logfile created on: 15.07.2012 19:35:48 - Run 2
OTL by OldTimer - Version 3.2.54.0    Folder = C:\Users\xxxx xxxxx\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 65,85% Memory free
7,35 Gb Paging File | 5,81 Gb Available in Paging File | 79,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 341,26 Gb Total Space | 287,34 Gb Free Space | 84,20% Space Free | Partition Type: NTFS
Drive D: | 341,65 Gb Total Space | 317,90 Gb Free Space | 93,05% Space Free | Partition Type: NTFS
 
Computer Name: xxxxxxxxx-PC | User Name: xxxx xxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxxx xxxxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Verbindungsassistent\WTGService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\73baa23d28d21c7c01e334211330a84e\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (ODDPwrSvc) -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe (Acer Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WTGService) -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek)
DRV:64bit: - (usbkey) -- C:\Windows\SysNative\drivers\usbkey64.sys ()
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (IDMWFP) -- C:\Windows\SysNative\drivers\idmwfp.sys (Tonec Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (SaiK0CD5) -- C:\Windows\SysNative\drivers\SaiK0CD5.sys (Saitek)
DRV:64bit: - (SaiU0CD5) -- C:\Windows\SysNative\drivers\SaiU0CD5.sys (Saitek)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-116830536-2991956333-4007676365-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\S-1-5-21-116830536-2991956333-4007676365-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-116830536-2991956333-4007676365-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-116830536-2991956333-4007676365-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.25 23:07:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.19 23:40:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\xxxx xxxxx\AppData\Roaming\IDM\idmmzcc5 [2012.01.12 23:39:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.19 23:40:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\xxxx xxxxx\AppData\Roaming\IDM\idmmzcc5 [2012.01.12 23:39:59 | 000,000,000 | ---D | M]
 
[2012.01.12 23:36:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx xxxxx\AppData\Roaming\mozilla\Extensions
[2012.07.04 22:25:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\bild4i5m.default\extensions
[2012.03.25 22:59:49 | 000,000,000 | ---D | M] (CodecC) -- C:\Users\xxxx xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\bild4i5m.default\extensions\info@allpremiumplay.info
[2012.07.03 09:53:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.23 11:44:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.03.25 23:07:59 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.06.19 23:40:09 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.19 23:40:06 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.19 23:40:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.19 23:40:06 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.19 23:40:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.19 23:40:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.19 23:40:06 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-116830536-2991956333-4007676365-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Programme\SmartTechnology\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\SmartTechnology\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-116830536-2991956333-4007676365-1001..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-116830536-2991956333-4007676365-1001..\Run: [SimpleSYN.NET] C:\Program Files (x86)\creativbox.net\SimpleSYN 2.1\CBN.SimpleSYN.NET.exe (creativbox.net, Torsten Leithold & Georg von Kries GbR)
O4 - HKU\S-1-5-21-116830536-2991956333-4007676365-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60CDF571-B180-456C-B4D1-53606F5C5EF4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F66CAB7-3D90-4CF2-A86C-94A6431474BB}: NameServer = 130.75.1.32,130.75.1.40
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\acer arcade deluxe.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\acer arcade deluxe.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{15d1de77-3de8-11e1-bbc3-60eb69951f93}\Shell - "" = AutoRun
O33 - MountPoints2\{15d1de77-3de8-11e1-bbc3-60eb69951f93}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{15d1de7d-3de8-11e1-bbc3-60eb69951f93}\Shell - "" = AutoRun
O33 - MountPoints2\{15d1de7d-3de8-11e1-bbc3-60eb69951f93}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d1801a37-5b0f-11e1-8cd8-60eb69951f93}\Shell - "" = AutoRun
O33 - MountPoints2\{d1801a37-5b0f-11e1-8cd8-60eb69951f93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d1801a3b-5b0f-11e1-8cd8-60eb69951f93}\Shell - "" = AutoRun
O33 - MountPoints2\{d1801a3b-5b0f-11e1-8cd8-60eb69951f93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{fe4c8035-49ee-11e1-866a-60eb69951f93}\Shell - "" = AutoRun
O33 - MountPoints2\{fe4c8035-49ee-11e1-866a-60eb69951f93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{fe4c8039-49ee-11e1-866a-60eb69951f93}\Shell - "" = AutoRun
O33 - MountPoints2\{fe4c8039-49ee-11e1-866a-60eb69951f93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpFolder: C:^Users^xxxx xxxxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk - Reg Error: Value error. - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.13 22:13:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.13 22:12:28 | 002,322,184 | ---- | C] (ESET) -- C:\Users\xxxx xxxxx\Desktop\esetsmartinstaller_enu.exe
[2012.07.12 12:14:04 | 000,000,000 | ---D | C] -- C:\Users\xxxx xxxxx\Documents\DFG4
[2012.07.04 22:59:14 | 000,000,000 | ---D | C] -- C:\Users\xxxx xxxxx\AppData\Local\Skyrim
[2012.07.04 22:51:42 | 000,000,000 | ---D | C] -- C:\Users\xxxx xxxxx\Documents\My Games
[2012.07.04 20:14:33 | 000,000,000 | ---D | C] -- C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012.07.04 20:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.07.04 20:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012.07.04 20:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012.07.04 14:07:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.07.04 14:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.07.04 14:06:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012.07.04 14:03:20 | 000,095,232 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012.07.03 17:17:53 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\xxxx xxxxx\Desktop\OTL.exe
[2012.07.02 23:39:12 | 000,000,000 | ---D | C] -- C:\Users\xxxx xxxxx\AppData\Roaming\Malwarebytes
[2012.07.02 23:39:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.02 23:39:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.02 23:39:07 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.02 23:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.02 23:13:48 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.06.27 16:28:31 | 000,000,000 | ---D | C] -- C:\Users\xxxx xxxxx\Documents\DFG3
[2012.06.24 10:03:05 | 000,000,000 | ---D | C] -- C:\Users\xxxx xxxxx\AppData\Local\Macromedia
[1 C:\Users\xxxx xxxxx\Documents\*.tmp files -> C:\Users\xxxx xxxxx\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.15 19:34:37 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.15 19:34:37 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.15 19:31:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx xxxxx\Desktop\OTL.exe
[2012.07.15 19:26:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.15 19:26:12 | 2962,243,584 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.15 08:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.14 18:06:42 | 000,002,440 | ---- | M] () -- C:\Users\xxxx xxxxx\Desktop\becher.jpg
[2012.07.14 17:27:16 | 000,624,883 | ---- | M] () -- C:\Users\xxxx xxxxx\Desktop\adwcleaner0.exe
[2012.07.13 22:11:48 | 002,322,184 | ---- | M] (ESET) -- C:\Users\xxxx xxxxx\Desktop\esetsmartinstaller_enu.exe
[2012.07.12 13:20:07 | 005,038,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.12 12:34:43 | 000,062,337 | ---- | M] () -- C:\Users\xxxx xxxxx\Desktop\ja0163321.pdf
[2012.07.12 11:53:24 | 000,658,389 | ---- | M] () -- C:\Users\xxxx xxxxx\Desktop\Science-2011-Mocatta-77-81.pdf
[2012.07.10 08:00:37 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.10 08:00:37 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.10 08:00:37 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.10 08:00:37 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.10 08:00:37 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.04 20:14:33 | 000,000,222 | ---- | M] () -- C:\Users\xxxx xxxxx\Desktop\Creation Kit.url
[2012.07.04 20:14:33 | 000,000,221 | ---- | M] () -- C:\Users\xxxx xxxxx\Desktop\The Elder Scrolls V Skyrim.url
[2012.07.04 20:13:50 | 000,048,458 | ---- | M] () -- C:\Users\xxxx xxxxx\Documents\STEAM - receipt for your key subscription.pdf
[2012.07.04 20:11:24 | 000,049,669 | ---- | M] () -- C:\Users\xxxx xxxxx\Documents\Steam*- Account-Informationen.pdf
[2012.07.04 20:07:38 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.07.04 19:59:33 | 000,015,607 | ---- | M] () -- C:\Users\xxxx xxxxx\Documents\Buchungsergebnis.pdf
[2012.07.04 14:24:40 | 010,262,468 | ---- | M] () -- C:\Users\xxxx xxxxx\Documents\PosterDresden_2012.prn
[2012.07.04 14:09:20 | 001,266,467 | ---- | M] () -- C:\Users\xxxx xxxxx\Documents\PosterDresden_2012_DD.pdf
[2012.07.04 14:07:02 | 000,001,204 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.07.04 14:07:02 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.07.03 17:16:31 | 000,000,000 | ---- | M] () -- C:\Users\xxxx xxxxx\defogger_reenable
[2012.07.03 17:15:35 | 000,050,477 | ---- | M] () -- C:\Users\xxxx xxxxx\Desktop\Defogger.exe
[2012.07.02 22:47:49 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad
[2012.06.27 16:28:56 | 000,125,288 | ---- | M] () -- C:\Users\xxxx xxxxx\Documents\Dual_Phase_Membranes_Work_plan.png
[2012.06.25 16:31:27 | 000,053,631 | ---- | M] () -- C:\Users\xxxx xxxxx\Documents\(Booking.com_ Bestätigung)_Dresden_07_07-08-07_2012.pdf
[2012.06.18 21:31:39 | 000,000,335 | ---- | M] () -- C:\Users\xxxx xxxxx\.JavaPowUpload.properties
[1 C:\Users\xxxx xxxxx\Documents\*.tmp files -> C:\Users\xxxx xxxxx\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.14 18:06:41 | 000,002,440 | ---- | C] () -- C:\Users\xxxx xxxxx\Desktop\becher.jpg
[2012.07.14 17:27:31 | 000,624,883 | ---- | C] () -- C:\Users\xxxx xxxxx\Desktop\adwcleaner0.exe
[2012.07.12 12:34:43 | 000,062,337 | ---- | C] () -- C:\Users\xxxx xxxxx\Desktop\ja0163321.pdf
[2012.07.12 11:53:24 | 000,658,389 | ---- | C] () -- C:\Users\xxxx xxxxx\Desktop\Science-2011-Mocatta-77-81.pdf
[2012.07.04 20:14:33 | 000,000,222 | ---- | C] () -- C:\Users\xxxx xxxxx\Desktop\Creation Kit.url
[2012.07.04 20:14:33 | 000,000,221 | ---- | C] () -- C:\Users\xxxx xxxxx\Desktop\The Elder Scrolls V Skyrim.url
[2012.07.04 20:13:49 | 000,048,458 | ---- | C] () -- C:\Users\xxxx xxxxx\Documents\STEAM - receipt for your key subscription.pdf
[2012.07.04 20:11:23 | 000,049,669 | ---- | C] () -- C:\Users\xxxx xxxxx\Documents\Steam*- Account-Informationen.pdf
[2012.07.04 20:07:38 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.07.04 19:59:32 | 000,015,607 | ---- | C] () -- C:\Users\xxxx xxxxx\Documents\Buchungsergebnis.pdf
[2012.07.04 14:24:37 | 010,262,468 | ---- | C] () -- C:\Users\xxxx xxxxx\Documents\PosterDresden_2012.prn
[2012.07.04 14:07:02 | 000,001,204 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.07.04 14:07:02 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.07.04 14:00:27 | 001,266,467 | ---- | C] () -- C:\Users\xxxx xxxxx\Documents\PosterDresden_2012_DD.pdf
[2012.07.03 17:16:31 | 000,000,000 | ---- | C] () -- C:\Users\xxxx xxxxx\defogger_reenable
[2012.07.03 17:15:48 | 000,050,477 | ---- | C] () -- C:\Users\xxxx xxxxx\Desktop\Defogger.exe
[2012.07.02 22:38:52 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012.06.27 16:28:55 | 000,125,288 | ---- | C] () -- C:\Users\xxxx xxxxx\Documents\Dual_Phase_Membranes_Work_plan.png
[2012.06.25 16:31:26 | 000,053,631 | ---- | C] () -- C:\Users\xxxx xxxxx\Documents\(Booking.com_ Bestätigung)_Dresden_07_07-08-07_2012.pdf
[2012.05.01 23:31:28 | 000,000,335 | ---- | C] () -- C:\Users\xxxx xxxxx\.JavaPowUpload.properties
[2012.02.04 19:31:29 | 000,000,590 | ---- | C] () -- C:\Windows\WinInit.Ini
[2012.02.03 11:47:54 | 000,000,668 | ---- | C] () -- C:\Windows\wiso.ini
[2012.01.16 20:02:00 | 000,024,136 | ---- | C] () -- C:\Windows\SysWow64\ppmon.exe
[2012.01.16 20:02:00 | 000,012,480 | ---- | C] () -- C:\Windows\SysWow64\KL2N.DLL
[2012.01.16 20:02:00 | 000,007,440 | ---- | C] () -- C:\Windows\SysWow64\ppmon.dll
[2012.01.16 17:37:33 | 000,000,130 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.01.10 19:59:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.01.10 19:56:34 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.11.07 17:23:59 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011.11.07 16:44:05 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011.11.07 16:44:05 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011.11.07 16:44:05 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011.11.07 16:44:05 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011.11.07 16:44:05 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011.11.07 16:44:05 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== LOP Check ==========
 
[2012.02.03 11:49:33 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\Buhl Data Service
[2012.06.11 14:38:40 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\Canon
[2012.06.11 16:37:23 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.07.15 19:34:56 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\DMCache
[2012.02.02 17:08:50 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\elsterformular
[2012.01.25 14:36:29 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\EndNote
[2012.01.13 00:13:41 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\eSobi
[2012.04.18 12:06:57 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\IDM
[2012.01.16 17:37:32 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\PeerNetworking
[2012.01.13 00:37:58 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\PowerCinema
[2012.04.12 14:27:37 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\temp
[2012.05.07 23:56:39 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\TS3Client
[2012.05.07 20:36:36 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\ts3overlay
[2012.01.13 00:59:04 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\TuneUp Software
[2012.02.19 17:44:00 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\Verbindungsassistent
[2012.01.18 11:38:56 | 000,000,396 | ---- | M] () -- C:\Windows\Tasks\Acer Registration - Data Sending task.job
[2012.06.21 07:21:24 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.06.11 17:02:53 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\Adobe
[2012.01.14 16:18:09 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\ATI
[2012.01.17 22:19:56 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\Avira
[2012.02.03 11:49:33 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\Buhl Data Service
[2012.06.11 14:38:40 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\Canon
[2012.06.11 16:37:23 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.01.13 00:23:27 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\CyberLink
[2012.07.02 22:39:10 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\DivX
[2012.07.15 19:34:56 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\DMCache
[2012.02.02 17:08:50 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\elsterformular
[2012.01.25 14:36:29 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\EndNote
[2012.01.13 00:13:41 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\eSobi
[2012.01.23 22:20:31 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\HpUpdate
[2012.01.12 21:47:44 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\Identities
[2012.04.18 12:06:57 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\IDM
[2012.01.16 20:00:29 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\InstallShield
[2012.01.12 21:48:17 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\Intel Corporation
[2012.01.12 21:48:08 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\Macromedia
[2012.07.02 23:39:12 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\Malwarebytes
[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\Media Center Programs
[2012.04.27 11:45:23 | 000,000,000 | --SD | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft
[2012.01.12 23:36:47 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\Mozilla
[2012.01.19 01:37:34 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\Nero
[2012.01.16 17:37:32 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\PeerNetworking
[2012.01.13 00:37:58 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\PowerCinema
[2012.07.14 22:02:13 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\Skype
[2012.04.12 14:27:37 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\temp
[2012.05.07 23:56:39 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\TS3Client
[2012.05.07 20:36:36 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\ts3overlay
[2012.01.13 00:59:04 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\TuneUp Software
[2012.02.19 17:44:00 | 000,000,000 | ---D | M] -- C:\Users\xxxx xxxxx\AppData\Roaming\Verbindungsassistent
 
< %APPDATA%\*.exe /s >
[2012.01.20 10:35:51 | 004,614,688 | ---- | M] (Tonec Inc.) -- C:\Users\xxxx xxxxx\AppData\Roaming\IDM\idmupdt.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.03.03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.03.03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.05.16 17:23:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2011.05.16 17:23:57 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.05.16 17:23:57 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.05.16 17:23:57 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Files - Unicode (All) ==========
[2012.03.13 16:08:25 | 000,027,136 | ---- | M] ()(C:\Users\xxxx xxxxx\Documents\????_DD.doc) -- C:\Users\xxxx xxxxx\Documents\审稿意见_DD.doc
[2012.03.13 16:08:24 | 000,027,136 | ---- | C] ()(C:\Users\xxxx xxxxx\Documents\????_DD.doc) -- C:\Users\xxxx xxxxx\Documents\审稿意见_DD.doc

< End of report >
--- --- ---


Viel Spaß damit und einen schönen Sonntag.
Dirk

cosinus 15.07.2012 20:13
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
FF - user.js - File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{15d1de77-3de8-11e1-bbc3-60eb69951f93}\Shell - "" = AutoRun
O33 - MountPoints2\{15d1de77-3de8-11e1-bbc3-60eb69951f93}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{15d1de7d-3de8-11e1-bbc3-60eb69951f93}\Shell - "" = AutoRun
O33 - MountPoints2\{15d1de7d-3de8-11e1-bbc3-60eb69951f93}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d1801a37-5b0f-11e1-8cd8-60eb69951f93}\Shell - "" = AutoRun
O33 - MountPoints2\{d1801a37-5b0f-11e1-8cd8-60eb69951f93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d1801a3b-5b0f-11e1-8cd8-60eb69951f93}\Shell - "" = AutoRun
O33 - MountPoints2\{d1801a3b-5b0f-11e1-8cd8-60eb69951f93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{fe4c8035-49ee-11e1-866a-60eb69951f93}\Shell - "" = AutoRun
O33 - MountPoints2\{fe4c8035-49ee-11e1-866a-60eb69951f93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{fe4c8039-49ee-11e1-866a-60eb69951f93}\Shell - "" = AutoRun
O33 - MountPoints2\{fe4c8039-49ee-11e1-866a-60eb69951f93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
MsConfig:64bit - StartUpFolder: C:^Users^xxxx xxxxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk - Reg Error: Value error. - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
[2012.07.02 22:47:49 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad
[2011.11.07 17:23:59 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
:Files
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

dobaliner 15.07.2012 20:55
Danke, hier das Ergebnis:

Code:
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15d1de77-3de8-11e1-bbc3-60eb69951f93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15d1de77-3de8-11e1-bbc3-60eb69951f93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15d1de77-3de8-11e1-bbc3-60eb69951f93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15d1de77-3de8-11e1-bbc3-60eb69951f93}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15d1de7d-3de8-11e1-bbc3-60eb69951f93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15d1de7d-3de8-11e1-bbc3-60eb69951f93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15d1de7d-3de8-11e1-bbc3-60eb69951f93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15d1de7d-3de8-11e1-bbc3-60eb69951f93}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1801a37-5b0f-11e1-8cd8-60eb69951f93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1801a37-5b0f-11e1-8cd8-60eb69951f93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1801a37-5b0f-11e1-8cd8-60eb69951f93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1801a37-5b0f-11e1-8cd8-60eb69951f93}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1801a3b-5b0f-11e1-8cd8-60eb69951f93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1801a3b-5b0f-11e1-8cd8-60eb69951f93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1801a3b-5b0f-11e1-8cd8-60eb69951f93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1801a3b-5b0f-11e1-8cd8-60eb69951f93}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe4c8035-49ee-11e1-866a-60eb69951f93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe4c8035-49ee-11e1-866a-60eb69951f93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe4c8035-49ee-11e1-866a-60eb69951f93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe4c8035-49ee-11e1-866a-60eb69951f93}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe4c8039-49ee-11e1-866a-60eb69951f93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe4c8039-49ee-11e1-866a-60eb69951f93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe4c8039-49ee-11e1-866a-60eb69951f93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe4c8039-49ee-11e1-866a-60eb69951f93}\ not found.
File F:\AutoRun.exe not found.
C:\ProgramData\l_u0_0.pad moved successfully.
C:\ProgramData\FullRemove.exe moved successfully.
========== FILES ==========
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\xxxx xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: xxxx xxxxx
->Temp folder emptied: 7073675 bytes
->Temporary Internet Files folder emptied: 241564853 bytes
->FireFox cache emptied: 62698371 bytes
->Flash cache emptied: 522 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3410479 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 73646 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 300,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: xxxx xxxxx
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.0 log created on 07152012_214628

Files\Folders moved on Reboot...
C:\Users\xxxx xxxxx\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\xxxx xxxxx\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
Gruß
Dirk

cosinus 16.07.2012 12:15
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

dobaliner 16.07.2012 19:31
hier das Ergebnis, ganz sauber scheints noch nicht zu sein?

Code:
14:43:52.0056 7316        TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
14:43:52.0196 7316        ============================================================
14:43:52.0196 7316        Current date / time: 2012/07/16 14:43:52.0196
14:43:52.0196 7316        SystemInfo:
14:43:52.0196 7316       
14:43:52.0196 7316        OS Version: 6.1.7600 ServicePack: 0.0
14:43:52.0196 7316        Product type: Workstation
14:43:52.0196 7316        ComputerName: xxxxxxxxx-PC
14:43:52.0196 7316        UserName: xxxx xxxxx
14:43:52.0196 7316        Windows directory: C:\Windows
14:43:52.0196 7316        System windows directory: C:\Windows
14:43:52.0196 7316        Running under WOW64
14:43:52.0196 7316        Processor architecture: Intel x64
14:43:52.0196 7316        Number of processors: 4
14:43:52.0196 7316        Page size: 0x1000
14:43:52.0196 7316        Boot type: Normal boot
14:43:52.0196 7316        ============================================================
14:43:52.0566 7316        Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:43:52.0576 7316        ============================================================
14:43:52.0576 7316        \Device\Harddisk0\DR0:
14:43:52.0576 7316        MBR partitions:
14:43:52.0576 7316        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F40800, BlocksNum 0x32000
14:43:52.0576 7316        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F72800, BlocksNum 0x2AA86800
14:43:52.0576 7316        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2C9F9000, BlocksNum 0x2AB4C800
14:43:52.0576 7316        ============================================================
14:43:52.0606 7316        C: <-> \Device\Harddisk0\DR0\Partition1
14:43:52.0736 7316        D: <-> \Device\Harddisk0\DR0\Partition2
14:43:52.0736 7316        ============================================================
14:43:52.0736 7316        Initialize success
14:43:52.0736 7316        ============================================================
14:44:28.0141 9656        ============================================================
14:44:28.0141 9656        Scan started
14:44:28.0141 9656        Mode: Manual; SigCheck; TDLFS;
14:44:28.0141 9656        ============================================================
14:44:29.0389 9656        1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
14:44:29.0452 9656        1394ohci - ok
14:44:29.0483 9656        ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
14:44:29.0499 9656        ACPI - ok
14:44:29.0530 9656        AcpiPmi        (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
14:44:29.0577 9656        AcpiPmi - ok
14:44:29.0670 9656        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:44:29.0670 9656        AdobeARMservice - ok
14:44:29.0795 9656        AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:44:29.0795 9656        AdobeFlashPlayerUpdateSvc - ok
14:44:29.0873 9656        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:44:29.0904 9656        adp94xx - ok
14:44:29.0951 9656        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:44:29.0967 9656        adpahci - ok
14:44:30.0013 9656        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:44:30.0029 9656        adpu320 - ok
14:44:30.0060 9656        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:44:30.0201 9656        AeLookupSvc - ok
14:44:30.0263 9656        AFD            (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
14:44:30.0310 9656        AFD - ok
14:44:30.0372 9656        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
14:44:30.0388 9656        agp440 - ok
14:44:30.0435 9656        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:44:30.0466 9656        ALG - ok
14:44:30.0513 9656        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
14:44:30.0528 9656        aliide - ok
14:44:30.0575 9656        AMD External Events Utility (893d2125996bb8b92054d743d75fdc09) C:\Windows\system32\atiesrxx.exe
14:44:30.0637 9656        AMD External Events Utility - ok
14:44:30.0684 9656        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
14:44:30.0684 9656        amdide - ok
14:44:30.0731 9656        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:44:30.0762 9656        AmdK8 - ok
14:44:31.0246 9656        amdkmdag        (6aa57c2c6b586cac8910a142928a79c7) C:\Windows\system32\DRIVERS\atikmdag.sys
14:44:31.0417 9656        amdkmdag - ok
14:44:31.0558 9656        amdkmdap        (2705b5af991eff9396109fbe63635fc9) C:\Windows\system32\DRIVERS\atikmpag.sys
14:44:31.0589 9656        amdkmdap - ok
14:44:31.0620 9656        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:44:31.0651 9656        AmdPPM - ok
14:44:31.0698 9656        amdsata        (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
14:44:31.0698 9656        amdsata - ok
14:44:31.0729 9656        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:44:31.0745 9656        amdsbs - ok
14:44:31.0776 9656        amdxata        (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
14:44:31.0776 9656        amdxata - ok
14:44:31.0901 9656        AntiVirFirewallService (6acc11e9d2f01c88251123d26c1c5489) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
14:44:31.0932 9656        AntiVirFirewallService - ok
14:44:31.0995 9656        AntiVirMailService (b7fa28aefa586fb5a04876c7b31d03e6) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
14:44:32.0010 9656        AntiVirMailService - ok
14:44:32.0073 9656        AntiVirSchedulerService (2e35310d600f4cc64624786a813a041e) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:44:32.0073 9656        AntiVirSchedulerService - ok
14:44:32.0119 9656        AntiVirService  (984102b9e2f6513008ed4e0c5ac4151d) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:44:32.0135 9656        AntiVirService - ok
14:44:32.0213 9656        AntiVirWebService (9bc7247fd7379307bcff92cf8eb64b87) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
14:44:32.0229 9656        AntiVirWebService - ok
14:44:32.0353 9656        AppID          (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
14:44:32.0385 9656        AppID - ok
14:44:32.0416 9656        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:44:32.0478 9656        AppIDSvc - ok
14:44:32.0525 9656        Appinfo        (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
14:44:32.0556 9656        Appinfo - ok
14:44:32.0603 9656        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:44:32.0619 9656        arc - ok
14:44:32.0634 9656        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:44:32.0650 9656        arcsas - ok
14:44:32.0681 9656        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:44:32.0728 9656        AsyncMac - ok
14:44:32.0775 9656        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
14:44:32.0790 9656        atapi - ok
14:44:32.0837 9656        AthBTPort      (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
14:44:32.0837 9656        AthBTPort - ok
14:44:32.0899 9656        AtherosSvc      (147d5c092d116e3e4768d7be532add79) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
14:44:32.0899 9656        AtherosSvc - ok
14:44:33.0040 9656        athr            (931884f5f2d7e6973366782690bf1754) C:\Windows\system32\DRIVERS\athrx.sys
14:44:33.0087 9656        athr - ok
14:44:33.0258 9656        AtiHdmiService  (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
14:44:33.0336 9656        AtiHdmiService - ok
14:44:33.0399 9656        AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
14:44:33.0461 9656        AudioEndpointBuilder - ok
14:44:33.0461 9656        AudioSrv        (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
14:44:33.0508 9656        AudioSrv - ok
14:44:33.0539 9656        avfwim          (f3a3859d006783a0e0d40e227e52c35c) C:\Windows\system32\DRIVERS\avfwim.sys
14:44:33.0555 9656        avfwim - ok
14:44:33.0617 9656        avfwot          (bc06315a7bdbcad0c7719d1c1306a4db) C:\Windows\system32\DRIVERS\avfwot.sys
14:44:33.0633 9656        avfwot - ok
14:44:33.0679 9656        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
14:44:33.0695 9656        avgntflt - ok
14:44:33.0742 9656        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
14:44:33.0742 9656        avipbb - ok
14:44:33.0773 9656        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
14:44:33.0789 9656        avkmgr - ok
14:44:33.0835 9656        AxInstSV        (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
14:44:33.0882 9656        AxInstSV - ok
14:44:33.0945 9656        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:44:33.0976 9656        b06bdrv - ok
14:44:33.0991 9656        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:44:34.0023 9656        b57nd60a - ok
14:44:34.0101 9656        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:44:34.0116 9656        BDESVC - ok
14:44:34.0147 9656        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:44:34.0194 9656        Beep - ok
14:44:34.0272 9656        BFE            (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
14:44:34.0319 9656        BFE - ok
14:44:34.0381 9656        BITS            (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
14:44:34.0444 9656        BITS - ok
14:44:34.0522 9656        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:44:34.0569 9656        blbdrive - ok
14:44:34.0615 9656        bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
14:44:34.0662 9656        bowser - ok
14:44:34.0693 9656        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:44:34.0725 9656        BrFiltLo - ok
14:44:34.0740 9656        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:44:34.0756 9656        BrFiltUp - ok
14:44:34.0787 9656        Browser        (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
14:44:34.0834 9656        Browser - ok
14:44:34.0881 9656        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:44:34.0896 9656        Brserid - ok
14:44:34.0912 9656        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:44:34.0927 9656        BrSerWdm - ok
14:44:34.0974 9656        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:44:35.0005 9656        BrUsbMdm - ok
14:44:35.0021 9656        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:44:35.0052 9656        BrUsbSer - ok
14:44:35.0099 9656        BTATH_A2DP      (2ecf188c1d4246efc6419f118f7b8ec6) C:\Windows\system32\drivers\btath_a2dp.sys
14:44:35.0115 9656        BTATH_A2DP - ok
14:44:35.0130 9656        BTATH_BUS      (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
14:44:35.0146 9656        BTATH_BUS - ok
14:44:35.0161 9656        BTATH_HCRP      (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
14:44:35.0177 9656        BTATH_HCRP - ok
14:44:35.0208 9656        BTATH_LWFLT    (701c4fd9e8f2315bb1732e24093e7e8b) C:\Windows\system32\DRIVERS\btath_lwflt.sys
14:44:35.0208 9656        BTATH_LWFLT - ok
14:44:35.0224 9656        BTATH_RCP      (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
14:44:35.0239 9656        BTATH_RCP - ok
14:44:35.0271 9656        BtFilter        (6e7427156de0f0601dc0df42caff971d) C:\Windows\system32\DRIVERS\btfilter.sys
14:44:35.0286 9656        BtFilter - ok
14:44:35.0317 9656        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
14:44:35.0333 9656        BthEnum - ok
14:44:35.0380 9656        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:44:35.0411 9656        BTHMODEM - ok
14:44:35.0442 9656        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:44:35.0473 9656        BthPan - ok
14:44:35.0520 9656        BTHPORT        (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
14:44:35.0551 9656        BTHPORT - ok
14:44:35.0598 9656        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:44:35.0645 9656        bthserv - ok
14:44:35.0676 9656        BTHUSB          (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
14:44:35.0707 9656        BTHUSB - ok
14:44:35.0739 9656        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:44:35.0785 9656        cdfs - ok
14:44:35.0832 9656        cdrom          (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
14:44:35.0895 9656        cdrom - ok
14:44:35.0941 9656        CertPropSvc    (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
14:44:35.0988 9656        CertPropSvc - ok
14:44:36.0035 9656        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:44:36.0066 9656        circlass - ok
14:44:36.0097 9656        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:44:36.0113 9656        CLFS - ok
14:44:36.0191 9656        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:44:36.0191 9656        clr_optimization_v2.0.50727_32 - ok
14:44:36.0253 9656        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:44:36.0253 9656        clr_optimization_v2.0.50727_64 - ok
14:44:36.0347 9656        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:44:36.0363 9656        clr_optimization_v4.0.30319_32 - ok
14:44:36.0409 9656        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:44:36.0425 9656        clr_optimization_v4.0.30319_64 - ok
14:44:36.0456 9656        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:44:36.0472 9656        CmBatt - ok
14:44:36.0503 9656        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
14:44:36.0503 9656        cmdide - ok
14:44:36.0581 9656        CNG            (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
14:44:36.0628 9656        CNG - ok
14:44:36.0643 9656        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:44:36.0659 9656        Compbatt - ok
14:44:36.0690 9656        CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:44:36.0721 9656        CompositeBus - ok
14:44:36.0737 9656        COMSysApp - ok
14:44:36.0753 9656        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:44:36.0753 9656        crcdisk - ok
14:44:36.0799 9656        CryptSvc        (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
14:44:36.0862 9656        CryptSvc - ok
14:44:36.0909 9656        DcomLaunch      (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
14:44:36.0955 9656        DcomLaunch - ok
14:44:36.0987 9656        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:44:37.0049 9656        defragsvc - ok
14:44:37.0096 9656        DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
14:44:37.0127 9656        DfsC - ok
14:44:37.0158 9656        Dhcp            (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
14:44:37.0236 9656        Dhcp - ok
14:44:37.0283 9656        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:44:37.0330 9656        discache - ok
14:44:37.0361 9656        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:44:37.0377 9656        Disk - ok
14:44:37.0408 9656        Dnscache        (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
14:44:37.0423 9656        Dnscache - ok
14:44:37.0470 9656        dot3svc        (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
14:44:37.0533 9656        dot3svc - ok
14:44:37.0548 9656        DPS            (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
14:44:37.0595 9656        DPS - ok
14:44:37.0626 9656        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:44:37.0642 9656        drmkaud - ok
14:44:37.0735 9656        DsiWMIService  (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
14:44:37.0751 9656        DsiWMIService - ok
14:44:37.0813 9656        DXGKrnl        (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys
14:44:37.0845 9656        DXGKrnl - ok
14:44:37.0891 9656        E1G60          (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
14:44:37.0923 9656        E1G60 - ok
14:44:37.0969 9656        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:44:38.0016 9656        EapHost - ok
14:44:38.0141 9656        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:44:38.0266 9656        ebdrv - ok
14:44:38.0359 9656        EFS            (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
14:44:38.0391 9656        EFS - ok
14:44:38.0453 9656        ehRecvr        (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
14:44:38.0484 9656        ehRecvr - ok
14:44:38.0515 9656        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:44:38.0531 9656        ehSched - ok
14:44:38.0625 9656        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:44:38.0640 9656        elxstor - ok
14:44:38.0734 9656        ePowerSvc      (eb78fbd1c3db8223eeb364d485627ef1) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
14:44:38.0765 9656        ePowerSvc - ok
14:44:38.0859 9656        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
14:44:38.0890 9656        ErrDev - ok
14:44:38.0937 9656        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:44:38.0983 9656        EventSystem - ok
14:44:39.0030 9656        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:44:39.0077 9656        exfat - ok
14:44:39.0108 9656        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:44:39.0155 9656        fastfat - ok
14:44:39.0217 9656        Fax            (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
14:44:39.0264 9656        Fax - ok
14:44:39.0264 9656        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:44:39.0295 9656        fdc - ok
14:44:39.0342 9656        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:44:39.0373 9656        fdPHost - ok
14:44:39.0389 9656        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:44:39.0420 9656        FDResPub - ok
14:44:39.0451 9656        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:44:39.0451 9656        FileInfo - ok
14:44:39.0467 9656        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:44:39.0514 9656        Filetrace - ok
14:44:39.0529 9656        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:44:39.0545 9656        flpydisk - ok
14:44:39.0561 9656        FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
14:44:39.0576 9656        FltMgr - ok
14:44:39.0623 9656        FontCache      (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
14:44:39.0670 9656        FontCache - ok
14:44:39.0779 9656        FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:44:39.0795 9656        FontCache3.0.0.0 - ok
14:44:39.0841 9656        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:44:39.0857 9656        FsDepends - ok
14:44:39.0904 9656        Fs_Rec          (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
14:44:39.0904 9656        Fs_Rec - ok
14:44:39.0951 9656        fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:44:39.0966 9656        fvevol - ok
14:44:40.0013 9656        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:44:40.0029 9656        gagp30kx - ok
14:44:40.0091 9656        gpsvc          (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
14:44:40.0138 9656        gpsvc - ok
14:44:40.0231 9656        GREGService    (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
14:44:40.0231 9656        GREGService - ok
14:44:40.0278 9656        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:44:40.0294 9656        hcw85cir - ok
14:44:40.0356 9656        HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
14:44:40.0403 9656        HdAudAddService - ok
14:44:40.0419 9656        HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:44:40.0450 9656        HDAudBus - ok
14:44:40.0481 9656        HECIx64        (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:44:40.0481 9656        HECIx64 - ok
14:44:40.0512 9656        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:44:40.0528 9656        HidBatt - ok
14:44:40.0543 9656        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:44:40.0575 9656        HidBth - ok
14:44:40.0590 9656        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:44:40.0606 9656        HidIr - ok
14:44:40.0637 9656        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:44:40.0684 9656        hidserv - ok
14:44:40.0715 9656        HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
14:44:40.0746 9656        HidUsb - ok
14:44:40.0777 9656        hkmsvc          (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
14:44:40.0824 9656        hkmsvc - ok
14:44:40.0855 9656        HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
14:44:40.0887 9656        HomeGroupListener - ok
14:44:40.0918 9656        HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
14:44:40.0933 9656        HomeGroupProvider - ok
14:44:40.0965 9656        HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
14:44:40.0980 9656        HpSAMD - ok
14:44:41.0027 9656        HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
14:44:41.0074 9656        HTTP - ok
14:44:41.0136 9656        hwdatacard      (cdaa8e257bb625b2387219e605dde37d) C:\Windows\system32\DRIVERS\ewusbmdm.sys
14:44:41.0152 9656        hwdatacard - ok
14:44:41.0183 9656        hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
14:44:41.0183 9656        hwpolicy - ok
14:44:41.0214 9656        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:44:41.0230 9656        i8042prt - ok
14:44:41.0277 9656        iaStor          (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
14:44:41.0292 9656        iaStor - ok
14:44:41.0386 9656        IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
14:44:41.0386 9656        IAStorDataMgrSvc - ok
14:44:41.0464 9656        iaStorV        (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
14:44:41.0479 9656        iaStorV - ok
14:44:41.0511 9656        IDMWFP          (a31673b073652f56571acae61c3c25e2) C:\Windows\system32\DRIVERS\idmwfp.sys
14:44:41.0526 9656        IDMWFP - ok
14:44:41.0651 9656        idsvc          (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:44:41.0682 9656        idsvc - ok
14:44:41.0713 9656        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:44:41.0729 9656        iirsp - ok
14:44:41.0791 9656        IKEEXT          (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
14:44:41.0838 9656        IKEEXT - ok
14:44:41.0901 9656        Impcd          (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys
14:44:41.0932 9656        Impcd - ok
14:44:42.0072 9656        IntcAzAudAddService (cb5fd9b681ad43b560490b5283ddc1c1) C:\Windows\system32\drivers\RTKVHD64.sys
14:44:42.0119 9656        IntcAzAudAddService - ok
14:44:42.0244 9656        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
14:44:42.0244 9656        intelide - ok
14:44:42.0681 9656        intelkmd        (b744e1375cd1db3eb7b89781b8c93d9f) C:\Windows\system32\DRIVERS\igdpmd64.sys
14:44:42.0899 9656        intelkmd - ok
14:44:43.0008 9656        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:44:43.0024 9656        intelppm - ok
14:44:43.0071 9656        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:44:43.0133 9656        IPBusEnum - ok
14:44:43.0149 9656        IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:44:43.0195 9656        IpFilterDriver - ok
14:44:43.0242 9656        iphlpsvc        (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
14:44:43.0289 9656        iphlpsvc - ok
14:44:43.0320 9656        IPMIDRV        (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:44:43.0336 9656        IPMIDRV - ok
14:44:43.0351 9656        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:44:43.0398 9656        IPNAT - ok
14:44:43.0429 9656        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:44:43.0445 9656        IRENUM - ok
14:44:43.0476 9656        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
14:44:43.0476 9656        isapnp - ok
14:44:43.0507 9656        iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
14:44:43.0523 9656        iScsiPrt - ok
14:44:43.0539 9656        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:44:43.0554 9656        kbdclass - ok
14:44:43.0585 9656        kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
14:44:43.0601 9656        kbdhid - ok
14:44:43.0632 9656        KeyIso          (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:44:43.0648 9656        KeyIso - ok
14:44:43.0679 9656        KSecDD          (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
14:44:43.0695 9656        KSecDD - ok
14:44:43.0710 9656        KSecPkg        (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
14:44:43.0710 9656        KSecPkg - ok
14:44:43.0741 9656        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:44:43.0804 9656        ksthunk - ok
14:44:43.0835 9656        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:44:43.0882 9656        KtmRm - ok
14:44:43.0913 9656        L1C            (a4a9ca24e54e81c6c3e469eaeb4b3f42) C:\Windows\system32\DRIVERS\L1C62x64.sys
14:44:43.0913 9656        L1C - ok
14:44:43.0975 9656        LanmanServer    (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
14:44:43.0991 9656        LanmanServer - ok
14:44:44.0022 9656        LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
14:44:44.0069 9656        LanmanWorkstation - ok
14:44:44.0100 9656        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:44:44.0147 9656        lltdio - ok
14:44:44.0178 9656        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:44:44.0225 9656        lltdsvc - ok
14:44:44.0256 9656        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:44:44.0287 9656        lmhosts - ok
14:44:44.0397 9656        LMS            (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:44:44.0428 9656        LMS ( UnsignedFile.Multi.Generic ) - warning
14:44:44.0428 9656        LMS - detected UnsignedFile.Multi.Generic (1)
14:44:44.0459 9656        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:44:44.0475 9656        LSI_FC - ok
14:44:44.0506 9656        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:44:44.0506 9656        LSI_SAS - ok
14:44:44.0537 9656        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:44:44.0537 9656        LSI_SAS2 - ok
14:44:44.0553 9656        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:44:44.0553 9656        LSI_SCSI - ok
14:44:44.0584 9656        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:44:44.0631 9656        luafv - ok
14:44:44.0693 9656        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
14:44:44.0709 9656        MBAMProtector - ok
14:44:44.0787 9656        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:44:44.0802 9656        MBAMService - ok
14:44:44.0833 9656        Mcx2Svc        (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
14:44:44.0865 9656        Mcx2Svc - ok
14:44:44.0896 9656        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:44:44.0911 9656        megasas - ok
14:44:44.0927 9656        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:44:44.0943 9656        MegaSR - ok
14:44:44.0974 9656        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:44:45.0021 9656        MMCSS - ok
14:44:45.0052 9656        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:44:45.0114 9656        Modem - ok
14:44:45.0145 9656        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:44:45.0161 9656        monitor - ok
14:44:45.0192 9656        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:44:45.0208 9656        mouclass - ok
14:44:45.0223 9656        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:44:45.0239 9656        mouhid - ok
14:44:45.0270 9656        mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
14:44:45.0270 9656        mountmgr - ok
14:44:45.0379 9656        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:44:45.0395 9656        MozillaMaintenance - ok
14:44:45.0411 9656        mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
14:44:45.0426 9656        mpio - ok
14:44:45.0457 9656        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:44:45.0489 9656        mpsdrv - ok
14:44:45.0551 9656        MpsSvc          (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
14:44:45.0629 9656        MpsSvc - ok
14:44:45.0645 9656        MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
14:44:45.0691 9656        MRxDAV - ok
14:44:45.0707 9656        mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:44:45.0754 9656        mrxsmb - ok
14:44:45.0785 9656        mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:44:45.0801 9656        mrxsmb10 - ok
14:44:45.0816 9656        mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:44:45.0832 9656        mrxsmb20 - ok
14:44:45.0832 9656        msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
14:44:45.0847 9656        msahci - ok
14:44:45.0863 9656        msdsm          (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
14:44:45.0879 9656        msdsm - ok
14:44:45.0910 9656        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:44:45.0941 9656        MSDTC - ok
14:44:45.0941 9656        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:44:45.0988 9656        Msfs - ok
14:44:46.0003 9656        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:44:46.0035 9656        mshidkmdf - ok
14:44:46.0035 9656        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
14:44:46.0050 9656        msisadrv - ok
14:44:46.0081 9656        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:44:46.0113 9656        MSiSCSI - ok
14:44:46.0113 9656        msiserver - ok
14:44:46.0144 9656        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:44:46.0175 9656        MSKSSRV - ok
14:44:46.0191 9656        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:44:46.0222 9656        MSPCLOCK - ok
14:44:46.0237 9656        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:44:46.0284 9656        MSPQM - ok
14:44:46.0300 9656        MsRPC          (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
14:44:46.0315 9656        MsRPC - ok
14:44:46.0331 9656        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:44:46.0347 9656        mssmbios - ok
14:44:46.0378 9656        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:44:46.0425 9656        MSTEE - ok
14:44:46.0440 9656        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:44:46.0471 9656        MTConfig - ok
14:44:46.0487 9656        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:44:46.0487 9656        Mup - ok
14:44:46.0534 9656        napagent        (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
14:44:46.0581 9656        napagent - ok
14:44:46.0643 9656        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:44:46.0659 9656        NativeWifiP - ok
14:44:46.0705 9656        NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
14:44:46.0737 9656        NDIS - ok
14:44:46.0783 9656        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:44:46.0830 9656        NdisCap - ok
14:44:46.0861 9656        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:44:46.0908 9656        NdisTapi - ok
14:44:46.0924 9656        Ndisuio        (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
14:44:46.0955 9656        Ndisuio - ok
14:44:46.0971 9656        NdisWan        (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:44:47.0002 9656        NdisWan - ok
14:44:47.0033 9656        NDProxy        (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
14:44:47.0064 9656        NDProxy - ok
14:44:47.0080 9656        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:44:47.0127 9656        NetBIOS - ok
14:44:47.0158 9656        NetBT          (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
14:44:47.0205 9656        NetBT - ok
14:44:47.0236 9656        Netlogon        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:44:47.0251 9656        Netlogon - ok
14:44:47.0298 9656        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:44:47.0345 9656        Netman - ok
14:44:47.0376 9656        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:44:47.0423 9656        netprofm - ok
14:44:47.0517 9656        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:44:47.0532 9656        NetTcpPortSharing - ok
14:44:47.0563 9656        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:44:47.0579 9656        nfrd960 - ok
14:44:47.0626 9656        NlaSvc          (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
14:44:47.0673 9656        NlaSvc - ok
14:44:47.0688 9656        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:44:47.0735 9656        Npfs - ok
14:44:47.0766 9656        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:44:47.0813 9656        nsi - ok
14:44:47.0829 9656        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:44:47.0860 9656        nsiproxy - ok
14:44:47.0938 9656        Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
14:44:47.0985 9656        Ntfs - ok
14:44:48.0078 9656        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:44:48.0125 9656        Null - ok
14:44:48.0156 9656        nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
14:44:48.0172 9656        nvraid - ok
14:44:48.0187 9656        nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
14:44:48.0203 9656        nvstor - ok
14:44:48.0219 9656        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
14:44:48.0234 9656        nv_agp - ok
14:44:48.0312 9656        ODDPwrSvc      (ba7dac1b8a86d9402c3e04e1fcaa600d) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
14:44:48.0328 9656        ODDPwrSvc - ok
14:44:48.0359 9656        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
14:44:48.0359 9656        ohci1394 - ok
14:44:48.0437 9656        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:44:48.0453 9656        ose - ok
14:44:48.0733 9656        osppsvc        (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:44:48.0843 9656        osppsvc - ok
14:44:48.0967 9656        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:44:48.0983 9656        p2pimsvc - ok
14:44:49.0014 9656        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:44:49.0030 9656        p2psvc - ok
14:44:49.0108 9656        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:44:49.0123 9656        Parport - ok
14:44:49.0170 9656        partmgr        (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
14:44:49.0170 9656        partmgr - ok
14:44:49.0201 9656        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:44:49.0233 9656        PcaSvc - ok
14:44:49.0233 9656        pci            (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
14:44:49.0248 9656        pci - ok
14:44:49.0264 9656        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
14:44:49.0279 9656        pciide - ok
14:44:49.0295 9656        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:44:49.0311 9656        pcmcia - ok
14:44:49.0326 9656        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:44:49.0326 9656        pcw - ok
14:44:49.0357 9656        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:44:49.0420 9656        PEAUTH - ok
14:44:49.0482 9656        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:44:49.0513 9656        PerfHost - ok
14:44:49.0591 9656        pla            (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
14:44:49.0669 9656        pla - ok
14:44:49.0732 9656        PlugPlay        (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
14:44:49.0763 9656        PlugPlay - ok
14:44:49.0779 9656        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:44:49.0810 9656        PNRPAutoReg - ok
14:44:49.0841 9656        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:44:49.0857 9656        PNRPsvc - ok
14:44:49.0903 9656        PolicyAgent    (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
14:44:49.0966 9656        PolicyAgent - ok
14:44:49.0997 9656        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:44:50.0028 9656        Power - ok
14:44:50.0091 9656        PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
14:44:50.0137 9656        PptpMiniport - ok
14:44:50.0153 9656        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:44:50.0184 9656        Processor - ok
14:44:50.0215 9656        ProfSvc        (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
14:44:50.0231 9656        ProfSvc - ok
14:44:50.0247 9656        ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:44:50.0262 9656        ProtectedStorage - ok
14:44:50.0309 9656        Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
14:44:50.0340 9656        Psched - ok
14:44:50.0387 9656        PSI            (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
14:44:50.0387 9656        PSI - ok
14:44:50.0465 9656        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:44:50.0512 9656        ql2300 - ok
14:44:50.0605 9656        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:44:50.0621 9656        ql40xx - ok
14:44:50.0652 9656        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:44:50.0683 9656        QWAVE - ok
14:44:50.0683 9656        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:44:50.0730 9656        QWAVEdrv - ok
14:44:50.0746 9656        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:44:50.0777 9656        RasAcd - ok
14:44:50.0824 9656        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:44:50.0855 9656        RasAgileVpn - ok
14:44:50.0886 9656        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:44:50.0933 9656        RasAuto - ok
14:44:50.0949 9656        Rasl2tp        (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:44:51.0011 9656        Rasl2tp - ok
14:44:51.0058 9656        RasMan          (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
14:44:51.0120 9656        RasMan - ok
14:44:51.0136 9656        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:44:51.0183 9656        RasPppoe - ok
14:44:51.0214 9656        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:44:51.0261 9656        RasSstp - ok
14:44:51.0292 9656        rdbss          (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
14:44:51.0339 9656        rdbss - ok
14:44:51.0370 9656        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:44:51.0386 9656        rdpbus - ok
14:44:51.0386 9656        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:44:51.0417 9656        RDPCDD - ok
14:44:51.0432 9656        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:44:51.0479 9656        RDPENCDD - ok
14:44:51.0479 9656        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:44:51.0510 9656        RDPREFMP - ok
14:44:51.0557 9656        RDPWD          (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
14:44:51.0573 9656        RDPWD - ok
14:44:51.0620 9656        rdyboost        (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
14:44:51.0635 9656        rdyboost - ok
14:44:51.0666 9656        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:44:51.0713 9656        RemoteAccess - ok
14:44:51.0744 9656        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:44:51.0791 9656        RemoteRegistry - ok
14:44:51.0838 9656        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
14:44:51.0869 9656        RFCOMM - ok
14:44:51.0963 9656        RichVideo      (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
14:44:51.0994 9656        RichVideo ( UnsignedFile.Multi.Generic ) - warning
14:44:51.0994 9656        RichVideo - detected UnsignedFile.Multi.Generic (1)
14:44:52.0025 9656        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:44:52.0072 9656        RpcEptMapper - ok
14:44:52.0088 9656        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:44:52.0103 9656        RpcLocator - ok
14:44:52.0134 9656        RpcSs          (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
14:44:52.0166 9656        RpcSs - ok
14:44:52.0212 9656        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:44:52.0259 9656        rspndr - ok
14:44:52.0290 9656        RS_Service      (7cb9f0fdd730f4a4ecf6cde15ea12e8a) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
14:44:52.0306 9656        RS_Service - ok
14:44:52.0337 9656        SaiK0CD5        (858c15a70af2900c03daa4419b973903) C:\Windows\system32\DRIVERS\SaiK0CD5.sys
14:44:52.0353 9656        SaiK0CD5 - ok
14:44:52.0400 9656        SaiMini        (e124bcfb55adcd4aa273e73c3d666f9f) C:\Windows\system32\DRIVERS\SaiMini.sys
14:44:52.0415 9656        SaiMini - ok
14:44:52.0431 9656        SaiNtBus        (94ab59e2d3f301dc2b6ea97a027cebfa) C:\Windows\system32\drivers\SaiBus.sys
14:44:52.0431 9656        SaiNtBus - ok
14:44:52.0462 9656        SaiU0CD5        (866efd804302483de27e3947b25d0fab) C:\Windows\system32\DRIVERS\SaiU0CD5.sys
14:44:52.0462 9656        SaiU0CD5 - ok
14:44:52.0493 9656        SamSs          (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:44:52.0509 9656        SamSs - ok
14:44:52.0524 9656        sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
14:44:52.0540 9656        sbp2port - ok
14:44:52.0571 9656        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:44:52.0618 9656        SCardSvr - ok
14:44:52.0649 9656        scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
14:44:52.0696 9656        scfilter - ok
14:44:52.0758 9656        Schedule        (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
14:44:52.0790 9656        Schedule - ok
14:44:52.0821 9656        SCPolicySvc    (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
14:44:52.0852 9656        SCPolicySvc - ok
14:44:52.0883 9656        SDRSVC          (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
14:44:52.0914 9656        SDRSVC - ok
14:44:52.0992 9656        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:44:53.0024 9656        secdrv - ok
14:44:53.0039 9656        seclogon        (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
14:44:53.0086 9656        seclogon - ok
14:44:53.0195 9656        Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
14:44:53.0226 9656        Secunia PSI Agent - ok
14:44:53.0320 9656        Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files (x86)\Secunia\PSI\sua.exe
14:44:53.0336 9656        Secunia Update Agent - ok
14:44:53.0429 9656        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:44:53.0476 9656        SENS - ok
14:44:53.0507 9656        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:44:53.0538 9656        SensrSvc - ok
14:44:53.0585 9656        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:44:53.0601 9656        Serenum - ok
14:44:53.0632 9656        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:44:53.0663 9656        Serial - ok
14:44:53.0694 9656        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:44:53.0710 9656        sermouse - ok
14:44:53.0757 9656        SessionEnv      (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
14:44:53.0788 9656        SessionEnv - ok
14:44:53.0819 9656        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
14:44:53.0850 9656        sffdisk - ok
14:44:53.0866 9656        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:44:53.0897 9656        sffp_mmc - ok
14:44:53.0913 9656        sffp_sd        (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:44:53.0913 9656        sffp_sd - ok
14:44:53.0928 9656        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:44:53.0944 9656        sfloppy - ok
14:44:53.0991 9656        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:44:54.0038 9656        SharedAccess - ok
14:44:54.0069 9656        ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
14:44:54.0100 9656        ShellHWDetection - ok
14:44:54.0162 9656        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:44:54.0162 9656        SiSRaid2 - ok
14:44:54.0178 9656        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:44:54.0194 9656        SiSRaid4 - ok
14:44:54.0287 9656        SkypeUpdate    (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
14:44:54.0303 9656        SkypeUpdate - ok
14:44:54.0365 9656        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:44:54.0412 9656        Smb - ok
14:44:54.0443 9656        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:44:54.0474 9656        SNMPTRAP - ok
14:44:54.0490 9656        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:44:54.0506 9656        spldr - ok
14:44:54.0537 9656        Spooler        (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
14:44:54.0568 9656        Spooler - ok
14:44:54.0724 9656        sppsvc          (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
14:44:54.0818 9656        sppsvc - ok
14:44:54.0911 9656        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:44:54.0942 9656        sppuinotify - ok
14:44:54.0989 9656        srv            (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
14:44:55.0052 9656        srv - ok
14:44:55.0067 9656        srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
14:44:55.0083 9656        srv2 - ok
14:44:55.0098 9656        srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
14:44:55.0114 9656        srvnet - ok
14:44:55.0176 9656        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:44:55.0223 9656        SSDPSRV - ok
14:44:55.0254 9656        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:44:55.0286 9656        SstpSvc - ok
14:44:55.0348 9656        Steam Client Service - ok
14:44:55.0379 9656        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:44:55.0395 9656        stexstor - ok
14:44:55.0457 9656        stisvc          (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
14:44:55.0473 9656        stisvc - ok
14:44:55.0488 9656        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:44:55.0504 9656        swenum - ok
14:44:55.0535 9656        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:44:55.0598 9656        swprv - ok
14:44:55.0660 9656        SynTP          (ce9b5a79aee330bc7e88c0441e5727bb) C:\Windows\system32\DRIVERS\SynTP.sys
14:44:55.0676 9656        SynTP - ok
14:44:55.0769 9656        SysMain        (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
14:44:55.0816 9656        SysMain - ok
14:44:55.0910 9656        TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
14:44:55.0956 9656        TabletInputService - ok
14:44:55.0972 9656        TapiSrv        (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
14:44:56.0019 9656        TapiSrv - ok
14:44:56.0034 9656        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:44:56.0066 9656        TBS - ok
14:44:56.0222 9656        Tcpip          (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
14:44:56.0253 9656        Tcpip - ok
14:44:56.0440 9656        TCPIP6          (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
14:44:56.0471 9656        TCPIP6 - ok
14:44:56.0534 9656        tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
14:44:56.0580 9656        tcpipreg - ok
14:44:56.0612 9656        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:44:56.0643 9656        TDPIPE - ok
14:44:56.0658 9656        TDTCP          (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
14:44:56.0690 9656        TDTCP - ok
14:44:56.0705 9656        tdx            (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
14:44:56.0752 9656        tdx - ok
14:44:56.0768 9656        TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
14:44:56.0783 9656        TermDD - ok
14:44:56.0846 9656        TermService    (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
14:44:56.0908 9656        TermService - ok
14:44:56.0924 9656        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:44:56.0955 9656        Themes - ok
14:44:56.0970 9656        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:44:57.0002 9656        THREADORDER - ok
14:44:57.0017 9656        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:44:57.0064 9656        TrkWks - ok
14:44:57.0111 9656        TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
14:44:57.0142 9656        TrustedInstaller - ok
14:44:57.0173 9656        tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:44:57.0204 9656        tssecsrv - ok
14:44:57.0407 9656        TuneUp.UtilitiesSvc (6dc7b7342148636c6751d9f7b8aaea91) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
14:44:57.0454 9656        TuneUp.UtilitiesSvc - ok
14:44:57.0548 9656        TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
14:44:57.0563 9656        TuneUpUtilitiesDrv - ok
14:44:57.0672 9656        tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
14:44:57.0735 9656        tunnel - ok
14:44:57.0766 9656        TurboB          (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
14:44:57.0766 9656        TurboB - ok
14:44:57.0813 9656        TurboBoost      (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
14:44:57.0828 9656        TurboBoost - ok
14:44:57.0844 9656        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:44:57.0844 9656        uagp35 - ok
14:44:57.0875 9656        udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
14:44:57.0922 9656        udfs - ok
14:44:57.0953 9656        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:44:57.0969 9656        UI0Detect - ok
14:44:58.0000 9656        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
14:44:58.0000 9656        uliagpkx - ok
14:44:58.0031 9656        umbus          (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
14:44:58.0062 9656        umbus - ok
14:44:58.0094 9656        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:44:58.0109 9656        UmPass - ok
14:44:58.0265 9656        UNS            (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
14:44:58.0296 9656        UNS ( UnsignedFile.Multi.Generic ) - warning
14:44:58.0296 9656        UNS - detected UnsignedFile.Multi.Generic (1)
14:44:58.0390 9656        Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
14:44:58.0406 9656        Updater Service - ok
14:44:58.0515 9656        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:44:58.0546 9656        upnphost - ok
14:44:58.0624 9656        usbaudio        (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
14:44:58.0655 9656        usbaudio - ok
14:44:58.0702 9656        usbccgp        (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
14:44:58.0718 9656        usbccgp - ok
14:44:58.0749 9656        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
14:44:58.0780 9656        usbcir - ok
14:44:58.0811 9656        usbehci        (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
14:44:58.0811 9656        usbehci - ok
14:44:58.0874 9656        usbhub          (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
14:44:58.0889 9656        usbhub - ok
14:44:58.0936 9656        usbkey          (a13334591800e55184857e4090e4bbe9) C:\Windows\system32\DRIVERS\USBKey64.sys
14:44:58.0936 9656        usbkey - ok
14:44:58.0967 9656        usbohci        (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
14:44:58.0998 9656        usbohci - ok
14:44:59.0030 9656        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:44:59.0045 9656        usbprint - ok
14:44:59.0076 9656        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:44:59.0092 9656        usbscan - ok
14:44:59.0123 9656        USBSTOR        (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:44:59.0139 9656        USBSTOR - ok
14:44:59.0154 9656        usbuhci        (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
14:44:59.0186 9656        usbuhci - ok
14:44:59.0248 9656        usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
14:44:59.0279 9656        usbvideo - ok
14:44:59.0310 9656        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:44:59.0342 9656        UxSms - ok
14:44:59.0373 9656        VaultSvc        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:44:59.0388 9656        VaultSvc - ok
14:44:59.0420 9656        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
14:44:59.0435 9656        vdrvroot - ok
14:44:59.0482 9656        vds            (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
14:44:59.0513 9656        vds - ok
14:44:59.0544 9656        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:44:59.0544 9656        vga - ok
14:44:59.0560 9656        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:44:59.0607 9656        VgaSave - ok
14:44:59.0638 9656        vhdmp          (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
14:44:59.0638 9656        vhdmp - ok
14:44:59.0654 9656        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
14:44:59.0654 9656        viaide - ok
14:44:59.0685 9656        volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
14:44:59.0685 9656        volmgr - ok
14:44:59.0700 9656        volmgrx        (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
14:44:59.0716 9656        volmgrx - ok
14:44:59.0732 9656        volsnap        (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
14:44:59.0747 9656        volsnap - ok
14:44:59.0841 9656        vpnagent        (3b98ab9849754cb88265111422441df7) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
14:44:59.0856 9656        vpnagent - ok
14:44:59.0903 9656        vpnva          (13e6d95e7ac67abb7a1196557ef8849f) C:\Windows\system32\DRIVERS\vpnva64.sys
14:44:59.0903 9656        vpnva - ok
14:44:59.0950 9656        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:44:59.0966 9656        vsmraid - ok
14:45:00.0059 9656        VSS            (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
14:45:00.0106 9656        VSS - ok
14:45:00.0200 9656        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:45:00.0215 9656        vwifibus - ok
14:45:00.0231 9656        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:45:00.0262 9656        vwififlt - ok
14:45:00.0324 9656        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:45:00.0356 9656        W32Time - ok
14:45:00.0387 9656        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:45:00.0418 9656        WacomPen - ok
14:45:00.0449 9656        WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:45:00.0480 9656        WANARP - ok
14:45:00.0480 9656        Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:45:00.0512 9656        Wanarpv6 - ok
14:45:00.0590 9656        wbengine        (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
14:45:00.0621 9656        wbengine - ok
14:45:00.0714 9656        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:45:00.0746 9656        WbioSrvc - ok
14:45:00.0777 9656        wcncsvc        (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
14:45:00.0808 9656        wcncsvc - ok
14:45:00.0808 9656        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:45:00.0824 9656        WcsPlugInService - ok
14:45:00.0870 9656        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:45:00.0886 9656        Wd - ok
14:45:00.0902 9656        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:45:00.0933 9656        Wdf01000 - ok
14:45:00.0948 9656        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:45:00.0980 9656        WdiServiceHost - ok
14:45:00.0980 9656        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:45:00.0995 9656        WdiSystemHost - ok
14:45:01.0042 9656        WebClient      (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
14:45:01.0058 9656        WebClient - ok
14:45:01.0104 9656        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:45:01.0151 9656        Wecsvc - ok
14:45:01.0167 9656        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:45:01.0229 9656        wercplsupport - ok
14:45:01.0245 9656        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:45:01.0276 9656        WerSvc - ok
14:45:01.0354 9656        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:45:01.0385 9656        WfpLwf - ok
14:45:01.0401 9656        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:45:01.0416 9656        WIMMount - ok
14:45:01.0463 9656        WinDefend - ok
14:45:01.0463 9656        WinHttpAutoProxySvc - ok
14:45:01.0541 9656        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:45:01.0572 9656        Winmgmt - ok
14:45:01.0666 9656        WinRM          (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
14:45:01.0728 9656        WinRM - ok
14:45:01.0884 9656        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:45:01.0900 9656        Wlansvc - ok
14:45:01.0962 9656        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:45:01.0962 9656        WmiAcpi - ok
14:45:02.0040 9656        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:45:02.0056 9656        wmiApSrv - ok
14:45:02.0134 9656        WMPNetworkSvc - ok
14:45:02.0165 9656        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:45:02.0181 9656        WPCSvc - ok
14:45:02.0196 9656        WPDBusEnum      (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
14:45:02.0228 9656        WPDBusEnum - ok
14:45:02.0243 9656        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:45:02.0306 9656        ws2ifsl - ok
14:45:02.0321 9656        wscsvc          (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
14:45:02.0352 9656        wscsvc - ok
14:45:02.0352 9656        WSearch - ok
14:45:02.0430 9656        WTGService      (d7e88349be0f01e4d8d776adb1f325bf) C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
14:45:02.0446 9656        WTGService - ok
14:45:02.0571 9656        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:45:02.0633 9656        wuauserv - ok
14:45:02.0742 9656        WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
14:45:02.0774 9656        WudfPf - ok
14:45:02.0820 9656        WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:45:02.0867 9656        WUDFRd - ok
14:45:02.0898 9656        wudfsvc        (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
14:45:02.0945 9656        wudfsvc - ok
14:45:02.0976 9656        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:45:03.0008 9656        WwanSvc - ok
14:45:03.0039 9656        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:45:03.0257 9656        \Device\Harddisk0\DR0 - ok
14:45:03.0257 9656        Boot (0x1200)  (a0f7c052509503fe32add634215fade1) \Device\Harddisk0\DR0\Partition0
14:45:03.0273 9656        \Device\Harddisk0\DR0\Partition0 - ok
14:45:03.0288 9656        Boot (0x1200)  (e6c66b71605680f02a9cbb6fdce8b0b3) \Device\Harddisk0\DR0\Partition1
14:45:03.0288 9656        \Device\Harddisk0\DR0\Partition1 - ok
14:45:03.0304 9656        Boot (0x1200)  (dbac78ea438e0cc864cba620e834fd17) \Device\Harddisk0\DR0\Partition2
14:45:03.0304 9656        \Device\Harddisk0\DR0\Partition2 - ok
14:45:03.0304 9656        ============================================================
14:45:03.0304 9656        Scan finished
14:45:03.0304 9656        ============================================================
14:45:03.0320 6880        Detected object count: 3
14:45:03.0320 6880        Actual detected object count: 3
14:45:53.0630 6880        LMS ( UnsignedFile.Multi.Generic ) - skipped by user
14:45:53.0630 6880        LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:45:53.0630 6880        RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
14:45:53.0630 6880        RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:45:53.0630 6880        UNS ( UnsignedFile.Multi.Generic ) - skipped by user
14:45:53.0630 6880        UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 17.07.2012 10:52
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

dobaliner 17.07.2012 18:35
Beim ersten Durchlauf von Combofix hatte ich leider vergessen den Windows Defender auszumachen:


Combofix Logfile:
Code:
ComboFix 12-07-16.01 - xxxx xxxxx 17.07.2012  12:00:47.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3767.2406 [GMT 2:00]
ausgeführt von:: c:\users\xxxx xxxxx\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\xxxx xxxxx\Documents\~WRL0412.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-17 bis 2012-07-17  ))))))))))))))))))))))))))))))
.
.
2012-07-17 10:06 . 2012-07-17 10:06        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-07-17 10:05 . 2012-07-17 10:05        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{18C86E3E-2C1A-4677-A04D-3591DDB2C790}\offreg.dll
2012-07-15 19:46 . 2012-07-15 19:46        --------        d-----w-        C:\_OTL
2012-07-13 20:13 . 2012-07-13 20:13        --------        d-----w-        c:\program files (x86)\ESET
2012-07-13 15:33 . 2012-05-31 04:04        9013136        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{18C86E3E-2C1A-4677-A04D-3591DDB2C790}\mpengine.dll
2012-07-12 09:55 . 2012-06-12 03:02        3147264        ----a-w-        c:\windows\system32\win32k.sys
2012-07-12 07:22 . 2012-06-06 05:50        1425408        ----a-w-        c:\program files\Common Files\System\ado\msado15.dll
2012-07-12 07:22 . 2012-06-06 05:09        987136        ----a-w-        c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-04 20:59 . 2012-07-04 20:59        --------        d-----w-        c:\users\xxxx xxxxx\AppData\Local\Skyrim
2012-07-04 18:07 . 2012-07-17 07:27        --------        d-----w-        c:\program files (x86)\Steam
2012-07-04 18:07 . 2012-07-04 18:32        --------        d-----w-        c:\program files (x86)\Common Files\Steam
2012-07-04 12:07 . 2012-07-04 12:07        --------        d--h--w-        c:\programdata\Common Files
2012-07-04 12:07 . 2004-03-08 23:00        662288        ----a-w-        c:\windows\SysWow64\MSCOMCT2.OCX
2012-07-04 12:07 . 1998-06-23 23:00        137000        ----a-w-        c:\windows\SysWow64\MSMAPI32.OCX
2012-07-04 12:06 . 2012-07-04 12:07        --------        d-----w-        c:\program files (x86)\PDFCreator
2012-07-04 12:06 . 1998-07-06 16:56        125712        ----a-w-        c:\windows\SysWow64\VB6DE.DLL
2012-07-04 12:06 . 1998-07-06 16:55        158208        ----a-w-        c:\windows\SysWow64\MSCMCDE.DLL
2012-07-04 12:06 . 1998-07-06 16:55        64512        ----a-w-        c:\windows\SysWow64\MSCC2DE.DLL
2012-07-04 12:06 . 1998-07-05 23:00        23552        ----a-w-        c:\windows\SysWow64\MSMPIDE.DLL
2012-07-04 12:03 . 2012-06-15 04:51        95232        ----a-w-        c:\windows\system32\pdfcmon.dll
2012-07-02 22:58 . 2012-07-02 22:58        476936        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2012-07-02 21:39 . 2012-07-02 21:39        --------        d-----w-        c:\users\xxxx xxxxx\AppData\Roaming\Malwarebytes
2012-07-02 21:39 . 2012-07-02 21:39        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-02 21:39 . 2012-07-02 21:39        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-02 21:39 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-24 08:03 . 2012-06-24 08:03        --------        d-----w-        c:\users\xxxx xxxxx\AppData\Local\Macromedia
2012-06-21 05:26 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-21 05:26 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-21 05:26 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-21 05:26 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-21 05:26 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-21 05:26 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-21 05:26 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-21 05:26 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-21 05:26 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-19 21:40 . 2012-06-19 21:40        770384        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-19 21:40 . 2012-06-19 21:40        421200        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 09:48 . 2012-04-15 14:36        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 09:48 . 2012-01-12 22:31        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-02 22:58 . 2012-02-28 15:05        472840        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-05-15 03:56 . 2012-06-13 05:31        1197568        ----a-w-        c:\windows\system32\wininet.dll
2012-05-15 03:08 . 2012-06-13 05:31        981504        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-05-14 13:52 . 2012-01-17 20:18        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-14 13:52 . 2012-01-17 20:18        139360        ----a-w-        c:\windows\system32\drivers\avfwot.sys
2012-05-14 13:52 . 2012-01-17 20:18        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-14 13:52 . 2012-01-17 20:18        114128        ----a-w-        c:\windows\system32\drivers\avfwim.sys
2012-05-04 10:52 . 2012-06-13 05:31        5505392        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-13 05:31        3958128        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-13 05:31        3902320        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32 . 2012-06-13 05:31        208896        ----a-w-        c:\windows\system32\profsvc.dll
2012-04-28 03:50 . 2012-06-13 05:31        204800        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:34 . 2012-06-13 05:31        76288        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-04-26 05:34 . 2012-06-13 05:31        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:28 . 2012-06-13 05:31        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:59 . 2012-06-13 05:31        182272        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-04-24 05:59 . 2012-06-13 05:31        1460224        ----a-w-        c:\windows\system32\crypt32.dll
2012-04-24 05:59 . 2012-06-13 05:31        140288        ----a-w-        c:\windows\system32\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 05:31        139264        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:47 . 2012-06-13 05:31        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 05:31        1156608        ----a-w-        c:\windows\SysWow64\crypt32.dll
2012-04-20 06:22 . 2012-06-13 05:31        57856        ----a-w-        c:\windows\system32\licmgr10.dll
2012-04-20 05:05 . 2012-06-13 05:31        44544        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2012-04-20 05:00 . 2012-06-13 05:31        482816        ----a-w-        c:\windows\system32\html.iec
2012-04-20 04:15 . 2012-06-13 05:31        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2012-04-20 03:58 . 2012-06-13 05:31        386048        ----a-w-        c:\windows\SysWow64\html.iec
2012-04-20 03:24 . 2012-06-13 05:31        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-01-16 3462552]
"SimpleSYN.NET"="c:\program files (x86)\creativbox.net\SimpleSYN 2.1\CBN.SimpleSYN.NET.exe" [2011-06-21 2275696]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-07-04 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-21 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2011-02-17 124136]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-14 348624]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-07-29 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-07-29 295072]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-07-29 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-07-29 51872]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-07-29 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-07-29 270496]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
R3 SaiK0CD5;SaiK0CD5;c:\windows\system32\DRIVERS\SaiK0CD5.sys [2011-09-20 183104]
R3 SaiU0CD5;SaiU0CD5;c:\windows\system32\DRIVERS\SaiU0CD5.sys [2011-09-20 47168]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 usbkey;USB Dongle;c:\windows\system32\DRIVERS\USBKey64.sys [2012-01-16 38496]
R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-07-29 52896]
R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2012-05-14 139360]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-20 203264]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-05-14 619472]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-05-14 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-14 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-14 465360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-06-11 821792]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-12-20 148104]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-09-22 645048]
S2 WTGService;WTGService;c:\program files (x86)\Verbindungsassistent\WTGService.exe [2009-03-03 296400]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-20 6856704]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-20 264704]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2012-05-14 114128]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-07-29 28832]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-10-20 10331840]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-18 c:\windows\Tasks\Acer Registration - Data Sending task.job
- c:\program files (x86)\Acer\Registration\GREG.exe [2010-04-28 02:47]
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 09:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-12-19 18:46        22408        ----a-w-        c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-20 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-20 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-20 414744]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-13 11046504]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-13 2103912]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-07-29 594080]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-07-29 377504]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-06-11 496160]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2782096]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-01-23 432640]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-01-23 158208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Download aller Links mit IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download mit IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: Interfaces\{7F66CAB7-3D90-4CF2-A86C-94A6431474BB}: NameServer = 130.75.1.32,130.75.1.40
FF - ProfilePath - c:\users\xxxx xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\bild4i5m.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-116830536-2991956333-4007676365-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8f,ff,7b,bf,d7,5f,b4,0b,d9,1a,03,12,1d,71,8b,a0,53,ca,0f,f4,33,
  8b,2f,75,5c,60,87,6c,1c,5b,30,b6,4d,79,52,2b,34,63,25,78,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-116830536-2991956333-4007676365-1001_Classes\Wow6432Node\CLSID\{95fef388-361b-4e2e-92ff-1fc552c6a1a3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000085
"Therad"=dword:0000001b
"MData"=hex(0):20,35,e9,2b,74,59,03,68,be,b2,5b,74,b4,62,9e,77,fc,22,df,59,02,
  94,28,03,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-17  12:09:09
ComboFix-quarantined-files.txt  2012-07-17 10:09
.
Vor Suchlauf: 10 Verzeichnis(se), 307.955.322.880 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 307.837.960.192 Bytes frei
.
- - End Of File - - 0D280481D3FA0D4CC83DA164D6E1D95D
--- --- ---




Dann habe ich gemerkt, dass der Windows Defender an war während Comnofix lief, hab den Defender Aus gemacht und Combofix nochmal laufen lassen:


Combofix Logfile:
Code:
ComboFix 12-07-16.01 - xxxx xxxxx 17.07.2012  12:20:14.2.4 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3767.2315 [GMT 2:00]
ausgeführt von:: c:\users\xxxx xxxxx\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-17 bis 2012-07-17  ))))))))))))))))))))))))))))))
.
.
2012-07-17 10:23 . 2012-07-17 10:23        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-07-15 19:46 . 2012-07-15 19:46        --------        d-----w-        C:\_OTL
2012-07-13 20:13 . 2012-07-13 20:13        --------        d-----w-        c:\program files (x86)\ESET
2012-07-13 15:33 . 2012-05-31 04:04        9013136        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{18C86E3E-2C1A-4677-A04D-3591DDB2C790}\mpengine.dll
2012-07-12 09:55 . 2012-06-12 03:02        3147264        ----a-w-        c:\windows\system32\win32k.sys
2012-07-12 07:22 . 2012-06-06 05:50        1425408        ----a-w-        c:\program files\Common Files\System\ado\msado15.dll
2012-07-12 07:22 . 2012-06-06 05:09        987136        ----a-w-        c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-04 20:59 . 2012-07-04 20:59        --------        d-----w-        c:\users\xxxx xxxxx\AppData\Local\Skyrim
2012-07-04 18:07 . 2012-07-17 07:27        --------        d-----w-        c:\program files (x86)\Steam
2012-07-04 18:07 . 2012-07-04 18:32        --------        d-----w-        c:\program files (x86)\Common Files\Steam
2012-07-04 12:07 . 2012-07-04 12:07        --------        d--h--w-        c:\programdata\Common Files
2012-07-04 12:07 . 2004-03-08 23:00        662288        ----a-w-        c:\windows\SysWow64\MSCOMCT2.OCX
2012-07-04 12:07 . 1998-06-23 23:00        137000        ----a-w-        c:\windows\SysWow64\MSMAPI32.OCX
2012-07-04 12:06 . 2012-07-04 12:07        --------        d-----w-        c:\program files (x86)\PDFCreator
2012-07-04 12:06 . 1998-07-06 16:56        125712        ----a-w-        c:\windows\SysWow64\VB6DE.DLL
2012-07-04 12:06 . 1998-07-06 16:55        158208        ----a-w-        c:\windows\SysWow64\MSCMCDE.DLL
2012-07-04 12:06 . 1998-07-06 16:55        64512        ----a-w-        c:\windows\SysWow64\MSCC2DE.DLL
2012-07-04 12:06 . 1998-07-05 23:00        23552        ----a-w-        c:\windows\SysWow64\MSMPIDE.DLL
2012-07-04 12:03 . 2012-06-15 04:51        95232        ----a-w-        c:\windows\system32\pdfcmon.dll
2012-07-02 22:58 . 2012-07-02 22:58        476936        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2012-07-02 21:39 . 2012-07-02 21:39        --------        d-----w-        c:\users\xxxx xxxxx\AppData\Roaming\Malwarebytes
2012-07-02 21:39 . 2012-07-02 21:39        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-02 21:39 . 2012-07-02 21:39        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-02 21:39 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-24 08:03 . 2012-06-24 08:03        --------        d-----w-        c:\users\xxxx xxxxx\AppData\Local\Macromedia
2012-06-21 05:26 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-21 05:26 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-21 05:26 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-21 05:26 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-21 05:26 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-21 05:26 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-21 05:26 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-21 05:26 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-21 05:26 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-19 21:40 . 2012-06-19 21:40        770384        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-19 21:40 . 2012-06-19 21:40        421200        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 09:48 . 2012-04-15 14:36        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 09:48 . 2012-01-12 22:31        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-02 22:58 . 2012-02-28 15:05        472840        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-05-15 03:56 . 2012-06-13 05:31        1197568        ----a-w-        c:\windows\system32\wininet.dll
2012-05-15 03:08 . 2012-06-13 05:31        981504        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-05-14 13:52 . 2012-01-17 20:18        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-14 13:52 . 2012-01-17 20:18        139360        ----a-w-        c:\windows\system32\drivers\avfwot.sys
2012-05-14 13:52 . 2012-01-17 20:18        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-14 13:52 . 2012-01-17 20:18        114128        ----a-w-        c:\windows\system32\drivers\avfwim.sys
2012-05-04 10:52 . 2012-06-13 05:31        5505392        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-13 05:31        3958128        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-13 05:31        3902320        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32 . 2012-06-13 05:31        208896        ----a-w-        c:\windows\system32\profsvc.dll
2012-04-28 03:50 . 2012-06-13 05:31        204800        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:34 . 2012-06-13 05:31        76288        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-04-26 05:34 . 2012-06-13 05:31        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:28 . 2012-06-13 05:31        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:59 . 2012-06-13 05:31        182272        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-04-24 05:59 . 2012-06-13 05:31        1460224        ----a-w-        c:\windows\system32\crypt32.dll
2012-04-24 05:59 . 2012-06-13 05:31        140288        ----a-w-        c:\windows\system32\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 05:31        139264        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:47 . 2012-06-13 05:31        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 05:31        1156608        ----a-w-        c:\windows\SysWow64\crypt32.dll
2012-04-20 06:22 . 2012-06-13 05:31        57856        ----a-w-        c:\windows\system32\licmgr10.dll
2012-04-20 05:05 . 2012-06-13 05:31        44544        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2012-04-20 05:00 . 2012-06-13 05:31        482816        ----a-w-        c:\windows\system32\html.iec
2012-04-20 04:15 . 2012-06-13 05:31        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2012-04-20 03:58 . 2012-06-13 05:31        386048        ----a-w-        c:\windows\SysWow64\html.iec
2012-04-20 03:24 . 2012-06-13 05:31        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((((  SnapShot@2012-07-17_10.07.02  )))))))))))))))))))))))))))))))))))))))))
.
- 2012-01-12 19:45 . 2012-07-17 09:02        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-12 19:45 . 2012-07-17 10:13        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-12 19:45 . 2012-07-17 10:13        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-12 19:45 . 2012-07-17 09:02        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-01-16 3462552]
"SimpleSYN.NET"="c:\program files (x86)\creativbox.net\SimpleSYN 2.1\CBN.SimpleSYN.NET.exe" [2011-06-21 2275696]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-07-04 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-21 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2011-02-17 124136]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-14 348624]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-07-29 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-07-29 295072]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-07-29 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-07-29 51872]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-07-29 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-07-29 270496]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
R3 SaiK0CD5;SaiK0CD5;c:\windows\system32\DRIVERS\SaiK0CD5.sys [2011-09-20 183104]
R3 SaiU0CD5;SaiU0CD5;c:\windows\system32\DRIVERS\SaiU0CD5.sys [2011-09-20 47168]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 usbkey;USB Dongle;c:\windows\system32\DRIVERS\USBKey64.sys [2012-01-16 38496]
R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-07-29 52896]
R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2012-05-14 139360]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-20 203264]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-05-14 619472]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-05-14 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-14 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-14 465360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-06-11 821792]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-12-20 148104]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-09-22 645048]
S2 WTGService;WTGService;c:\program files (x86)\Verbindungsassistent\WTGService.exe [2009-03-03 296400]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-20 6856704]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-20 264704]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2012-05-14 114128]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-07-29 28832]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-10-20 10331840]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-18 c:\windows\Tasks\Acer Registration - Data Sending task.job
- c:\program files (x86)\Acer\Registration\GREG.exe [2010-04-28 02:47]
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 09:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-12-19 18:46        22408        ----a-w-        c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-20 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-20 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-20 414744]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-13 11046504]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-13 2103912]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-07-29 594080]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-07-29 377504]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-06-11 496160]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2782096]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-01-23 432640]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-01-23 158208]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Download aller Links mit IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download mit IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: Interfaces\{7F66CAB7-3D90-4CF2-A86C-94A6431474BB}: NameServer = 130.75.1.32,130.75.1.40
FF - ProfilePath - c:\users\xxxx xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\bild4i5m.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-116830536-2991956333-4007676365-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8f,ff,7b,bf,d7,5f,b4,0b,d9,1a,03,12,1d,71,8b,a0,53,ca,0f,f4,33,
  8b,2f,75,5c,60,87,6c,1c,5b,30,b6,4d,79,52,2b,34,63,25,78,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-116830536-2991956333-4007676365-1001_Classes\Wow6432Node\CLSID\{95fef388-361b-4e2e-92ff-1fc552c6a1a3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000085
"Therad"=dword:0000001b
"MData"=hex(0):20,35,e9,2b,74,59,03,68,be,b2,5b,74,b4,62,9e,77,fc,22,df,59,02,
  94,28,03,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-17  12:24:59
ComboFix-quarantined-files.txt  2012-07-17 10:24
.
Vor Suchlauf: 15 Verzeichnis(se), 307.901.198.336 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 307.711.479.808 Bytes frei
.
- - End Of File - - BEFB51BDD65641397A468E56BAF895A5
--- --- ---


Wie geht´s weiter?

Viele Grüße,
Dirk

cosinus 18.07.2012 15:42
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

dobaliner 18.07.2012 19:47
Das GMER.log:


GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-18 18:46:45
Windows 6.1.7600 
Running: yyq9y06i.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18f46a95ca8a                     
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18f46a95ca8a (not active ControlSet) 

---- EOF - GMER 1.0.15 ----
--- --- ---


Das OSAM.log:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:57:52 on 18.07.2012

OS: Windows 7 Home Premium Edition (Build 7600), 64-bit
Default Browser: Mozilla Corporation Firefox 14.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Acer Registration - Data Sending task.job" - "Acer Incorporated" - C:\Program Files (x86)\Acer\Registration\GREG.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~3\Office14\MLCFG32.CPL
"Nero BackItUp and BurnRights" - "Nero AG" - C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BurnRights\NeroBurnRights_bb.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AvFw Packet Filter Miniport" (avfwim) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avfwim.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"IDMWFP" (IDMWFP) - "Tonec Inc." - C:\Windows\System32\DRIVERS\idmwfp.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"PSI" (PSI) - "Secunia" - C:\Windows\System32\DRIVERS\psi_mf.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -  (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~3\Office14\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\SDShelEx-win32.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{21347690-EC41-4F9A-8887-1F4AEE672439} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} "Canon Easy-WebPrint EX BHO" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{0055C089-8582-441B-A0BF-17B458C2A3A8} "IDM integration (IDMIEHlprObj Class)" - "Internet Download Manager, Tonec Inc." - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Secunia PSI Tray.lnk" - "Secunia" - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"IDMan" - "Tonec Inc." - C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
"SimpleSYN.NET" - "creativbox.net, Torsten Leithold & Georg von Kries GbR" - "C:\Program Files (x86)\creativbox.net\SimpleSYN 2.1\CBN.SimpleSYN.NET.exe"
"Steam" - "Valve Corporation" - "C:\Program Files (x86)\Steam\Steam.exe" -silent
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"ArcadeMovieService" - "CyberLink Corp." - "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"                                                                                                                                                                                         
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"CanonSolutionMenuEx" - "CANON INC." - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
"IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"LManager" - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\LManager.exe                                                                                                                                                                                                                     
"MDS_Menu" - "CyberLink Corp." - "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"                                             
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Canon BJNP Port" - "CANON INC." - C:\Windows\system32\CNMN6PPM.DLL
"HP Discovery Port Monitor (HP Deskjet 3050 J610 series)" - "Hewlett-Packard Co." - C:\Windows\system32\HPDiscoPM9311.dll
"pdfcmon" - "pdfforge GbR" - C:\Windows\system32\pdfcmon.dll
"RICOH Language Monitor2" - "RICOH CO.,Ltd." - C:\Windows\system32\rc4mon64.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
"Acer ODD Power Service" (ODDPwrSvc) - "Acer Incorporated" - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira Email Schutz" (AntiVirMailService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
"Avira FireWall" (AntiVirFirewallService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"Cisco AnyConnect VPN Agent" (vpnagent) - "Cisco Systems, Inc." - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
"Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
"Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
"Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Program Files (x86)\Secunia\PSI\sua.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
"TurboBoost" (TurboBoost) - "Intel(R) Corporation" - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
"Updater Service" (Updater Service) - "Acer Group" - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
"WTGService" (WTGService) - ? - C:\Program Files (x86)\Verbindungsassistent\WTGService.exe  (File found, but it contains no detailed information)

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - C:\Windows\System32\Acer.scr

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
und dann noch aswMBR.txt:

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-18 19:13:15
-----------------------------
19:13:15.998    OS Version: Windows x64 6.1.7600
19:13:15.998    Number of processors: 4 586 0x2505
19:13:15.998    ComputerName: xxxxxxxxx-PC  UserName: xxxx xxxxx
19:13:17.044    Initialize success
19:13:21.006    AVAST engine defs: 12071800
19:13:27.698    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:13:27.714    Disk 0 Vendor: SAMSUNG_ 2AR1 Size: 715404MB BusType: 3
19:13:27.730    Disk 0 MBR read successfully
19:13:27.730    Disk 0 MBR scan
19:13:27.745    Disk 0 Windows 7 default MBR code
19:13:27.745    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        16000 MB offset 2048
19:13:27.776    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 32770048
19:13:27.792    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      349453 MB offset 32974848
19:13:27.823    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS      349849 MB offset 748654592
19:13:27.839    Disk 0 scanning C:\Windows\system32\drivers
19:13:38.072    Service scanning
19:13:58.056    Modules scanning
19:13:58.056    Disk 0 trace - called modules:
19:13:58.087    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:13:58.087    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069c3060]
19:13:58.087    3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049a3050]
19:13:58.103    Scan finished successfully
19:14:12.720    Disk 0 MBR has been saved successfully to "C:\Users\xxxx xxxxx\Desktop\MBR.dat"
19:14:12.720    The log file has been saved successfully to "C:\Users\xxxx xxxxx\Desktop\aswMBR.txt"
Gruß
Dirk

cosinus 19.07.2012 11:11
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

dobaliner 19.07.2012 21:52
Das Malwarebyte Log:

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.19.07

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
xxxx xxxxx :: xxxxxxxxx-PC [Administrator]

19.07.2012 12:43:22
mbam-log-2012-07-19 (12-43-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 333594
Laufzeit: 31 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Das Superantispyware Log:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/19/2012 at 04:53 PM

Application Version : 5.5.1006

Core Rules Database Version : 8924
Trace Rules Database Version: 6736

Scan type      : Complete Scan
Total Scan Time : 01:17:09

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned      : 705
Memory threats detected  : 0
Registry items scanned    : 65625
Registry threats detected : 0
File items scanned        : 150239
File threats detected    : 34

Adware.Tracking Cookie
        C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\TAMP3IAE.txt [ /fastclick.net ]
        C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\MI5TGJAB.txt [ /ad.yieldmanager.com ]
        C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\5WES2EBW.txt [ /atdmt.com ]
        C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\35KCSXLE.txt [ /doubleclick.net ]
        C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\ABG74ZZF.txt [ /c.atdmt.com ]
        C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\T3YBU0K2.txt [ /msnportal.112.2o7.net ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@invitemedia[2].txt [ Cookie:xxxx xxxxx@invitemedia.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@perfectadserver[1].txt [ Cookie:xxxx xxxxx@perfectadserver.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@adx.chip[1].txt [ Cookie:xxxx xxxxx@adx.chip.de/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@www.adserver[1].txt [ Cookie:xxxx xxxxx@www.adserver.bz/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@ad.yieldmanager[2].txt [ Cookie:xxxx xxxxx@ad.yieldmanager.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@revsci[1].txt [ Cookie:xxxx xxxxx@revsci.net/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\P2D8K0VV.txt [ Cookie:xxxx xxxxx@apmebf.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@doubleclick[1].txt [ Cookie:xxxx xxxxx@doubleclick.net/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\MP2VJAUQ.txt [ Cookie:xxxx xxxxx@c.atdmt.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@adxpansion[2].txt [ Cookie:xxxx xxxxx@adxpansion.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@zedo[1].txt [ Cookie:xxxx xxxxx@zedo.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\A617VEFO.txt [ Cookie:xxxx xxxxx@overture.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@adfarm1.adition[1].txt [ Cookie:xxxx xxxxx@adfarm1.adition.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@exoclick[2].txt [ Cookie:xxxx xxxxx@exoclick.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@specificclick[1].txt [ Cookie:xxxx xxxxx@specificclick.net/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@ru4[2].txt [ Cookie:xxxx xxxxx@ru4.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@ad2.adfarm1.adition[1].txt [ Cookie:xxxx xxxxx@ad2.adfarm1.adition.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\UZQRDA07.txt [ Cookie:xxxx xxxxx@mediaplex.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@imrworldwide[2].txt [ Cookie:xxxx xxxxx@imrworldwide.com/cgi-bin ]
        C:\USERS\xxxx xxxxx\Cookies\TAMP3IAE.txt [ Cookie:xxxx xxxxx@fastclick.net/ ]
        C:\USERS\xxxx xxxxx\Cookies\MI5TGJAB.txt [ Cookie:xxxx xxxxx@ad.yieldmanager.com/ ]
        C:\USERS\xxxx xxxxx\Cookies\35KCSXLE.txt [ Cookie:xxxx xxxxx@doubleclick.net/ ]
        C:\USERS\xxxx xxxxx\Cookies\ABG74ZZF.txt [ Cookie:xxxx xxxxx@c.atdmt.com/ ]
        C:\USERS\xxxx xxxxx\Cookies\T3YBU0K2.txt [ Cookie:xxxx xxxxx@msnportal.112.2o7.net/ ]
        C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@ADS.FLING[2].TXT [ /ADS.FLING ]
        C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@ADS2.ZEUSCLICKS[1].TXT [ /ADS2.ZEUSCLICKS ]
        C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@ADS.CREATIVE-SERVING[1].TXT [ /ADS.CREATIVE-SERVING ]
        C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@AD3.ADFARM1.ADITION[1].TXT [ /AD3.ADFARM1.ADITION ]
Anscheinend nur noch ein paar cookies...(müssen die weg?)

cosinus 19.07.2012 22:23
Zitat:
UAC On - Limited User
Hm das fiel mir jetzt nicht nur bei dir auf :wtf:
Kannst du SASW per Rechtsklick als Adminstrator ausführen?

dobaliner 20.07.2012 07:55
Sorry, hier das ganze als Admin:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/20/2012 at 02:18 AM

Application Version : 5.5.1006

Core Rules Database Version : 8924
Trace Rules Database Version: 6736

Scan type      : Complete Scan
Total Scan Time : 01:18:04

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Administrator

Memory items scanned      : 704
Memory threats detected  : 0
Registry items scanned    : 65734
Registry threats detected : 0
File items scanned        : 150290
File threats detected    : 34

Adware.Tracking Cookie
        C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\TAMP3IAE.txt [ /fastclick.net ]
        C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\MI5TGJAB.txt [ /ad.yieldmanager.com ]
        C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\5WES2EBW.txt [ /atdmt.com ]
        C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\35KCSXLE.txt [ /doubleclick.net ]
        C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\ABG74ZZF.txt [ /c.atdmt.com ]
        C:\Users\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\T3YBU0K2.txt [ /msnportal.112.2o7.net ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@invitemedia[2].txt [ Cookie:xxxx xxxxx@invitemedia.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@perfectadserver[1].txt [ Cookie:xxxx xxxxx@perfectadserver.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@adx.chip[1].txt [ Cookie:xxxx xxxxx@adx.chip.de/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@www.adserver[1].txt [ Cookie:xxxx xxxxx@www.adserver.bz/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@ad.yieldmanager[2].txt [ Cookie:xxxx xxxxx@ad.yieldmanager.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@revsci[1].txt [ Cookie:xxxx xxxxx@revsci.net/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\P2D8K0VV.txt [ Cookie:xxxx xxxxx@apmebf.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@doubleclick[1].txt [ Cookie:xxxx xxxxx@doubleclick.net/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\MP2VJAUQ.txt [ Cookie:xxxx xxxxx@c.atdmt.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@adxpansion[2].txt [ Cookie:xxxx xxxxx@adxpansion.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@zedo[1].txt [ Cookie:xxxx xxxxx@zedo.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\A617VEFO.txt [ Cookie:xxxx xxxxx@overture.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@adfarm1.adition[1].txt [ Cookie:xxxx xxxxx@adfarm1.adition.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@exoclick[2].txt [ Cookie:xxxx xxxxx@exoclick.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@specificclick[1].txt [ Cookie:xxxx xxxxx@specificclick.net/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@ru4[2].txt [ Cookie:xxxx xxxxx@ru4.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@ad2.adfarm1.adition[1].txt [ Cookie:xxxx xxxxx@ad2.adfarm1.adition.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\UZQRDA07.txt [ Cookie:xxxx xxxxx@mediaplex.com/ ]
        C:\USERS\xxxx xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx_xxxxx@imrworldwide[2].txt [ Cookie:xxxx xxxxx@imrworldwide.com/cgi-bin ]
        C:\USERS\xxxx xxxxx\Cookies\TAMP3IAE.txt [ Cookie:xxxx xxxxx@fastclick.net/ ]
        C:\USERS\xxxx xxxxx\Cookies\MI5TGJAB.txt [ Cookie:xxxx xxxxx@ad.yieldmanager.com/ ]
        C:\USERS\xxxx xxxxx\Cookies\35KCSXLE.txt [ Cookie:xxxx xxxxx@doubleclick.net/ ]
        C:\USERS\xxxx xxxxx\Cookies\ABG74ZZF.txt [ Cookie:xxxx xxxxx@c.atdmt.com/ ]
        C:\USERS\xxxx xxxxx\Cookies\T3YBU0K2.txt [ Cookie:xxxx xxxxx@msnportal.112.2o7.net/ ]
        C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@ADS.FLING[2].TXT [ /ADS.FLING ]
        C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@ADS2.ZEUSCLICKS[1].TXT [ /ADS2.ZEUSCLICKS ]
        C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@ADS.CREATIVE-SERVING[1].TXT [ /ADS.CREATIVE-SERVING ]
        C:\USERS\xxxx xxxxx\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\xxxx_xxxxx@AD3.ADFARM1.ADITION[1].TXT [ /AD3.ADFARM1.ADITION ]

cosinus 20.07.2012 15:55
Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

dobaliner 22.07.2012 12:02
Servus,

das System läuft zurzeit einwandfrei.
Danke für die Hinweise mit den Cookies.

Hätte nochmal ne Frage zum Infektionsweg:
Hatte festgestellt, dass zum Zeitpunkt der Infektion Java und Flashplayer nicht auf dem neuesten Stand waren, das sind doch wahrscheinlich die wahrscheinlichsten Kandidaten, oder?

Flashplayer ist jetzt aktuell, Java habe ich deinstalliert (wie kann ich sicher gehen, das das wirklich komplett weg ist?)

Hast du ev. sonst noch Tips für die Zukunft?

Gruß
Dirk

cosinus 23.07.2012 14:28
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:57 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131