Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: BKA Virus nach Systemwiederherstellung weg?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 11.03.2012, 10:23   #1
med21
 
BKA Virus nach Systemwiederherstellung weg? - Standard

BKA Virus nach Systemwiederherstellung weg?



Hallo zusammen!
Ich habe mir gestern das "polizei Virus" eingefangen und dann natürlich sämtliche Foren nach einer Problemlösung durchsucht... Das Problem bei der Sache waren meine mangelnden Computerkenntnisse.
Schließlich bin ich auf etwas gestoßen was sogar ich verstanden habe und durchführen konnte... nämlich Systemwiederherstellung.
Habe die Wiederherstellung durchgeführt und jetzt läuft wieder alles wie normal
Habe jetzt Malwarebytes heruntergeladen und scannen lassen
malewarebytes hat dann folgenden gefunden :

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.10.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
sandra :: DELL [Administrator]

Schutz: Aktiviert

11.03.2012 00:15:48
mbam-log-2012-03-11 (00-15-48).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 359792
Laufzeit: 2 Stunde(n), 49 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: ("C:\Program Files\Internet Explorer\Iexplore.exe" %1) Gut: ("%1" /S) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\sandra\2gweorjqjutp92vjy9gake (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\sandra\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
nun meine Frage: ist der Virus damit beseitigt oder gibt es noch weitere Schritte die ich durchführen muss?

Falls noch weitere Schritte notwendig sind bitte eine Anleitung für Dummies...
danke schon mal im vorhinein

Geändert von cosinus (19.03.2012 um 16:10 Uhr) Grund: CODE-Tags

Alt 12.03.2012, 16:09   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Virus nach Systemwiederherstellung weg? - Standard

BKA Virus nach Systemwiederherstellung weg?



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________

Alt 13.03.2012, 22:29   #3
med21
 
BKA Virus nach Systemwiederherstellung weg? - Standard

BKA Virus nach Systemwiederherstellung weg?



hab das jetzt auch durchgeführt und folgendes ist dabei rausgekommen:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c1377ddaac3d9441a0f83c9c130f806b
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-12 06:07:52
# local_time=2012-03-12 07:07:52 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 401427 104229251 26545 0
# compatibility_mode=5892 16776573 100 100 16712 169103864 0 0
# compatibility_mode=8192 67108863 100 0 3714 3714 0 0
# scanned=81701
# found=3
# cleaned=0
# scan_time=4536
C:\Users\sandra\AppData\Local\Temp\jar_cache7824746856752433174.tmp	Win32/Spy.Zbot.YW trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\sandra\AppData\Local\Temp\Main.class	Java/TrojanDownloader.Agent.NDQ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\sandra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\4724ba2a-3c568282	Java/Exploit.Blacole.EL trojan (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c1377ddaac3d9441a0f83c9c130f806b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-13 08:14:36
# local_time=2012-03-13 09:14:36 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 37772 104319927 30548 0
# compatibility_mode=5892 16776573 100 100 28742 169194540 0 0
# compatibility_mode=8192 67108863 100 0 94390 94390 0 0
# scanned=168924
# found=3
# cleaned=0
# scan_time=7864
C:\Users\sandra\AppData\Local\Temp\jar_cache7824746856752433174.tmp	Win32/Spy.Zbot.YW trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\sandra\AppData\Local\Temp\Main.class	Java/TrojanDownloader.Agent.NDQ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\sandra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\4724ba2a-3c568282	Java/Exploit.Blacole.EL trojan (unable to clean)	00000000000000000000000000000000	I
         
Danke schon mal für die Hilfe
__________________

Geändert von cosinus (19.03.2012 um 16:09 Uhr)

Alt 14.03.2012, 15:10   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Virus nach Systemwiederherstellung weg? - Standard

BKA Virus nach Systemwiederherstellung weg?



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.03.2012, 18:01   #5
med21
 
BKA Virus nach Systemwiederherstellung weg? - Standard

BKA Virus nach Systemwiederherstellung weg?



OTL.txt :OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.03.2012 13:58:02 - Run 1
OTL by OldTimer - Version 3.2.37.0     Folder = C:\Users\sandra\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,46% Memory free
4,23 Gb Paging File | 3,05 Gb Available in Paging File | 72,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,91 Gb Total Space | 12,21 Gb Free Space | 8,79% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,95 Gb Free Space | 49,50% Space Free | Partition Type: NTFS
 
Computer Name: DELL | User Name: sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.15 13:55:19 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\sandra\Desktop\OTL.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.08.26 09:25:28 | 000,662,016 | ---- | M] (Sonix) -- C:\Windows\vsnp2uvc.exe
PRC - [2009.07.21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.05.13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.10.25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.08.29 13:23:48 | 000,442,460 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2008.08.29 13:23:46 | 000,225,362 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\stacsv.exe
PRC - [2008.08.29 13:23:40 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\AEstSrv.exe
PRC - [2008.08.26 15:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe
PRC - [2008.08.26 15:58:10 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe
PRC - [2008.08.04 00:02:20 | 000,036,352 | ---- | M] () -- C:\Programme\Winamp\winampa.exe
PRC - [2008.07.15 11:12:48 | 001,226,024 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DellDock.exe
PRC - [2008.06.30 11:28:24 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2008.06.30 11:28:14 | 000,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2008.06.30 11:28:12 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2008.06.30 11:28:12 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2008.05.02 14:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.03.17 18:35:50 | 001,207,376 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.14 10:13:02 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Programme\Dell\MediaDirect\PCMService.exe
PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.19 18:32:38 | 015,881,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\763e9e193260d832c2af21688c2093c5\MenuSkinning.ni.dll
MOD - [2012.02.19 18:32:12 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll
MOD - [2012.02.19 18:31:58 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012.02.19 18:31:42 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\c721e680f75a6c3657548d9045f94e2e\VistaBridgeLibrary.ni.dll
MOD - [2012.02.19 18:31:38 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll
MOD - [2012.02.19 18:31:36 | 002,261,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\c4e0f07bc28055a2d7ba9f1486bc3276\DellDock.ni.exe
MOD - [2012.02.19 18:31:33 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\ae7ea87967b9f2e8bfcdf496ba041130\MyDock.Util.ni.dll
MOD - [2012.02.19 18:31:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012.02.19 18:12:00 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012.02.19 18:11:30 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll
MOD - [2012.02.19 18:11:10 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll
MOD - [2012.02.19 18:09:05 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011.10.14 19:54:07 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll
MOD - [2011.10.14 19:50:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.03.30 05:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 05:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.10.30 18:32:41 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3019.36912__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008.10.30 18:32:41 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3019.36870__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008.10.30 18:32:41 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3019.36924__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008.10.30 18:32:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3019.36904__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008.10.30 18:32:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3019.36890__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008.10.30 18:32:40 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3019.37131__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008.10.30 18:32:40 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3019.37100__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008.10.30 18:32:40 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3019.37065__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008.10.30 18:32:40 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3019.37022__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008.10.30 18:32:29 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3019.36884__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008.10.30 18:32:28 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3019.37030__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008.10.30 18:32:28 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3019.37092__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008.10.30 18:32:28 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3019.37072__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008.10.30 18:32:28 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3019.36930__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008.10.30 18:32:28 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3019.37130__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2008.10.30 18:32:28 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3019.37137__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008.10.30 18:32:28 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3019.37079__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008.10.30 18:32:28 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3019.37029__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008.10.30 18:32:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3019.37071__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008.10.30 18:32:28 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3019.37129__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2008.10.30 18:32:27 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3019.36936__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008.10.30 18:32:27 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3019.37023__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008.10.30 18:32:27 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3019.37015__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008.10.30 18:32:27 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3019.36891__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008.10.30 18:32:27 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3019.37058__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2008.10.30 18:32:27 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3019.36943__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2008.10.30 18:32:27 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3019.37044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008.10.30 18:32:27 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3019.37022__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008.10.30 18:32:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3019.36942__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008.10.30 18:32:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3019.37029__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008.10.30 18:32:27 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3019.37044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008.10.30 18:32:27 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3019.37058__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008.10.30 18:32:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008.10.30 18:32:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008.10.30 18:32:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008.10.30 18:32:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008.10.30 18:32:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008.10.30 18:32:27 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008.10.30 18:32:26 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008.10.30 18:32:26 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008.10.30 18:32:26 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008.10.30 18:32:26 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008.10.30 18:32:26 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008.10.30 18:32:26 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008.10.30 18:32:26 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008.10.30 18:32:26 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008.10.30 18:32:26 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008.10.30 18:32:26 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008.10.30 18:32:26 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008.10.30 18:32:26 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2008.10.30 18:32:26 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008.10.30 18:32:26 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008.10.30 18:32:26 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008.10.30 18:32:26 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008.10.30 18:32:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008.10.30 18:32:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008.10.30 18:32:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008.10.30 18:32:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008.10.30 18:32:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008.10.30 18:32:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008.10.30 18:32:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll
MOD - [2008.10.30 18:32:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008.10.30 18:32:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008.10.30 18:32:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008.10.30 18:32:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008.10.30 18:32:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008.10.30 18:32:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008.10.30 18:32:25 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008.10.30 18:32:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008.10.30 18:32:25 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008.10.30 18:32:25 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008.10.30 18:32:25 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008.10.30 18:32:25 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008.10.30 18:32:25 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008.10.30 18:32:22 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3019.36897__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008.10.30 18:32:22 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3019.37122__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008.10.30 18:32:22 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3019.37121__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008.10.30 18:32:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008.10.30 18:32:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3019.37147__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008.10.30 18:32:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008.10.30 18:32:22 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008.10.30 18:32:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008.10.30 18:32:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008.10.30 18:32:22 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3019.36862__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008.10.30 18:32:21 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3019.36878__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008.10.30 18:32:21 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3019.36862__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008.10.30 18:32:21 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3019.36863__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008.10.30 18:32:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3019.36861__90ba9c70f846762e\APM.Server.dll
MOD - [2008.10.30 18:32:21 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008.10.30 18:32:21 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3019.36862__90ba9c70f846762e\AEM.Server.dll
MOD - [2008.10.30 18:32:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008.10.30 18:32:21 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3019.37122__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008.10.30 18:32:21 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008.10.30 18:32:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008.10.30 18:32:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.08.05 13:16:20 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
MOD - [2008.08.04 00:02:20 | 000,036,352 | ---- | M] () -- C:\Programme\Winamp\winampa.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.05.13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.11.04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.10.30 18:42:53 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008.10.25 10:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.08.29 13:23:46 | 000,225,362 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\stacsv.exe -- (STacSV)
SRV - [2008.08.29 13:23:40 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\AEstSrv.exe -- (AESTFilters)
SRV - [2008.08.26 15:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008.05.02 14:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009.12.11 21:27:34 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.06.23 09:37:10 | 003,486,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009.05.11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.08.29 13:23:50 | 000,382,976 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.08.05 13:16:06 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008.06.30 11:28:10 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.05.04 09:42:18 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008.05.04 09:42:18 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.04.17 16:36:14 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.03.14 14:04:26 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2008.03.11 07:42:24 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008.03.11 07:24:46 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008.03.11 07:24:44 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008.03.11 07:24:42 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008.01.21 03:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008.01.21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = DELL - Offizielle Seite | Dell Österreich
IE - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.22.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.15 08:40:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.15 08:40:13 | 000,000,000 | ---D | M]
 
[2008.11.05 15:13:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sandra\AppData\Roaming\mozilla\Extensions
[2012.03.15 08:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sandra\AppData\Roaming\mozilla\Firefox\Profiles\51uoo4lk.default\extensions
[2010.05.06 10:25:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sandra\AppData\Roaming\mozilla\Firefox\Profiles\51uoo4lk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.20 16:32:23 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\sandra\AppData\Roaming\mozilla\Firefox\Profiles\51uoo4lk.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2009.11.06 16:12:33 | 000,002,163 | ---- | M] () -- C:\Users\sandra\AppData\Roaming\Mozilla\Firefox\Profiles\51uoo4lk.default\searchplugins\bing.xml
[2011.12.03 22:53:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.05.25 18:34:01 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.05.06 09:50:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.05.25 18:34:01 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2009.06.03 19:22:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.09.03 07:33:39 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009.11.30 19:23:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.05.06 09:50:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2007.07.26 16:00:36 | 001,687,552 | ---- | M] (MDL Information Systems, Inc (Elsevier MDL)) -- C:\Program Files\mozilla firefox\plugins\npchime.dll
[2010.04.12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.12 19:18:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.12 19:18:43 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.12 19:18:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.12 19:18:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.12 19:18:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found
O4 - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .csm - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .csml - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .cub - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .cube - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .dx - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .emb - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .embl - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .gau - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .jdx - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .mol - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .mop - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .pdb - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .rxn - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .scr - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .skc - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .spt - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .tgf - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .xyz - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 195.34.133.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C7D9A5E-6C89-4D30-94C1-41BD7B21B879}: DhcpNameServer = 195.34.133.21 195.34.133.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8020B94A-7AF0-44B7-97C5-414DF8E9853B}: DhcpNameServer = 92.62.30.3 195.230.160.10 195.230.160.12
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{030e3481-5cb5-11de-9d7a-00217082d29c}\Shell - "" = AutoRun
O33 - MountPoints2\{030e3481-5cb5-11de-9d7a-00217082d29c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{030e3482-5cb5-11de-9d7a-00217082d29c}\Shell - "" = AutoRun
O33 - MountPoints2\{030e3482-5cb5-11de-9d7a-00217082d29c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8b31ec2c-4077-11e1-91d0-00217082d29c}\Shell - "" = AutoRun
O33 - MountPoints2\{8b31ec2c-4077-11e1-91d0-00217082d29c}\Shell\AutoRun\command - "" = F:\AutoLcd209x.exe
O33 - MountPoints2\{fc50d8ea-b587-11dd-b579-d42f6e3e9e72}\Shell - "" = AutoRun
O33 - MountPoints2\{fc50d8ea-b587-11dd-b579-d42f6e3e9e72}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{fc50d8fd-b587-11dd-b579-d42f6e3e9e72}\Shell - "" = AutoRun
O33 - MountPoints2\{fc50d8fd-b587-11dd-b579-d42f6e3e9e72}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{fc50d8fe-b587-11dd-b579-d42f6e3e9e72}\Shell - "" = AutoRun
O33 - MountPoints2\{fc50d8fe-b587-11dd-b579-d42f6e3e9e72}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (www)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.15 13:55:07 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\sandra\Desktop\OTL.exe
[2012.03.12 17:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.11 00:12:43 | 000,000,000 | ---D | C] -- C:\Users\sandra\AppData\Roaming\Malwarebytes
[2012.03.11 00:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.11 00:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.11 00:09:32 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.11 00:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.15 14:01:09 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.15 13:55:19 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\sandra\Desktop\OTL.exe
[2012.03.15 12:36:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.15 12:36:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.15 08:42:59 | 000,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.15 08:42:59 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.15 08:42:59 | 000,123,852 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.15 08:42:59 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.15 08:36:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.15 08:36:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.15 08:35:33 | 2145,361,920 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.14 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2012.03.14 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2012.03.13 08:40:43 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2012.03.12 14:12:03 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\DriverCure.job
[2012.03.11 21:39:20 | 000,173,056 | ---- | M] () -- C:\Users\sandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.11 00:09:51 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.08 03:03:52 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012.03.08 03:03:52 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012.03.08 03:03:39 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.02.27 16:11:33 | 000,248,749 | ---- | M] () -- C:\Users\sandra\Documents\Lebenslauf_Sandra_Toth.pdf
[2012.02.19 18:08:08 | 000,379,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.03.11 00:09:51 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.10 23:40:18 | 2145,361,920 | -HS- | C] () -- C:\hiberfil.sys
[2012.03.08 03:03:39 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.02.27 16:11:32 | 000,248,749 | ---- | C] () -- C:\Users\sandra\Documents\Lebenslauf_Sandra_Toth.pdf
[2011.12.16 03:35:06 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.10.06 18:19:09 | 000,000,106 | ---- | C] () -- C:\Windows\GKMENS3D.INI
[2011.10.06 18:18:53 | 000,113,445 | ---- | C] () -- C:\Windows\GKM30DEI.EXE
[2011.02.17 15:53:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== LOP Check ==========
 
[2009.02.18 18:01:57 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Alice Systems
[2009.11.16 03:25:49 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\DriverCure
[2011.11.09 23:38:04 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Ekloy
[2008.11.05 18:46:03 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\ICQ
[2011.12.16 11:08:09 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Ynzied
[2012.03.12 14:12:03 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\DriverCure.job
[2012.03.14 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2012.03.14 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2012.03.13 08:40:43 | 000,000,418 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
[2012.03.12 14:13:24 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.05.14 19:57:15 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Adobe
[2009.02.18 18:01:57 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Alice Systems
[2009.11.27 15:54:17 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Apple Computer
[2008.11.05 14:35:15 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\ATI
[2008.11.06 16:06:52 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\CyberLink
[2008.11.05 14:32:48 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Dell
[2009.09.30 05:16:35 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\DivX
[2009.11.16 03:25:49 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\DriverCure
[2010.12.07 08:24:01 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\dvdcss
[2011.11.09 23:38:04 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Ekloy
[2008.11.05 18:46:03 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\ICQ
[2008.11.05 14:34:48 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Identities
[2009.12.29 19:57:00 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\InstallShield
[2008.11.05 14:47:47 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Macromedia
[2012.03.11 00:12:43 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Media Center Programs
[2008.11.05 19:32:06 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Media Player Classic
[2011.08.31 19:10:49 | 000,000,000 | --SD | M] -- C:\Users\sandra\AppData\Roaming\Microsoft
[2008.11.05 15:13:40 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Mozilla
[2010.03.01 16:12:52 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Real
[2012.03.12 21:56:40 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Skype
[2011.10.22 17:01:50 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\skypePM
[2008.11.05 14:35:21 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Symantec
[2011.02.16 16:16:18 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\vlc
[2008.11.05 19:07:32 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Winamp
[2009.01.21 11:18:34 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\WinRAR
[2011.12.16 11:08:09 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Ynzied
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.10.31 02:56:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008.10.31 02:56:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.10.31 02:56:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.10.31 02:56:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.09.29 23:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2008.03.11 07:44:12 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Drivers\storage\R180982\iastor.sys
[2008.03.11 07:44:12 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\drivers\iaStor.sys
[2008.03.11 07:44:12 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys
[2008.03.11 07:44:12 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_ec8a8d1b\iaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.05.04 09:42:16 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
[2008.08.05 13:16:20 | 000,055,808 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\bcmwlrmt.dll
[2012.03.08 03:03:39 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2012.03.08 03:03:39 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
 
<           >

< End of report >
         
--- --- ---



Danke und lieben Gruß


Alt 15.03.2012, 23:31   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Virus nach Systemwiederherstellung weg? - Standard

BKA Virus nach Systemwiederherstellung weg?



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = DELL - Offizielle Seite | Dell Österreich
IE - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.at/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
[2010.05.06 10:25:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sandra\AppData\Roaming\mozilla\Firefox\Profiles\51uoo4lk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{030e3481-5cb5-11de-9d7a-00217082d29c}\Shell - "" = AutoRun
O33 - MountPoints2\{030e3481-5cb5-11de-9d7a-00217082d29c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{030e3482-5cb5-11de-9d7a-00217082d29c}\Shell - "" = AutoRun
O33 - MountPoints2\{030e3482-5cb5-11de-9d7a-00217082d29c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8b31ec2c-4077-11e1-91d0-00217082d29c}\Shell - "" = AutoRun
O33 - MountPoints2\{8b31ec2c-4077-11e1-91d0-00217082d29c}\Shell\AutoRun\command - "" = F:\AutoLcd209x.exe
O33 - MountPoints2\{fc50d8ea-b587-11dd-b579-d42f6e3e9e72}\Shell - "" = AutoRun
O33 - MountPoints2\{fc50d8ea-b587-11dd-b579-d42f6e3e9e72}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{fc50d8fd-b587-11dd-b579-d42f6e3e9e72}\Shell - "" = AutoRun
O33 - MountPoints2\{fc50d8fd-b587-11dd-b579-d42f6e3e9e72}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{fc50d8fe-b587-11dd-b579-d42f6e3e9e72}\Shell - "" = AutoRun
O33 - MountPoints2\{fc50d8fe-b587-11dd-b579-d42f6e3e9e72}\Shell\AutoRun\command - "" = F:\AutoRun.exe
[2011.11.09 23:38:04 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Ekloy
[2011.12.16 11:08:09 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Ynzied
[2012.03.12 14:12:03 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\DriverCure.job
[2012.03.14 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2012.03.14 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2012.03.13 08:40:43 | 000,000,418 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
--> BKA Virus nach Systemwiederherstellung weg?

Alt 16.03.2012, 09:59   #7
med21
 
BKA Virus nach Systemwiederherstellung weg? - Standard

BKA Virus nach Systemwiederherstellung weg?



ebenfalls durchgeführt!

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKEY_USERS\S-1-5-21-3495034231-3606071678-3502338459-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3495034231-3606071678-3502338459-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Prefs.js: "Bing" removed from browser.search.defaultenginename
Prefs.js: "hxxp://www.bing.com/search?FORM=IEFM1&q=" removed from browser.search.defaulturl
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.google.at/firefox?client=firefox-a&rls=org.mozilla:de:official" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0\ not found.
File C:\Program Files\DivX\DivX Web Player\npdivx32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ not found.
File C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll not found.
Folder C:\Users\sandra\AppData\Roaming\mozilla\Firefox\Profiles\51uoo4lk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ not found.
File C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.
File C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-3495034231-3606071678-3502338459-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-3495034231-3606071678-3502338459-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent not found.
File C:\Program Files\Winamp\winampa.exe not found.
Registry value HKEY_USERS\S-1-5-21-3495034231-3606071678-3502338459-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MsnMsgr not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{030e3481-5cb5-11de-9d7a-00217082d29c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{030e3481-5cb5-11de-9d7a-00217082d29c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{030e3481-5cb5-11de-9d7a-00217082d29c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{030e3481-5cb5-11de-9d7a-00217082d29c}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{030e3482-5cb5-11de-9d7a-00217082d29c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{030e3482-5cb5-11de-9d7a-00217082d29c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{030e3482-5cb5-11de-9d7a-00217082d29c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{030e3482-5cb5-11de-9d7a-00217082d29c}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b31ec2c-4077-11e1-91d0-00217082d29c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b31ec2c-4077-11e1-91d0-00217082d29c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b31ec2c-4077-11e1-91d0-00217082d29c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b31ec2c-4077-11e1-91d0-00217082d29c}\ not found.
File F:\AutoLcd209x.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc50d8ea-b587-11dd-b579-d42f6e3e9e72}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc50d8ea-b587-11dd-b579-d42f6e3e9e72}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc50d8ea-b587-11dd-b579-d42f6e3e9e72}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc50d8ea-b587-11dd-b579-d42f6e3e9e72}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc50d8fd-b587-11dd-b579-d42f6e3e9e72}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc50d8fd-b587-11dd-b579-d42f6e3e9e72}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc50d8fd-b587-11dd-b579-d42f6e3e9e72}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc50d8fd-b587-11dd-b579-d42f6e3e9e72}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc50d8fe-b587-11dd-b579-d42f6e3e9e72}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc50d8fe-b587-11dd-b579-d42f6e3e9e72}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc50d8fe-b587-11dd-b579-d42f6e3e9e72}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc50d8fe-b587-11dd-b579-d42f6e3e9e72}\ not found.
File F:\AutoRun.exe not found.
Folder C:\Users\sandra\AppData\Roaming\Ekloy\ not found.
Folder C:\Users\sandra\AppData\Roaming\Ynzied\ not found.
File C:\Windows\Tasks\DriverCure.job not found.
File C:\Windows\Tasks\ParetoLogic Registration.job not found.
File C:\Windows\Tasks\ParetoLogic Registration3.job not found.
File C:\Windows\Tasks\ParetoLogic Update Version2.job not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
 
User: Public
 
User: sandra
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 472134314 bytes
->Java cache emptied: 61078956 bytes
->FireFox cache emptied: 46736191 bytes
->Apple Safari cache emptied: 730112 bytes
->Flash cache emptied: 134878 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2075727797 bytes
RecycleBin emptied: 9604654353 bytes
 
Total Files Cleaned = 11.693,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.37.0 log created on 03162012_094849

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Danke für die Mühe

Geändert von cosinus (19.03.2012 um 16:09 Uhr) Grund: CODE-Tags

Alt 16.03.2012, 16:56   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Virus nach Systemwiederherstellung weg? - Standard

BKA Virus nach Systemwiederherstellung weg?



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 18.03.2012, 08:53   #9
med21
 
BKA Virus nach Systemwiederherstellung weg? - Standard

BKA Virus nach Systemwiederherstellung weg?



ich glaube das sieht ganz gut aus oder?

Code:
ATTFilter
08:50:54.0427 3056	TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
08:50:54.0694 3056	============================================================
08:50:54.0694 3056	Current date / time: 2012/03/18 08:50:54.0694
08:50:54.0694 3056	SystemInfo:
08:50:54.0694 3056	
08:50:54.0695 3056	OS Version: 6.0.6002 ServicePack: 2.0
08:50:54.0695 3056	Product type: Workstation
08:50:54.0695 3056	ComputerName: DELL
08:50:54.0695 3056	UserName: sandra
08:50:54.0695 3056	Windows directory: C:\Windows
08:50:54.0695 3056	System windows directory: C:\Windows
08:50:54.0695 3056	Processor architecture: Intel x86
08:50:54.0695 3056	Number of processors: 2
08:50:54.0695 3056	Page size: 0x1000
08:50:54.0695 3056	Boot type: Normal boot
08:50:54.0695 3056	============================================================
08:50:55.0421 3056	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:50:55.0425 3056	\Device\Harddisk0\DR0:
08:50:55.0425 3056	MBR used
08:50:55.0425 3056	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x47000, BlocksNum 0x1400000
08:50:55.0425 3056	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1447000, BlocksNum 0x115D2000
08:50:55.0538 3056	Initialize success
08:50:55.0538 3056	============================================================
08:51:45.0609 1604	============================================================
08:51:45.0609 1604	Scan started
08:51:45.0609 1604	Mode: Manual; SigCheck; TDLFS; 
08:51:45.0609 1604	============================================================
08:51:49.0311 1604	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
08:51:49.0496 1604	ACPI - ok
08:51:49.0644 1604	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
08:51:49.0693 1604	adp94xx - ok
08:51:49.0783 1604	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
08:51:49.0811 1604	adpahci - ok
08:51:49.0874 1604	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
08:51:49.0895 1604	adpu160m - ok
08:51:49.0929 1604	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
08:51:49.0951 1604	adpu320 - ok
08:51:50.0115 1604	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
08:51:50.0199 1604	AFD - ok
08:51:50.0323 1604	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
08:51:50.0341 1604	agp440 - ok
08:51:50.0377 1604	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
08:51:50.0398 1604	aic78xx - ok
08:51:50.0436 1604	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
08:51:50.0452 1604	aliide - ok
08:51:50.0488 1604	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
08:51:50.0506 1604	amdagp - ok
08:51:50.0546 1604	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
08:51:50.0563 1604	amdide - ok
08:51:50.0617 1604	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
08:51:50.0688 1604	AmdK7 - ok
08:51:50.0723 1604	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
08:51:50.0793 1604	AmdK8 - ok
08:51:50.0867 1604	ApfiltrService  (1de27858a431a5749e0f3df54ba935b9) C:\Windows\system32\DRIVERS\Apfiltr.sys
08:51:50.0920 1604	ApfiltrService - ok
08:51:51.0035 1604	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
08:51:51.0055 1604	arc - ok
08:51:51.0125 1604	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
08:51:51.0145 1604	arcsas - ok
08:51:51.0219 1604	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
08:51:51.0296 1604	AsyncMac - ok
08:51:51.0352 1604	atapi           (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
08:51:51.0370 1604	atapi - ok
08:51:51.0576 1604	atikmdag        (be4d8fdc6b2598c46b2b5e6e4fbaafc5) C:\Windows\system32\DRIVERS\atikmdag.sys
08:51:51.0865 1604	atikmdag - ok
08:51:52.0020 1604	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
08:51:52.0039 1604	avgntflt - ok
08:51:52.0068 1604	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
08:51:52.0087 1604	avipbb - ok
08:51:52.0144 1604	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
08:51:52.0159 1604	avkmgr - ok
08:51:52.0257 1604	BCM42RLY        (7bd70aeed0d975285a1b20bd012ebf4e) C:\Windows\system32\drivers\BCM42RLY.sys
08:51:52.0271 1604	BCM42RLY - ok
08:51:52.0402 1604	BCM43XX         (fa6707a346cd122407f3b0bad1c47639) C:\Windows\system32\DRIVERS\bcmwl6.sys
08:51:52.0565 1604	BCM43XX - ok
08:51:52.0682 1604	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
08:51:52.0751 1604	Beep - ok
08:51:52.0840 1604	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
08:51:52.0901 1604	blbdrive - ok
08:51:53.0026 1604	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
08:51:53.0078 1604	bowser - ok
08:51:53.0153 1604	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
08:51:53.0211 1604	BrFiltLo - ok
08:51:53.0245 1604	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
08:51:53.0308 1604	BrFiltUp - ok
08:51:53.0347 1604	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
08:51:53.0445 1604	Brserid - ok
08:51:53.0477 1604	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
08:51:53.0584 1604	BrSerWdm - ok
08:51:53.0616 1604	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
08:51:53.0714 1604	BrUsbMdm - ok
08:51:53.0750 1604	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
08:51:53.0842 1604	BrUsbSer - ok
08:51:53.0875 1604	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
08:51:53.0966 1604	BTHMODEM - ok
08:51:54.0005 1604	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
08:51:54.0074 1604	cdfs - ok
08:51:54.0131 1604	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
08:51:54.0166 1604	cdrom - ok
08:51:54.0193 1604	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
08:51:54.0254 1604	circlass - ok
08:51:54.0299 1604	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
08:51:54.0327 1604	CLFS - ok
08:51:54.0387 1604	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
08:51:54.0450 1604	CmBatt - ok
08:51:54.0481 1604	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
08:51:54.0498 1604	cmdide - ok
08:51:54.0512 1604	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
08:51:54.0530 1604	Compbatt - ok
08:51:54.0548 1604	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
08:51:54.0566 1604	crcdisk - ok
08:51:54.0593 1604	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
08:51:54.0636 1604	Crusoe - ok
08:51:54.0723 1604	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
08:51:54.0774 1604	DfsC - ok
08:51:54.0869 1604	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
08:51:54.0890 1604	disk - ok
08:51:54.0950 1604	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
08:51:55.0006 1604	drmkaud - ok
08:51:55.0083 1604	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
08:51:55.0137 1604	DXGKrnl - ok
08:51:55.0180 1604	e1express       (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
08:51:55.0228 1604	e1express - ok
08:51:55.0268 1604	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
08:51:55.0341 1604	E1G60 - ok
08:51:55.0408 1604	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
08:51:55.0432 1604	Ecache - ok
08:51:55.0491 1604	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
08:51:55.0525 1604	elxstor - ok
08:51:55.0562 1604	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
08:51:55.0631 1604	ErrDev - ok
08:51:55.0711 1604	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
08:51:55.0737 1604	exfat - ok
08:51:55.0770 1604	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
08:51:55.0834 1604	fastfat - ok
08:51:55.0870 1604	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
08:51:55.0932 1604	fdc - ok
08:51:55.0975 1604	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
08:51:55.0993 1604	FileInfo - ok
08:51:56.0021 1604	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
08:51:56.0085 1604	Filetrace - ok
08:51:56.0126 1604	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
08:51:56.0190 1604	flpydisk - ok
08:51:56.0247 1604	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
08:51:56.0272 1604	FltMgr - ok
08:51:56.0329 1604	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
08:51:56.0382 1604	Fs_Rec - ok
08:51:56.0416 1604	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
08:51:56.0435 1604	gagp30kx - ok
08:51:56.0461 1604	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:51:56.0475 1604	GEARAspiWDM - ok
08:51:56.0559 1604	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
08:51:56.0612 1604	HdAudAddService - ok
08:51:56.0670 1604	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:51:56.0776 1604	HDAudBus - ok
08:51:56.0825 1604	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
08:51:56.0921 1604	HidBth - ok
08:51:56.0967 1604	HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
08:51:56.0999 1604	HidIr - ok
08:51:57.0053 1604	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
08:51:57.0106 1604	HidUsb - ok
08:51:57.0144 1604	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
08:51:57.0163 1604	HpCISSs - ok
08:51:57.0237 1604	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
08:51:57.0316 1604	HTTP - ok
08:51:57.0384 1604	hwdatacard      (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys
08:51:57.0448 1604	hwdatacard - ok
08:51:57.0468 1604	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
08:51:57.0486 1604	i2omp - ok
08:51:57.0542 1604	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
08:51:57.0602 1604	i8042prt - ok
08:51:57.0681 1604	iaStor          (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys
08:51:57.0701 1604	iaStor - ok
08:51:57.0734 1604	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
08:51:57.0759 1604	iaStorV - ok
08:51:57.0783 1604	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
08:51:57.0800 1604	iirsp - ok
08:51:57.0856 1604	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
08:51:57.0874 1604	intelide - ok
08:51:57.0903 1604	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
08:51:57.0967 1604	intelppm - ok
08:51:58.0007 1604	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:51:58.0069 1604	IpFilterDriver - ok
08:51:58.0085 1604	IpInIp - ok
08:51:58.0118 1604	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
08:51:58.0184 1604	IPMIDRV - ok
08:51:58.0214 1604	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
08:51:58.0282 1604	IPNAT - ok
08:51:58.0352 1604	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
08:51:58.0416 1604	IRENUM - ok
08:51:58.0459 1604	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
08:51:58.0477 1604	isapnp - ok
08:51:58.0517 1604	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
08:51:58.0539 1604	iScsiPrt - ok
08:51:58.0602 1604	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
08:51:58.0619 1604	iteatapi - ok
08:51:58.0753 1604	itecir          (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys
08:51:58.0772 1604	itecir - ok
08:51:58.0807 1604	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
08:51:58.0824 1604	iteraid - ok
08:51:58.0874 1604	k57nd60x        (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys
08:51:58.0926 1604	k57nd60x - ok
08:51:58.0963 1604	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
08:51:58.0980 1604	kbdclass - ok
08:51:59.0012 1604	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
08:51:59.0044 1604	kbdhid - ok
08:51:59.0106 1604	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
08:51:59.0156 1604	KSecDD - ok
08:51:59.0213 1604	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
08:51:59.0279 1604	lltdio - ok
08:51:59.0319 1604	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
08:51:59.0339 1604	LSI_FC - ok
08:51:59.0359 1604	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
08:51:59.0379 1604	LSI_SAS - ok
08:51:59.0423 1604	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
08:51:59.0443 1604	LSI_SCSI - ok
08:51:59.0466 1604	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
08:51:59.0532 1604	luafv - ok
08:51:59.0591 1604	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
08:51:59.0604 1604	MBAMProtector - ok
08:51:59.0637 1604	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
08:51:59.0655 1604	megasas - ok
08:51:59.0695 1604	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
08:51:59.0730 1604	MegaSR - ok
08:51:59.0862 1604	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
08:51:59.0929 1604	Modem - ok
08:51:59.0955 1604	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
08:52:00.0048 1604	monitor - ok
08:52:00.0084 1604	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
08:52:00.0101 1604	mouclass - ok
08:52:00.0124 1604	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
08:52:00.0166 1604	mouhid - ok
08:52:00.0185 1604	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
08:52:00.0204 1604	MountMgr - ok
08:52:00.0252 1604	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
08:52:00.0278 1604	mpio - ok
08:52:00.0307 1604	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
08:52:00.0362 1604	mpsdrv - ok
08:52:00.0400 1604	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
08:52:00.0418 1604	Mraid35x - ok
08:52:00.0460 1604	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
08:52:00.0506 1604	MRxDAV - ok
08:52:00.0561 1604	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:52:00.0585 1604	mrxsmb - ok
08:52:00.0642 1604	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:52:00.0691 1604	mrxsmb10 - ok
08:52:00.0708 1604	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:52:00.0742 1604	mrxsmb20 - ok
08:52:00.0788 1604	msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
08:52:00.0840 1604	msahci - ok
08:52:00.0876 1604	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
08:52:00.0896 1604	msdsm - ok
08:52:00.0927 1604	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
08:52:00.0991 1604	Msfs - ok
08:52:01.0034 1604	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
08:52:01.0052 1604	msisadrv - ok
08:52:01.0093 1604	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
08:52:01.0157 1604	MSKSSRV - ok
08:52:01.0200 1604	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
08:52:01.0268 1604	MSPCLOCK - ok
08:52:01.0301 1604	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
08:52:01.0375 1604	MSPQM - ok
08:52:01.0432 1604	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
08:52:01.0457 1604	MsRPC - ok
08:52:01.0484 1604	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
08:52:01.0500 1604	mssmbios - ok
08:52:01.0522 1604	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
08:52:01.0585 1604	MSTEE - ok
08:52:01.0621 1604	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
08:52:01.0641 1604	Mup - ok
08:52:01.0696 1604	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
08:52:01.0724 1604	NativeWifiP - ok
08:52:01.0818 1604	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
08:52:01.0854 1604	NDIS - ok
08:52:01.0894 1604	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
08:52:01.0954 1604	NdisTapi - ok
08:52:02.0031 1604	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
08:52:02.0073 1604	Ndisuio - ok
08:52:02.0119 1604	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
08:52:02.0184 1604	NdisWan - ok
08:52:02.0219 1604	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
08:52:02.0281 1604	NDProxy - ok
08:52:02.0320 1604	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
08:52:02.0384 1604	NetBIOS - ok
08:52:02.0439 1604	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
08:52:02.0476 1604	netbt - ok
08:52:02.0512 1604	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
08:52:02.0530 1604	nfrd960 - ok
08:52:02.0562 1604	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
08:52:02.0596 1604	Npfs - ok
08:52:02.0628 1604	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
08:52:02.0698 1604	nsiproxy - ok
08:52:02.0780 1604	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
08:52:02.0934 1604	Ntfs - ok
08:52:02.0961 1604	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
08:52:03.0032 1604	ntrigdigi - ok
08:52:03.0067 1604	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
08:52:03.0133 1604	Null - ok
08:52:03.0166 1604	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
08:52:03.0187 1604	nvraid - ok
08:52:03.0215 1604	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
08:52:03.0233 1604	nvstor - ok
08:52:03.0255 1604	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
08:52:03.0276 1604	nv_agp - ok
08:52:03.0289 1604	NwlnkFlt - ok
08:52:03.0306 1604	NwlnkFwd - ok
08:52:03.0346 1604	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
08:52:03.0402 1604	ohci1394 - ok
08:52:03.0492 1604	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
08:52:03.0587 1604	Parport - ok
08:52:03.0638 1604	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
08:52:03.0658 1604	partmgr - ok
08:52:03.0682 1604	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
08:52:03.0778 1604	Parvdm - ok
08:52:03.0833 1604	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
08:52:03.0855 1604	pci - ok
08:52:03.0882 1604	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
08:52:03.0900 1604	pciide - ok
08:52:03.0932 1604	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
08:52:03.0955 1604	pcmcia - ok
08:52:04.0003 1604	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
08:52:04.0166 1604	PEAUTH - ok
08:52:04.0238 1604	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
08:52:04.0300 1604	PptpMiniport - ok
08:52:04.0332 1604	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
08:52:04.0403 1604	Processor - ok
08:52:04.0443 1604	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
08:52:04.0503 1604	PSched - ok
08:52:04.0548 1604	PxHelp20        (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
08:52:04.0564 1604	PxHelp20 - ok
08:52:04.0625 1604	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
08:52:04.0724 1604	ql2300 - ok
08:52:04.0754 1604	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
08:52:04.0774 1604	ql40xx - ok
08:52:04.0845 1604	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
08:52:04.0884 1604	QWAVEdrv - ok
08:52:05.0025 1604	R300            (be4d8fdc6b2598c46b2b5e6e4fbaafc5) C:\Windows\system32\DRIVERS\atikmdag.sys
08:52:05.0191 1604	R300 - ok
08:52:05.0221 1604	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
08:52:05.0261 1604	RasAcd - ok
08:52:05.0291 1604	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:52:05.0362 1604	Rasl2tp - ok
08:52:05.0420 1604	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
08:52:05.0472 1604	RasPppoe - ok
08:52:05.0512 1604	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
08:52:05.0536 1604	RasSstp - ok
08:52:05.0569 1604	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
08:52:05.0608 1604	rdbss - ok
08:52:05.0642 1604	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:52:05.0683 1604	RDPCDD - ok
08:52:05.0718 1604	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
08:52:05.0767 1604	rdpdr - ok
08:52:05.0811 1604	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
08:52:05.0853 1604	RDPENCDD - ok
08:52:05.0915 1604	RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
08:52:05.0979 1604	RDPWD - ok
08:52:06.0022 1604	rimmptsk        (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
08:52:06.0067 1604	rimmptsk - ok
08:52:06.0101 1604	rimsptsk        (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
08:52:06.0149 1604	rimsptsk - ok
08:52:06.0184 1604	rismxdp         (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
08:52:06.0222 1604	rismxdp - ok
08:52:06.0274 1604	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
08:52:06.0316 1604	rspndr - ok
08:52:06.0342 1604	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
08:52:06.0361 1604	sbp2port - ok
08:52:06.0403 1604	sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
08:52:06.0465 1604	sdbus - ok
08:52:06.0517 1604	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
08:52:06.0590 1604	secdrv - ok
08:52:06.0621 1604	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
08:52:06.0694 1604	Serenum - ok
08:52:06.0722 1604	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
08:52:06.0820 1604	Serial - ok
08:52:06.0835 1604	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
08:52:06.0878 1604	sermouse - ok
08:52:06.0934 1604	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
08:52:06.0967 1604	sffdisk - ok
08:52:06.0990 1604	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
08:52:07.0031 1604	sffp_mmc - ok
08:52:07.0062 1604	sffp_sd         (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
08:52:07.0096 1604	sffp_sd - ok
08:52:07.0121 1604	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
08:52:07.0238 1604	sfloppy - ok
08:52:07.0284 1604	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
08:52:07.0302 1604	sisagp - ok
08:52:07.0324 1604	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
08:52:07.0342 1604	SiSRaid2 - ok
08:52:07.0370 1604	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
08:52:07.0389 1604	SiSRaid4 - ok
08:52:07.0438 1604	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
08:52:07.0473 1604	Smb - ok
08:52:07.0635 1604	SNP2UVC         (e1f5f9fbf8a2cfed174e4ec38a358b93) C:\Windows\system32\DRIVERS\snp2uvc.sys
08:52:08.0127 1604	SNP2UVC - ok
08:52:08.0227 1604	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
08:52:08.0244 1604	spldr - ok
08:52:08.0344 1604	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
08:52:08.0466 1604	srv - ok
08:52:08.0517 1604	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
08:52:08.0596 1604	srv2 - ok
08:52:08.0634 1604	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
08:52:08.0677 1604	srvnet - ok
08:52:08.0734 1604	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
08:52:08.0750 1604	ssmdrv - ok
08:52:08.0815 1604	STHDA           (d4ae2486c4290054b8d6f1adc4bad7fd) C:\Windows\system32\DRIVERS\stwrt.sys
08:52:08.0895 1604	STHDA - ok
08:52:08.0968 1604	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
08:52:08.0985 1604	swenum - ok
08:52:09.0008 1604	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
08:52:09.0025 1604	Symc8xx - ok
08:52:09.0045 1604	SymIM - ok
08:52:09.0063 1604	SymIMMP - ok
08:52:09.0096 1604	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
08:52:09.0113 1604	Sym_hi - ok
08:52:09.0139 1604	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
08:52:09.0156 1604	Sym_u3 - ok
08:52:09.0241 1604	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
08:52:09.0332 1604	Tcpip - ok
08:52:09.0381 1604	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
08:52:09.0455 1604	Tcpip6 - ok
08:52:09.0497 1604	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
08:52:09.0528 1604	tcpipreg - ok
08:52:09.0559 1604	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
08:52:09.0641 1604	TDPIPE - ok
08:52:09.0676 1604	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
08:52:09.0717 1604	TDTCP - ok
08:52:09.0754 1604	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
08:52:09.0813 1604	tdx - ok
08:52:09.0872 1604	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
08:52:09.0892 1604	TermDD - ok
08:52:09.0959 1604	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:52:10.0025 1604	tssecsrv - ok
08:52:10.0066 1604	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
08:52:10.0088 1604	tunmp - ok
08:52:10.0110 1604	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
08:52:10.0132 1604	tunnel - ok
08:52:10.0163 1604	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
08:52:10.0182 1604	uagp35 - ok
08:52:10.0232 1604	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
08:52:10.0271 1604	udfs - ok
08:52:10.0313 1604	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
08:52:10.0332 1604	uliagpkx - ok
08:52:10.0359 1604	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
08:52:10.0384 1604	uliahci - ok
08:52:10.0410 1604	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
08:52:10.0430 1604	UlSata - ok
08:52:10.0462 1604	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
08:52:10.0482 1604	ulsata2 - ok
08:52:10.0512 1604	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
08:52:10.0574 1604	umbus - ok
08:52:10.0649 1604	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
08:52:10.0729 1604	USBAAPL - ok
08:52:10.0780 1604	usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
08:52:10.0836 1604	usbaudio - ok
08:52:10.0877 1604	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
08:52:10.0941 1604	usbccgp - ok
08:52:10.0978 1604	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
08:52:11.0077 1604	usbcir - ok
08:52:11.0124 1604	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
08:52:11.0181 1604	usbehci - ok
08:52:11.0225 1604	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
08:52:11.0264 1604	usbhub - ok
08:52:11.0285 1604	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
08:52:11.0376 1604	usbohci - ok
08:52:11.0413 1604	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
08:52:11.0456 1604	usbprint - ok
08:52:11.0479 1604	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
08:52:11.0513 1604	usbscan - ok
08:52:11.0542 1604	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:52:11.0603 1604	USBSTOR - ok
08:52:11.0647 1604	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
08:52:11.0708 1604	usbuhci - ok
08:52:11.0818 1604	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
08:52:11.0864 1604	usbvideo - ok
08:52:11.0911 1604	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
08:52:11.0954 1604	vga - ok
08:52:11.0976 1604	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
08:52:12.0017 1604	VgaSave - ok
08:52:12.0043 1604	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
08:52:12.0061 1604	viaagp - ok
08:52:12.0089 1604	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
08:52:12.0131 1604	ViaC7 - ok
08:52:12.0157 1604	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
08:52:12.0174 1604	viaide - ok
08:52:12.0207 1604	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
08:52:12.0226 1604	volmgr - ok
08:52:12.0277 1604	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
08:52:12.0307 1604	volmgrx - ok
08:52:12.0332 1604	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
08:52:12.0359 1604	volsnap - ok
08:52:12.0386 1604	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
08:52:12.0407 1604	vsmraid - ok
08:52:12.0457 1604	VSTHWBS2        (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
08:52:12.0507 1604	VSTHWBS2 - ok
08:52:12.0561 1604	VST_DPV         (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
08:52:12.0692 1604	VST_DPV - ok
08:52:12.0736 1604	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
08:52:12.0830 1604	WacomPen - ok
08:52:12.0871 1604	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
08:52:12.0904 1604	Wanarp - ok
08:52:12.0925 1604	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
08:52:12.0959 1604	Wanarpv6 - ok
08:52:12.0990 1604	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
08:52:13.0007 1604	Wd - ok
08:52:13.0047 1604	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
08:52:13.0123 1604	Wdf01000 - ok
08:52:13.0199 1604	winachsf        (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
08:52:13.0351 1604	winachsf - ok
08:52:13.0419 1604	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:52:13.0476 1604	WmiAcpi - ok
08:52:13.0552 1604	WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
08:52:13.0586 1604	WpdUsb - ok
08:52:13.0608 1604	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
08:52:13.0676 1604	ws2ifsl - ok
08:52:13.0723 1604	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:52:13.0785 1604	WUDFRd - ok
08:52:13.0883 1604	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
08:52:14.0137 1604	\Device\Harddisk0\DR0 - ok
08:52:14.0165 1604	Boot (0x1200)   (5f2548caf5385e5d72cdafef5cc65882) \Device\Harddisk0\DR0\Partition0
08:52:14.0167 1604	\Device\Harddisk0\DR0\Partition0 - ok
08:52:14.0172 1604	Boot (0x1200)   (bd8ff35c2199316ec646e709629401c6) \Device\Harddisk0\DR0\Partition1
08:52:14.0174 1604	\Device\Harddisk0\DR0\Partition1 - ok
08:52:14.0178 1604	============================================================
08:52:14.0178 1604	Scan finished
08:52:14.0178 1604	============================================================
08:52:14.0193 4204	Detected object count: 0
08:52:14.0193 4204	Actual detected object count: 0
         

Liebe Grüße

Geändert von cosinus (19.03.2012 um 16:08 Uhr) Grund: CODE-Tags gesetzt

Alt 19.03.2012, 16:08   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Virus nach Systemwiederherstellung weg? - Standard

BKA Virus nach Systemwiederherstellung weg?



Du solltest die Logs in CODE-Tags posten!!


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.03.2012, 18:26   #11
med21
 
BKA Virus nach Systemwiederherstellung weg? - Standard

BKA Virus nach Systemwiederherstellung weg?



Zitat:
Du solltest die Logs in CODE-Tags posten!!
sorry aber ich habe leider keinen plan wie das funktioniert....

Alt 19.03.2012, 18:33   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Virus nach Systemwiederherstellung weg? - Standard

BKA Virus nach Systemwiederherstellung weg?



Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.03.2012, 16:25   #13
med21
 
BKA Virus nach Systemwiederherstellung weg? - Standard

BKA Virus nach Systemwiederherstellung weg?



so habe jetzt Combofix ausgeführt:
[code]^Combofix Logfile:
Code:
ATTFilter
ComboFix 12-03-29.02 - sandra 29.03.2012  15:22:34.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.2045.983 [GMT 2:00]
ausgeführt von:: c:\users\sandra\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Dell
c:\programdata\Dell\DellDock\error_log.txt
c:\programdata\Dell\DellDock\uninstaller.exe
c:\programdata\Dell\DSL\DSLCheck.exe
.
---- Vorheriger Suchlauf -------
.
c:\programdata\Dell\DellDock\AddlDefaultShortcuts\bob internet installieren.lnk.xml
c:\programdata\Dell\DellDock\AddlDefaultShortcuts\bob internet.lnk.xml
c:\programdata\Dell\DellDock\AddlDefaultShortcuts\DivX Player.lnk.xml
c:\programdata\Dell\DellDock\AddlDefaultShortcuts\Mein 3DataManager.lnk.xml
c:\programdata\Dell\DellDock\AddlDefaultShortcuts\QuickTime Player.lnk.xml
c:\programdata\Dell\DellDock\AddlDefaultShortcuts\Winamp.lnk.xml
c:\programdata\Dell\DellDock\BaseCategories.xml
c:\programdata\Dell\DellDock\BaseDesktopExclusions.xml
c:\programdata\Dell\DellDock\BaseSettings.xml
c:\programdata\Dell\DellDock\Default.lang.xml
c:\programdata\Dell\DellDock\images\aol_icon.jpg
c:\programdata\Dell\DellDock\images\datasafe_32x32.jpg
c:\programdata\Dell\DellDock\images\DellSupportCenter_icon.jpg
c:\programdata\Dell\DellDock\images\earthlink_icon.png
c:\programdata\Dell\DellDock\images\ebay_32x32.png
c:\programdata\Dell\DellDock\images\GDS_32x32.png
c:\programdata\Dell\DellDock\images\globe-32x32.png
c:\programdata\Dell\DellDock\images\McAfee_32x32.JPG
c:\programdata\Dell\DellDock\images\netzero_icon.png
c:\programdata\Dell\DellDock\images\norton_32x32.PNG
c:\programdata\Dell\DellDock\images\pccilin_32x32.png
c:\programdata\Dell\DellDock\images\wt.PNG
c:\programdata\Dell\DellDock\Shortcuts\emailchat-outlookmail.xml
c:\programdata\Dell\DellDock\Shortcuts\emailchat-sightspeed.xml
c:\programdata\Dell\DellDock\Shortcuts\emailchat-winmail.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-datasafe.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-datasafepctransfer.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-DellCustomize.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-DellNetworkAssistant.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-dellsportcenter.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-hybrid.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-nortonsave.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-ownermanual.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-pctuneup1.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-systemvideo.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-uninstaller.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-vistahelp.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-vistapctransfer.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-aol.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-bestofweb.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-betterto.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-bt.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-DellMobileBroadband.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-earthlink.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-internetexplorer.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-livewriter.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-netzero.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-tiscali.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\Shortcuts\music-adobesoundbooth.xml
c:\programdata\Dell\DellDock\Shortcuts\music-vistamediaplayer.xml
c:\programdata\Dell\DellDock\Shortcuts\office-msexcel.xml
c:\programdata\Dell\DellDock\Shortcuts\office-mspowerpoint.xml
c:\programdata\Dell\DellDock\Shortcuts\office-msword.xml
c:\programdata\Dell\DellDock\Shortcuts\office-worksspreadsheet.xml
c:\programdata\Dell\DellDock\Shortcuts\office-worksword.xml
c:\programdata\Dell\DellDock\Shortcuts\photos-adobephotoshop.xml
c:\programdata\Dell\DellDock\Shortcuts\photos-livephoto.xml
c:\programdata\Dell\DellDock\Shortcuts\photos-vistaphotogallery.xml
c:\programdata\Dell\DellDock\Shortcuts\photos-webcamm08.xml
c:\programdata\Dell\DellDock\Shortcuts\photos-webcamm09.xml
c:\programdata\Dell\DellDock\Shortcuts\security-facialrecognition.xml
c:\programdata\Dell\DellDock\Shortcuts\security-fingerprint.xml
c:\programdata\Dell\DellDock\Shortcuts\security-fingerprintm08.xml
c:\programdata\Dell\DellDock\Shortcuts\security-mcafee.xml
c:\programdata\Dell\DellDock\Shortcuts\security-norton2008.xml
c:\programdata\Dell\DellDock\Shortcuts\security-trend16.xml
c:\programdata\Dell\DellDock\Shortcuts\security-trendmicro.xml
c:\programdata\Dell\DellDock\Shortcuts\security-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-adobepremiere.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-roxio10.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-sightspeed.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-vistamediaplayer.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-vistamoviemaker.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-webcamm08.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-webcamm09.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-windowsmediacenter.xml
c:\programdata\Dell\DellDock\uninstaller.exe
c:\programdata\Dell\DellDock\uninstaller.xml
c:\programdata\Dell\DSCUpdates\dsc_2_2_08267.msp
c:\programdata\Dell\DSCUpdates\patch.log
c:\programdata\Dell\DSL\DSLCheck.exe
c:\programdata\Dell\HWDiags\PCDsysinfo.xml
c:\programdata\Dell\RMC\DataSafeDashBoard.xml
c:\users\Gast\AppData\Roaming\Dell
c:\users\sandra\AppData\Roaming\Adobe\plugs
c:\users\sandra\AppData\Roaming\Adobe\shed
c:\users\sandra\AppData\Roaming\Dell
c:\users\sandra\AppData\Roaming\Dell\DellDock\DockContents.xml
c:\users\sandra\AppData\Roaming\Dell\DellDock\DockContentsBackup.xml
C:\x86winc.bin
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-28 bis 2012-03-29  ))))))))))))))))))))))))))))))
.
.
2012-03-29 13:16 . 2012-03-20 01:53	6582328	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CF5B68B-3213-4E8D-AC9E-B203F8FDB5C3}\mpengine.dll
2012-03-29 13:00 . 2012-03-29 13:00	--------	d-----w-	c:\users\sandra\AppData\Local\Temp(25)
2012-03-19 09:32 . 2012-03-19 10:48	--------	d-----w-	c:\users\sandra\Mietzinsbeihilfe
2012-03-16 10:19 . 2012-03-16 10:19	--------	d-----w-	c:\users\sandra\AppData\Roaming\Avira
2012-03-16 10:12 . 2012-01-31 07:56	74640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-03-16 10:12 . 2012-01-31 07:56	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-03-16 10:12 . 2011-09-16 15:08	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-03-16 10:12 . 2012-03-16 10:12	--------	d-----w-	c:\program files\Avira
2012-03-16 09:55 . 2012-03-16 09:55	--------	d-----w-	c:\users\Default\AppData\Local\AskToolbar
2012-03-16 09:55 . 2012-03-16 09:55	--------	d-----w-	c:\program files\Ask.com
2012-03-16 09:54 . 2012-03-16 10:12	--------	d-----w-	c:\programdata\Avira
2012-03-16 07:54 . 2012-03-16 07:54	--------	d-----w-	C:\_OTL
2012-03-14 07:26 . 2012-02-02 15:16	2044416	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 07:26 . 2012-02-14 15:45	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-03-14 07:26 . 2012-02-13 14:12	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-03-14 07:26 . 2012-02-13 13:44	1068544	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 07:26 . 2012-02-14 15:45	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-03-14 07:26 . 2012-02-13 13:47	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-03-14 07:26 . 2012-01-09 15:54	613376	----a-w-	c:\windows\system32\rdpencom.dll
2012-03-14 07:26 . 2012-01-09 13:58	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-12 16:50 . 2012-03-12 16:50	--------	d-----w-	c:\program files\ESET
2012-03-10 23:12 . 2012-03-10 23:12	--------	d-----w-	c:\users\sandra\AppData\Roaming\Malwarebytes
2012-03-10 23:09 . 2012-03-10 23:09	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-10 23:09 . 2012-03-10 23:09	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-03-10 23:09 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-08 02:01 . 2012-03-08 02:01	979456	----a-w-	c:\windows\system32\MFH264Dec.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 07:18 . 2009-10-02 17:26	237072	------w-	c:\windows\system32\MpSigStub.exe
2007-07-26 15:01 . 2009-01-28 21:35	114688	----a-w-	c:\program files\internet explorer\plugins\ChimeShim.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-04 19:20	1514152	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-06-30 196608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-08-05 3563520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-26 206064]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-08-29 442460]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-26 662016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-04 1391272]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
c:\users\sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-3-17 1207376]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-30 17:42	10536	----a-w-	c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe [2008-08-29 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-22 13:46]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-22 13:46]
.
2012-03-20 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 21:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 195.34.133.21 195.34.133.22
FF - ProfilePath - c:\users\sandra\AppData\Roaming\Mozilla\Firefox\Profiles\51uoo4lk.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: All-in-One Gestures: {8b86149f-01fb-4842-9dd8-4d7eb02fd055} - %profile%\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-29 15:37
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-29  15:42:37 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-29 13:42
.
Vor Suchlauf: 11 Verzeichnis(se), 28.721.823.744 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 33.321.947.136 Bytes frei
.
- - End Of File - - 26542D0BD6DD49CAC9DDB3BFB713AE78
         
--- --- ---

Lg

Alt 29.03.2012, 19:37   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Virus nach Systemwiederherstellung weg? - Standard

BKA Virus nach Systemwiederherstellung weg?



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.03.2012, 20:52   #15
med21
 
BKA Virus nach Systemwiederherstellung weg? - Standard

BKA Virus nach Systemwiederherstellung weg?



GMER ist mir 2 mal abgstürzt...
Habe OSAM Log erstellt.

aswMBR.txt:
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-29 21:38:10
-----------------------------
21:38:10.757    OS Version: Windows 6.0.6002 Service Pack 2
21:38:10.757    Number of processors: 2 586 0xF0D
21:38:10.759    ComputerName: DELL  UserName: 
21:38:12.137    Initialize success
21:39:31.755    AVAST engine defs: 12032901
21:41:42.167    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:41:42.173    Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
21:41:42.229    Disk 0 MBR read successfully
21:41:42.236    Disk 0 MBR scan
21:41:42.247    Disk 0 Windows VISTA default MBR code
21:41:42.255    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0      141 MB offset 63
21:41:42.358    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10240 MB offset 290816
21:41:42.384    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       142244 MB offset 21262336
21:41:42.404    Disk 0 scanning sectors +312578048
21:41:42.497    Disk 0 scanning C:\Windows\system32\drivers
21:41:56.165    Service scanning
21:42:20.317    Modules scanning
21:42:27.229    Disk 0 trace - called modules:
21:42:27.274    ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 
21:42:27.289    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865edac8]
21:42:27.304    3 CLASSPNP.SYS[88ba38b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8560d030]
21:42:28.506    AVAST engine scan C:\Windows
21:42:33.474    AVAST engine scan C:\Windows\system32
21:46:36.821    AVAST engine scan C:\Windows\system32\drivers
21:46:52.902    AVAST engine scan C:\Users\sandra
21:50:05.881    Disk 0 MBR has been saved successfully to "C:\Users\sandra\Desktop\MBR.dat"
21:50:05.906    The log file has been saved successfully to "C:\Users\sandra\Desktop\aswMBR.txt"
         
Lg

Antwort

Themen zu BKA Virus nach Systemwiederherstellung weg?
administrator, adobe, anleitung, anti-malware, appdata, autostart, bka virus, dateien, dateisystem, explorer, folge, foren, frage, gelöscht, gen, heuristiks/extra, heuristiks/shuriken, iexplore.exe, malwarebytes, polizei virus, quarantäne, roaming, scan, service pack 2, shell, speicher, systemwiederherstellung, test, virus, vista



Ähnliche Themen: BKA Virus nach Systemwiederherstellung weg?


  1. langsamer pc nach systemwiederherstellung :(
    Plagegeister aller Art und deren Bekämpfung - 20.08.2013 (21)
  2. akm trojaner nach systemwiederherstellung?
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (12)
  3. run.dll fehlt nach systemwiederherstellung nach einem virus
    Plagegeister aller Art und deren Bekämpfung - 29.12.2012 (22)
  4. Gvu trojaner nach systemwiederherstellung
    Log-Analyse und Auswertung - 07.11.2012 (15)
  5. GVU Trojaner - was tun nach Systemwiederherstellung
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (42)
  6. GVU Virus nach Systemwiederherstellung
    Plagegeister aller Art und deren Bekämpfung - 31.08.2012 (7)
  7. Ist der Bundestrojaner nach der Systemwiederherstellung weg?
    Log-Analyse und Auswertung - 20.08.2012 (27)
  8. BKA-Trojaner: Logfiles nach Systemwiederherstellung
    Log-Analyse und Auswertung - 14.08.2012 (7)
  9. GVU Virus, was tun nach Systemwiederherstellung
    Log-Analyse und Auswertung - 11.07.2012 (1)
  10. Virenfrei nach Systemwiederherstellung?
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (1)
  11. Laptop friert nach dem starten sofort ein (nach Systemwiederherstellung)
    Alles rund um Windows - 15.05.2012 (2)
  12. BKA Trojaner nach Systemwiederherstellung weg?
    Plagegeister aller Art und deren Bekämpfung - 17.08.2011 (7)
  13. Bundespolizeiamt weg nach Systemwiederherstellung?
    Plagegeister aller Art und deren Bekämpfung - 15.08.2011 (7)
  14. Bundespolizei-Trojaner nach Systemwiederherstellung
    Log-Analyse und Auswertung - 12.08.2011 (34)
  15. Log nach Systemwiederherstellung
    Log-Analyse und Auswertung - 06.01.2011 (1)
  16. systemwiederherstellung nach virus
    Alles rund um Windows - 08.12.2007 (1)
  17. nach Systemwiederherstellung Virus in ...TB\Profiles...
    Plagegeister aller Art und deren Bekämpfung - 08.09.2004 (6)

Zum Thema BKA Virus nach Systemwiederherstellung weg? - Hallo zusammen! Ich habe mir gestern das "polizei Virus" eingefangen und dann natürlich sämtliche Foren nach einer Problemlösung durchsucht... Das Problem bei der Sache waren meine mangelnden Computerkenntnisse. Schließlich bin - BKA Virus nach Systemwiederherstellung weg?...
Archiv
Du betrachtest: BKA Virus nach Systemwiederherstellung weg? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.