Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Suisa-Trojaner: leerer Desktop, leeres Startmenü

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 05.06.2012, 19:49   #1
pflock
 
Suisa-Trojaner: leerer Desktop, leeres Startmenü - Standard

Suisa-Trojaner: leerer Desktop, leeres Startmenü



Hallo

Mein PC hatte schon vor längerem den Suisa-Trojaner eingefangen. Mit Malwarebytes bin ich - so glaube ich - den Virus losgeworden. Was übrig blieb, ist ein praktisch leerer Desktop, ein ebenso leeres Startmenü und auch mit dem File-Explorer kann ich so gut wie keine Dateien sehen. Mein Profil (Bibliothek) ist ebenso leer und auf c:\users ist mein Profilordner ebenfalls nicht sichtbar. Was sonst noch alles für Ordner und Dateien versteckt sind, kann ich nicht beurteilen.

Hier das OTL-Logfile. Ich habe mich einige Zeit lang durch das Forum hier gewühlt, konnte aber nicht erkennen, an was sich Eure Fixes orientieren. Ich hoffe, mir ist noch zu helfen.

Gruss
Alex

Code:
ATTFilter
OTL logfile created on: 21.05.2012 23:07:52 - Run 1
OTL by OldTimer - Version 3.2.43.1     Folder = J:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
5,98 Gb Total Physical Memory | 4,68 Gb Available Physical Memory | 78,18% Memory free
11,96 Gb Paging File | 10,15 Gb Available in Paging File | 84,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1383,98 Gb Total Space | 1280,49 Gb Free Space | 92,52% Space Free | Partition Type: NTFS
Drive I: | 4,04 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 973,73 Mb Total Space | 653,44 Mb Free Space | 67,11% Space Free | Partition Type: FAT
 
Computer Name: LIMIPCWIN7 | User Name: Alexander Limacher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - J:\OTL.exe (OldTimer Tools)
PRC - J:\OTH.scr (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Windows\SysWOW64\CmdRtr.DLL ()
MOD - C:\Windows\SysWOW64\OemSpiE.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (McODS) -- C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (McAWFwk) -- c:\Program Files\mcafee\msc\McAWFwk.exe (McAfee, Inc.)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (t3) -- C:\Windows\SysNative\drivers\t3.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/17
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKCU\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.05.21 22:37:07 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120521214832.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120521214832.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Alexander Limacher\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Alexander Limacher\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A349EB9-9A85-4F0C-B2DC-5FFB91A7EC45}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.09.08 15:48:15 | 000,000,145 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008.07.24 19:30:58 | 000,000,100 | ---- | M] () - J:\AUTORUN.INF -- [ FAT ]
O33 - MountPoints2\{511e3f26-257a-11e1-9ea5-782bcb9ae1b7}\Shell - "" = AutoRun
O33 - MountPoints2\{511e3f26-257a-11e1-9ea5-782bcb9ae1b7}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- [2005.09.08 15:48:15 | 000,925,696 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.21 22:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.21 23:08:02 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.05.21 23:04:03 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.05.21 23:00:51 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.21 23:00:51 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.21 23:00:51 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.21 23:00:51 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.21 23:00:51 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.21 22:59:04 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.21 22:59:04 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.21 22:51:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.21 22:51:45 | 523,071,487 | -HS- | M] () -- C:\hiberfil.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.11 14:26:41 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-YrT8FhkCdOlsM6
[2012.04.11 14:26:36 | 000,000,256 | -H-- | C] () -- C:\ProgramData\YrT8FhkCdOlsM6
[2011.07.13 17:10:00 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.13 09:43:49 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011.07.13 09:43:49 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011.07.13 09:43:49 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011.07.13 09:33:13 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.07.13 09:33:13 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.07.13 09:33:12 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2011.07.13 09:33:12 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2011.07.13 09:33:12 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2011.07.13 09:33:12 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
[2011.07.13 09:33:12 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
[2011.07.13 09:33:12 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
[2011.07.13 09:33:12 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2011.07.13 09:33:12 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2011.07.13 09:33:12 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2011.07.13 09:33:12 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2011.07.13 09:33:12 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2011.07.13 09:33:12 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2011.07.13 09:33:12 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
[2011.07.13 09:33:12 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
[2011.07.13 09:33:12 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
[2011.07.13 09:33:12 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
[2011.07.13 09:33:12 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
[2011.07.13 09:33:12 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
[2011.07.13 09:33:12 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini
[2011.07.13 08:25:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.02.11 12:22:50 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

< End of report >
         
Ich nochmal. Bin jetzt über das Programm unhide.exe gestossen, hab's ausgeführt und jetzt sieht's mit dem Desktop und den "fehlenden" Dateien wieder viel besser aus. Nun sehe ich auch all die vergangenen Malwarebytes-Logs wieder. Das erste Log sah folgendermassen aus:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.14.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alexander Limacher :: LIMIPCWIN7 [Administrator]

Schutz: Aktiviert

14.04.2012 15:29:34
mbam-log-2012-04-14 (15-29-34).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 217983
Laufzeit: 4 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 2
C:\ProgramData\GpXVjrjGnOQiwPw.exe (Backdoor.Agent.RCGen) -> 3324 -> Löschen bei Neustart.
C:\ProgramData\YrT8FhkCdOlsM6.exe (Backdoor.Agent.RCGen) -> 5756 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCR\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887} (Heuristics.Shuriken) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GpXVjrjGnOQiwPw.exe (Backdoor.Agent.RCGen) -> Daten: C:\ProgramData\GpXVjrjGnOQiwPw.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 8
C:\Users\Alexander Limacher\Documents\Downloads\SoftonicDownloader_fuer_free-youtube-download.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\Alexander Limacher\Documents\Downloads\SoftonicDownloader_fuer_winrar.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\ProgramData\GpXVjrjGnOQiwPw.exe (Backdoor.Agent.RCGen) -> Löschen bei Neustart.
C:\ProgramData\YrT8FhkCdOlsM6.exe (Backdoor.Agent.RCGen) -> Löschen bei Neustart.
C:\ProgramData\Windows\msseedir.dll (Heuristics.Shuriken) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Alexander Limacher\AppData\Local\Temp\mjhpcwujngclswtnpqh.exe (Backdoor.Agent.RCGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Alexander Limacher\AppData\Local\Temp\vivyvxmijdhxodphijoxwivnw.exe (Backdoor.Agent.RCGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Alexander Limacher\AppData\Local\Temp\vvmkjuqjrkirnsbsuvzselbwl.exe (Backdoor.Agent.RCGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
In der Quarantäne von Malwarebytes kann ich jetzt 9 Einträge erkennen. Soll ich die löschen oder lasse ich sie da? Und was meinen die Profis, ist mein PC jetzt clean?

Alt 08.06.2012, 10:45   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Suisa-Trojaner: leerer Desktop, leeres Startmenü - Standard

Suisa-Trojaner: leerer Desktop, leeres Startmenü



Zitat:
In der Quarantäne von Malwarebytes kann ich jetzt 9 Einträge erkennen.
Lass die Quarantäne in Ruhe!

Bitte erstmal routinemäßig einen neuen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 09.06.2012, 15:19   #3
pflock
 
Suisa-Trojaner: leerer Desktop, leeres Startmenü - Standard

Suisa-Trojaner: leerer Desktop, leeres Startmenü



Das ist das aktuellste Log von Malwarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.09.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alexander Limacher :: LIMIPCWIN7 [Administrator]

Schutz: Aktiviert

09.06.2012 14:09:44
mbam-log-2012-06-09 (14-09-44).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 471976
Laufzeit: 52 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Das Log mit gefundenen Infekten steht im ersten Posting. Die anderen Logs von Malwarebytes melden alle, dass nichts gefunden wurde.

Hier das ESET-Log:
Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-09 02:12:11
# local_time=2012-06-09 04:12:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 1614891 39738962 0 0
# compatibility_mode=5893 16776574 100 94 48928918 90877368 0 0
# compatibility_mode=8192 67108863 100 0 265 265 0 0
# scanned=259791
# found=2
# cleaned=0
# scan_time=3612
C:\Users\Alexander Limacher\AppData\Local\Temp\jar_cache1893423617137086422.tmp	probably a variant of Java/Exploit.CVE-2010-0840.NAB trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Alexander Limacher\AppData\Local\Temp\jar_cache5915301768926578211.tmp	a variant of Java/Exploit.CVE-2012-0507.R trojan (unable to clean)	00000000000000000000000000000000	I
         
__________________

Alt 10.06.2012, 00:15   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Suisa-Trojaner: leerer Desktop, leeres Startmenü - Standard

Suisa-Trojaner: leerer Desktop, leeres Startmenü



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.06.2012, 13:11   #5
pflock
 
Suisa-Trojaner: leerer Desktop, leeres Startmenü - Standard

Suisa-Trojaner: leerer Desktop, leeres Startmenü



Zitat:
1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
Soweit ich das beurteilen kann, ja. Der normale Modus hat eigentlich immer funktioniert, ich konnte keinen Unterschied zwischen dem abgesicherten und dem normalen Modus erkennen.

Zitat:
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
Soweit ich das beurteilen kann, ist wieder alles vorhanden. Die zwei an der Taskleiste angehefteten Programme 'Bibliothek' und der IE waren weg, die musste ich manuell wieder anheften. Und die Notify-Icons bei der Uhr sind anders dargestellt als das vorher der Fall war. Leere Ordner im Startmenü sind schon vorhanden, z.B. 'Autostart' oder 'Tablet PC'. Die hab ich bislang aber noch nie benutzt und kann deshalb nicht sagen, ob die vorher nich auch schon leer waren.


Alt 10.06.2012, 16:50   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Suisa-Trojaner: leerer Desktop, leeres Startmenü - Standard

Suisa-Trojaner: leerer Desktop, leeres Startmenü



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Suisa-Trojaner: leerer Desktop, leeres Startmenü

Alt 10.06.2012, 19:29   #7
pflock
 
Suisa-Trojaner: leerer Desktop, leeres Startmenü - Standard

Suisa-Trojaner: leerer Desktop, leeres Startmenü



Hier das OTL-Log:

Code:
ATTFilter
OTL logfile created on: 10.06.2012 20:18:38 - Run 2
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\Alexander Limacher\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
5,98 Gb Total Physical Memory | 4,66 Gb Available Physical Memory | 77,91% Memory free
11,96 Gb Paging File | 9,95 Gb Available in Paging File | 83,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1383,98 Gb Total Space | 1281,97 Gb Free Space | 92,63% Space Free | Partition Type: NTFS
Drive I: | 232,83 Gb Total Space | 168,58 Gb Free Space | 72,41% Space Free | Partition Type: FAT32
Drive J: | 4,04 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 973,73 Mb Total Space | 652,92 Mb Free Space | 67,05% Space Free | Partition Type: FAT
 
Computer Name: LIMIPCWIN7 | User Name: Alexander Limacher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Alexander Limacher\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe ()
PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe ()
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\39cf4f0f0e6adca3403df6c641a73e15\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\43e23da6683962ea1168aaf007bbc35d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74d980e52c1791f1b8608d767a393144\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\DataService.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\de-DE\UI\ManagerUI.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll ()
MOD - c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\BBEngineAS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Windows\SysWOW64\CmdRtr.DLL ()
MOD - C:\Windows\SysWOW64\OemSpiE.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (McODS) -- C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (McAWFwk) -- c:\Program Files\mcafee\msc\McAWFwk.exe (McAfee, Inc.)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (t3) -- C:\Windows\SysNative\drivers\t3.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3581246492-615617693-2544038602-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/17
IE - HKU\S-1-5-21-3581246492-615617693-2544038602-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKU\S-1-5-21-3581246492-615617693-2544038602-1000\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKU\S-1-5-21-3581246492-615617693-2544038602-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.05.21 22:37:07 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120521214832.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120521214832.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Alexander Limacher\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Alexander Limacher\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A349EB9-9A85-4F0C-B2DC-5FFB91A7EC45}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\S-1-5-21-3581246492-615617693-2544038602-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3581246492-615617693-2544038602-1000 Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.09.08 15:48:15 | 000,000,145 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008.07.24 19:30:58 | 000,000,100 | ---- | M] () - K:\AUTORUN.INF -- [ FAT ]
O33 - MountPoints2\{511e3f26-257a-11e1-9ea5-782bcb9ae1b7}\Shell - "" = AutoRun
O33 - MountPoints2\{511e3f26-257a-11e1-9ea5-782bcb9ae1b7}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- [2005.09.08 15:48:15 | 000,925,696 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin:64bit: MCODS - C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: mcmscsvc - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: MCODS - C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.)
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SafeBootNet:64bit: mfefirek - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfefirek.sys - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfevtp - C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0AB7FC18-3B66-DE05-3B60-799DDE1C3BBE} - Microsoft Windows Media Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A2F92093-A753-26EC-1129-9AC5A6F66A28} - Microsoft Windows Media Player
ActiveX: {BAEDC0D6-30B3-FC43-6DC9-E78C5B3D1400} - Java (Sun)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EE52F344-1F91-58DD-9984-7117B891962E} - Microsoft Windows Media Player
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.10 20:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.06.10 20:11:57 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Alexander Limacher\Desktop\OTL.exe
[2012.06.09 15:07:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.09 14:20:52 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012.06.06 00:09:00 | 000,000,000 | ---D | C] -- C:\Users\Alexander Limacher\AppData\Local\{732CF985-2FA8-4E4C-955C-F85ED0732A21}
[2012.06.06 00:08:49 | 000,000,000 | ---D | C] -- C:\Users\Alexander Limacher\AppData\Local\{80132269-CE94-4F88-8977-031C007AA816}
[2012.06.05 23:59:00 | 000,000,000 | ---D | C] -- C:\Users\Alexander Limacher\AppData\Local\{E19A1595-278A-4B3B-AE69-B66947E6DA86}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.10 20:15:21 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.10 20:15:21 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.10 20:12:34 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.10 20:12:34 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.10 20:12:34 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.10 20:12:34 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.10 20:12:34 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.10 20:07:59 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.06.10 20:07:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.10 20:07:54 | 523,071,487 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.10 14:04:39 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.06.09 15:45:27 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012.05.21 23:05:34 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander Limacher\Desktop\OTL.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.09 14:20:56 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.06.09 14:20:54 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.06.09 14:15:09 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012.06.05 21:50:37 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.06.05 21:50:37 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2012.06.05 21:50:37 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.06.05 21:50:37 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2012.06.05 21:50:37 | 000,001,951 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2012.06.05 21:50:37 | 000,001,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hilfedokumentation von Dell.lnk
[2012.06.05 21:50:37 | 000,001,884 | ---- | C] () -- C:\Users\Public\Desktop\Gray Matter.lnk
[2012.06.05 21:50:37 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.06.05 21:50:37 | 000,001,460 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012.06.05 21:50:37 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012.06.05 21:50:37 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012.06.05 21:50:37 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.06.05 21:50:37 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012.06.05 21:50:37 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.06.05 21:50:37 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012.06.05 21:50:37 | 000,001,262 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2012.06.05 21:50:37 | 000,001,250 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2012.06.05 21:50:37 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012.06.05 21:50:37 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012.06.05 21:50:37 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2012.06.05 21:50:37 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\ARMA II starten.lnk
[2012.06.05 21:50:37 | 000,000,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zinio Reader 4.lnk
[2012.06.05 21:50:37 | 000,000,779 | ---- | C] () -- C:\Users\Public\Desktop\Aerosoft Launcher.lnk
[2012.06.05 21:50:36 | 000,002,649 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EditVoicepack X.lnk
[2012.06.05 21:50:36 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.04.11 14:26:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\-YrT8FhkCdOlsM6
[2012.04.11 14:26:36 | 000,000,256 | ---- | C] () -- C:\ProgramData\YrT8FhkCdOlsM6
[2011.07.13 17:10:00 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.13 09:43:49 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011.07.13 09:43:49 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011.07.13 09:43:49 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011.07.13 09:33:13 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.07.13 09:33:13 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.07.13 09:33:12 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2011.07.13 09:33:12 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2011.07.13 09:33:12 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2011.07.13 09:33:12 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
[2011.07.13 09:33:12 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
[2011.07.13 09:33:12 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
[2011.07.13 09:33:12 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2011.07.13 09:33:12 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2011.07.13 09:33:12 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2011.07.13 09:33:12 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2011.07.13 09:33:12 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2011.07.13 09:33:12 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2011.07.13 09:33:12 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
[2011.07.13 09:33:12 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
[2011.07.13 09:33:12 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
[2011.07.13 09:33:12 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
[2011.07.13 09:33:12 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
[2011.07.13 09:33:12 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
[2011.07.13 09:33:12 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini
[2011.07.13 09:33:12 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini
[2011.07.13 08:25:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.02.11 12:22:50 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== LOP Check ==========
 
[2011.10.08 12:21:45 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\DVDVideoSoft
[2011.10.08 12:21:38 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.19 20:00:53 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\FileZilla
[2011.07.18 17:33:06 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\Fingertapps
[2011.12.04 16:31:56 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\gtk-2.0
[2011.07.23 17:01:48 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr
[2011.07.18 19:11:45 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\ProtectDISC
[2011.07.23 20:20:35 | 000,000,000 | ---D | M] -- C:\Users\Denise Rimer\AppData\Roaming\Fingertapps
[2012.06.09 15:45:27 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012.06.10 14:04:39 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.03.20 18:30:48 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.10 20:07:59 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.07.23 20:11:01 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\Adobe
[2011.07.18 17:32:52 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\ATI
[2011.07.18 17:33:03 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\Dell
[2011.07.18 17:32:54 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\Dell Touch Zone
[2011.10.08 12:21:45 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\DVDVideoSoft
[2011.10.08 12:21:38 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.19 20:00:53 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\FileZilla
[2011.07.18 17:33:06 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\Fingertapps
[2011.12.04 16:31:56 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\gtk-2.0
[2011.07.18 17:32:29 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\Identities
[2011.08.19 01:44:42 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\InstallShield
[2011.07.18 17:32:49 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\Intel Corporation
[2011.07.13 10:02:50 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\Macromedia
[2011.07.18 18:09:34 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\Macrovision
[2012.04.14 15:27:54 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\Malwarebytes
[2010.11.21 09:00:23 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\Media Center Programs
[2012.06.09 13:59:54 | 000,000,000 | --SD | M] -- C:\Users\Alexander Limacher\AppData\Roaming\Microsoft
[2011.07.23 17:01:48 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr
[2011.07.18 19:11:45 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\ProtectDISC
[2011.07.18 17:33:06 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\Roxio
[2011.07.18 20:43:22 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\Roxio Burn
[2011.11.28 21:12:38 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\SmartFTP
[2011.10.05 19:32:39 | 000,000,000 | ---D | M] -- C:\Users\Alexander Limacher\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.07.13 10:01:02 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.05.21 23:09:40 | 055,301,856 | ---- | M] (Dell Inc) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Binaries\full_dsc_5907_39_64_02.exe
[2012.06.09 14:18:58 | 055,302,120 | ---- | M] (Dell Inc) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Binaries\full_dsc_5907_39_64_03.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\006af6a4-138d-48ad-9776-98dd15e3edc7\appupdaterrules_dell\AddCertificate.exe
[2012.03.23 12:35:30 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\0630a002-7d2b-40f3-9726-8c0eead10169\appupdaterrules_dell\AddCertificate.exe
[2012.03.23 12:35:30 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\283d4ba0-91b1-4d87-bb1f-a22d1606c5c4\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\2dfc09c0-2a6f-4659-b35e-c51b96f199cd\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\3af43917-0891-4e13-8f41-5b47ad890301\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\503a7b81-5419-4b5c-b59c-59a23ca9dd08\appupdaterrules_dell\AddCertificate.exe
[2012.03.23 12:35:30 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\50fc299b-67b0-4393-a7bb-4c53e469d73c\appupdaterrules_dell\AddCertificate.exe
[2012.03.23 12:35:30 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\5b246daa-5a0b-494c-b4ba-9d47019d197d\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\61381ecb-8bef-40be-993a-e2682af4872d\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\639f50af-7dea-41f0-b60f-132eb36c915a\appupdaterrules_dell\AddCertificate.exe
[2012.03.23 12:35:30 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\66032c03-7da1-4b3f-bbe2-eaa03b639f3f\appupdaterrules_dell\AddCertificate.exe
[2012.03.23 12:35:30 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\6a3d0c57-e00e-4559-bfd4-671748ba0a29\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\6c901dda-57bd-42af-824a-a3ebc9551be0\appupdaterrules_dell\AddCertificate.exe
[2012.03.23 12:35:30 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\70118ef6-ee5e-4681-bd41-5c80f9326907\appupdaterrules_dell\AddCertificate.exe
[2012.03.23 12:35:30 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\73f22d6e-5b01-4301-8fd8-43c1bfc20f00\appupdaterrules_dell\AddCertificate.exe
[2012.03.23 12:35:30 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\7a467404-7b1e-444e-8c79-ac4800d287e9\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\7b59355d-3dd9-4c07-8d8c-5d535b3d52db\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\80616eff-7a43-4ebc-ada0-4dfe96d102b8\appupdaterrules_dell\AddCertificate.exe
[2012.03.23 12:35:30 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\84061299-fa83-425a-a70f-11a69ded673b\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\88f4b193-a067-40f6-9d59-fe97707be94f\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\91de60f9-52c8-4c4c-af40-11e3a4e77b62\appupdaterrules_dell\AddCertificate.exe
[2012.03.23 12:35:30 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\98b2fb54-3052-4d80-81bd-d403d3552526\appupdaterrules_dell\AddCertificate.exe
[2012.03.23 12:35:30 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\9bc8d6eb-0ced-4da9-9f24-4a4f50d4b0ab\appupdaterrules_dell\AddCertificate.exe
[2012.03.23 12:35:30 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\9e9c69a9-6507-4149-a3db-e52261dd69fc\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\a28149c1-5dcb-4cd7-b126-285dc13636a0\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\a300bc75-9cc6-43b9-b1cc-a0735d354e31\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\a44a3916-03fb-4103-98b5-c8f852966e4a\appupdaterrules_dell\AddCertificate.exe
[2012.03.23 12:35:30 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\a49fa811-1649-47e4-8fe1-43313bd3719a\appupdaterrules_dell\AddCertificate.exe
[2012.03.23 12:35:30 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\a4f36749-3885-42a4-863a-66a036070b1a\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\a58c0e82-03c3-4640-98c3-db0f5cdfdfc3\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\ac7c1f28-1b40-42b7-8ecd-f89aa2c13697\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\b7bdcc87-5cfa-4fc9-a0e9-2421b1197fa2\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\ba1a8807-8375-44e2-98a3-6fd9e0102e16\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\ba8d0124-a81b-44c1-919e-fa6d2bc5e3fa\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\ba9eaecf-25d7-4f86-8188-3bd464ec3c4e\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\c1202d20-589a-4da4-ac1c-337764b47c0b\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\c22fdb93-d583-4584-ab29-0a4d3524d74d\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\c712b6c7-1842-45cb-9b25-d6fe8353c914\appupdaterrules_dell\AddCertificate.exe
[2012.03.23 12:35:30 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\c74a7dda-1471-4cf7-af72-f7d3fdbb413e\appupdaterrules_dell\AddCertificate.exe
[2012.03.23 12:35:30 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\cd2373d0-a272-4fe7-9b67-273267ba3728\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\ced68c7f-262a-4f54-83e2-388da2d89ac5\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\cf78eeab-00f4-454c-98b3-5d292d0ab51a\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\da92f187-ca40-49b2-b9dc-4c0e208995df\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\e4490975-8452-4cda-8937-3af80b2390e7\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\ee07a65e-12e0-4039-bcec-de373ac72a9d\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\fdcf85c0-ce10-49bb-8df5-ccc45352e36a\appupdaterrules_dell\AddCertificate.exe
[2012.05.22 10:55:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\fdde8a10-744a-41d2-8e1b-05e77c2887f2\appupdaterrules_dell\AddCertificate.exe
[2012.03.23 12:35:30 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Alexander Limacher\AppData\Roaming\PCDr\Update\Rules\fe01762f-7e06-4ad7-816f-c40fb607bd59\appupdaterrules_dell\AddCertificate.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.09.14 14:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Drivers\storage\R284354\x64\iaStor.sys
[2010.09.14 14:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.09.14 14:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys
[2010.09.14 14:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_5b314ccea0aa569d\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >
         

Alt 10.06.2012, 20:35   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Suisa-Trojaner: leerer Desktop, leeres Startmenü - Standard

Suisa-Trojaner: leerer Desktop, leeres Startmenü



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.09.08 15:48:15 | 000,000,145 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008.07.24 19:30:58 | 000,000,100 | ---- | M] () - K:\AUTORUN.INF -- [ FAT ]
O33 - MountPoints2\{511e3f26-257a-11e1-9ea5-782bcb9ae1b7}\Shell - "" = AutoRun
O33 - MountPoints2\{511e3f26-257a-11e1-9ea5-782bcb9ae1b7}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- [2005.09.08 15:48:15 | 000,925,696 | R--- | M] ()
[2012.04.11 14:26:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\-YrT8FhkCdOlsM6
[2012.04.11 14:26:36 | 000,000,256 | ---- | C] () -- C:\ProgramData\YrT8FhkCdOlsM6
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.06.2012, 21:07   #9
pflock
 
Suisa-Trojaner: leerer Desktop, leeres Startmenü - Standard

Suisa-Trojaner: leerer Desktop, leeres Startmenü



Hier das Log vom Fix:

Code:
ATTFilter
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File J:\autorun.inf not found.
File K:\AUTORUN.INF not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{511e3f26-257a-11e1-9ea5-782bcb9ae1b7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{511e3f26-257a-11e1-9ea5-782bcb9ae1b7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{511e3f26-257a-11e1-9ea5-782bcb9ae1b7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{511e3f26-257a-11e1-9ea5-782bcb9ae1b7}\ not found.
File J:\LaunchU3.exe not found.
C:\ProgramData\-YrT8FhkCdOlsM6 moved successfully.
C:\ProgramData\YrT8FhkCdOlsM6 moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Alexander Limacher
->Temp folder emptied: 436473010 bytes
->Temporary Internet Files folder emptied: 1131998090 bytes
->Java cache emptied: 37714883 bytes
->Flash cache emptied: 60310 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Denise Rimer
->Temp folder emptied: 24586653 bytes
->Temporary Internet Files folder emptied: 52185072 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 57256 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 73728 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 243857497 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
RecycleBin emptied: 85992075 bytes
 
Total Files Cleaned = 1.920,00 mb
 
 
[EMPTYFLASH]
 
User: Alexander Limacher
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Denise Rimer
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.43.1 log created on 06102012_220102

Files\Folders moved on Reboot...
C:\Users\Alexander Limacher\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         
übrigens: auf dem desktop fand ich vorhin noch eine verknüpfung namens smart_hdd, welche auf eine datei (exe) zeigte, die nicht mehr existiert. die verknüpfung hab ich gelöscht.

Alt 11.06.2012, 09:00   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Suisa-Trojaner: leerer Desktop, leeres Startmenü - Standard

Suisa-Trojaner: leerer Desktop, leeres Startmenü



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.06.2012, 16:49   #11
pflock
 
Suisa-Trojaner: leerer Desktop, leeres Startmenü - Standard

Suisa-Trojaner: leerer Desktop, leeres Startmenü



Und hier das TDSS-Log:

Code:
ATTFilter
17:45:06.0448 6576	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
17:45:06.0651 6576	============================================================
17:45:06.0651 6576	Current date / time: 2012/06/11 17:45:06.0651
17:45:06.0651 6576	SystemInfo:
17:45:06.0651 6576	
17:45:06.0651 6576	OS Version: 6.1.7601 ServicePack: 1.0
17:45:06.0651 6576	Product type: Workstation
17:45:06.0651 6576	ComputerName: LIMIPCWIN7
17:45:06.0651 6576	UserName: Alexander Limacher
17:45:06.0651 6576	Windows directory: C:\Windows
17:45:06.0651 6576	System windows directory: C:\Windows
17:45:06.0651 6576	Running under WOW64
17:45:06.0651 6576	Processor architecture: Intel x64
17:45:06.0651 6576	Number of processors: 4
17:45:06.0651 6576	Page size: 0x1000
17:45:06.0651 6576	Boot type: Normal boot
17:45:06.0651 6576	============================================================
17:45:09.0162 6576	Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:45:09.0162 6576	Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:45:09.0178 6576	============================================================
17:45:09.0178 6576	\Device\Harddisk0\DR0:
17:45:09.0178 6576	MBR partitions:
17:45:09.0178 6576	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1A7F000
17:45:09.0178 6576	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A93000, BlocksNum 0xACFF4000
17:45:09.0178 6576	\Device\Harddisk1\DR1:
17:45:09.0178 6576	MBR partitions:
17:45:09.0178 6576	\Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1D1C4542
17:45:09.0178 6576	============================================================
17:45:09.0240 6576	C: <-> \Device\Harddisk0\DR0\Partition1
17:45:09.0240 6576	I: <-> \Device\Harddisk1\DR1\Partition0
17:45:09.0240 6576	============================================================
17:45:09.0240 6576	Initialize success
17:45:09.0240 6576	============================================================
17:46:16.0071 0364	============================================================
17:46:16.0071 0364	Scan started
17:46:16.0071 0364	Mode: Manual; SigCheck; TDLFS; 
17:46:16.0071 0364	============================================================
17:46:17.0225 0364	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:46:17.0335 0364	1394ohci - ok
17:46:17.0381 0364	acedrv11        (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys
17:46:17.0428 0364	acedrv11 - ok
17:46:17.0444 0364	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:46:17.0475 0364	ACPI - ok
17:46:17.0475 0364	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:46:17.0537 0364	AcpiPmi - ok
17:46:17.0647 0364	AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:46:17.0662 0364	AdobeARMservice - ok
17:46:17.0725 0364	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
17:46:17.0756 0364	adp94xx - ok
17:46:17.0787 0364	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
17:46:17.0818 0364	adpahci - ok
17:46:17.0818 0364	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
17:46:17.0834 0364	adpu320 - ok
17:46:17.0865 0364	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:46:17.0974 0364	AeLookupSvc - ok
17:46:18.0021 0364	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:46:18.0083 0364	AFD - ok
17:46:18.0099 0364	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:46:18.0115 0364	agp440 - ok
17:46:18.0130 0364	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:46:18.0177 0364	ALG - ok
17:46:18.0177 0364	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:46:18.0193 0364	aliide - ok
17:46:18.0255 0364	AMD External Events Utility (11276158eeeeadf3eb154061bfc80a19) C:\Windows\system32\atiesrxx.exe
17:46:18.0317 0364	AMD External Events Utility - ok
17:46:18.0333 0364	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:46:18.0349 0364	amdide - ok
17:46:18.0364 0364	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
17:46:18.0395 0364	AmdK8 - ok
17:46:19.0144 0364	amdkmdag        (df943a113060d3abfda4730ae4163d6f) C:\Windows\system32\DRIVERS\atikmdag.sys
17:46:19.0378 0364	amdkmdag - ok
17:46:19.0503 0364	amdkmdap        (4003b34b4a83de29cd1c88eb6c869e58) C:\Windows\system32\DRIVERS\atikmpag.sys
17:46:19.0550 0364	amdkmdap - ok
17:46:19.0565 0364	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
17:46:19.0597 0364	AmdPPM - ok
17:46:19.0628 0364	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:46:19.0643 0364	amdsata - ok
17:46:19.0675 0364	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
17:46:19.0690 0364	amdsbs - ok
17:46:19.0753 0364	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:46:19.0768 0364	amdxata - ok
17:46:19.0784 0364	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:46:19.0909 0364	AppID - ok
17:46:19.0940 0364	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:46:19.0987 0364	AppIDSvc - ok
17:46:20.0033 0364	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:46:20.0096 0364	Appinfo - ok
17:46:20.0111 0364	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
17:46:20.0111 0364	arc - ok
17:46:20.0127 0364	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
17:46:20.0127 0364	arcsas - ok
17:46:20.0221 0364	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:46:20.0252 0364	aspnet_state - ok
17:46:20.0267 0364	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:46:20.0314 0364	AsyncMac - ok
17:46:20.0330 0364	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:46:20.0345 0364	atapi - ok
17:46:20.0377 0364	AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
17:46:20.0377 0364	AtiHDAudioService - ok
17:46:20.0423 0364	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:46:20.0455 0364	AudioEndpointBuilder - ok
17:46:20.0470 0364	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:46:20.0486 0364	AudioSrv - ok
17:46:20.0517 0364	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:46:20.0579 0364	AxInstSV - ok
17:46:20.0626 0364	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
17:46:20.0657 0364	b06bdrv - ok
17:46:20.0720 0364	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:46:20.0767 0364	b57nd60a - ok
17:46:20.0782 0364	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:46:20.0813 0364	BDESVC - ok
17:46:20.0813 0364	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:46:20.0860 0364	Beep - ok
17:46:20.0907 0364	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:46:20.0954 0364	BFE - ok
17:46:21.0391 0364	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:46:21.0453 0364	BITS - ok
17:46:21.0531 0364	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:46:21.0562 0364	blbdrive - ok
17:46:21.0578 0364	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:46:21.0625 0364	bowser - ok
17:46:21.0640 0364	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
17:46:21.0671 0364	BrFiltLo - ok
17:46:21.0671 0364	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
17:46:21.0703 0364	BrFiltUp - ok
17:46:21.0749 0364	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:46:21.0812 0364	Browser - ok
17:46:21.0843 0364	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:46:21.0921 0364	Brserid - ok
17:46:21.0921 0364	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:46:21.0952 0364	BrSerWdm - ok
17:46:21.0952 0364	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:46:21.0983 0364	BrUsbMdm - ok
17:46:21.0983 0364	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:46:21.0999 0364	BrUsbSer - ok
17:46:22.0015 0364	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
17:46:22.0030 0364	BTHMODEM - ok
17:46:22.0061 0364	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:46:22.0108 0364	bthserv - ok
17:46:22.0108 0364	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:46:22.0139 0364	cdfs - ok
17:46:22.0171 0364	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:46:22.0186 0364	cdrom - ok
17:46:22.0217 0364	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:46:22.0264 0364	CertPropSvc - ok
17:46:22.0295 0364	cfwids          (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
17:46:22.0311 0364	cfwids - ok
17:46:22.0311 0364	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
17:46:22.0327 0364	circlass - ok
17:46:22.0358 0364	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:46:22.0373 0364	CLFS - ok
17:46:22.0451 0364	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:46:22.0451 0364	clr_optimization_v2.0.50727_32 - ok
17:46:22.0514 0364	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:46:22.0529 0364	clr_optimization_v2.0.50727_64 - ok
17:46:22.0592 0364	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:46:22.0607 0364	clr_optimization_v4.0.30319_32 - ok
17:46:22.0639 0364	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:46:22.0654 0364	clr_optimization_v4.0.30319_64 - ok
17:46:22.0670 0364	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
17:46:22.0685 0364	CmBatt - ok
17:46:22.0685 0364	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:46:22.0701 0364	cmdide - ok
17:46:22.0779 0364	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:46:22.0795 0364	CNG - ok
17:46:22.0810 0364	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
17:46:22.0810 0364	Compbatt - ok
17:46:22.0826 0364	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:46:22.0841 0364	CompositeBus - ok
17:46:22.0857 0364	COMSysApp - ok
17:46:22.0857 0364	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
17:46:22.0857 0364	crcdisk - ok
17:46:22.0935 0364	Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
17:46:22.0951 0364	Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:46:22.0951 0364	Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
17:46:22.0966 0364	Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
17:46:22.0982 0364	Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:46:22.0982 0364	Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
17:46:23.0013 0364	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:46:23.0075 0364	CryptSvc - ok
17:46:23.0122 0364	CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
17:46:23.0138 0364	CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
17:46:23.0138 0364	CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
17:46:23.0185 0364	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:46:23.0231 0364	DcomLaunch - ok
17:46:23.0278 0364	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:46:23.0356 0364	defragsvc - ok
17:46:23.0419 0364	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:46:23.0465 0364	DfsC - ok
17:46:23.0497 0364	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:46:23.0528 0364	Dhcp - ok
17:46:23.0543 0364	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:46:23.0590 0364	discache - ok
17:46:23.0621 0364	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
17:46:23.0637 0364	Disk - ok
17:46:23.0699 0364	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:46:23.0731 0364	Dnscache - ok
17:46:23.0746 0364	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:46:23.0793 0364	dot3svc - ok
17:46:23.0809 0364	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:46:23.0840 0364	DPS - ok
17:46:23.0871 0364	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:46:23.0902 0364	drmkaud - ok
17:46:23.0949 0364	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:46:23.0980 0364	DXGKrnl - ok
17:46:23.0996 0364	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:46:24.0058 0364	EapHost - ok
17:46:24.0604 0364	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
17:46:24.0682 0364	ebdrv - ok
17:46:24.0791 0364	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:46:24.0823 0364	EFS - ok
17:46:25.0259 0364	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:46:25.0306 0364	ehRecvr - ok
17:46:25.0337 0364	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:46:25.0353 0364	ehSched - ok
17:46:25.0431 0364	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
17:46:25.0447 0364	elxstor - ok
17:46:25.0478 0364	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:46:25.0493 0364	ErrDev - ok
17:46:25.0587 0364	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:46:25.0634 0364	EventSystem - ok
17:46:25.0665 0364	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:46:25.0696 0364	exfat - ok
17:46:25.0712 0364	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:46:25.0743 0364	fastfat - ok
17:46:25.0790 0364	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:46:25.0805 0364	Fax - ok
17:46:25.0821 0364	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
17:46:25.0837 0364	fdc - ok
17:46:25.0868 0364	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:46:25.0899 0364	fdPHost - ok
17:46:25.0961 0364	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:46:26.0008 0364	FDResPub - ok
17:46:26.0024 0364	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:46:26.0024 0364	FileInfo - ok
17:46:26.0039 0364	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:46:26.0102 0364	Filetrace - ok
17:46:26.0570 0364	FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:46:26.0617 0364	FLEXnet Licensing Service - ok
17:46:26.0726 0364	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
17:46:26.0741 0364	flpydisk - ok
17:46:26.0757 0364	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:46:26.0773 0364	FltMgr - ok
17:46:26.0991 0364	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:46:27.0053 0364	FontCache - ok
17:46:27.0147 0364	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:46:27.0163 0364	FontCache3.0.0.0 - ok
17:46:27.0287 0364	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:46:27.0319 0364	FsDepends - ok
17:46:27.0365 0364	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:46:27.0365 0364	Fs_Rec - ok
17:46:27.0412 0364	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:46:27.0428 0364	fvevol - ok
17:46:27.0459 0364	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
17:46:27.0475 0364	gagp30kx - ok
17:46:27.0506 0364	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:46:27.0553 0364	gpsvc - ok
17:46:27.0553 0364	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:46:27.0599 0364	hcw85cir - ok
17:46:27.0646 0364	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:46:27.0677 0364	HdAudAddService - ok
17:46:27.0693 0364	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:46:27.0724 0364	HDAudBus - ok
17:46:27.0724 0364	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
17:46:27.0740 0364	HidBatt - ok
17:46:27.0755 0364	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
17:46:27.0787 0364	HidBth - ok
17:46:27.0802 0364	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
17:46:27.0833 0364	HidIr - ok
17:46:27.0880 0364	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:46:27.0927 0364	hidserv - ok
17:46:27.0958 0364	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:46:27.0958 0364	HidUsb - ok
17:46:27.0989 0364	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:46:28.0036 0364	hkmsvc - ok
17:46:28.0286 0364	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:46:28.0333 0364	HomeGroupListener - ok
17:46:28.0348 0364	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:46:28.0379 0364	HomeGroupProvider - ok
17:46:28.0395 0364	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:46:28.0411 0364	HpSAMD - ok
17:46:28.0457 0364	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:46:28.0504 0364	HTTP - ok
17:46:28.0504 0364	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:46:28.0520 0364	hwpolicy - ok
17:46:28.0520 0364	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:46:28.0535 0364	i8042prt - ok
17:46:28.0567 0364	iaStor          (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\drivers\iaStor.sys
17:46:28.0582 0364	iaStor - ok
17:46:28.0660 0364	IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:46:28.0660 0364	IAStorDataMgrSvc - ok
17:46:28.0707 0364	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:46:28.0723 0364	iaStorV - ok
17:46:28.0832 0364	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:46:28.0847 0364	IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:46:28.0847 0364	IDriverT - detected UnsignedFile.Multi.Generic (1)
17:46:28.0941 0364	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:46:28.0972 0364	idsvc - ok
17:46:29.0066 0364	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
17:46:29.0097 0364	iirsp - ok
17:46:29.0175 0364	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:46:29.0253 0364	IKEEXT - ok
17:46:29.0269 0364	Impcd           (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
17:46:29.0300 0364	Impcd - ok
17:46:29.0315 0364	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:46:29.0331 0364	intelide - ok
17:46:29.0362 0364	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:46:29.0393 0364	intelppm - ok
17:46:29.0409 0364	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:46:29.0440 0364	IPBusEnum - ok
17:46:29.0440 0364	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:46:29.0471 0364	IpFilterDriver - ok
17:46:29.0503 0364	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:46:29.0534 0364	iphlpsvc - ok
17:46:29.0534 0364	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:46:29.0549 0364	IPMIDRV - ok
17:46:29.0565 0364	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:46:29.0596 0364	IPNAT - ok
17:46:29.0612 0364	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:46:29.0659 0364	IRENUM - ok
17:46:29.0674 0364	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:46:29.0674 0364	isapnp - ok
17:46:29.0705 0364	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:46:29.0721 0364	iScsiPrt - ok
17:46:29.0768 0364	k57nd60a        (12e27942dbb7c91880163634b0d8a776) C:\Windows\system32\DRIVERS\k57nd60a.sys
17:46:29.0783 0364	k57nd60a - ok
17:46:29.0815 0364	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:46:29.0815 0364	kbdclass - ok
17:46:29.0830 0364	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:46:29.0846 0364	kbdhid - ok
17:46:29.0877 0364	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:46:29.0893 0364	KeyIso - ok
17:46:29.0908 0364	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:46:29.0924 0364	KSecDD - ok
17:46:29.0939 0364	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:46:29.0955 0364	KSecPkg - ok
17:46:29.0955 0364	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:46:30.0002 0364	ksthunk - ok
17:46:30.0251 0364	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:46:30.0329 0364	KtmRm - ok
17:46:30.0361 0364	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:46:30.0392 0364	LanmanServer - ok
17:46:30.0423 0364	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:46:30.0454 0364	LanmanWorkstation - ok
17:46:30.0485 0364	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:46:30.0532 0364	lltdio - ok
17:46:30.0579 0364	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:46:30.0610 0364	lltdsvc - ok
17:46:30.0626 0364	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:46:30.0688 0364	lmhosts - ok
17:46:30.0704 0364	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
17:46:30.0719 0364	LSI_FC - ok
17:46:30.0751 0364	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
17:46:30.0766 0364	LSI_SAS - ok
17:46:30.0782 0364	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
17:46:30.0782 0364	LSI_SAS2 - ok
17:46:30.0813 0364	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
17:46:30.0813 0364	LSI_SCSI - ok
17:46:30.0829 0364	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:46:30.0875 0364	luafv - ok
17:46:30.0922 0364	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
17:46:30.0938 0364	MBAMProtector - ok
17:46:31.0000 0364	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:46:31.0031 0364	MBAMService - ok
17:46:31.0125 0364	McAWFwk         (9504f1dda1b67fb8d526fd4f8cc882f3) c:\PROGRA~1\mcafee\msc\mcawfwk.exe
17:46:31.0141 0364	McAWFwk - ok
17:46:31.0172 0364	McMPFSvc        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:46:31.0187 0364	McMPFSvc - ok
17:46:31.0203 0364	mcmscsvc        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:46:31.0203 0364	mcmscsvc - ok
17:46:31.0203 0364	McNaiAnn        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:46:31.0219 0364	McNaiAnn - ok
17:46:31.0219 0364	McNASvc         (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:46:31.0219 0364	McNASvc - ok
17:46:31.0297 0364	McODS           (dd01bf24dd6bf70a90549f9a7bb2d1eb) C:\Program Files\mcafee\VirusScan\mcods.exe
17:46:31.0312 0364	McODS - ok
17:46:31.0312 0364	McOobeSv        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:46:31.0328 0364	McOobeSv - ok
17:46:31.0328 0364	McProxy         (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:46:31.0343 0364	McProxy - ok
17:46:31.0375 0364	McShield        (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
17:46:31.0390 0364	McShield - ok
17:46:31.0468 0364	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:46:31.0499 0364	Mcx2Svc - ok
17:46:31.0531 0364	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
17:46:31.0546 0364	megasas - ok
17:46:31.0577 0364	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
17:46:31.0593 0364	MegaSR - ok
17:46:31.0624 0364	MEIx64          (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
17:46:31.0624 0364	MEIx64 - ok
17:46:31.0671 0364	mfeapfk         (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
17:46:31.0687 0364	mfeapfk - ok
17:46:31.0702 0364	mfeavfk         (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
17:46:31.0718 0364	mfeavfk - ok
17:46:31.0780 0364	mfeavfk01 - ok
17:46:31.0811 0364	mfefire         (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
17:46:31.0811 0364	mfefire - ok
17:46:31.0843 0364	mfefirek        (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
17:46:31.0858 0364	mfefirek - ok
17:46:31.0921 0364	mfehidk         (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
17:46:31.0952 0364	mfehidk - ok
17:46:31.0967 0364	mfenlfk         (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
17:46:31.0967 0364	mfenlfk - ok
17:46:31.0983 0364	mferkdet        (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
17:46:31.0983 0364	mferkdet - ok
17:46:31.0999 0364	mfevtp          (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
17:46:32.0014 0364	mfevtp - ok
17:46:32.0061 0364	mfewfpk         (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
17:46:32.0077 0364	mfewfpk - ok
17:46:32.0092 0364	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:46:32.0139 0364	MMCSS - ok
17:46:32.0186 0364	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:46:32.0248 0364	Modem - ok
17:46:32.0264 0364	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:46:32.0295 0364	monitor - ok
17:46:32.0311 0364	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:46:32.0326 0364	mouclass - ok
17:46:32.0326 0364	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:46:32.0342 0364	mouhid - ok
17:46:32.0357 0364	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:46:32.0373 0364	mountmgr - ok
17:46:32.0389 0364	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:46:32.0404 0364	mpio - ok
17:46:32.0420 0364	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:46:32.0435 0364	mpsdrv - ok
17:46:32.0482 0364	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:46:32.0513 0364	MpsSvc - ok
17:46:32.0529 0364	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:46:32.0576 0364	MRxDAV - ok
17:46:32.0591 0364	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:46:32.0623 0364	mrxsmb - ok
17:46:32.0685 0364	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:46:32.0701 0364	mrxsmb10 - ok
17:46:32.0763 0364	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:46:32.0779 0364	mrxsmb20 - ok
17:46:32.0794 0364	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:46:32.0810 0364	msahci - ok
17:46:32.0825 0364	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:46:32.0841 0364	msdsm - ok
17:46:32.0857 0364	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:46:32.0872 0364	MSDTC - ok
17:46:32.0888 0364	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:46:32.0919 0364	Msfs - ok
17:46:32.0935 0364	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:46:32.0981 0364	mshidkmdf - ok
17:46:32.0997 0364	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:46:33.0013 0364	msisadrv - ok
17:46:33.0044 0364	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:46:33.0091 0364	MSiSCSI - ok
17:46:33.0091 0364	msiserver - ok
17:46:33.0418 0364	MSK80Service    (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:46:33.0434 0364	MSK80Service - ok
17:46:33.0449 0364	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:46:33.0512 0364	MSKSSRV - ok
17:46:33.0512 0364	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:46:33.0574 0364	MSPCLOCK - ok
17:46:33.0590 0364	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:46:33.0637 0364	MSPQM - ok
17:46:33.0683 0364	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:46:33.0699 0364	MsRPC - ok
17:46:33.0715 0364	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:46:33.0715 0364	mssmbios - ok
17:46:33.0730 0364	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:46:33.0761 0364	MSTEE - ok
17:46:33.0777 0364	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
17:46:33.0793 0364	MTConfig - ok
17:46:33.0793 0364	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:46:33.0808 0364	Mup - ok
17:46:33.0839 0364	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:46:33.0871 0364	napagent - ok
17:46:33.0917 0364	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:46:33.0933 0364	NativeWifiP - ok
17:46:33.0995 0364	NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
17:46:34.0027 0364	NDIS - ok
17:46:34.0042 0364	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:46:34.0058 0364	NdisCap - ok
17:46:34.0089 0364	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:46:34.0120 0364	NdisTapi - ok
17:46:34.0136 0364	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:46:34.0167 0364	Ndisuio - ok
17:46:34.0183 0364	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:46:34.0229 0364	NdisWan - ok
17:46:34.0229 0364	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:46:34.0292 0364	NDProxy - ok
17:46:34.0307 0364	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:46:34.0370 0364	NetBIOS - ok
17:46:34.0385 0364	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:46:34.0417 0364	NetBT - ok
17:46:34.0448 0364	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:46:34.0448 0364	Netlogon - ok
17:46:34.0495 0364	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:46:34.0541 0364	Netman - ok
17:46:34.0604 0364	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:46:34.0619 0364	NetMsmqActivator - ok
17:46:34.0619 0364	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:46:34.0635 0364	NetPipeActivator - ok
17:46:34.0994 0364	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:46:35.0056 0364	netprofm - ok
17:46:35.0056 0364	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:46:35.0056 0364	NetTcpActivator - ok
17:46:35.0056 0364	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:46:35.0072 0364	NetTcpPortSharing - ok
17:46:35.0103 0364	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
17:46:35.0119 0364	nfrd960 - ok
17:46:35.0134 0364	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:46:35.0197 0364	NlaSvc - ok
17:46:35.0477 0364	NOBU            (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
17:46:35.0524 0364	NOBU - ok
17:46:35.0587 0364	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:46:35.0618 0364	Npfs - ok
17:46:35.0649 0364	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:46:35.0680 0364	nsi - ok
17:46:35.0680 0364	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:46:35.0711 0364	nsiproxy - ok
17:46:36.0569 0364	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:46:36.0632 0364	Ntfs - ok
17:46:38.0566 0364	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:46:38.0613 0364	Null - ok
17:46:38.0660 0364	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:46:38.0675 0364	nvraid - ok
17:46:38.0722 0364	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:46:38.0738 0364	nvstor - ok
17:46:38.0753 0364	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:46:38.0769 0364	nv_agp - ok
17:46:38.0800 0364	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:46:38.0816 0364	ohci1394 - ok
17:46:38.0847 0364	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:46:38.0894 0364	p2pimsvc - ok
17:46:38.0925 0364	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:46:38.0956 0364	p2psvc - ok
17:46:38.0972 0364	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
17:46:38.0987 0364	Parport - ok
17:46:39.0003 0364	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:46:39.0019 0364	partmgr - ok
17:46:39.0034 0364	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:46:39.0065 0364	PcaSvc - ok
17:46:39.0175 0364	PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
17:46:39.0190 0364	PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
17:46:39.0377 0364	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:46:39.0409 0364	pci - ok
17:46:39.0424 0364	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:46:39.0440 0364	pciide - ok
17:46:39.0487 0364	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
17:46:39.0502 0364	pcmcia - ok
17:46:39.0518 0364	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:46:39.0533 0364	pcw - ok
17:46:39.0565 0364	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:46:39.0689 0364	PEAUTH - ok
17:46:39.0799 0364	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:46:39.0814 0364	PerfHost - ok
17:46:40.0844 0364	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:46:40.0922 0364	pla - ok
17:46:40.0969 0364	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:46:41.0015 0364	PlugPlay - ok
17:46:41.0031 0364	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:46:41.0062 0364	PNRPAutoReg - ok
17:46:41.0078 0364	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:46:41.0109 0364	PNRPsvc - ok
17:46:41.0561 0364	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:46:41.0639 0364	PolicyAgent - ok
17:46:41.0671 0364	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:46:41.0733 0364	Power - ok
17:46:41.0811 0364	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:46:41.0858 0364	PptpMiniport - ok
17:46:41.0967 0364	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
17:46:41.0998 0364	Processor - ok
17:46:42.0029 0364	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:46:42.0076 0364	ProfSvc - ok
17:46:42.0185 0364	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:46:42.0201 0364	ProtectedStorage - ok
17:46:42.0232 0364	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:46:42.0279 0364	Psched - ok
17:46:42.0373 0364	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
17:46:42.0373 0364	PxHlpa64 - ok
17:46:42.0451 0364	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
17:46:42.0513 0364	ql2300 - ok
17:46:42.0607 0364	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
17:46:42.0622 0364	ql40xx - ok
17:46:42.0638 0364	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:46:42.0653 0364	QWAVE - ok
17:46:42.0669 0364	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:46:42.0700 0364	QWAVEdrv - ok
17:46:42.0716 0364	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:46:42.0731 0364	RasAcd - ok
17:46:42.0778 0364	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:46:42.0809 0364	RasAgileVpn - ok
17:46:42.0841 0364	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:46:42.0887 0364	RasAuto - ok
17:46:42.0919 0364	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:46:42.0965 0364	Rasl2tp - ok
17:46:42.0997 0364	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:46:43.0043 0364	RasMan - ok
17:46:43.0059 0364	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:46:43.0075 0364	RasPppoe - ok
17:46:43.0106 0364	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:46:43.0121 0364	RasSstp - ok
17:46:43.0153 0364	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:46:43.0199 0364	rdbss - ok
17:46:43.0199 0364	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
17:46:43.0215 0364	rdpbus - ok
17:46:43.0231 0364	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:46:43.0246 0364	RDPCDD - ok
17:46:43.0277 0364	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:46:43.0324 0364	RDPENCDD - ok
17:46:43.0340 0364	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:46:43.0355 0364	RDPREFMP - ok
17:46:43.0465 0364	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:46:43.0496 0364	RDPWD - ok
17:46:43.0527 0364	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:46:43.0543 0364	rdyboost - ok
17:46:43.0574 0364	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:46:43.0621 0364	RemoteAccess - ok
17:46:43.0699 0364	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:46:43.0777 0364	RemoteRegistry - ok
17:46:44.0541 0364	RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
17:46:44.0588 0364	RoxMediaDB12OEM - ok
17:46:44.0619 0364	RoxWatch12      (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
17:46:44.0635 0364	RoxWatch12 - ok
17:46:44.0759 0364	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:46:44.0806 0364	RpcEptMapper - ok
17:46:44.0822 0364	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:46:44.0837 0364	RpcLocator - ok
17:46:44.0869 0364	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:46:44.0915 0364	RpcSs - ok
17:46:44.0993 0364	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:46:45.0056 0364	rspndr - ok
17:46:45.0087 0364	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:46:45.0103 0364	SamSs - ok
17:46:45.0118 0364	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:46:45.0118 0364	sbp2port - ok
17:46:45.0165 0364	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:46:45.0227 0364	SCardSvr - ok
17:46:45.0259 0364	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:46:45.0305 0364	scfilter - ok
17:46:45.0352 0364	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:46:45.0415 0364	Schedule - ok
17:46:45.0446 0364	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:46:45.0461 0364	SCPolicySvc - ok
17:46:45.0493 0364	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:46:45.0508 0364	SDRSVC - ok
17:46:45.0571 0364	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:46:45.0602 0364	secdrv - ok
17:46:45.0617 0364	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:46:45.0649 0364	seclogon - ok
17:46:45.0664 0364	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:46:45.0695 0364	SENS - ok
17:46:45.0727 0364	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:46:45.0758 0364	SensrSvc - ok
17:46:45.0789 0364	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
17:46:45.0820 0364	Serenum - ok
17:46:45.0836 0364	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
17:46:45.0851 0364	Serial - ok
17:46:45.0883 0364	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
17:46:45.0914 0364	sermouse - ok
17:46:45.0945 0364	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:46:45.0961 0364	SessionEnv - ok
17:46:45.0976 0364	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:46:45.0992 0364	sffdisk - ok
17:46:46.0007 0364	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:46:46.0023 0364	sffp_mmc - ok
17:46:46.0039 0364	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:46:46.0054 0364	sffp_sd - ok
17:46:46.0054 0364	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
17:46:46.0070 0364	sfloppy - ok
17:46:46.0319 0364	SftService      (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
17:46:46.0351 0364	SftService - ok
17:46:46.0475 0364	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:46:46.0522 0364	SharedAccess - ok
17:46:46.0553 0364	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:46:46.0616 0364	ShellHWDetection - ok
17:46:46.0678 0364	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
17:46:46.0694 0364	SiSRaid2 - ok
17:46:46.0709 0364	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
17:46:46.0725 0364	SiSRaid4 - ok
17:46:46.0756 0364	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:46:46.0803 0364	Smb - ok
17:46:46.0834 0364	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:46:46.0850 0364	SNMPTRAP - ok
17:46:46.0865 0364	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:46:46.0881 0364	spldr - ok
17:46:46.0912 0364	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:46:46.0959 0364	Spooler - ok
17:46:47.0599 0364	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:46:47.0661 0364	sppsvc - ok
17:46:47.0770 0364	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:46:47.0801 0364	sppuinotify - ok
17:46:47.0848 0364	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:46:47.0911 0364	srv - ok
17:46:47.0973 0364	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:46:47.0989 0364	srv2 - ok
17:46:48.0020 0364	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:46:48.0020 0364	srvnet - ok
17:46:48.0051 0364	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:46:48.0098 0364	SSDPSRV - ok
17:46:48.0176 0364	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:46:48.0207 0364	SstpSvc - ok
17:46:48.0238 0364	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
17:46:48.0238 0364	stexstor - ok
17:46:48.0301 0364	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:46:48.0332 0364	stisvc - ok
17:46:48.0394 0364	stllssvr        (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
17:46:48.0394 0364	stllssvr - ok
17:46:48.0425 0364	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:46:48.0425 0364	swenum - ok
17:46:48.0472 0364	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:46:48.0535 0364	swprv - ok
17:46:49.0096 0364	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:46:49.0159 0364	SysMain - ok
17:46:49.0564 0364	t3              (6b153e518dbe6ef59191152e1ecf7ed4) C:\Windows\system32\drivers\t3.sys
17:46:49.0595 0364	t3 - ok
17:46:49.0705 0364	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:46:49.0736 0364	TabletInputService - ok
17:46:49.0783 0364	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:46:49.0829 0364	TapiSrv - ok
17:46:49.0845 0364	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:46:49.0892 0364	TBS - ok
17:46:50.0173 0364	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:46:50.0251 0364	Tcpip - ok
17:46:50.0531 0364	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:46:50.0563 0364	TCPIP6 - ok
17:46:50.0890 0364	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:46:50.0937 0364	tcpipreg - ok
17:46:50.0953 0364	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:46:50.0968 0364	TDPIPE - ok
17:46:50.0999 0364	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:46:51.0015 0364	TDTCP - ok
17:46:51.0031 0364	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:46:51.0062 0364	tdx - ok
17:46:51.0077 0364	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
17:46:51.0093 0364	TermDD - ok
17:46:51.0124 0364	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:46:51.0187 0364	TermService - ok
17:46:51.0202 0364	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:46:51.0218 0364	Themes - ok
17:46:51.0233 0364	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:46:51.0265 0364	THREADORDER - ok
17:46:51.0296 0364	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:46:51.0327 0364	TrkWks - ok
17:46:51.0358 0364	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:46:51.0421 0364	TrustedInstaller - ok
17:46:51.0436 0364	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:46:51.0483 0364	tssecsrv - ok
17:46:51.0514 0364	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:46:51.0530 0364	TsUsbFlt - ok
17:46:51.0545 0364	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
17:46:51.0561 0364	TsUsbGD - ok
17:46:51.0592 0364	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:46:51.0639 0364	tunnel - ok
17:46:51.0655 0364	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
17:46:51.0670 0364	uagp35 - ok
17:46:51.0686 0364	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:46:51.0733 0364	udfs - ok
17:46:51.0748 0364	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:46:51.0764 0364	UI0Detect - ok
17:46:51.0795 0364	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:46:51.0795 0364	uliagpkx - ok
17:46:51.0826 0364	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:46:51.0842 0364	umbus - ok
17:46:51.0873 0364	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
17:46:51.0889 0364	UmPass - ok
17:46:51.0935 0364	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:46:51.0998 0364	upnphost - ok
17:46:52.0029 0364	usbccgp         (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\drivers\usbccgp.sys
17:46:52.0076 0364	usbccgp - ok
17:46:52.0091 0364	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:46:52.0107 0364	usbcir - ok
17:46:52.0123 0364	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
17:46:52.0154 0364	usbehci - ok
17:46:52.0185 0364	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:46:52.0201 0364	usbhub - ok
17:46:52.0216 0364	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:46:52.0232 0364	usbohci - ok
17:46:52.0247 0364	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
17:46:52.0263 0364	usbprint - ok
17:46:52.0294 0364	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:46:52.0325 0364	USBSTOR - ok
17:46:52.0357 0364	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:46:52.0372 0364	usbuhci - ok
17:46:52.0388 0364	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:46:52.0419 0364	UxSms - ok
17:46:52.0450 0364	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:46:52.0466 0364	VaultSvc - ok
17:46:52.0497 0364	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:46:52.0497 0364	vdrvroot - ok
17:46:52.0559 0364	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:46:52.0622 0364	vds - ok
17:46:52.0637 0364	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:46:52.0669 0364	vga - ok
17:46:52.0684 0364	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:46:52.0715 0364	VgaSave - ok
17:46:52.0747 0364	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:46:52.0762 0364	vhdmp - ok
17:46:52.0778 0364	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:46:52.0778 0364	viaide - ok
17:46:52.0809 0364	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:46:52.0825 0364	volmgr - ok
17:46:52.0856 0364	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:46:52.0871 0364	volmgrx - ok
17:46:52.0887 0364	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:46:52.0903 0364	volsnap - ok
17:46:52.0918 0364	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
17:46:52.0934 0364	vsmraid - ok
17:46:53.0012 0364	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:46:53.0074 0364	VSS - ok
17:46:53.0293 0364	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:46:53.0324 0364	vwifibus - ok
17:46:53.0355 0364	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:46:53.0402 0364	W32Time - ok
17:46:53.0402 0364	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
17:46:53.0417 0364	WacomPen - ok
17:46:53.0449 0364	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:46:53.0495 0364	WANARP - ok
17:46:53.0511 0364	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:46:53.0527 0364	Wanarpv6 - ok
17:46:53.0636 0364	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:46:53.0698 0364	WatAdminSvc - ok
17:46:54.0619 0364	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:46:54.0681 0364	wbengine - ok
17:46:54.0899 0364	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:46:54.0931 0364	WbioSrvc - ok
17:46:54.0962 0364	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:46:55.0009 0364	wcncsvc - ok
17:46:55.0024 0364	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:46:55.0055 0364	WcsPlugInService - ok
17:46:55.0071 0364	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
17:46:55.0087 0364	Wd - ok
17:46:55.0165 0364	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:46:55.0196 0364	Wdf01000 - ok
17:46:55.0211 0364	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:46:55.0305 0364	WdiServiceHost - ok
17:46:55.0305 0364	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:46:55.0321 0364	WdiSystemHost - ok
17:46:55.0430 0364	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:46:55.0461 0364	WebClient - ok
17:46:55.0477 0364	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:46:55.0539 0364	Wecsvc - ok
17:46:55.0570 0364	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:46:55.0617 0364	wercplsupport - ok
17:46:55.0664 0364	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:46:55.0711 0364	WerSvc - ok
17:46:55.0726 0364	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:46:55.0757 0364	WfpLwf - ok
17:46:55.0789 0364	WimFltr         (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
17:46:55.0804 0364	WimFltr - ok
17:46:55.0804 0364	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:46:55.0820 0364	WIMMount - ok
17:46:55.0835 0364	WinDefend - ok
17:46:55.0835 0364	WinHttpAutoProxySvc - ok
17:46:56.0038 0364	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:46:56.0069 0364	Winmgmt - ok
17:46:56.0303 0364	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:46:56.0381 0364	WinRM - ok
17:46:56.0522 0364	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:46:56.0553 0364	Wlansvc - ok
17:46:56.0662 0364	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:46:56.0693 0364	wlcrasvc - ok
17:46:56.0818 0364	wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:46:56.0865 0364	wlidsvc - ok
17:46:56.0974 0364	WmBEnum         (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
17:46:56.0974 0364	WmBEnum - ok
17:46:57.0005 0364	WmFilter        (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
17:46:57.0021 0364	WmFilter - ok
17:46:57.0068 0364	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:46:57.0083 0364	WmiAcpi - ok
17:46:57.0146 0364	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:46:57.0177 0364	wmiApSrv - ok
17:46:57.0208 0364	WMPNetworkSvc - ok
17:46:57.0224 0364	WmVirHid        (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
17:46:57.0239 0364	WmVirHid - ok
17:46:57.0255 0364	WmXlCore        (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
17:46:57.0271 0364	WmXlCore - ok
17:46:57.0302 0364	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:46:57.0317 0364	WPCSvc - ok
17:46:57.0349 0364	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:46:57.0364 0364	WPDBusEnum - ok
17:46:57.0380 0364	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:46:57.0411 0364	ws2ifsl - ok
17:46:57.0551 0364	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
17:46:57.0598 0364	wscsvc - ok
17:46:57.0598 0364	WSearch - ok
17:46:57.0785 0364	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:46:57.0863 0364	wuauserv - ok
17:46:58.0191 0364	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:46:58.0238 0364	WudfPf - ok
17:46:58.0300 0364	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:46:58.0347 0364	WUDFRd - ok
17:46:58.0456 0364	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:46:58.0503 0364	wudfsvc - ok
17:46:58.0519 0364	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:46:58.0550 0364	WwanSvc - ok
17:46:58.0581 0364	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:46:59.0033 0364	\Device\Harddisk0\DR0 - ok
17:46:59.0033 0364	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
17:46:59.0595 0364	\Device\Harddisk1\DR1 - ok
17:46:59.0611 0364	Boot (0x1200)   (7b68318c29da0ff400b7f8e511afc06b) \Device\Harddisk0\DR0\Partition0
17:46:59.0611 0364	\Device\Harddisk0\DR0\Partition0 - ok
17:46:59.0626 0364	Boot (0x1200)   (ec962ed6f3e7ddb7e6c822b86663660c) \Device\Harddisk0\DR0\Partition1
17:46:59.0626 0364	\Device\Harddisk0\DR0\Partition1 - ok
17:46:59.0626 0364	Boot (0x1200)   (6a53da9ec3ee24d3135de30b6930d9bc) \Device\Harddisk1\DR1\Partition0
17:46:59.0626 0364	\Device\Harddisk1\DR1\Partition0 - ok
17:46:59.0626 0364	============================================================
17:46:59.0626 0364	Scan finished
17:46:59.0626 0364	============================================================
17:46:59.0642 1536	Detected object count: 4
17:46:59.0642 1536	Actual detected object count: 4
17:47:18.0362 1536	Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:47:18.0362 1536	Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:47:18.0362 1536	Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:47:18.0362 1536	Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:47:18.0362 1536	CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
17:47:18.0362 1536	CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:47:18.0362 1536	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:47:18.0362 1536	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 11.06.2012, 20:22   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Suisa-Trojaner: leerer Desktop, leeres Startmenü - Standard

Suisa-Trojaner: leerer Desktop, leeres Startmenü



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.06.2012, 21:52   #13
pflock
 
Suisa-Trojaner: leerer Desktop, leeres Startmenü - Standard

Suisa-Trojaner: leerer Desktop, leeres Startmenü



Und das ComboFix-Log:

Code:
ATTFilter
ComboFix 12-06-11.04 - Alexander Limacher 11.06.2012  22:33:54.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.41.1031.18.6126.4603 [GMT 2:00]
ausgeführt von:: c:\users\Alexander Limacher\Documents\Downloads\Combofix\ComboFix.exe
AV: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee  Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\288d198f-eb50-4316-9b17-4269c8487bf7.dll
c:\programdata\Windows
c:\programdata\windows\ccdxmmde.dat
c:\programdata\Windows\drss.dat
c:\programdata\windows\xessmsxe.dat
c:\users\Alexander Limacher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
c:\users\Alexander Limacher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD\SMART HDD.lnk
c:\users\Alexander Limacher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD\Uninstall SMART HDD.lnk
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-11 bis 2012-06-11  ))))))))))))))))))))))))))))))
.
.
2012-06-10 20:01 . 2012-06-10 20:01	--------	d-----w-	C:\_OTL
2012-06-09 13:07 . 2012-06-09 13:07	--------	d-----w-	c:\program files (x86)\ESET
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 13:56 . 2012-04-14 13:27	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-20 11:11 . 2011-07-13 08:00	162192	----a-w-	c:\windows\system32\mfevtps.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-02-03 237693]
"SPIRunE"="SPIRunE.dll" [2009-07-27 18432]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 336384]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-25 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-09-05 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-29 885760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-07-13 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-07-13 79360]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16]
.
2012-06-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16]
.
2012-06-11 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-29 2055016]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-27 2022976]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ch/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Alexander Limacher\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-11  22:42:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-11 20:42
.
Vor Suchlauf: 16 Verzeichnis(se), 1'378'022'912'000 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 1'377'741'582'336 Bytes frei
.
- - End Of File - - A1CC56C696D61FDDD7C9851A3360F6C6
         

Alt 11.06.2012, 22:05   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Suisa-Trojaner: leerer Desktop, leeres Startmenü - Standard

Suisa-Trojaner: leerer Desktop, leeres Startmenü



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.06.2012, 20:55   #15
pflock
 
Suisa-Trojaner: leerer Desktop, leeres Startmenü - Standard

Suisa-Trojaner: leerer Desktop, leeres Startmenü



1. GMER
Das Log war leer. Nichts zu kopieren und [save] speicherte eine leere Datei.

2. OSAM
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:40:34 on 12.06.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"PCDoctorBackgroundMonitorTask-Delay.job" - "PC-Doctor, Inc." - C:\Program Files\Dell Support Center\uaclauncher.exe
"PCDoctorBackgroundMonitorTask.job" - "PC-Doctor, Inc." - C:\Program Files\Dell Support Center\uaclauncher.exe
"SystemToolsDailyTest.job" - "PC-Doctor, Inc." - C:\Program Files\Dell Support Center\uaclauncher.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"CreativeAudioConsole" - "Creative Technology Ltd" - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\AudioCS\CTAudCS.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"McAfee Inc." (mfeavfk01) - ? - C:\Windows\system32\drivers\mfeavfk01.sys  (File not found)
"PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver" (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) - "PC-Doctor, Inc." - c:\program files\dell support center\pcdsrvc_x64.pkms
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{3EF5086B-5478-4598-A054-786C45D75692} "McInternetProtocolRoot Class" - "McAfee, Inc." - c:\progra~2\mcafee\msc\mcsniepl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -   (File not found | COM-object registry key not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files (x86)\WinRAR\rarext.dll
{B41DB860-64E4-11D2-9906-E49FADC173CA} "WinRAR shell extension" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
ITBar7Height64 "ITBar7Height64" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{E705A591-DA3C-4228-B0D5-A356DBA42FBF} "Creative Software AutoUpdate 2" - "Creative Technology Ltd" - C:\PROGRA~2\Creative\SHARED~1\SOFTWA~1\CTSUEng.ocx / hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
{F6ACF75C-C32C-447B-9BEF-46B766368D29} "Creative Software AutoUpdate Support Package" - "Creative Technology Ltd" - C:\PROGRA~2\Creative\SHARED~1\SOFTWA~1\CTPID.ocx / hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
{D4B68B83-8710-488B-A692-D74B50BA558E} "Creative Software AutoUpdate Support Package 2" - "Creative Technology Ltd" - C:\Windows\DOWNLO~1\CTPIDPDE.ocx / hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} "scriptproxy" - "McAfee, Inc." - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120521214832.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Alexander Limacher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AccuWeatherWidget" - ? - "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Dell DataSafe Online" - "Dell, Inc." - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
"Desktop Disc Tool" - ? - "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
"IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"mcui_exe" - "McAfee, Inc." - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
"RoxWatchTray" - "Sonic Solutions" - "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
"ShwiconXP9106" - "Alcor Micro Corp." - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"THX Audio Control Panel" - "Creative Technology Ltd" - "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
"UpdReg" - "Creative Technology Ltd." - C:\Windows\UpdReg.EXE
"VolPanel" - "Creative Technology Ltd" - "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"Creative ALchemy AL6 Licensing Service" (Creative ALchemy AL6 Licensing Service) - "Creative Labs" - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
"Creative Audio Engine Licensing Service" (Creative Audio Engine Licensing Service) - "Creative Labs" - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
"Creative Audio Service" (CTAudSvcService) - "Creative Technology Ltd" - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
"Dell DataSafe Online" (NOBU) - "Dell, Inc." - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"McAfee Activation Service" (McAWFwk) - "McAfee, Inc." - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
"McAfee Anti-Spam Service" (MSK80Service) - "McAfee, Inc." - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
"McAfee Firewall Core Service" (mfefire) - "McAfee, Inc." - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
"McAfee McShield" (McShield) - "McAfee, Inc." - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
"McAfee Network Agent" (McNASvc) - "McAfee, Inc." - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
"McAfee Personal Firewall Service" (McMPFSvc) - "McAfee, Inc." - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
"McAfee Proxy Service" (McProxy) - "McAfee, Inc." - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
"McAfee Scanner" (McODS) - "McAfee, Inc." - C:\Program Files\mcafee\VirusScan\mcods.exe
"McAfee Services" (mcmscsvc) - "McAfee, Inc." - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
"McAfee Validation Trust Protection Service" (mfevtp) - "McAfee, Inc." - C:\Windows\system32\mfevtps.exe
"McAfee VirusScan Announcer" (McNaiAnn) - "McAfee, Inc." - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Roxio Hard Drive Watcher 12" (RoxWatch12) - "Sonic Solutions" - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
"RoxMediaDB12OEM" (RoxMediaDB12OEM) - "Sonic Solutions" - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
"SoftThinks Agent Service" (SftService) - "SoftThinks SAS" - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
3. aswMBR
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-12 21:43:35
-----------------------------
21:43:35.169    OS Version: Windows x64 6.1.7601 Service Pack 1
21:43:35.169    Number of processors: 4 586 0x2A07
21:43:35.169    ComputerName: LIMIPCWIN7  UserName: 
21:43:37.736    Initialize success
21:44:32.395    AVAST engine defs: 12061200
21:44:50.070    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:44:50.070    Disk 0 Vendor: ST315003 CC4G Size: 1430799MB BusType: 3
21:44:50.085    Disk 0 MBR read successfully
21:44:50.101    Disk 0 MBR scan
21:44:50.101    Disk 0 Windows VISTA default MBR code
21:44:50.101    Disk 0 Partition 1 00     DE Dell Utility DELL 4.1       39 MB offset 63
21:44:50.101    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        13566 MB offset 81920
21:44:50.117    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS      1417192 MB offset 27865088
21:44:50.148    Disk 0 scanning C:\Windows\system32\drivers
21:44:57.620    Service scanning
21:45:11.692    Modules scanning
21:45:11.692    Disk 0 trace - called modules:
21:45:11.707    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
21:45:12.222    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b97060]
21:45:12.222    3 CLASSPNP.SYS[fffff88001ba743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005e81050]
21:45:15.451    AVAST engine scan C:\Windows
21:45:18.478    AVAST engine scan C:\Windows\system32
21:47:26.320    AVAST engine scan C:\Windows\system32\drivers
21:47:36.351    AVAST engine scan C:\Users\Alexander Limacher
21:49:46.767    AVAST engine scan C:\ProgramData
21:51:50.305    Scan finished successfully
21:52:21.521    Disk 0 MBR has been saved successfully to "C:\Users\Alexander Limacher\Desktop\MBR.dat"
21:52:21.521    The log file has been saved successfully to "C:\Users\Alexander Limacher\Desktop\aswMBR.txt"
         
Ich hab jetzt ein mbr.dat auf dem desktop. Kann ich das vernichten?

Antwort

Themen zu Suisa-Trojaner: leerer Desktop, leeres Startmenü
adobe, autorun, backdoor.agent.rcgen, bho, cdrom, dateien, dateisystem, defender, desktop, download, explorer.exe, firefox, format, forum, heuristiks/extra, heuristiks/shuriken, home, malwarebytes, microsoft, registry, scan, searchscopes, software, sound, suisa, system32, tiere, version=1.0, virus, win32, windows, winlogon



Ähnliche Themen: Suisa-Trojaner: leerer Desktop, leeres Startmenü


  1. Trojaner: fehlende verknüpfungen, leeres startmenü
    Plagegeister aller Art und deren Bekämpfung - 13.08.2013 (28)
  2. Desktop und Startmenü nach Trojaner TR/Agent.59392.91 weg
    Plagegeister aller Art und deren Bekämpfung - 11.03.2013 (18)
  3. Leerer Desktop, Computer fährt automatisch herunter
    Plagegeister aller Art und deren Bekämpfung - 09.01.2013 (29)
  4. Suisa Trojaner blockiert Desktop wenn Internetzugang aktiv
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (10)
  5. Suisa - leerer Desktop
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (3)
  6. Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal
    Log-Analyse und Auswertung - 08.08.2012 (9)
  7. Trojaner(?): Festplatte angeblich kaputt, Desktop ist schwarz, Startmenü leer
    Plagegeister aller Art und deren Bekämpfung - 03.08.2012 (14)
  8. Erst Fehlermeldungen und nun keine Daten mehr und leerer Desktop.
    Plagegeister aller Art und deren Bekämpfung - 30.03.2012 (32)
  9. GEMA-Trojaner: zwar wohl entfernt (c't Desinfect), aber desktop.ini fehlerhaft: leerer Desktop...
    Plagegeister aller Art und deren Bekämpfung - 14.01.2012 (2)
  10. immer leerer Desktop nach dem 'Gema-Virus'
    Log-Analyse und Auswertung - 08.12.2011 (28)
  11. Starker Trojaner(?)-Befall! Alle Dateien (Desktop, Startmenü) weg, ununterbrochen Pop-ups.
    Plagegeister aller Art und deren Bekämpfung - 31.10.2011 (5)
  12. Probleme nach Problembehandlung "Leerer Desktop/Startmenü/Festplatte"
    Plagegeister aller Art und deren Bekämpfung - 25.07.2011 (28)
  13. Vista: Nach Entfernung des Trojaners Windows Recovery leerer Desktop
    Plagegeister aller Art und deren Bekämpfung - 14.06.2011 (1)
  14. Desktop schwarz, Startmenü leer, HDD
    Plagegeister aller Art und deren Bekämpfung - 07.06.2011 (23)
  15. Windows recovery - leerer Desktop trotz unhide & Loganalyse
    Log-Analyse und Auswertung - 07.05.2011 (19)
  16. Leerer Desktop nach Entfernung von Windows Recovery durch Malewarebytes
    Log-Analyse und Auswertung - 01.05.2011 (7)
  17. Leerer Desktop beim Hochfahren
    Alles rund um Windows - 30.07.2008 (9)

Zum Thema Suisa-Trojaner: leerer Desktop, leeres Startmenü - Hallo Mein PC hatte schon vor längerem den Suisa-Trojaner eingefangen. Mit Malwarebytes bin ich - so glaube ich - den Virus losgeworden. Was übrig blieb, ist ein praktisch leerer Desktop, - Suisa-Trojaner: leerer Desktop, leeres Startmenü...
Archiv
Du betrachtest: Suisa-Trojaner: leerer Desktop, leeres Startmenü auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.