Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 18.06.2012, 15:41   #1
kjkjjj1108
 
Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI - Standard

Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI



Hallo liebe Helfer in der Not,

seit Donnerstag letzter Woche meldet AVIRA (wie bei so vielen anderen hier auf dem board) in kurzen Abständen die Funde "W32/Patched.UA", "TR/ATRAPS.Gen2" und "TR/Small.FI".
Ich bin sehr froh, dass ich Euch gefunden habe und hoffe, Ihr könnt mir helfen. Damit dieses auch möglich ist, habe ich mich sklavisch an die Anweisungen gehalten und poste jetzt hier die Ergebnisse meiner SCANS:

AVIRA
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 18. Juni 2012  09:48

Es wird nach 3844536 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows (TM) Vista Home Premium
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : MEPHISTO

Versionsinformationen:
BUILD.DAT      : 12.0.0.1125    41829 Bytes  02.05.2012 16:34:00
AVSCAN.EXE     : 12.3.0.15     466896 Bytes  08.05.2012 17:53:26
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  08.05.2012 17:53:25
LUKE.DLL       : 12.3.0.15      68304 Bytes  08.05.2012 17:53:40
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 17:53:43
AVREG.DLL      : 12.3.0.17     232200 Bytes  10.05.2012 18:39:42
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 08:24:16
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 09:20:19
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 09:28:26
VBASE005.VDF   : 7.11.29.136  2166272 Bytes  10.05.2012 18:39:39
VBASE006.VDF   : 7.11.29.137     2048 Bytes  10.05.2012 18:39:39
VBASE007.VDF   : 7.11.29.138     2048 Bytes  10.05.2012 18:39:40
VBASE008.VDF   : 7.11.29.139     2048 Bytes  10.05.2012 18:39:40
VBASE009.VDF   : 7.11.29.140     2048 Bytes  10.05.2012 18:39:40
VBASE010.VDF   : 7.11.29.141     2048 Bytes  10.05.2012 18:39:40
VBASE011.VDF   : 7.11.29.142     2048 Bytes  10.05.2012 18:39:40
VBASE012.VDF   : 7.11.29.143     2048 Bytes  10.05.2012 18:39:40
VBASE013.VDF   : 7.11.29.144     2048 Bytes  10.05.2012 18:39:40
VBASE014.VDF   : 7.11.30.3     198144 Bytes  14.05.2012 17:56:08
VBASE015.VDF   : 7.11.30.69    186368 Bytes  17.05.2012 17:56:12
VBASE016.VDF   : 7.11.30.143   223744 Bytes  21.05.2012 17:56:19
VBASE017.VDF   : 7.11.30.207   287744 Bytes  23.05.2012 17:56:32
VBASE018.VDF   : 7.11.31.57    188416 Bytes  28.05.2012 17:56:39
VBASE019.VDF   : 7.11.31.111   214528 Bytes  30.05.2012 09:24:38
VBASE020.VDF   : 7.11.31.151   116736 Bytes  31.05.2012 09:24:38
VBASE021.VDF   : 7.11.31.205   134144 Bytes  03.06.2012 13:29:29
VBASE022.VDF   : 7.11.32.9     169472 Bytes  05.06.2012 07:49:22
VBASE023.VDF   : 7.11.32.85    155648 Bytes  08.06.2012 19:00:48
VBASE024.VDF   : 7.11.32.133   127488 Bytes  11.06.2012 19:45:46
VBASE025.VDF   : 7.11.32.171   182784 Bytes  12.06.2012 19:45:51
VBASE026.VDF   : 7.11.32.251   119296 Bytes  14.06.2012 11:45:43
VBASE027.VDF   : 7.11.32.252     2048 Bytes  14.06.2012 11:45:43
VBASE028.VDF   : 7.11.32.253     2048 Bytes  14.06.2012 11:45:43
VBASE029.VDF   : 7.11.32.254     2048 Bytes  14.06.2012 11:45:43
VBASE030.VDF   : 7.11.32.255     2048 Bytes  14.06.2012 11:45:44
VBASE031.VDF   : 7.11.33.62    105472 Bytes  18.06.2012 07:45:39
Engineversion  : 8.2.10.92 
AEVDF.DLL      : 8.1.2.8       106867 Bytes  03.06.2012 09:24:45
AESCRIPT.DLL   : 8.1.4.26      450939 Bytes  15.06.2012 11:47:18
AESCN.DLL      : 8.1.8.2       131444 Bytes  30.01.2012 10:20:48
AESBX.DLL      : 8.2.5.12      606578 Bytes  15.06.2012 11:47:30
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 21:16:06
AEPACK.DLL     : 8.2.16.18     807287 Bytes  15.06.2012 11:47:09
AEOFFICE.DLL   : 8.1.2.36      201082 Bytes  15.06.2012 11:46:55
AEHEUR.DLL     : 8.1.4.46     4923767 Bytes  15.06.2012 11:46:53
AEHELP.DLL     : 8.1.21.0      254326 Bytes  11.05.2012 18:39:29
AEGEN.DLL      : 8.1.5.30      422261 Bytes  15.06.2012 11:45:48
AEEXP.DLL      : 8.1.0.52       82293 Bytes  15.06.2012 11:47:30
AEEMU.DLL      : 8.1.3.0       393589 Bytes  01.09.2011 21:46:01
AECORE.DLL     : 8.1.25.10     201080 Bytes  03.06.2012 09:24:39
AEBB.DLL       : 8.1.1.0        53618 Bytes  01.09.2011 21:46:01
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 17:53:17
AVPREF.DLL     : 12.3.0.15      51920 Bytes  08.05.2012 17:53:25
AVREP.DLL      : 12.3.0.15     179208 Bytes  08.05.2012 17:53:43
AVARKT.DLL     : 12.3.0.15     211408 Bytes  08.05.2012 17:53:21
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  08.05.2012 17:53:24
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  08.05.2012 17:53:42
AVSMTP.DLL     : 12.3.0.15      63440 Bytes  08.05.2012 17:53:28
NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 17:53:40
RCIMAGE.DLL    : 12.3.0.15    4447952 Bytes  08.05.2012 17:53:17
RCTEXT.DLL     : 12.3.0.15      98512 Bytes  08.05.2012 17:53:18

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +JOKE,+PCK,+SPR,

Beginn des Suchlaufs: Montag, 18. Juni 2012  09:48

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Adobe
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\ADOBE SYSTEMS
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Agfa
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\C07ft5Y
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\CyberLink
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\DivXNetworks
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DownloadManager
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\EmbedExtnToClsidMappings
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Jet
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\MediaPlayer
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\RAS AutoDial
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Works
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nokia
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\RIS
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\S3R521
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
Versteckter Treiber
  [HINWEIS]   Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpntray.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'GarminLifetime.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'WebcamDell.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVDDXSrv.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'DataSafeOnline.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '144' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesTrayAgent.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTLite.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'conime.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'Toaster.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'DSUpd.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'STSERVICE.EXE' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftservice.EXE' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'mdm.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'hsswd.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'hsssrv.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpnas.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.EXE' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'DockLogin.exe' - '22' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Windows\Sysnative\drivers\sptd.sys
  [WARNUNG]   Die Datei konnte nicht geöffnet werden!
Die Registry wurde durchsucht ( '3736' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <OS>
C:\DELL\j156m\factory\common_64_SM.7z
  [WARNUNG]   Der Archivheader ist defekt
C:\DELL\j156m\factory\common_PF2.7z
  [WARNUNG]   Die Datei ist kennwortgeschützt
C:\Program Files (x86)\Activision\Wolfenstein\SP\base\assets.pk4
  [WARNUNG]   Unerwartetes Dateiende erreicht
C:\Program Files (x86)\Activision\Wolfenstein\SP\base\shaders.pk4
  [WARNUNG]   Unerwartetes Dateiende erreicht
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat
  [WARNUNG]   Die Datei ist kennwortgeschützt
C:\Users\* * *\Desktop\avira_free_antivirus_de.exe
  [WARNUNG]   Die Datei ist kennwortgeschützt
C:\Users\* * *\Desktop\HSS-2.07-install-resell3-306-conduit.exe
  [WARNUNG]   Die Version dieses Archives wird nicht unterstützt
C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\00000001.@
  [FUND]      Ist das Trojanische Pferd TR/Small.FI
C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@
  [FUND]      Ist das Trojanische Pferd TR/ATRAPS.Gen2
C:\Windows\System32\services.exe
  [FUND]      Enthält Erkennungsmuster des Windows-Virus W32/Patched.UA
Beginne mit der Suche in 'D:\' <RECOVERY>

Beginne mit der Desinfektion:
C:\Windows\System32\services.exe
  [FUND]      Enthält Erkennungsmuster des Windows-Virus W32/Patched.UA
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 55055eca.qua erstellt ( QUARANTÄNE )
C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@
  [FUND]      Ist das Trojanische Pferd TR/ATRAPS.Gen2
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4dcc76d8.qua' verschoben!
C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\00000001.@
  [FUND]      Ist das Trojanische Pferd TR/Small.FI
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1f932c30.qua' verschoben!


Ende des Suchlaufs: Montag, 18. Juni 2012  11:58
Benötigte Zeit:  2:08:02 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  49476 Verzeichnisse wurden überprüft
 739565 Dateien wurden geprüft
      3 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      3 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      1 Dateien konnten nicht durchsucht werden
 739561 Dateien ohne Befall
   7201 Archive wurden durchsucht
      8 Warnungen
     24 Hinweise
 1110337 Objekte wurden beim Rootkitscan durchsucht
     21 Versteckte Objekte wurden gefunden
         

Malwarebyte
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.18.03

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
* * * :: MEPHISTO [Administrator]

Schutz: Aktiviert

18.06.2012 12:05:49
mbam-log-2012-06-18 (15-46-16).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 469317
Laufzeit: 3 Stunde(n), 18 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.

(Ende)
         
OTL.txt
Code:
ATTFilter
OTL logfile created on: 18.06.2012 15:56:04 - Run 1
OTL by OldTimer - Version 3.2.49.0     Folder = C:\Users\* * *\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 58,92% Memory free
8,16 Gb Paging File | 6,06 Gb Available in Paging File | 74,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,40 Gb Total Space | 38,78 Gb Free Space | 13,68% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 6,79 Gb Free Space | 46,35% Space Free | Partition Type: NTFS
 
Computer Name: MEPHISTO | User Name: * * * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.18 15:55:31 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\* * *\Desktop\OTL.exe
PRC - [2012.06.14 12:52:26 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012.05.08 19:53:40 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 19:53:24 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 19:53:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.07 03:45:28 | 000,660,296 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2012.01.06 20:36:14 | 000,331,608 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2012.01.06 16:30:00 | 001,446,760 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2012.01.05 01:02:02 | 000,329,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2012.01.05 01:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2011.11.08 12:11:56 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.11.08 12:11:46 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.01.13 21:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011.01.13 21:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011.01.13 21:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
PRC - [2011.01.13 21:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
PRC - [2009.11.13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009.04.10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.11.11 18:07:00 | 000,442,536 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008.05.23 21:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.15 22:28:31 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\592a9a12b07b624764df2eca289116d1\System.Web.Services.ni.dll
MOD - [2012.06.15 22:09:19 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.14 12:19:20 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012.06.14 12:18:49 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012.06.14 12:18:41 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012.06.14 12:18:22 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012.06.14 12:18:19 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012.06.14 11:59:03 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.06.14 11:58:42 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012.06.14 11:57:50 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012.06.03 13:03:51 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012.06.03 12:04:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.06.03 11:23:26 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.06.03 11:22:03 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0b56e0ea0a4fca560a68607afae65ac9\System.Core.ni.dll
MOD - [2012.06.03 11:21:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012.06.03 11:21:03 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012.06.03 11:20:57 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.06.03 11:20:43 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.05.29 21:08:31 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
MOD - [2012.05.29 20:32:50 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012.05.29 20:28:34 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.29 20:28:15 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8a8079623eab0ba9e106436885a0281d\System.Xml.Linq.ni.dll
MOD - [2012.05.29 20:28:13 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012.05.29 20:22:22 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012.05.29 20:22:21 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\8ec275d60f23035b499a67037212ef4f\System.Security.ni.dll
MOD - [2012.05.29 20:22:14 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012.05.29 20:22:02 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012.05.29 20:21:49 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012.01.07 03:45:28 | 000,660,296 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
MOD - [2012.01.06 20:38:08 | 000,009,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll
MOD - [2011.11.27 20:07:07 | 000,115,137 | ---- | M] () -- C:\Users\* * *\AppData\Local\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll
MOD - [2011.11.08 12:11:56 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011.01.13 21:42:02 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2011.01.13 21:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
MOD - [2011.01.13 21:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2011.01.13 21:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2011.01.13 21:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2011.01.13 21:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2011.01.13 21:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2011.01.13 21:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2011.01.13 21:37:04 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2011.01.13 21:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
MOD - [2009.11.13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009.11.13 17:15:00 | 000,365,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll
MOD - [2009.11.13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009.11.13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009.11.13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009.11.13 17:15:00 | 000,046,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll
MOD - [2009.11.13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
MOD - [2009.04.09 23:29:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009.03.29 21:40:06 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.29 21:40:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.03.19 18:26:10 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009.03.19 18:25:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008.12.21 20:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008.11.26 23:45:44 | 000,918,528 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2012.06.14 12:52:27 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.08 19:53:40 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 19:53:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.06 20:39:12 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2012.01.06 20:36:14 | 000,331,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012.01.05 01:02:02 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012.01.05 01:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.01.13 21:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 19:53:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 19:53:42 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.07.26 19:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\taphss.sys -- (taphss)
DRV:64bit: - [2011.02.28 23:36:54 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HssDrv.sys -- (HssDrv)
DRV:64bit: - [2011.01.03 10:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.01.03 10:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.01.03 10:38:36 | 000,145,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2011.01.03 10:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010.12.21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.12.21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.12.21 07:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.12.21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.05.15 20:50:33 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.05.06 18:03:00 | 000,313,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2009.04.10 22:39:38 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser.sys -- (usbser)
DRV:64bit: - [2009.04.10 22:03:34 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.03.19 18:26:24 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.03.06 08:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd)
DRV:64bit: - [2008.12.21 20:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008.12.16 18:56:52 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008.11.26 23:45:50 | 004,824,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2008.11.26 23:45:50 | 004,824,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008.11.25 16:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008.10.28 17:48:20 | 000,160,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2008.10.07 19:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2008.09.15 19:11:04 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008.09.15 19:11:00 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008.09.15 19:10:58 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008.02.25 10:59:14 | 000,112,512 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2008.01.21 04:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2007.11.14 10:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006.11.01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr)
DRV - [2011.05.12 20:10:40 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.berlin.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {8A98EB80-7689-498B-B39E-4BE93D32F3AB}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{8A98EB80-7689-498B-B39E-4BE93D32F3AB}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA THUNDERBIRD\EXTENSIONS\TALKBACK@MOZILLA.ORG
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [EPSON BX300F Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE /FU "C:\Windows\TEMP\E_SF814.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [EPSON BX300F Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE /FU "C:\Windows\TEMP\E_S2B63.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {30A3CCA5-F34C-4E87-BB57-5A2F2C935E14} file:///E:/CDVIEWER/CdViewer.cab (AMI DicomDir TreeView Control 2.0)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F040E6-32BA-49E5-A291-E98C7A3EE46A}: NameServer = 150.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F06AA57A-B93B-4C3C-8287-D83B1100F386}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\* * *\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\* * *\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.12.13 10:54:38 | 000,000,000 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{283ef8a8-9d5d-11de-9546-002219f779e2}\Shell\AutoRun\command - "" = F:\.\MigWiz\migsetup.exe
O33 - MountPoints2\{2bd949b1-933a-11de-abd8-002219f779e2}\Shell\AutoRun\command - "" = F:\.\dae_player.exe
O33 - MountPoints2\{a13d9a99-a6e5-11de-883b-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{a13d9a99-a6e5-11de-883b-002219f779e2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a13d9aac-a6e5-11de-883b-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{a13d9aac-a6e5-11de-883b-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a72ff795-0f10-11df-9a37-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{a72ff795-0f10-11df-9a37-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c68309b6-1095-11df-95b9-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{c68309b6-1095-11df-95b9-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\AutoRun\command - "" = •Ë
O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\explore\Command - "" = RECYCLER\INFO.exe
O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\open\Command - "" = RECYCLER\INFO.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.18 15:55:31 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\* * *\Desktop\OTL.exe
[2012.06.15 20:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.15 19:35:29 | 000,000,000 | ---D | C] -- C:\Users\* * *\AppData\Roaming\Malwarebytes
[2012.06.15 19:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.15 19:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.15 19:35:19 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.15 19:35:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.13 11:37:14 | 000,000,000 | ---D | C] -- C:\Users\* * *\Desktop\20120613dawanda
[2012.06.11 14:24:25 | 000,000,000 | ---D | C] -- C:\Users\* * *\Documents\Beihilfe
[2012.06.03 11:45:06 | 000,000,000 | ---D | C] -- C:\Users\* * *\Documents\Gebrauchsanweisungen Babysitter
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.18 15:58:17 | 001,454,210 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.18 15:58:17 | 000,632,502 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.18 15:58:17 | 000,599,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.18 15:58:17 | 000,127,714 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.18 15:58:17 | 000,105,164 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.18 15:55:31 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\* * *\Desktop\OTL.exe
[2012.06.18 15:51:06 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.18 15:51:02 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.18 15:51:02 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.18 15:50:54 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.06.18 15:50:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.18 15:50:42 | 4289,576,960 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.18 15:49:27 | 000,000,188 | ---- | M] () -- C:\Users\* * *\defogger_reenable
[2012.06.18 15:28:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.18 15:21:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.15 22:03:00 | 000,405,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.15 19:35:21 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.14 13:04:01 | 000,000,732 | ---- | M] () -- C:\Users\* * *\AppData\Local\d3d9caps64.dat
[2012.06.13 11:55:33 | 000,144,896 | ---- | M] () -- C:\Users\* * *\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.12 12:22:58 | 000,011,523 | ---- | M] () -- C:\Users\* * *\Desktop\100.jpg
[2012.06.11 10:20:08 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
 
========== Files Created - No Company Name ==========
 
[2012.06.18 15:49:27 | 000,000,188 | ---- | C] () -- C:\Users\* * *\defogger_reenable
[2012.06.18 15:48:46 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\80000000.@
[2012.06.18 11:58:39 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@
[2012.06.18 11:58:38 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\00000001.@
[2012.06.15 19:35:21 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.12 12:23:12 | 000,011,523 | ---- | C] () -- C:\Users\* * *\Desktop\100.jpg
[2012.01.13 22:29:17 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\@
[2012.01.13 22:29:17 | 000,002,048 | -HS- | C] () -- C:\Users\* * *\AppData\Local\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\@
[2011.12.13 17:53:03 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011.12.13 17:53:02 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011.12.13 17:53:02 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011.12.13 17:53:02 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011.12.13 17:53:02 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011.12.13 17:53:02 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011.12.13 17:53:02 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011.12.13 17:53:02 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011.12.13 17:53:02 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011.12.13 17:53:02 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011.12.13 17:53:02 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011.12.13 17:53:02 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011.12.13 17:53:02 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011.12.13 17:53:02 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011.12.13 17:53:02 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011.12.13 17:53:02 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011.12.13 17:53:02 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011.12.13 17:53:02 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011.12.13 17:53:02 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011.12.13 17:51:37 | 000,000,025 | ---- | C] () -- C:\Windows\CDEBX300DEFGIPS.ini
[2011.12.08 17:55:07 | 000,000,732 | ---- | C] () -- C:\Users\* * *\AppData\Local\d3d9caps64.dat
[2011.11.13 10:43:16 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2011.11.13 10:43:16 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2011.11.13 10:43:15 | 000,559,104 | ---- | C] () -- C:\Windows\SysWow64\lame.exe
[2011.11.13 10:43:15 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011.11.13 10:43:12 | 000,693,765 | ---- | C] () -- C:\Users\* * *\AppData\Roaming\unins000.exe
[2011.11.13 10:43:12 | 000,007,900 | ---- | C] () -- C:\Users\* * *\AppData\Roaming\unins000.dat
[2011.11.02 19:48:53 | 000,000,000 | ---- | C] () -- C:\Users\* * *\AppData\Local\{29BC51ED-79B0-47D1-B13C-F2FA9DD19CFE}
[2011.05.29 10:53:14 | 000,038,443 | ---- | C] () -- C:\Users\* * *\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.03.02 23:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.03.02 23:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.03.02 23:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.03.02 23:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.03.02 23:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
 
========== LOP Check ==========
 
[2011.11.13 10:44:02 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\concept design
[2011.12.30 17:12:55 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\DAEMON Tools Lite
[2011.12.13 17:59:12 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\EPSON
[2010.09.03 18:08:36 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\FileZilla
[2012.03.25 10:40:25 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\GARMIN
[2011.09.18 22:55:35 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\MyPhoneExplorer
[2011.06.07 22:32:16 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\Nokia
[2011.06.07 22:32:16 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\Nokia Ovi Suite
[2010.03.28 20:08:37 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\PC Suite
[2011.03.06 17:15:10 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\PCDr
[2011.05.29 11:11:58 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\Samsung
[2009.10.28 22:33:49 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\Template
[2009.10.11 17:00:24 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\Thunderbird
[2012.06.11 10:20:08 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.06.18 15:49:57 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.18 15:50:54 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 

< End of report >
         
OTL Extras

Code:
ATTFilter
OTL Extras logfile created on: 18.06.2012 15:56:04 - Run 1
OTL by OldTimer - Version 3.2.49.0     Folder = C:\Users\* * *\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 58,92% Memory free
8,16 Gb Paging File | 6,06 Gb Available in Paging File | 74,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,40 Gb Total Space | 38,78 Gb Free Space | 13,68% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 6,79 Gb Free Space | 46,35% Space Free | Partition Type: NTFS
 
Computer Name: MEPHISTO | User Name: * * * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 95 78 CE FD CF D6 CA 01  [binary data]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E87F997C-3E93-6DAD-1AE6-619002BA9623}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows-Treiberpaket - Nokia Modem  (05/22/2008 7.00.0.1)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows-Treiberpaket - Nokia Modem  (05/22/2008 3.8)
"CCleaner" = CCleaner
"Creative OA008" = Integrated Webcam Driver (1.04.01.0601)  
"Dell Support Center" = Dell Support Center
"EPSON BX300F Series" = EPSON BX300F Series Printer Uninstall
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"SynTPDeinstKey" = Dell Touchpad
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0CE69E03-1021-EB74-0836-C706CADC213A}" = Catalyst Control Center Localization Korean
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}" = Garmin Lifetime Updater
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15F7FA6D-8FC5-08FD-2727-8AE6811A2A0D}" = CCC Help Russian
"{180BEABD-453E-4047-96B4-4F86EE605589}" = CCC Help Danish
"{181A0114-24D5-9E74-0138-4C8C27ED3EAC}" = Catalyst Control Center Graphics Light
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1E5196FA-47EF-F0C7-847B-960F3349E9B5}" = CCC Help Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2094F083-B28B-AFFD-4075-49E803BE17B7}" = CCC Help Italian
"{2116C03A-7111-9669-8009-9FD7F5AABA20}" = Catalyst Control Center Graphics Full New
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23467AA2-058A-1064-40C5-E0E0533C2D7D}" = Catalyst Control Center Localization French
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 29
"{26B29DE2-7759-F8BB-FB10-98142B343C8C}" = CCC Help Korean
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2FB28284-51D3-C991-3940-694B1B629F2B}" = Catalyst Control Center Localization German
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3945F4B5-0FAD-38E3-B39B-2F497550C847}" = CCC Help French
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3F6107B9-D211-EBCC-EA41-BD2FAC156A23}" = Catalyst Control Center Localization Japanese
"{3FD8C713-B1D5-D973-5351-50A918C02749}" = Catalyst Control Center Core Implementation
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{586DD9D2-09B2-D1DB-AD2A-95194A771C49}" = CCC Help Dutch
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6C16A05F-C202-578A-108C-AFA4D9167CCC}" = Catalyst Control Center Localization Spanish
"{6C6D7326-770A-812B-B104-442F71A826F8}" = Catalyst Control Center Localization Russian
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6EA1C352-4D16-5A9F-7751-D7AE08AA7F63}" = Catalyst Control Center Localization Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72085899-3540-2F67-F5C7-46FF826A235F}" = CCC Help German
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74622EDD-7879-3185-976D-A6098420D889}" = CCC Help Portuguese
"{7505BBE5-CB0C-5027-1228-15CC7C26C4C3}" = CCC Help English
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76C4BA9A-BFA5-151D-8A39-AA0E74041F83}" = Catalyst Control Center Localization Danish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77A5C01F-E04C-9616-2E3D-D78CF889712B}" = Catalyst Control Center Graphics Full Existing
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79D34E3B-8826-170B-8B3D-A9CD9C2D28F5}" = ccc-core-static
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CDF0744-7A0D-961B-3695-49756E822FC4}" = Catalyst Control Center Localization Swedish
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8247BD1D-C258-DBEE-3225-B9F0214763AB}" = CCC Help Japanese
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92491D2C-D9E9-5FDD-64CD-82D5688872A9}" = Catalyst Control Center Localization Italian
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EF77B2D-FF26-9237-BBAB-127110FD65CC}" = Catalyst Control Center Localization Portuguese
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACB08AF2-DFE9-C179-8BC9-E3209F3EBC28}" = CCC Help Chinese Traditional
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BB5F88FC-5D66-9316-0E48-E411941A8A74}" = Catalyst Control Center Graphics Previews Vista
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C17280C4-8BF2-946A-9C51-EEB2CD216D89}" = Catalyst Control Center Graphics Previews Common
"{C5D85C24-A56B-6954-77F1-B25A4B4E7B52}" = CCC Help Spanish
"{C8C5CE76-860E-B5FA-27EA-C52C74DDBD2D}" = Catalyst Control Center Localization Finnish
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDCFA0B9-06DA-C47E-2CF1-37C5F25DF753}" = Catalyst Control Center InstallProxy
"{D071B7C5-07A2-D000-05B8-2DE6A63249D9}" = Catalyst Control Center Localization Norwegian
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D2D3882A-3624-2963-EA08-27589DBCEF8A}" = CCC Help Norwegian
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8E8C42E-E817-C7DA-1A81-BFD8388B4014}" = CCC Help Swedish
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{EFD537AE-0530-8887-DC9C-433E113547D7}" = Catalyst Control Center Localization Chinese Standard
"{F081ED08-77AE-8019-D554-904EF4F88FC1}" = CCC Help Chinese Standard
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F133ACD4-CFCF-BADD-4AC5-9408E2E7FD74}" = Catalyst Control Center Localization Dutch
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{FB56BF24-6AB9-AC55-5B7A-D3657D2F4A38}" = Skins
"{FF6E1E83-CD7F-49E9-AE8C-D9804372D1FC}_is1" = CD goes MP3 7 Platinum
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"Company of Heroes" = Company of Heroes - Opposing Fronts
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"DivX Content Uploader" = DivX Content Uploader
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Office BX300F_TX300F Benutzerhandbuch" = EPSON Stylus Office BX300F_TX300F Handbuch
"ESET Online Scanner" = ESET Online Scanner v3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HotspotShield" = Hotspot Shield 2.24
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mobile Partner" = Mobile Partner
"MPE" = MyPhoneExplorer
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.9
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.01.2012 08:15:02 | Computer Name = mephisto | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 09.01.2012 17:56:38 | Computer Name = mephisto | Source = EventSystem | ID = 4621
Description = 
 
Error - 13.01.2012 16:21:14 | Computer Name = mephisto | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.01.2012 16:32:02 | Computer Name = mephisto | Source = Perflib | ID = 1010
Description = 
 
Error - 13.01.2012 16:32:04 | Computer Name = mephisto | Source = Perflib | ID = 1008
Description = 
 
Error - 13.01.2012 19:45:34 | Computer Name = mephisto | Source = EventSystem | ID = 4621
Description = 
 
Error - 15.01.2012 09:47:57 | Computer Name = mephisto | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.01.2012 15:13:39 | Computer Name = mephisto | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.01.2012 15:22:05 | Computer Name = mephisto | Source = Perflib | ID = 1010
Description = 
 
Error - 15.01.2012 15:22:06 | Computer Name = mephisto | Source = Perflib | ID = 1008
Description = 
 
[ Broadcom Wireless LAN Events ]
Error - 26.04.2012 06:17:07 | Computer Name = mephisto | Source = WLAN-Tray | ID = 0
Description = 12:17:06, Thu, Apr 26, 12 Error - Unable to gain access to user store

 
[ Dell Events ]
Error - 21.01.2012 07:41:46 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 21.01.2012 07:43:53 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 21.01.2012 07:43:53 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 21.01.2012 07:48:55 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 21.01.2012 07:48:55 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 25.01.2012 12:52:24 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 25.01.2012 12:52:24 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 30.03.2012 13:10:07 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 30.03.2012 13:10:07 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 02.04.2012 14:16:38 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
[ Media Center Events ]
Error - 09.09.2010 07:13:18 | Computer Name = mephisto | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme: 
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
 
[ System Events ]
Error - 15.06.2012 16:03:46 | Computer Name = mephisto | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 15.06.2012 16:03:46 | Computer Name = mephisto | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 15.06.2012 16:03:46 | Computer Name = mephisto | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 16.06.2012 04:28:39 | Computer Name = mephisto | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 16.06.2012 04:28:39 | Computer Name = mephisto | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 16.06.2012 04:28:39 | Computer Name = mephisto | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 18.06.2012 05:21:01 | Computer Name = mephisto | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 18.06.2012 09:51:59 | Computer Name = mephisto | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 18.06.2012 09:51:59 | Computer Name = mephisto | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 18.06.2012 09:51:59 | Computer Name = mephisto | Source = Service Control Manager | ID = 7003
Description = 
 
 
< End of report >
         
Ich hoffe inständig, dass Ihr mir helfen könnt...
Vielen Dank für Eure Bemühungen
Ilka

Geändert von kjkjjj1108 (18.06.2012 um 16:20 Uhr)

Alt 19.06.2012, 13:34   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI - Standard

Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________

__________________

Alt 20.06.2012, 08:53   #3
kjkjjj1108
 
Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI - Standard

Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI



Hallo Arne,
danke, dass Du mir hilfst.
Wir haben am Freitag schon einmal mit Malwarebytes gescannt. Allerdings bestand das Problem da schon. Hier aber trotzdem die Log-Files:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.15.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Ingo Buchholz :: MEPHISTO [Administrator]

Schutz: Aktiviert

15.06.2012 19:41:08
mbam-log-2012-06-15 (19-41-08).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 469903
Laufzeit: 1 Stunde(n), 6 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
2012/06/15 19:36:14 +0200	MEPHISTO	***	MESSAGE	Starting protection
2012/06/15 19:36:15 +0200	MEPHISTO	***	MESSAGE	Executing scheduled update:  Daily
2012/06/15 19:36:16 +0200	MEPHISTO	***	MESSAGE	Database already up-to-date
2012/06/15 19:36:19 +0200	MEPHISTO	***	MESSAGE	Protection started successfully
2012/06/15 19:36:22 +0200	MEPHISTO	***	MESSAGE	Starting IP protection
2012/06/15 19:36:27 +0200	MEPHISTO	***	MESSAGE	IP Protection started successfully
2012/06/15 19:41:12 +0200	MEPHISTO	***	IP-BLOCK	78.41.203.119 (Type: outgoing, Port: 55115, Process: svchost.exe)
2012/06/15 19:52:10 +0200	MEPHISTO	***	IP-BLOCK	78.41.203.119 (Type: outgoing, Port: 55167, Process: svchost.exe)
2012/06/15 19:52:11 +0200	MEPHISTO	***	IP-BLOCK	78.41.203.119 (Type: outgoing, Port: 55168, Process: svchost.exe)
2012/06/15 20:03:04 +0200	MEPHISTO	***	IP-BLOCK	78.41.203.119 (Type: outgoing, Port: 55178, Process: svchost.exe)
2012/06/15 20:08:33 +0200	MEPHISTO	***	IP-BLOCK	78.41.203.119 (Type: outgoing, Port: 55188, Process: svchost.exe)
2012/06/15 20:08:41 +0200	MEPHISTO	***	IP-BLOCK	78.41.203.119 (Type: outgoing, Port: 55191, Process: svchost.exe)
2012/06/15 20:19:48 +0200	MEPHISTO	***	IP-BLOCK	78.41.203.119 (Type: outgoing, Port: 55205, Process: svchost.exe)
2012/06/15 20:25:26 +0200	MEPHISTO	***	IP-BLOCK	78.41.203.119 (Type: outgoing, Port: 55217, Process: svchost.exe)
2012/06/15 20:25:26 +0200	MEPHISTO	***	IP-BLOCK	78.41.203.119 (Type: outgoing, Port: 55218, Process: svchost.exe)
2012/06/15 20:30:55 +0200	MEPHISTO	***	IP-BLOCK	78.41.203.119 (Type: outgoing, Port: 55223, Process: svchost.exe)
2012/06/15 20:30:55 +0200	MEPHISTO	***	IP-BLOCK	78.41.203.119 (Type: outgoing, Port: 55227, Process: svchost.exe)
2012/06/15 20:42:10 +0200	MEPHISTO	***	IP-BLOCK	78.41.203.119 (Type: outgoing, Port: 55250, Process: svchost.exe)
2012/06/15 20:47:39 +0200	MEPHISTO	***	IP-BLOCK	78.41.203.119 (Type: outgoing, Port: 55259, Process: svchost.exe)
2012/06/15 20:54:49 +0200	MEPHISTO	***	DETECTION	C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@	Rootkit.0Access	QUARANTINE
2012/06/15 20:58:28 +0200	MEPHISTO	***	DETECTION	C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@	Rootkit.0Access	DENY
2012/06/15 20:58:50 +0200	MEPHISTO	***	IP-BLOCK	78.41.203.119 (Type: outgoing, Port: 55639, Process: svchost.exe)
2012/06/15 22:06:17 +0200	MEPHISTO	***	MESSAGE	Starting protection
2012/06/15 22:06:25 +0200	MEPHISTO	***	MESSAGE	Protection started successfully
2012/06/15 22:06:28 +0200	MEPHISTO	***	MESSAGE	Starting IP protection
2012/06/15 22:06:28 +0200	MEPHISTO	***	ERROR	IP protection failed:  FwpmEngineOpen0 failed with error code 1753
         
Code:
ATTFilter
2012/06/16 10:30:29 +0200	MEPHISTO	***	MESSAGE	Starting protection
2012/06/16 10:30:33 +0200	MEPHISTO	***	MESSAGE	Protection started successfully
2012/06/16 10:30:36 +0200	MEPHISTO	***	MESSAGE	Starting IP protection
2012/06/16 10:30:36 +0200	MEPHISTO	***	ERROR	IP protection failed:  FwpmEngineOpen0 failed with error code 1753
         
Code:
ATTFilter
2012/06/18 09:45:55 +0200	MEPHISTO	***	DETECTION	C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@	Rootkit.0Access	QUARANTINE
2012/06/18 09:46:06 +0200	MEPHISTO	***	DETECTION	C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@	Rootkit.0Access	DENY
2012/06/18 10:44:21 +0200	MEPHISTO	***	MESSAGE	Executing scheduled update:  Daily
2012/06/18 10:44:22 +0200	MEPHISTO	***	ERROR	Scheduled update failed:  Host not found failed with error code 0
2012/06/18 11:58:40 +0200	MEPHISTO	***	DETECTION	C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@	Rootkit.0Access	DENY
2012/06/18 12:05:35 +0200	MEPHISTO	***	MESSAGE	Starting database refresh
2012/06/18 12:05:47 +0200	MEPHISTO	***	MESSAGE	Database refreshed successfully
2012/06/18 15:53:42 +0200	MEPHISTO	***	MESSAGE	Starting protection
2012/06/18 15:53:49 +0200	MEPHISTO	***	MESSAGE	Protection started successfully
2012/06/18 15:53:52 +0200	MEPHISTO	***	MESSAGE	Starting IP protection
2012/06/18 15:53:52 +0200	MEPHISTO	***	ERROR	IP protection failed:  FwpmEngineOpen0 failed with error code 1753
2012/06/18 15:53:52 +0200	MEPHISTO	***	MESSAGE	Starting IP protection
2012/06/18 15:53:52 +0200	MEPHISTO	***	ERROR	IP protection failed:  FwpmEngineOpen0 failed with error code 1753
2012/06/18 16:13:29 +0200	MEPHISTO	***	MESSAGE	Starting IP protection
2012/06/18 16:13:29 +0200	MEPHISTO	***	ERROR	IP protection failed:  FwpmEngineOpen0 failed with error code 1753
2012/06/18 21:34:50 +0200	MEPHISTO	***	MESSAGE	Starting protection
2012/06/18 21:34:55 +0200	MEPHISTO	***	MESSAGE	Protection started successfully
2012/06/18 21:34:59 +0200	MEPHISTO	***	MESSAGE	Starting IP protection
2012/06/18 21:34:59 +0200	MEPHISTO	***	ERROR	IP protection failed:  FwpmEngineOpen0 failed with error code 1753
2012/06/18 21:55:07 +0200	MEPHISTO	***	DETECTION	C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@	Rootkit.0Access	QUARANTINE
2012/06/18 21:58:16 +0200	MEPHISTO	***	DETECTION	C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@	Rootkit.0Access	ALLOW
2012/06/18 21:58:16 +0200	MEPHISTO	***	DETECTION	C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@	Rootkit.0Access	ALLOW
         
Code:
ATTFilter
2012/06/20 09:38:56 +0200	MEPHISTO	***	MESSAGE	Starting protection
2012/06/20 09:39:04 +0200	MEPHISTO	***	MESSAGE	Protection started successfully
2012/06/20 09:39:07 +0200	MEPHISTO	***	MESSAGE	Starting IP protection
2012/06/20 09:39:07 +0200	MEPHISTO	***	ERROR	IP protection failed:  FwpmEngineOpen0 failed with error code 1753
2012/06/20 09:44:38 +0200	MEPHISTO	***	MESSAGE	Executing scheduled update:  Daily
2012/06/20 09:45:03 +0200	MEPHISTO	***	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.06.18.03 to version v2012.06.20.02
2012/06/20 09:45:03 +0200	MEPHISTO	***	MESSAGE	Starting database refresh
2012/06/20 09:45:09 +0200	MEPHISTO	***	MESSAGE	Database refreshed successfully
         
Vor Freitag hatten wir nur Antivir laufen. Das früheste an Logfiles, was ich noch bekommen kann, ist allerdings vom ersten Fund am Donnerstag:
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 14. Juni 2012  12:50

Es wird nach 3833951 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows (TM) Vista Home Premium
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : MEPHISTO

Versionsinformationen:
BUILD.DAT      : 12.0.0.1125    41829 Bytes  02.05.2012 16:34:00
AVSCAN.EXE     : 12.3.0.15     466896 Bytes  08.05.2012 17:53:26
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  08.05.2012 17:53:25
LUKE.DLL       : 12.3.0.15      68304 Bytes  08.05.2012 17:53:40
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 17:53:43
AVREG.DLL      : 12.3.0.17     232200 Bytes  10.05.2012 18:39:42
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 08:24:16
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 09:20:19
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 09:28:26
VBASE005.VDF   : 7.11.29.136  2166272 Bytes  10.05.2012 18:39:39
VBASE006.VDF   : 7.11.29.137     2048 Bytes  10.05.2012 18:39:39
VBASE007.VDF   : 7.11.29.138     2048 Bytes  10.05.2012 18:39:40
VBASE008.VDF   : 7.11.29.139     2048 Bytes  10.05.2012 18:39:40
VBASE009.VDF   : 7.11.29.140     2048 Bytes  10.05.2012 18:39:40
VBASE010.VDF   : 7.11.29.141     2048 Bytes  10.05.2012 18:39:40
VBASE011.VDF   : 7.11.29.142     2048 Bytes  10.05.2012 18:39:40
VBASE012.VDF   : 7.11.29.143     2048 Bytes  10.05.2012 18:39:40
VBASE013.VDF   : 7.11.29.144     2048 Bytes  10.05.2012 18:39:40
VBASE014.VDF   : 7.11.30.3     198144 Bytes  14.05.2012 17:56:08
VBASE015.VDF   : 7.11.30.69    186368 Bytes  17.05.2012 17:56:12
VBASE016.VDF   : 7.11.30.143   223744 Bytes  21.05.2012 17:56:19
VBASE017.VDF   : 7.11.30.207   287744 Bytes  23.05.2012 17:56:32
VBASE018.VDF   : 7.11.31.57    188416 Bytes  28.05.2012 17:56:39
VBASE019.VDF   : 7.11.31.111   214528 Bytes  30.05.2012 09:24:38
VBASE020.VDF   : 7.11.31.151   116736 Bytes  31.05.2012 09:24:38
VBASE021.VDF   : 7.11.31.205   134144 Bytes  03.06.2012 13:29:29
VBASE022.VDF   : 7.11.32.9     169472 Bytes  05.06.2012 07:49:22
VBASE023.VDF   : 7.11.32.85    155648 Bytes  08.06.2012 19:00:48
VBASE024.VDF   : 7.11.32.133   127488 Bytes  11.06.2012 19:45:46
VBASE025.VDF   : 7.11.32.171   182784 Bytes  12.06.2012 19:45:51
VBASE026.VDF   : 7.11.32.172     2048 Bytes  12.06.2012 19:45:51
VBASE027.VDF   : 7.11.32.173     2048 Bytes  12.06.2012 19:45:51
VBASE028.VDF   : 7.11.32.174     2048 Bytes  12.06.2012 19:45:51
VBASE029.VDF   : 7.11.32.175     2048 Bytes  12.06.2012 19:45:51
VBASE030.VDF   : 7.11.32.176     2048 Bytes  12.06.2012 19:45:51
VBASE031.VDF   : 7.11.32.208    65024 Bytes  13.06.2012 20:32:54
Engineversion  : 8.2.10.80 
AEVDF.DLL      : 8.1.2.8       106867 Bytes  03.06.2012 09:24:45
AESCRIPT.DLL   : 8.1.4.24      450939 Bytes  03.06.2012 09:24:45
AESCN.DLL      : 8.1.8.2       131444 Bytes  30.01.2012 10:20:48
AESBX.DLL      : 8.2.5.10      606580 Bytes  29.05.2012 17:59:14
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 21:16:06
AEPACK.DLL     : 8.2.16.16     807288 Bytes  29.05.2012 17:58:49
AEOFFICE.DLL   : 8.1.2.28      201082 Bytes  26.04.2012 17:11:24
AEHEUR.DLL     : 8.1.4.36     4874615 Bytes  03.06.2012 09:24:45
AEHELP.DLL     : 8.1.21.0      254326 Bytes  11.05.2012 18:39:29
AEGEN.DLL      : 8.1.5.28      422260 Bytes  26.04.2012 17:11:18
AEEXP.DLL      : 8.1.0.44       82293 Bytes  29.05.2012 17:59:17
AEEMU.DLL      : 8.1.3.0       393589 Bytes  01.09.2011 21:46:01
AECORE.DLL     : 8.1.25.10     201080 Bytes  03.06.2012 09:24:39
AEBB.DLL       : 8.1.1.0        53618 Bytes  01.09.2011 21:46:01
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 17:53:17
AVPREF.DLL     : 12.3.0.15      51920 Bytes  08.05.2012 17:53:25
AVREP.DLL      : 12.3.0.15     179208 Bytes  08.05.2012 17:53:43
AVARKT.DLL     : 12.3.0.15     211408 Bytes  08.05.2012 17:53:21
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  08.05.2012 17:53:24
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  08.05.2012 17:53:42
AVSMTP.DLL     : 12.3.0.15      63440 Bytes  08.05.2012 17:53:28
NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 17:53:40
RCIMAGE.DLL    : 12.3.0.15    4447952 Bytes  08.05.2012 17:53:17
RCTEXT.DLL     : 12.3.0.15      98512 Bytes  08.05.2012 17:53:18

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4fd9b0b1\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +JOKE,+PCK,+SPR,

Beginn des Suchlaufs: Donnerstag, 14. Juni 2012  12:50

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'InstallFlashPlayer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'java.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jp2launcher.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcroBroker.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mscorsvw.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Photoshop.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashUtil32_11_3_300_257_ActiveX.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpntray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GarminLifetime.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WebcamDell.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVDDXSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DataSafeOnline.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesTrayAgent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTLite.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'conime.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Toaster.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DSUpd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'STSERVICE.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftservice.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mdm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hsswd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hsssrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpnas.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DockLogin.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\***\AppData\Local\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\n'
C:\Users\***\AppData\Local\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\n
  [FUND]      Ist das Trojanische Pferd TR/ATRAPS.Gen2
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55816bc8.qua' verschoben!


Ende des Suchlaufs: Donnerstag, 14. Juni 2012  12:51
Benötigte Zeit: 00:59 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
     39 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
     38 Dateien ohne Befall
      0 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise
         


Danke Ilka
__________________

Alt 20.06.2012, 10:07   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI - Standard

Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI



Code:
ATTFilter
"ESET Online Scanner" = ESET Online Scanner v3
         
Wo ist das Log vom ESET Scanner?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.06.2012, 13:18   #5
kjkjjj1108
 
Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI - Standard

Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI



Hallo Arne,

das vom Freitag finde ich nicht mehr, ich scanne jetzt nochmal.
Code:
ATTFilter
C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\00000001.@	Win64/Sirefef.AI trojan	cleaned by deleting - quarantined
C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\80000000.@	Win64/Sirefef.AE trojan	cleaned by deleting - quarantined
C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@	Win64/Sirefef.AH trojan	cleaned by deleting - quarantined
         
Gruss Ilka


Alt 20.06.2012, 15:17   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI - Standard

Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI

Alt 20.06.2012, 17:52   #7
kjkjjj1108
 
Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI - Standard

Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI



Hallo Arne,

hier der OTL-File:

Code:
ATTFilter
OTL logfile created on: 20.06.2012 17:28:13 - Run 3
OTL by OldTimer - Version 3.2.49.0     Folder = C:\Users\Ingo Buchholz\Desktop\trojaner-board
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 46,55% Memory free
8,21 Gb Paging File | 5,83 Gb Available in Paging File | 70,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,40 Gb Total Space | 39,42 Gb Free Space | 13,91% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 6,79 Gb Free Space | 46,35% Space Free | Partition Type: NTFS
 
Computer Name: MEPHISTO | User Name: Ingo Buchholz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.18 15:55:31 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ingo Buchholz\Desktop\trojaner-board\OTL.exe
PRC - [2012.06.14 12:52:26 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012.05.08 19:53:40 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 19:53:24 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 19:53:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.07 03:45:28 | 000,660,296 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2012.01.06 20:36:14 | 000,331,608 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2012.01.06 16:30:00 | 001,446,760 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2012.01.05 01:02:02 | 000,329,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2012.01.05 01:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2011.11.08 12:11:46 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.01.13 21:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011.01.13 21:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011.01.13 21:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
PRC - [2011.01.13 21:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
PRC - [2009.11.13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009.04.10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.11.11 18:07:00 | 000,442,536 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008.05.23 21:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.15 22:28:31 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\592a9a12b07b624764df2eca289116d1\System.Web.Services.ni.dll
MOD - [2012.06.15 22:09:19 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.14 12:19:20 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012.06.14 12:18:49 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012.06.14 12:18:41 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012.06.14 12:18:22 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012.06.14 12:18:19 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012.06.14 11:59:03 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.06.14 11:58:42 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012.06.14 11:57:50 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012.06.03 13:03:51 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012.06.03 12:04:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.06.03 11:23:26 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.06.03 11:22:03 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0b56e0ea0a4fca560a68607afae65ac9\System.Core.ni.dll
MOD - [2012.06.03 11:21:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012.06.03 11:21:03 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012.06.03 11:20:57 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.06.03 11:20:43 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.05.29 20:32:50 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012.05.29 20:28:15 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8a8079623eab0ba9e106436885a0281d\System.Xml.Linq.ni.dll
MOD - [2012.05.29 20:28:13 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012.05.29 20:22:22 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012.05.29 20:22:21 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\8ec275d60f23035b499a67037212ef4f\System.Security.ni.dll
MOD - [2012.05.29 20:22:14 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012.05.29 20:22:02 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012.05.29 20:21:49 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012.01.07 03:45:28 | 000,660,296 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
MOD - [2012.01.06 20:38:08 | 000,009,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll
MOD - [2011.01.13 21:42:02 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2011.01.13 21:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
MOD - [2011.01.13 21:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2011.01.13 21:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2011.01.13 21:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2011.01.13 21:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2011.01.13 21:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2011.01.13 21:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2011.01.13 21:37:04 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2011.01.13 21:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
MOD - [2009.11.13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009.11.13 17:15:00 | 000,365,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll
MOD - [2009.11.13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009.11.13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009.11.13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009.11.13 17:15:00 | 000,046,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll
MOD - [2009.11.13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
MOD - [2009.04.09 23:29:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009.03.29 21:40:06 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.29 21:40:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.03.19 18:26:10 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009.03.19 18:25:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008.12.21 20:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008.11.26 23:45:44 | 000,918,528 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2012.06.14 12:52:27 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.08 19:53:40 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 19:53:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.06 20:39:12 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2012.01.06 20:36:14 | 000,331,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012.01.05 01:02:02 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012.01.05 01:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.01.13 21:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 19:53:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 19:53:42 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.07.26 19:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\taphss.sys -- (taphss)
DRV:64bit: - [2011.02.28 23:36:54 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HssDrv.sys -- (HssDrv)
DRV:64bit: - [2011.01.03 10:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.01.03 10:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.01.03 10:38:36 | 000,145,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2011.01.03 10:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010.12.21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.12.21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.12.21 07:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.12.21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.05.15 20:50:33 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.05.06 18:03:00 | 000,313,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2009.04.10 22:39:38 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser.sys -- (usbser)
DRV:64bit: - [2009.04.10 22:03:34 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.03.19 18:26:24 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.03.06 08:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd)
DRV:64bit: - [2008.12.21 20:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008.12.16 18:56:52 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008.11.26 23:45:50 | 004,824,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2008.11.26 23:45:50 | 004,824,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008.11.25 16:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008.10.28 17:48:20 | 000,160,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2008.10.07 19:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2008.09.15 19:11:04 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008.09.15 19:11:00 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008.09.15 19:10:58 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008.02.25 10:59:14 | 000,112,512 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2008.01.21 04:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2007.11.14 10:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006.11.01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr)
DRV - [2011.05.12 20:10:40 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.berlin.de/
IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\SearchScopes,DefaultScope = {8A98EB80-7689-498B-B39E-4BE93D32F3AB}
IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\SearchScopes\{8A98EB80-7689-498B-B39E-4BE93D32F3AB}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA THUNDERBIRD\EXTENSIONS\TALKBACK@MOZILLA.ORG
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000..\Run: [EPSON BX300F Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE /FU "C:\Windows\TEMP\E_SF814.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000..\Run: [EPSON BX300F Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE /FU "C:\Windows\TEMP\E_S2B63.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {30A3CCA5-F34C-4E87-BB57-5A2F2C935E14} file:///E:/CDVIEWER/CdViewer.cab (AMI DicomDir TreeView Control 2.0)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F040E6-32BA-49E5-A291-E98C7A3EE46A}: NameServer = 150.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F06AA57A-B93B-4C3C-8287-D83B1100F386}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ingo Buchholz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ingo Buchholz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.12.13 10:54:38 | 000,000,000 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{283ef8a8-9d5d-11de-9546-002219f779e2}\Shell\AutoRun\command - "" = F:\.\MigWiz\migsetup.exe
O33 - MountPoints2\{2bd949b1-933a-11de-abd8-002219f779e2}\Shell\AutoRun\command - "" = F:\.\dae_player.exe
O33 - MountPoints2\{a13d9a99-a6e5-11de-883b-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{a13d9a99-a6e5-11de-883b-002219f779e2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a13d9aac-a6e5-11de-883b-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{a13d9aac-a6e5-11de-883b-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a72ff795-0f10-11df-9a37-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{a72ff795-0f10-11df-9a37-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c68309b6-1095-11df-95b9-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{c68309b6-1095-11df-95b9-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\AutoRun\command - "" = ·Ë
O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\explore\Command - "" = RECYCLER\INFO.exe
O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\open\Command - "" = RECYCLER\INFO.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BFE - Service
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MPSSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {50F7C24B-06C3-4DDB-BD23-2BBEC900379A} - Internet Explorer
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.20 11:57:59 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012.06.20 11:40:57 | 000,000,000 | ---D | C] -- C:\Users\Ingo Buchholz\Desktop\trojaner-board
[2012.06.15 20:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.15 19:35:29 | 000,000,000 | ---D | C] -- C:\Users\Ingo Buchholz\AppData\Roaming\Malwarebytes
[2012.06.15 19:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.15 19:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.15 19:35:19 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.15 19:35:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.13 11:37:14 | 000,000,000 | ---D | C] -- C:\Users\Ingo Buchholz\Desktop\20120613dawanda
[2012.06.11 14:24:25 | 000,000,000 | ---D | C] -- C:\Users\Ingo Buchholz\Documents\Beihilfe
[2012.06.03 11:45:06 | 000,000,000 | ---D | C] -- C:\Users\Ingo Buchholz\Documents\Gebrauchsanweisungen Babysitter
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.20 17:28:47 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.20 17:28:47 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.20 17:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.20 17:21:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.20 11:00:07 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.06.20 10:21:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.20 09:35:51 | 001,454,210 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.20 09:35:51 | 000,632,502 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.20 09:35:51 | 000,598,596 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.20 09:35:51 | 000,127,714 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.20 09:35:51 | 000,104,610 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.20 09:28:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.20 09:28:43 | 4289,576,960 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.18 15:49:27 | 000,000,188 | ---- | M] () -- C:\Users\Ingo Buchholz\defogger_reenable
[2012.06.15 22:03:00 | 000,405,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.14 13:04:01 | 000,000,732 | ---- | M] () -- C:\Users\Ingo Buchholz\AppData\Local\d3d9caps64.dat
[2012.06.13 11:55:33 | 000,144,896 | ---- | M] () -- C:\Users\Ingo Buchholz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.12 12:22:58 | 000,011,523 | ---- | M] () -- C:\Users\Ingo Buchholz\100.jpg
[2012.06.11 10:20:08 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
 
========== Files Created - No Company Name ==========
 
[2012.06.20 13:33:01 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@
[2012.06.20 13:33:00 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\80000000.@
[2012.06.20 13:32:59 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\00000001.@
[2012.06.18 15:49:27 | 000,000,188 | ---- | C] () -- C:\Users\Ingo Buchholz\defogger_reenable
[2012.06.12 12:23:12 | 000,011,523 | ---- | C] () -- C:\Users\Ingo Buchholz\100.jpg
[2012.01.13 22:29:17 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\@
[2012.01.13 22:29:17 | 000,002,048 | -HS- | C] () -- C:\Users\Ingo Buchholz\AppData\Local\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\@
[2011.12.13 17:53:03 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011.12.13 17:53:02 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011.12.13 17:53:02 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011.12.13 17:53:02 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011.12.13 17:53:02 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011.12.13 17:53:02 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011.12.13 17:53:02 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011.12.13 17:53:02 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011.12.13 17:53:02 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011.12.13 17:53:02 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011.12.13 17:53:02 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011.12.13 17:53:02 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011.12.13 17:53:02 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011.12.13 17:53:02 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011.12.13 17:53:02 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011.12.13 17:53:02 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011.12.13 17:53:02 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011.12.13 17:53:02 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011.12.13 17:53:02 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011.12.13 17:51:37 | 000,000,025 | ---- | C] () -- C:\Windows\CDEBX300DEFGIPS.ini
[2011.12.08 17:55:07 | 000,000,732 | ---- | C] () -- C:\Users\Ingo Buchholz\AppData\Local\d3d9caps64.dat
[2011.11.13 10:43:16 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2011.11.13 10:43:16 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2011.11.13 10:43:15 | 000,559,104 | ---- | C] () -- C:\Windows\SysWow64\lame.exe
[2011.11.13 10:43:15 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011.11.13 10:43:12 | 000,693,765 | ---- | C] () -- C:\Users\Ingo Buchholz\AppData\Roaming\unins000.exe
[2011.11.13 10:43:12 | 000,007,900 | ---- | C] () -- C:\Users\Ingo Buchholz\AppData\Roaming\unins000.dat
[2011.11.02 19:48:53 | 000,000,000 | ---- | C] () -- C:\Users\Ingo Buchholz\AppData\Local\{29BC51ED-79B0-47D1-B13C-F2FA9DD19CFE}
[2011.05.29 10:53:14 | 000,038,443 | ---- | C] () -- C:\Users\Ingo Buchholz\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.03.02 23:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.03.02 23:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.03.02 23:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.03.02 23:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.03.02 23:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
 
========== LOP Check ==========
 
[2011.11.13 10:44:02 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\concept design
[2011.12.30 17:12:55 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\DAEMON Tools Lite
[2011.12.13 17:59:12 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\EPSON
[2010.09.03 18:08:36 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\FileZilla
[2012.03.25 10:40:25 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\GARMIN
[2011.09.18 22:55:35 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\MyPhoneExplorer
[2011.06.07 22:32:16 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Nokia
[2011.06.07 22:32:16 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Nokia Ovi Suite
[2010.03.28 20:08:37 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\PC Suite
[2011.03.06 17:15:10 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr
[2011.05.29 11:11:58 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung
[2009.10.28 22:33:49 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Template
[2009.10.11 17:00:24 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Thunderbird
[2012.06.11 10:20:08 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.06.18 21:58:21 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.20 11:00:07 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.06.15 13:49:27 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Adobe
[2011.12.30 20:20:21 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Apple Computer
[2009.08.27 21:09:01 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\ATI
[2011.10.23 22:09:39 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Avira
[2011.11.13 10:44:02 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\concept design
[2009.09.22 23:13:30 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Creative
[2010.05.20 06:33:05 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\CyberLink
[2011.12.30 17:12:55 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\DAEMON Tools Lite
[2011.05.26 22:03:43 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Dell
[2010.05.20 20:44:45 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\DivX
[2012.01.17 21:10:30 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\dvdcss
[2011.12.13 17:59:12 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\EPSON
[2010.09.03 18:08:36 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\FileZilla
[2012.03.25 10:40:25 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\GARMIN
[2009.08.27 21:07:52 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Identities
[2011.12.13 17:53:00 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\InstallShield
[2009.09.21 21:54:55 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Macromedia
[2012.06.15 19:35:29 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Malwarebytes
[2006.11.02 17:07:25 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Media Center Programs
[2010.06.26 17:24:27 | 000,000,000 | --SD | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Microsoft
[2009.10.11 17:00:25 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Mozilla
[2011.09.18 22:55:35 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\MyPhoneExplorer
[2011.06.07 22:32:16 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Nokia
[2011.06.07 22:32:16 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Nokia Ovi Suite
[2010.03.28 20:08:37 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\PC Suite
[2011.03.06 17:15:10 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr
[2009.10.11 22:39:57 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Roxio
[2011.05.29 11:11:58 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung
[2012.06.20 17:28:07 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Skype
[2011.11.07 20:21:34 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\skypePM
[2009.10.11 17:00:33 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Talkback
[2009.10.28 22:33:49 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Template
[2009.10.11 17:00:24 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Thunderbird
[2012.03.30 19:28:24 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2010.02.13 23:59:46 | 008,653,312 | ---- | M] (Dell, Inc.                                                   ) -- C:\Users\Ingo Buchholz\AppData\Roaming\DataSafeDotNet.exe
[2011.11.13 10:42:28 | 000,693,765 | ---- | M] () -- C:\Users\Ingo Buchholz\AppData\Roaming\unins000.exe
[2011.05.26 21:59:35 | 054,781,576 | ---- | M] (Dell Inc) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Binaries\full_dsc_5830_10_64_01.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\2a5e80c9-67eb-418f-a720-b36df0d47aca\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\42b6e642-85a1-49e1-bf3a-5b4fb741040d\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\44ecb15f-9d0a-45b3-9d7f-f1318d97fe07\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\49a13dfb-8a79-47be-8c41-b3c4b92c4cdd\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\814e6ed2-9606-4518-8dbe-605edb7cbc35\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\840bf6ca-ed55-4a57-ab42-8daeed010db3\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\8800af62-10de-41ca-b6c7-5d0e1689cee4\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\964d4a99-1185-4863-8401-41999c71990d\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\b93d6cab-5887-424c-bf66-71f5bd3e369d\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\d220d1f9-8229-4577-9906-b875ad739b6d\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\f253dfb5-7845-47f7-a8d7-e8ccf0d0e944\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\f953c0a2-d065-4574-8fd1-c3c9b1dc51c4\DellSignedAppUpdaterRules\AddCertificate.exe
[2011.09.29 09:19:14 | 000,929,680 | ---- | M] (Samsung) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2011.09.29 09:19:18 | 000,278,928 | ---- | M] () -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2011.09.16 04:58:14 | 000,285,696 | ---- | M] (Samsung) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe
[2011.09.29 09:19:16 | 003,508,112 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2011.09.16 04:56:02 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe
[2011.09.16 04:56:02 | 000,283,648 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe
[2011.09.16 04:56:04 | 000,666,624 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe
[2011.09.29 09:19:20 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2011.09.16 04:55:38 | 000,106,408 | ---- | M] () -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe
[2011.09.16 04:55:38 | 000,101,288 | ---- | M] () -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe
[2011.09.29 09:19:24 | 000,131,984 | ---- | M] () -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2011.09.29 09:19:26 | 000,020,880 | ---- | M] () -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2011.09.29 09:19:28 | 004,662,392 | ---- | M] () -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2011.09.16 04:54:38 | 024,111,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2011.09.29 09:19:30 | 000,364,432 | ---- | M] (ml) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2011.11.08 12:11:58 | 000,392,080 | ---- | M] (ml) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.30 12:21:29 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009.04.30 12:21:29 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 04:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
         
Danke und einen schönen Feierabend
Ilka

Alt 21.06.2012, 09:17   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI - Standard

Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = http://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000..\Run: [EPSON BX300F Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE /FU "C:\Windows\TEMP\E_SF814.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000..\Run: [EPSON BX300F Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE /FU "C:\Windows\TEMP\E_S2B63.tmp" /EF "HKCU" File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F040E6-32BA-49E5-A291-E98C7A3EE46A}: NameServer = 150.0.0.1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.12.13 10:54:38 | 000,000,000 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{283ef8a8-9d5d-11de-9546-002219f779e2}\Shell\AutoRun\command - "" = F:\.\MigWiz\migsetup.exe
O33 - MountPoints2\{2bd949b1-933a-11de-abd8-002219f779e2}\Shell\AutoRun\command - "" = F:\.\dae_player.exe
O33 - MountPoints2\{a13d9a99-a6e5-11de-883b-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{a13d9a99-a6e5-11de-883b-002219f779e2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a13d9aac-a6e5-11de-883b-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{a13d9aac-a6e5-11de-883b-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a72ff795-0f10-11df-9a37-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{a72ff795-0f10-11df-9a37-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c68309b6-1095-11df-95b9-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{c68309b6-1095-11df-95b9-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\AutoRun\command - "" = ·Ë
O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\explore\Command - "" = RECYCLER\INFO.exe
O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\open\Command - "" = RECYCLER\INFO.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
:Files
C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.06.2012, 11:17   #9
kjkjjj1108
 
Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI - Standard

Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI



Hallo und guten Morgen Arne,

gerade habe ich versucht den OTL-Fix zu machen, als mittendrin plötzlich ein Windows-Fenster aufging und die Meldung kam: Es ist ein schwerwiegender Fehler aufgetreten, bitte sichern Sie Ihre Dateien, Windows wird in Kürze heruntergefahren (- oder so ähnlich). Dann kam von OTL die Fehlermeldung, dass dieses nicht mehr funktioniere und der Computer fuhr herunter...

Ich werde den scan jetzt ein 2. Mal starten und hoffe, dass das diesmal klappt.
Beste Grüße und bis später
Ilka

Okay, das ging jetzt schneller als erwartet. Beim Wideröffnen von OTL hat es nur ganz kurz gescannt, dann einen Neustart gemacht und mir das folgende Log-File ausgeworfen:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-272521431-3735504338-3595803933-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_USERS\S-1-5-21-272521431-3735504338-3595803933-1000\Software\Microsoft\Internet Explorer\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
File C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
File C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-272521431-3735504338-3595803933-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-272521431-3735504338-3595803933-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-272521431-3735504338-3595803933-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON BX300F Series not found.
Registry value HKEY_USERS\S-1-5-21-272521431-3735504338-3595803933-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON BX300F Series (Kopie 1) not found.
File move failed. C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A1F040E6-32BA-49E5-A291-E98C7A3EE46A}\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File D:\AUTORUN.INF not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{283ef8a8-9d5d-11de-9546-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{283ef8a8-9d5d-11de-9546-002219f779e2}\ not found.
File F:\.\MigWiz\migsetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2bd949b1-933a-11de-abd8-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2bd949b1-933a-11de-abd8-002219f779e2}\ not found.
File F:\.\dae_player.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a13d9a99-a6e5-11de-883b-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a13d9a99-a6e5-11de-883b-002219f779e2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a13d9a99-a6e5-11de-883b-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a13d9a99-a6e5-11de-883b-002219f779e2}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a13d9aac-a6e5-11de-883b-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a13d9aac-a6e5-11de-883b-002219f779e2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a13d9aac-a6e5-11de-883b-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a13d9aac-a6e5-11de-883b-002219f779e2}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a72ff795-0f10-11df-9a37-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a72ff795-0f10-11df-9a37-002219f779e2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a72ff795-0f10-11df-9a37-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a72ff795-0f10-11df-9a37-002219f779e2}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c68309b6-1095-11df-95b9-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c68309b6-1095-11df-95b9-002219f779e2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c68309b6-1095-11df-95b9-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c68309b6-1095-11df-95b9-002219f779e2}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fef3df21-b61c-11de-827b-eb6e98e2a277}\ not found.
File ·Ë not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fef3df21-b61c-11de-827b-eb6e98e2a277}\ not found.
File C:\RECYCLER\INFO.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fef3df21-b61c-11de-827b-eb6e98e2a277}\ not found.
File C:\RECYCLER\INFO.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
========== FILES ==========
File\Folder C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 312622 bytes
->Temporary Internet Files folder emptied: 4672983 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 725 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 179462451 bytes
 
Total Files Cleaned = 176,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: ***
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.49.0 log created on 06212012_121806

Files\Folders moved on Reboot...
File\Folder C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         
Gruss Ilka

Alt 21.06.2012, 14:06   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI - Standard

Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.06.2012, 15:01   #11
kjkjjj1108
 
Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI - Standard

Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI



Hier das Logfile des TDSS-Killers:

Code:
ATTFilter
15:48:34.0082 4048	TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
15:48:35.0174 4048	============================================================
15:48:35.0174 4048	Current date / time: 2012/06/21 15:48:35.0174
15:48:35.0174 4048	SystemInfo:
15:48:35.0174 4048	
15:48:35.0174 4048	OS Version: 6.0.6002 ServicePack: 2.0
15:48:35.0174 4048	Product type: Workstation
15:48:35.0174 4048	ComputerName: MEPHISTO
15:48:35.0174 4048	UserName: ***
15:48:35.0174 4048	Windows directory: C:\Windows
15:48:35.0174 4048	System windows directory: C:\Windows
15:48:35.0174 4048	Running under WOW64
15:48:35.0174 4048	Processor architecture: Intel x64
15:48:35.0174 4048	Number of processors: 2
15:48:35.0174 4048	Page size: 0x1000
15:48:35.0174 4048	Boot type: Normal boot
15:48:35.0174 4048	============================================================
15:48:36.0656 4048	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:48:36.0671 4048	============================================================
15:48:36.0671 4048	\Device\Harddisk0\DR0:
15:48:36.0671 4048	MBR partitions:
15:48:36.0671 4048	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
15:48:36.0671 4048	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x236CE8EB
15:48:36.0671 4048	============================================================
15:48:36.0702 4048	C: <-> \Device\Harddisk0\DR0\Partition1
15:48:36.0718 4048	D: <-> \Device\Harddisk0\DR0\Partition0
15:48:36.0718 4048	============================================================
15:48:36.0718 4048	Initialize success
15:48:36.0718 4048	============================================================
15:51:29.0385 3788	============================================================
15:51:29.0385 3788	Scan started
15:51:29.0385 3788	Mode: Manual; SigCheck; TDLFS; 
15:51:29.0385 3788	============================================================
15:51:30.0399 3788	ACPI            (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
15:51:30.0586 3788	ACPI - ok
15:51:30.0664 3788	Adobe LM Service (5ddc0a8d2cd60bda593ddaf45821ce08) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
15:51:30.0711 3788	Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
15:51:30.0711 3788	Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
15:51:30.0898 3788	AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:51:30.0914 3788	AdobeFlashPlayerUpdateSvc - ok
15:51:30.0992 3788	adp94xx         (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
15:51:31.0039 3788	adp94xx - ok
15:51:31.0101 3788	adpahci         (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
15:51:31.0148 3788	adpahci - ok
15:51:31.0195 3788	adpu160m        (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
15:51:31.0226 3788	adpu160m - ok
15:51:31.0257 3788	adpu320         (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
15:51:31.0288 3788	adpu320 - ok
15:51:31.0351 3788	AeLookupSvc     (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
15:51:31.0522 3788	AeLookupSvc - ok
15:51:31.0632 3788	AESTFilters     (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
15:51:31.0710 3788	AESTFilters - ok
15:51:31.0788 3788	AFD             (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
15:51:31.0897 3788	AFD - ok
15:51:31.0944 3788	agp440          (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
15:51:31.0959 3788	agp440 - ok
15:51:32.0006 3788	aic78xx         (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
15:51:32.0037 3788	aic78xx - ok
15:51:32.0068 3788	ALG             (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
15:51:32.0224 3788	ALG - ok
15:51:32.0240 3788	aliide          (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
15:51:32.0271 3788	aliide - ok
15:51:32.0287 3788	amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
15:51:32.0302 3788	amdide - ok
15:51:32.0318 3788	AmdK8           (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
15:51:32.0396 3788	AmdK8 - ok
15:51:32.0443 3788	androidusb      (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
15:51:32.0490 3788	androidusb - ok
15:51:32.0661 3788	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:51:32.0677 3788	AntiVirSchedulerService - ok
15:51:32.0708 3788	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:51:32.0724 3788	AntiVirService - ok
15:51:32.0786 3788	Appinfo         (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
15:51:32.0817 3788	Appinfo - ok
15:51:32.0833 3788	arc             (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
15:51:32.0848 3788	arc - ok
15:51:32.0880 3788	arcsas          (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
15:51:32.0895 3788	arcsas - ok
15:51:32.0926 3788	AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
15:51:33.0004 3788	AsyncMac - ok
15:51:33.0036 3788	atapi           (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
15:51:33.0051 3788	atapi - ok
15:51:33.0192 3788	Ati External Event Utility (00dace1d9a0da60215022c6b1fac1673) C:\Windows\system32\Ati2evxx.exe
15:51:33.0394 3788	Ati External Event Utility - ok
15:51:33.0909 3788	atikmdag        (cef278088637401f07a0064b0b900a32) C:\Windows\system32\DRIVERS\atikmdag.sys
15:51:34.0143 3788	atikmdag - ok
15:51:34.0346 3788	AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
15:51:34.0486 3788	AudioEndpointBuilder - ok
15:51:34.0502 3788	AudioSrv        (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
15:51:34.0549 3788	AudioSrv - ok
15:51:34.0705 3788	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
15:51:34.0720 3788	avgntflt - ok
15:51:34.0767 3788	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
15:51:34.0783 3788	avipbb - ok
15:51:34.0814 3788	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
15:51:34.0830 3788	avkmgr - ok
15:51:34.0970 3788	BBSvc           (01a24b415926bb5f772dbe12459d97de) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
15:51:35.0001 3788	BBSvc - ok
15:51:35.0048 3788	BBUpdate        (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
15:51:35.0079 3788	BBUpdate - ok
15:51:35.0126 3788	BCM42RLY        (a7c9995ba861fce78b2ceaae61d39fd7) C:\Windows\system32\drivers\BCM42RLY.sys
15:51:35.0142 3788	BCM42RLY - ok
15:51:35.0344 3788	BCM43XX         (912012b708a7d8e8ce2ee55afb663dff) C:\Windows\system32\DRIVERS\bcmwl664.sys
15:51:35.0485 3788	BCM43XX - ok
15:51:35.0797 3788	BITS            (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
15:51:35.0953 3788	BITS - ok
15:51:36.0140 3788	blbdrive        (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
15:51:36.0234 3788	blbdrive - ok
15:51:36.0265 3788	bowser          (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
15:51:36.0312 3788	bowser - ok
15:51:36.0343 3788	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
15:51:36.0390 3788	BrFiltLo - ok
15:51:36.0405 3788	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
15:51:36.0452 3788	BrFiltUp - ok
15:51:36.0499 3788	Browser         (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
15:51:36.0577 3788	Browser - ok
15:51:36.0608 3788	Brserid         (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
15:51:36.0811 3788	Brserid - ok
15:51:36.0826 3788	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
15:51:36.0920 3788	BrSerWdm - ok
15:51:36.0936 3788	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
15:51:37.0029 3788	BrUsbMdm - ok
15:51:37.0076 3788	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
15:51:37.0170 3788	BrUsbSer - ok
15:51:37.0216 3788	BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
15:51:37.0310 3788	BTHMODEM - ok
15:51:37.0341 3788	cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
15:51:37.0435 3788	cdfs - ok
15:51:37.0466 3788	cdrom           (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
15:51:37.0528 3788	cdrom - ok
15:51:37.0575 3788	CertPropSvc     (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
15:51:37.0622 3788	CertPropSvc - ok
15:51:37.0638 3788	circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
15:51:37.0716 3788	circlass - ok
15:51:37.0778 3788	CLFS            (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
15:51:37.0809 3788	CLFS - ok
15:51:37.0918 3788	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:51:37.0950 3788	clr_optimization_v2.0.50727_32 - ok
15:51:37.0996 3788	clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:51:38.0012 3788	clr_optimization_v2.0.50727_64 - ok
15:51:38.0121 3788	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:51:38.0137 3788	clr_optimization_v4.0.30319_32 - ok
15:51:38.0199 3788	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:51:38.0215 3788	clr_optimization_v4.0.30319_64 - ok
15:51:38.0262 3788	CmBatt          (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
15:51:38.0340 3788	CmBatt - ok
15:51:38.0371 3788	cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
15:51:38.0386 3788	cmdide - ok
15:51:38.0418 3788	Compbatt        (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
15:51:38.0433 3788	Compbatt - ok
15:51:38.0449 3788	COMSysApp - ok
15:51:38.0449 3788	crcdisk         (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
15:51:38.0480 3788	crcdisk - ok
15:51:38.0542 3788	CryptSvc        (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
15:51:38.0574 3788	CryptSvc - ok
15:51:38.0636 3788	CtClsFlt        (11f13042577705093612c6a123caf12f) C:\Windows\system32\DRIVERS\CtClsFlt.sys
15:51:38.0683 3788	CtClsFlt - ok
15:51:38.0808 3788	DcomLaunch      (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
15:51:38.0886 3788	DcomLaunch - ok
15:51:38.0917 3788	DfsC            (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
15:51:38.0964 3788	DfsC - ok
15:51:39.0307 3788	DFSR            (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
15:51:39.0478 3788	DFSR - ok
15:51:40.0024 3788	Dhcp            (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
15:51:40.0087 3788	Dhcp - ok
15:51:40.0180 3788	disk            (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
15:51:40.0212 3788	disk - ok
15:51:40.0274 3788	Dnscache        (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
15:51:40.0305 3788	Dnscache - ok
15:51:40.0446 3788	DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
15:51:40.0477 3788	DockLoginService ( UnsignedFile.Multi.Generic ) - warning
15:51:40.0477 3788	DockLoginService - detected UnsignedFile.Multi.Generic (1)
15:51:40.0524 3788	dot3svc         (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
15:51:40.0586 3788	dot3svc - ok
15:51:40.0617 3788	DPS             (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
15:51:40.0680 3788	DPS - ok
15:51:40.0726 3788	drmkaud         (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
15:51:40.0789 3788	drmkaud - ok
15:51:40.0898 3788	DXGKrnl         (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
15:51:40.0992 3788	DXGKrnl - ok
15:51:41.0101 3788	e1express       (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
15:51:41.0210 3788	e1express - ok
15:51:41.0241 3788	E1G60           (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
15:51:41.0319 3788	E1G60 - ok
15:51:41.0350 3788	EapHost         (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
15:51:41.0428 3788	EapHost - ok
15:51:41.0491 3788	Ecache          (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
15:51:41.0522 3788	Ecache - ok
15:51:41.0616 3788	ehRecvr         (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
15:51:41.0647 3788	ehRecvr - ok
15:51:41.0694 3788	ehSched         (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
15:51:41.0725 3788	ehSched - ok
15:51:41.0740 3788	ehstart         (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
15:51:41.0772 3788	ehstart - ok
15:51:41.0818 3788	elxstor         (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
15:51:41.0865 3788	elxstor - ok
15:51:41.0959 3788	EMDMgmt         (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
15:51:42.0099 3788	EMDMgmt - ok
15:51:42.0130 3788	ErrDev          (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
15:51:42.0162 3788	ErrDev - ok
15:51:42.0224 3788	EventSystem     (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
15:51:42.0349 3788	EventSystem - ok
15:51:42.0364 3788	exfat           (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
15:51:42.0427 3788	exfat - ok
15:51:42.0458 3788	fastfat         (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
15:51:42.0520 3788	fastfat - ok
15:51:42.0552 3788	fdc             (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
15:51:42.0598 3788	fdc - ok
15:51:42.0630 3788	fdPHost         (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
15:51:42.0692 3788	fdPHost - ok
15:51:42.0708 3788	FDResPub        (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
15:51:42.0801 3788	FDResPub - ok
15:51:42.0879 3788	FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
15:51:42.0895 3788	FileInfo - ok
15:51:42.0910 3788	Filetrace       (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
15:51:42.0973 3788	Filetrace - ok
15:51:42.0988 3788	flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:51:43.0035 3788	flpydisk - ok
15:51:43.0098 3788	FltMgr          (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
15:51:43.0129 3788	FltMgr - ok
15:51:43.0285 3788	FontCache       (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
15:51:43.0394 3788	FontCache - ok
15:51:43.0550 3788	FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:51:43.0566 3788	FontCache3.0.0.0 - ok
15:51:43.0659 3788	Fs_Rec          (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
15:51:43.0737 3788	Fs_Rec - ok
15:51:43.0768 3788	gagp30kx        (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
15:51:43.0784 3788	gagp30kx - ok
15:51:43.0893 3788	gpsvc           (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
15:51:43.0987 3788	gpsvc - ok
15:51:44.0158 3788	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:51:44.0190 3788	gupdate - ok
15:51:44.0205 3788	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:51:44.0221 3788	gupdatem - ok
15:51:44.0283 3788	HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
15:51:44.0330 3788	HdAudAddService - ok
15:51:44.0455 3788	HDAudBus        (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:51:44.0689 3788	HDAudBus - ok
15:51:44.0736 3788	HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
15:51:44.0860 3788	HidBth - ok
15:51:44.0892 3788	HidIr           (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
15:51:45.0016 3788	HidIr - ok
15:51:45.0048 3788	hidserv         (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
15:51:45.0110 3788	hidserv - ok
15:51:45.0141 3788	HidUsb          (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
15:51:45.0188 3788	HidUsb - ok
15:51:45.0219 3788	hkmsvc          (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
15:51:45.0282 3788	hkmsvc - ok
15:51:45.0313 3788	HpCISSs         (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
15:51:45.0328 3788	HpCISSs - ok
15:51:45.0484 3788	hshld           (44452f7a09d00573dc6e714874257cc9) C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
15:51:45.0531 3788	hshld - ok
15:51:45.0578 3788	HssDrv          (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys
15:51:45.0594 3788	HssDrv - ok
15:51:45.0703 3788	HssSrv          (2cfea9c337b699aca38487e8a7438f35) C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
15:51:45.0734 3788	HssSrv - ok
15:51:45.0781 3788	HssTrayService  (6b1dc08d22231c9e508a715f07fce7fb) C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
15:51:45.0796 3788	HssTrayService - ok
15:51:45.0812 3788	HssWd - ok
15:51:45.0921 3788	HTTP            (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
15:51:45.0999 3788	HTTP - ok
15:51:46.0062 3788	hwdatacard      (21f59a1e203f637563c7fff5de2b2b85) C:\Windows\system32\DRIVERS\ewusbmdm.sys
15:51:46.0108 3788	hwdatacard - ok
15:51:46.0124 3788	i2omp           (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
15:51:46.0155 3788	i2omp - ok
15:51:46.0171 3788	i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
15:51:46.0218 3788	i8042prt - ok
15:51:46.0296 3788	iaStorV         (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
15:51:46.0342 3788	iaStorV - ok
15:51:46.0452 3788	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:51:46.0452 3788	IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:51:46.0452 3788	IDriverT - detected UnsignedFile.Multi.Generic (1)
15:51:46.0779 3788	idsvc           (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:51:46.0904 3788	idsvc - ok
15:51:46.0982 3788	iirsp           (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
15:51:46.0998 3788	iirsp - ok
15:51:47.0076 3788	IKEEXT          (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
15:51:47.0200 3788	IKEEXT - ok
15:51:47.0263 3788	intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
15:51:47.0294 3788	intelide - ok
15:51:47.0310 3788	intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
15:51:47.0388 3788	intelppm - ok
15:51:47.0450 3788	IPBusEnum       (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
15:51:47.0544 3788	IPBusEnum - ok
15:51:47.0637 3788	IpFilterDriver  (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:51:47.0715 3788	IpFilterDriver - ok
15:51:47.0715 3788	IpInIp - ok
15:51:47.0746 3788	IPMIDRV         (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
15:51:47.0871 3788	IPMIDRV - ok
15:51:47.0887 3788	IPNAT           (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
15:51:47.0949 3788	IPNAT - ok
15:51:47.0965 3788	IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
15:51:48.0027 3788	IRENUM - ok
15:51:48.0074 3788	isapnp          (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
15:51:48.0090 3788	isapnp - ok
15:51:48.0152 3788	iScsiPrt        (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
15:51:48.0183 3788	iScsiPrt - ok
15:51:48.0199 3788	iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
15:51:48.0214 3788	iteatapi - ok
15:51:48.0246 3788	iteraid         (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
15:51:48.0277 3788	iteraid - ok
15:51:48.0324 3788	k57nd60a        (eb5c7891b9e6e4a1a4428f2160b12b53) C:\Windows\system32\DRIVERS\k57nd60a.sys
15:51:48.0402 3788	k57nd60a - ok
15:51:48.0433 3788	kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
15:51:48.0448 3788	kbdclass - ok
15:51:48.0480 3788	kbdhid          (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:51:48.0542 3788	kbdhid - ok
15:51:48.0620 3788	KeyIso          (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:51:48.0682 3788	KeyIso - ok
15:51:48.0807 3788	KSecDD          (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
15:51:48.0838 3788	KSecDD - ok
15:51:48.0901 3788	ksthunk         (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
15:51:48.0979 3788	ksthunk - ok
15:51:49.0057 3788	KtmRm           (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
15:51:49.0228 3788	KtmRm - ok
15:51:49.0291 3788	LanmanServer    (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
15:51:49.0338 3788	LanmanServer - ok
15:51:49.0416 3788	LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
15:51:49.0478 3788	LanmanWorkstation - ok
15:51:49.0494 3788	lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
15:51:49.0572 3788	lltdio - ok
15:51:49.0650 3788	lltdsvc         (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
15:51:49.0728 3788	lltdsvc - ok
15:51:49.0774 3788	lmhosts         (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
15:51:49.0868 3788	lmhosts - ok
15:51:49.0946 3788	LSI_FC          (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
15:51:50.0071 3788	LSI_FC - ok
15:51:50.0118 3788	LSI_SAS         (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
15:51:50.0149 3788	LSI_SAS - ok
15:51:50.0164 3788	LSI_SCSI        (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
15:51:50.0227 3788	LSI_SCSI - ok
15:51:50.0258 3788	luafv           (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
15:51:50.0367 3788	luafv - ok
15:51:50.0414 3788	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
15:51:50.0430 3788	MBAMProtector - ok
15:51:50.0539 3788	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:51:50.0586 3788	MBAMService - ok
15:51:50.0648 3788	Mcx2Svc         (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
15:51:50.0679 3788	Mcx2Svc - ok
15:51:50.0804 3788	MDM             (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
15:51:50.0835 3788	MDM ( UnsignedFile.Multi.Generic ) - warning
15:51:50.0835 3788	MDM - detected UnsignedFile.Multi.Generic (1)
15:51:50.0882 3788	megasas         (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
15:51:50.0898 3788	megasas - ok
15:51:51.0007 3788	MegaSR          (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
15:51:51.0054 3788	MegaSR - ok
15:51:51.0132 3788	Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
15:51:51.0147 3788	Microsoft Office Groove Audit Service - ok
15:51:51.0163 3788	MMCSS           (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
15:51:51.0256 3788	MMCSS - ok
15:51:51.0303 3788	Modem           (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
15:51:51.0381 3788	Modem - ok
15:51:51.0412 3788	monitor         (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
15:51:51.0475 3788	monitor - ok
15:51:51.0522 3788	mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
15:51:51.0553 3788	mouclass - ok
15:51:51.0584 3788	mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
15:51:51.0662 3788	mouhid - ok
15:51:51.0678 3788	MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
15:51:51.0709 3788	MountMgr - ok
15:51:51.0740 3788	mpio            (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
15:51:51.0771 3788	mpio - ok
15:51:51.0818 3788	mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
15:51:51.0865 3788	mpsdrv - ok
15:51:51.0896 3788	Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
15:51:51.0912 3788	Mraid35x - ok
15:51:51.0958 3788	MRxDAV          (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
15:51:52.0021 3788	MRxDAV - ok
15:51:52.0083 3788	mrxsmb          (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:51:52.0130 3788	mrxsmb - ok
15:51:52.0224 3788	mrxsmb10        (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:51:52.0333 3788	mrxsmb10 - ok
15:51:52.0348 3788	mrxsmb20        (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:51:52.0411 3788	mrxsmb20 - ok
15:51:52.0426 3788	msahci          (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
15:51:52.0458 3788	msahci - ok
15:51:52.0473 3788	msdsm           (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
15:51:52.0504 3788	msdsm - ok
15:51:52.0536 3788	MSDTC           (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
15:51:52.0598 3788	MSDTC - ok
15:51:52.0723 3788	Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
15:51:52.0785 3788	Msfs - ok
15:51:52.0816 3788	msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
15:51:52.0832 3788	msisadrv - ok
15:51:52.0926 3788	MSiSCSI         (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
15:51:53.0004 3788	MSiSCSI - ok
15:51:53.0004 3788	msiserver - ok
15:51:53.0035 3788	MSKSSRV         (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
15:51:53.0113 3788	MSKSSRV - ok
15:51:53.0113 3788	MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
15:51:53.0206 3788	MSPCLOCK - ok
15:51:53.0222 3788	MSPQM           (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
15:51:53.0284 3788	MSPQM - ok
15:51:53.0378 3788	MsRPC           (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
15:51:53.0425 3788	MsRPC - ok
15:51:53.0440 3788	mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
15:51:53.0472 3788	mssmbios - ok
15:51:53.0487 3788	MSTEE           (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
15:51:53.0565 3788	MSTEE - ok
15:51:53.0596 3788	Mup             (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
15:51:53.0628 3788	Mup - ok
15:51:53.0706 3788	napagent        (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
15:51:53.0815 3788	napagent - ok
15:51:53.0908 3788	NativeWifiP     (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
15:51:53.0986 3788	NativeWifiP - ok
15:51:54.0142 3788	NDIS            (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
15:51:54.0236 3788	NDIS - ok
15:51:54.0283 3788	NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
15:51:54.0330 3788	NdisTapi - ok
15:51:54.0345 3788	Ndisuio         (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
15:51:54.0408 3788	Ndisuio - ok
15:51:54.0470 3788	NdisWan         (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
15:51:54.0532 3788	NdisWan - ok
15:51:54.0564 3788	NDProxy         (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
15:51:54.0626 3788	NDProxy - ok
15:51:54.0673 3788	NetBIOS         (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
15:51:54.0766 3788	NetBIOS - ok
15:51:54.0829 3788	netbt           (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
15:51:54.0891 3788	netbt - ok
15:51:54.0922 3788	Netlogon        (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:51:54.0954 3788	Netlogon - ok
15:51:55.0047 3788	Netman          (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
15:51:55.0156 3788	Netman - ok
15:51:55.0203 3788	netprofm        (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
15:51:55.0297 3788	netprofm - ok
15:51:55.0422 3788	NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:51:55.0468 3788	NetTcpPortSharing - ok
15:51:55.0500 3788	nfrd960         (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
15:51:55.0531 3788	nfrd960 - ok
15:51:55.0593 3788	NlaSvc          (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
15:51:55.0671 3788	NlaSvc - ok
15:51:55.0687 3788	Npfs            (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
15:51:55.0749 3788	Npfs - ok
15:51:55.0812 3788	nsi             (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
15:51:55.0890 3788	nsi - ok
15:51:56.0092 3788	nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
15:51:56.0155 3788	nsiproxy - ok
15:51:56.0373 3788	Ntfs            (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
15:51:56.0576 3788	Ntfs - ok
15:51:57.0262 3788	Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
15:51:57.0325 3788	Null - ok
15:51:57.0450 3788	nvraid          (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
15:51:57.0481 3788	nvraid - ok
15:51:57.0559 3788	nvstor          (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
15:51:57.0574 3788	nvstor - ok
15:51:57.0606 3788	nv_agp          (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
15:51:57.0637 3788	nv_agp - ok
15:51:57.0637 3788	NwlnkFlt - ok
15:51:57.0652 3788	NwlnkFwd - ok
15:51:57.0730 3788	OA008Ufd        (404b0121ae1a75d9a63b6934eb07c258) C:\Windows\system32\DRIVERS\OA008Ufd.sys
15:51:57.0777 3788	OA008Ufd - ok
15:51:57.0886 3788	OA008Vid        (126885007e8f601861165fc77c93f1be) C:\Windows\system32\DRIVERS\OA008Vid.sys
15:51:57.0933 3788	OA008Vid - ok
15:51:58.0167 3788	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:51:58.0230 3788	odserv - ok
15:51:58.0308 3788	ohci1394        (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
15:51:58.0354 3788	ohci1394 - ok
15:51:58.0401 3788	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:51:58.0417 3788	ose - ok
15:51:58.0604 3788	p2pimsvc        (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:51:58.0713 3788	p2pimsvc - ok
15:51:58.0729 3788	p2psvc          (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:51:58.0776 3788	p2psvc - ok
15:51:58.0854 3788	Parport         (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
15:51:59.0010 3788	Parport - ok
15:51:59.0150 3788	partmgr         (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
15:51:59.0166 3788	partmgr - ok
15:51:59.0275 3788	PcaSvc          (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
15:51:59.0306 3788	PcaSvc - ok
15:51:59.0337 3788	pccsmcfd - ok
15:51:59.0337 3788	PCD5SRVC{048DBD20-445E8C82-05040104} - ok
15:51:59.0524 3788	PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
15:51:59.0556 3788	PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
15:51:59.0680 3788	pci             (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
15:51:59.0712 3788	pci - ok
15:51:59.0774 3788	pciide          (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
15:51:59.0805 3788	pciide - ok
15:51:59.0821 3788	pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
15:51:59.0852 3788	pcmcia - ok
15:51:59.0977 3788	PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
15:52:00.0133 3788	PEAUTH - ok
15:52:00.0289 3788	PerfHost        (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
15:52:00.0351 3788	PerfHost - ok
15:52:00.0554 3788	pla             (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
15:52:00.0788 3788	pla - ok
15:52:00.0882 3788	PlugPlay        (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
15:52:00.0944 3788	PlugPlay - ok
15:52:01.0116 3788	PNRPAutoReg     (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:52:01.0209 3788	PNRPAutoReg - ok
15:52:01.0240 3788	PNRPsvc         (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:52:01.0318 3788	PNRPsvc - ok
15:52:01.0443 3788	PolicyAgent     (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
15:52:01.0584 3788	PolicyAgent - ok
15:52:01.0708 3788	PptpMiniport    (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
15:52:01.0771 3788	PptpMiniport - ok
15:52:01.0833 3788	Processor       (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
15:52:01.0896 3788	Processor - ok
15:52:01.0942 3788	ProfSvc         (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
15:52:02.0036 3788	ProfSvc - ok
15:52:02.0114 3788	ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:52:02.0130 3788	ProtectedStorage - ok
15:52:02.0176 3788	PSched          (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
15:52:02.0223 3788	PSched - ok
15:52:02.0270 3788	PxHlpa64        (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
15:52:02.0286 3788	PxHlpa64 - ok
15:52:02.0488 3788	ql2300          (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
15:52:02.0629 3788	ql2300 - ok
15:52:02.0644 3788	ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
15:52:02.0660 3788	ql40xx - ok
15:52:02.0785 3788	QWAVE           (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
15:52:02.0878 3788	QWAVE - ok
15:52:02.0941 3788	QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
15:52:02.0956 3788	QWAVEdrv - ok
15:52:03.0471 3788	R300            (cef278088637401f07a0064b0b900a32) C:\Windows\system32\DRIVERS\atikmdag.sys
15:52:03.0627 3788	R300 - ok
15:52:03.0830 3788	RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
15:52:03.0908 3788	RasAcd - ok
15:52:03.0970 3788	RasAuto         (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
15:52:04.0048 3788	RasAuto - ok
15:52:04.0095 3788	Rasl2tp         (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:52:04.0158 3788	Rasl2tp - ok
15:52:04.0220 3788	RasMan          (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
15:52:04.0314 3788	RasMan - ok
15:52:04.0438 3788	RasPppoe        (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
15:52:04.0548 3788	RasPppoe - ok
15:52:04.0563 3788	RasSstp         (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
15:52:04.0594 3788	RasSstp - ok
15:52:04.0641 3788	rdbss           (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
15:52:04.0735 3788	rdbss - ok
15:52:04.0750 3788	RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:52:04.0813 3788	RDPCDD - ok
15:52:04.0875 3788	rdpdr           (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
15:52:04.0969 3788	rdpdr - ok
15:52:04.0969 3788	RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
15:52:05.0031 3788	RDPENCDD - ok
15:52:05.0109 3788	RDPWD           (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
15:52:05.0218 3788	RDPWD - ok
15:52:05.0250 3788	RemoteAccess    (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
15:52:05.0359 3788	RemoteAccess - ok
15:52:05.0437 3788	RemoteRegistry  (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
15:52:05.0546 3788	RemoteRegistry - ok
15:52:05.0749 3788	RichVideo       (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
15:52:05.0780 3788	RichVideo - ok
15:52:05.0827 3788	rimmptsk        (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
15:52:05.0858 3788	rimmptsk - ok
15:52:05.0920 3788	rimsptsk        (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
15:52:05.0952 3788	rimsptsk - ok
15:52:05.0998 3788	rismxdp         (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
15:52:06.0030 3788	rismxdp - ok
15:52:06.0045 3788	RpcLocator      (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
15:52:06.0076 3788	RpcLocator - ok
15:52:06.0186 3788	RpcSs           (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
15:52:06.0248 3788	RpcSs - ok
15:52:06.0295 3788	rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
15:52:06.0357 3788	rspndr - ok
15:52:06.0404 3788	SamSs           (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:52:06.0435 3788	SamSs - ok
15:52:06.0498 3788	sbp2port        (8c8862dc7417d89b375492c981c491f7) C:\Windows\system32\DRIVERS\sbp2port.sys
15:52:06.0529 3788	sbp2port - ok
15:52:06.0591 3788	SCardSvr        (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
15:52:06.0669 3788	SCardSvr - ok
15:52:06.0810 3788	Schedule        (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
15:52:06.0981 3788	Schedule - ok
15:52:07.0059 3788	SCPolicySvc     (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
15:52:07.0106 3788	SCPolicySvc - ok
15:52:07.0168 3788	sdbus           (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
15:52:07.0278 3788	sdbus - ok
15:52:07.0324 3788	SDRSVC          (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
15:52:07.0402 3788	SDRSVC - ok
15:52:07.0418 3788	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:52:07.0527 3788	secdrv - ok
15:52:07.0558 3788	seclogon        (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
15:52:07.0683 3788	seclogon - ok
15:52:07.0730 3788	SENS            (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
15:52:07.0839 3788	SENS - ok
15:52:07.0902 3788	Serenum         (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
15:52:07.0995 3788	Serenum - ok
15:52:08.0042 3788	Serial          (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
15:52:08.0198 3788	Serial - ok
15:52:08.0214 3788	sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
15:52:08.0307 3788	sermouse - ok
15:52:08.0370 3788	SessionEnv      (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
15:52:08.0432 3788	SessionEnv - ok
15:52:08.0494 3788	sffdisk         (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys
15:52:08.0526 3788	sffdisk - ok
15:52:08.0557 3788	sffp_mmc        (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
15:52:08.0619 3788	sffp_mmc - ok
15:52:08.0650 3788	sffp_sd         (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:52:08.0713 3788	sffp_sd - ok
15:52:08.0775 3788	sfloppy         (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
15:52:08.0869 3788	sfloppy - ok
15:52:09.0134 3788	SftService      (38f88f0df46c4d42125ef721abd7f6b9) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
15:52:09.0165 3788	SftService - ok
15:52:09.0243 3788	ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
15:52:09.0274 3788	ShellHWDetection - ok
15:52:09.0321 3788	SiSRaid2        (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
15:52:09.0337 3788	SiSRaid2 - ok
15:52:09.0384 3788	SiSRaid4        (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
15:52:09.0415 3788	SiSRaid4 - ok
15:52:09.0742 3788	slsvc           (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
15:52:09.0976 3788	slsvc - ok
15:52:10.0226 3788	SLUINotify      (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
15:52:10.0257 3788	SLUINotify - ok
15:52:10.0382 3788	Smb             (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
15:52:10.0460 3788	Smb - ok
15:52:10.0538 3788	SNMPTRAP        (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
15:52:10.0569 3788	SNMPTRAP - ok
15:52:10.0647 3788	spldr           (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
15:52:10.0663 3788	spldr - ok
15:52:10.0741 3788	Spooler         (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
15:52:10.0803 3788	Spooler - ok
15:52:10.0944 3788	sptd            (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
15:52:11.0053 3788	sptd - ok
15:52:11.0131 3788	srv             (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
15:52:11.0209 3788	srv - ok
15:52:11.0271 3788	srv2            (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
15:52:11.0349 3788	srv2 - ok
15:52:11.0365 3788	srvnet          (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
15:52:11.0396 3788	srvnet - ok
15:52:11.0427 3788	ssadbus         (d52282225d5bd73a9cbf420699d1a0fe) C:\Windows\system32\DRIVERS\ssadbus.sys
15:52:11.0490 3788	ssadbus - ok
15:52:11.0505 3788	ssadmdfl        (f7936ac6e8437e10e1ae488ce21f3086) C:\Windows\system32\DRIVERS\ssadmdfl.sys
15:52:11.0536 3788	ssadmdfl - ok
15:52:11.0568 3788	ssadmdm         (1fe033372a58c67b3ecca903fc637b36) C:\Windows\system32\DRIVERS\ssadmdm.sys
15:52:11.0599 3788	ssadmdm - ok
15:52:11.0630 3788	ssadserd        (5eb7da2f72b90c8398df9d7a82e43fcb) C:\Windows\system32\DRIVERS\ssadserd.sys
15:52:11.0677 3788	ssadserd - ok
15:52:11.0755 3788	sscdbus         (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
15:52:11.0786 3788	sscdbus - ok
15:52:11.0817 3788	sscdmdfl        (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
15:52:11.0833 3788	sscdmdfl - ok
15:52:11.0880 3788	sscdmdm         (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
15:52:11.0895 3788	sscdmdm - ok
15:52:11.0989 3788	SSDPSRV         (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
15:52:12.0051 3788	SSDPSRV - ok
15:52:12.0114 3788	SstpSvc         (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
15:52:12.0176 3788	SstpSvc - ok
15:52:12.0332 3788	STacSV          (c5df63ae2693c9b6b01b4a2e6c1c64ac) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
15:52:12.0379 3788	STacSV - ok
15:52:12.0488 3788	STHDA           (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys
15:52:12.0597 3788	STHDA - ok
15:52:12.0691 3788	stisvc          (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
15:52:12.0831 3788	stisvc - ok
15:52:12.0940 3788	stllssvr        (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
15:52:12.0956 3788	stllssvr - ok
15:52:13.0003 3788	swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
15:52:13.0018 3788	swenum - ok
15:52:13.0112 3788	swprv           (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
15:52:13.0174 3788	swprv - ok
15:52:13.0315 3788	Symc8xx         (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
15:52:13.0346 3788	Symc8xx - ok
15:52:13.0393 3788	Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
15:52:13.0424 3788	Sym_hi - ok
15:52:13.0471 3788	Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
15:52:13.0486 3788	Sym_u3 - ok
15:52:13.0580 3788	SynTP           (79a93ec9d224b1f43c0e2f023d61dca3) C:\Windows\system32\DRIVERS\SynTP.sys
15:52:13.0611 3788	SynTP - ok
15:52:13.0736 3788	SysMain         (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
15:52:13.0939 3788	SysMain - ok
15:52:13.0986 3788	TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
15:52:14.0079 3788	TabletInputService - ok
15:52:14.0110 3788	taphss          (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
15:52:14.0126 3788	taphss - ok
15:52:14.0204 3788	TapiSrv         (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
15:52:14.0282 3788	TapiSrv - ok
15:52:14.0329 3788	TBS             (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
15:52:14.0391 3788	TBS - ok
15:52:14.0610 3788	Tcpip           (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
15:52:14.0797 3788	Tcpip - ok
15:52:15.0202 3788	Tcpip6          (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
15:52:15.0327 3788	Tcpip6 - ok
15:52:15.0530 3788	tcpipreg        (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
15:52:15.0577 3788	tcpipreg - ok
15:52:15.0655 3788	TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
15:52:15.0717 3788	TDPIPE - ok
15:52:15.0748 3788	TDTCP           (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
15:52:15.0811 3788	TDTCP - ok
15:52:15.0873 3788	tdx             (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
15:52:15.0967 3788	tdx - ok
15:52:16.0029 3788	TermDD          (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
15:52:16.0060 3788	TermDD - ok
15:52:16.0170 3788	TermService     (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
15:52:16.0279 3788	TermService - ok
15:52:16.0372 3788	Themes          (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
15:52:16.0404 3788	Themes - ok
15:52:16.0482 3788	THREADORDER     (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
15:52:16.0544 3788	THREADORDER - ok
15:52:16.0591 3788	TrkWks          (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
15:52:16.0684 3788	TrkWks - ok
15:52:16.0731 3788	TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
15:52:16.0778 3788	TrustedInstaller - ok
15:52:16.0809 3788	tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:52:16.0872 3788	tssecsrv - ok
15:52:16.0950 3788	tunmp           (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
15:52:17.0028 3788	tunmp - ok
15:52:17.0074 3788	tunnel          (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
15:52:17.0090 3788	tunnel - ok
15:52:17.0121 3788	uagp35          (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
15:52:17.0152 3788	uagp35 - ok
15:52:17.0246 3788	udfs            (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
15:52:17.0355 3788	udfs - ok
15:52:17.0418 3788	UI0Detect       (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
15:52:17.0480 3788	UI0Detect - ok
15:52:17.0527 3788	uliagpkx        (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
15:52:17.0542 3788	uliagpkx - ok
15:52:17.0574 3788	uliahci         (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
15:52:17.0605 3788	uliahci - ok
15:52:17.0636 3788	UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
15:52:17.0698 3788	UlSata - ok
15:52:17.0745 3788	ulsata2         (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
15:52:17.0792 3788	ulsata2 - ok
15:52:17.0823 3788	umbus           (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
15:52:17.0886 3788	umbus - ok
15:52:17.0948 3788	upnphost        (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
15:52:18.0182 3788	upnphost - ok
15:52:18.0244 3788	usbccgp         (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
15:52:18.0307 3788	usbccgp - ok
15:52:18.0322 3788	usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
15:52:18.0416 3788	usbcir - ok
15:52:18.0463 3788	usbehci         (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
15:52:18.0541 3788	usbehci - ok
15:52:18.0619 3788	usbhub          (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
15:52:18.0744 3788	usbhub - ok
15:52:18.0759 3788	usbohci         (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
15:52:18.0853 3788	usbohci - ok
15:52:18.0900 3788	usbprint        (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
15:52:18.0946 3788	usbprint - ok
15:52:19.0134 3788	usbscan         (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
15:52:19.0196 3788	usbscan - ok
15:52:19.0258 3788	usbser          (f7386007fb19e7685fc7b298560aa81f) C:\Windows\system32\DRIVERS\usbser.sys
15:52:19.0305 3788	usbser - ok
15:52:19.0352 3788	USBSTOR         (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:52:19.0446 3788	USBSTOR - ok
15:52:19.0492 3788	usbuhci         (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
15:52:19.0539 3788	usbuhci - ok
15:52:19.0617 3788	UxSms           (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
15:52:19.0664 3788	UxSms - ok
15:52:19.0836 3788	vds             (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
15:52:19.0898 3788	vds - ok
15:52:19.0945 3788	vga             (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
15:52:20.0085 3788	vga - ok
15:52:20.0101 3788	VgaSave         (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
15:52:20.0194 3788	VgaSave - ok
15:52:20.0241 3788	viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
15:52:20.0272 3788	viaide - ok
15:52:20.0319 3788	volmgr          (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
15:52:20.0350 3788	volmgr - ok
15:52:20.0428 3788	volmgrx         (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
15:52:20.0475 3788	volmgrx - ok
15:52:20.0538 3788	volsnap         (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
15:52:20.0569 3788	volsnap - ok
15:52:20.0631 3788	vsmraid         (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
15:52:20.0662 3788	vsmraid - ok
15:52:20.0881 3788	VSS             (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
15:52:21.0068 3788	VSS - ok
15:52:21.0208 3788	W32Time         (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
15:52:21.0286 3788	W32Time - ok
15:52:21.0333 3788	WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
15:52:21.0427 3788	WacomPen - ok
15:52:21.0474 3788	Wanarp          (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:52:21.0567 3788	Wanarp - ok
15:52:21.0583 3788	Wanarpv6        (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:52:21.0630 3788	Wanarpv6 - ok
15:52:21.0692 3788	wcncsvc         (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
15:52:21.0723 3788	wcncsvc - ok
15:52:21.0754 3788	WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
15:52:21.0801 3788	WcsPlugInService - ok
15:52:21.0832 3788	Wd              (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
15:52:21.0864 3788	Wd - ok
15:52:21.0973 3788	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:52:22.0035 3788	Wdf01000 - ok
15:52:22.0082 3788	WdiServiceHost  (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
15:52:22.0176 3788	WdiServiceHost - ok
15:52:22.0191 3788	WdiSystemHost   (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
15:52:22.0269 3788	WdiSystemHost - ok
15:52:22.0332 3788	WebClient       (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
15:52:22.0410 3788	WebClient - ok
15:52:22.0456 3788	Wecsvc          (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
15:52:22.0534 3788	Wecsvc - ok
15:52:22.0550 3788	wercplsupport   (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
15:52:22.0597 3788	wercplsupport - ok
15:52:22.0628 3788	WerSvc          (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
15:52:22.0722 3788	WerSvc - ok
15:52:22.0815 3788	WimFltr         (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
15:52:22.0846 3788	WimFltr - ok
15:52:22.0846 3788	WinHttpAutoProxySvc - ok
15:52:22.0956 3788	Winmgmt         (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
15:52:23.0080 3788	Winmgmt - ok
15:52:23.0330 3788	WinRM           (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
15:52:23.0455 3788	WinRM - ok
15:52:23.0704 3788	Wlansvc         (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
15:52:23.0814 3788	Wlansvc - ok
15:52:23.0814 3788	wltrysvc - ok
15:52:23.0860 3788	WmiAcpi         (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:52:23.0892 3788	WmiAcpi - ok
15:52:23.0985 3788	wmiApSrv        (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
15:52:24.0032 3788	wmiApSrv - ok
15:52:24.0094 3788	WMPNetworkSvc - ok
15:52:24.0250 3788	WPCSvc          (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
15:52:24.0282 3788	WPCSvc - ok
15:52:24.0500 3788	WPDBusEnum      (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
15:52:24.0547 3788	WPDBusEnum - ok
15:52:24.0594 3788	WpdUsb          (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
15:52:24.0609 3788	WpdUsb - ok
15:52:24.0968 3788	WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:52:25.0077 3788	WPFFontCache_v0400 - ok
15:52:25.0124 3788	ws2ifsl         (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
15:52:25.0218 3788	ws2ifsl - ok
15:52:25.0218 3788	WSearch - ok
15:52:25.0561 3788	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:52:25.0810 3788	wuauserv - ok
15:52:26.0122 3788	WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:52:26.0216 3788	WUDFRd - ok
15:52:26.0341 3788	wudfsvc         (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
15:52:26.0419 3788	wudfsvc - ok
15:52:26.0481 3788	MBR (0x1B8)     (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
15:52:28.0962 3788	\Device\Harddisk0\DR0 - ok
15:52:29.0008 3788	Boot (0x1200)   (11e0a8b220cf7cc09f6c2d15f0807d57) \Device\Harddisk0\DR0\Partition0
15:52:29.0008 3788	\Device\Harddisk0\DR0\Partition0 - ok
15:52:29.0040 3788	Boot (0x1200)   (7bde9048671208b939c218667ed213a4) \Device\Harddisk0\DR0\Partition1
15:52:29.0040 3788	\Device\Harddisk0\DR0\Partition1 - ok
15:52:29.0040 3788	============================================================
15:52:29.0040 3788	Scan finished
15:52:29.0040 3788	============================================================
15:52:29.0071 1496	Detected object count: 4
15:52:29.0071 1496	Actual detected object count: 4
15:52:47.0962 1496	Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:47.0962 1496	Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:52:47.0962 1496	DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:47.0962 1496	DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:52:47.0962 1496	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:47.0962 1496	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:52:47.0978 1496	MDM ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:47.0978 1496	MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 21.06.2012, 15:27   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI - Standard

Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.06.2012, 15:59   #13
kjkjjj1108
 
Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI - Standard

Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI



Hilfe!
Habe gemacht, worum Du mich gebeten hast. Vor allem alle Virenscanner geschlossen (Echtzeitscanner deaktiviert). Dann habe ich Combofix gestartet. Das lief los und gab dann die "Achtung"-Meldung, dass Avira Desktop aktiv sei. Ich habe daraufhin Avira überprüft und auf okay geklickt. Jetzt meldet ComboFix:
Zitat:
antivirus: Avira Desktop
antispyware: Avira Desktop

Die obigen Real Time Scanner sind immer noch aktiv aber ComboFix wird trotzdem mit dem Suchlauf fortfahren. Bitte nehme zur Kenntnis, dass dies in eigener Verantwortung geschieht.
Meine einzige Option ist das Klicken auf OK.
Was muss ich tun?

- Mittlerweile hast Du Feierabend gemacht, darum lasse ich jetzt einfach mal den Rechner so stehen und hoffe auf morgen früh...

Danke Ilka

Geändert von kjkjjj1108 (21.06.2012 um 16:36 Uhr)

Alt 21.06.2012, 18:49   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI - Standard

Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI



Wenn AntiVir deaktiviert wurde kannst du diese Meldung ignorieren und CF werkeln lassen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.06.2012, 06:16   #15
kjkjjj1108
 
Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI - Standard

Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI



Guten morgen,

ComboFix ist jetzt durchgelaufen.
Hier das LogFile:
Code:
ATTFilter
ComboFix 12-06-21.02 - *** 21.06.2012  22:53:43.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.4090.2456 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\100.jpg
c:\users\***\2011.cpr
c:\users\***\AppData\Local\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll
c:\users\INGOBU~1\AppData\Local\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll
c:\windows\SysWow64\muzapp.exe
.
c:\windows\system32\Services.exe . . . ist infiziert!!
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-22 bis 2012-06-22  ))))))))))))))))))))))))))))))
.
.
2012-06-21 21:39 . 2012-06-21 21:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-21 09:56 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 09:56 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 09:56 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 09:56 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 09:55 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-21 09:55 . 2012-06-02 22:19	35864	----a-w-	c:\windows\SysWow64\wups.dll
2012-06-21 09:55 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 09:55 . 2012-06-02 22:19	577048	----a-w-	c:\windows\SysWow64\wuapi.dll
2012-06-21 09:55 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 09:55 . 2012-06-02 22:12	88576	----a-w-	c:\windows\SysWow64\wudriver.dll
2012-06-21 09:54 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 09:54 . 2012-06-02 13:19	171904	----a-w-	c:\windows\SysWow64\wuwebv.dll
2012-06-21 09:54 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-21 09:54 . 2012-06-02 13:12	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2012-06-21 09:54 . 2012-06-21 09:54	--------	d-----w-	C:\_OTL
2012-06-20 09:57 . 2012-06-20 09:57	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2012-06-15 18:58 . 2012-06-15 18:58	--------	d-----w-	c:\program files (x86)\ESET
2012-06-15 17:35 . 2012-06-15 17:35	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-06-15 17:35 . 2012-06-15 17:35	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-15 17:35 . 2012-06-15 17:35	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-15 17:35 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-13 17:06 . 2012-05-01 14:29	209920	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-13 17:06 . 2012-05-15 20:15	2767360	----a-w-	c:\windows\system32\win32k.sys
2012-06-13 17:06 . 2012-04-23 16:25	174592	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-13 17:06 . 2012-04-23 16:25	132096	----a-w-	c:\windows\system32\cryptnet.dll
2012-06-13 17:06 . 2012-04-23 16:25	1267200	----a-w-	c:\windows\system32\crypt32.dll
2012-06-13 17:06 . 2012-04-23 16:00	984064	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-06-13 17:06 . 2012-04-23 16:00	98304	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-06-13 17:06 . 2012-04-23 16:00	133120	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-06-12 09:47 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{20BA1C2A-424C-4CD2-82AC-A47234EEA27D}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-14 10:52 . 2012-04-12 07:33	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-14 10:52 . 2011-08-14 20:13	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 17:53 . 2011-10-23 20:08	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-08 17:53 . 2011-10-23 20:08	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-06 17:28 . 2012-04-12 08:36	8744608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-03 08:22 . 2012-05-11 18:11	4699520	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-30 12:45 . 2012-05-11 18:12	1423744	----a-w-	c:\windows\system32\drivers\tcpip.sys
2009-08-16 11:08 . 2009-09-09 16:19	34119048	----a-w-	c:\program files\avira_antivir_personal_de.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-04-10 . 934E0B7D77FF78C18D9F8891221B6DE3 . 384512 . . [6.0.6002.18005] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[7] 2008-01-21 . DFAC660F0F139276CC9299812DE42719 . 384512 . . [6.0.6001.18000] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[-] 2009-04-10 . BC81150939BD52DBC7A08C245F1FB229 . 384512 . . [6.0.6000.16386] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-11-08 929168]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-11-08 3508624]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-11-08 21392]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-11-11 442536]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-18 560128]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-2-8 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 257224]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 10:52]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01 19:55]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01 19:55]
.
2012-06-11 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-05-16 22:16]
.
2012-06-21 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-05-16 22:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-25 1657128]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2008-09-26 2041112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.berlin.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{048DBD20-445E8C82-05040104}]
"ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Hotspot Shield\bin\hsswd.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
c:\windows\SysWOW64\conime.exe
c:\program files (x86)\Hotspot Shield\bin\openvpntray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-22  06:38:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-22 04:38
.
Vor Suchlauf: 21 Verzeichnis(se), 43.474.329.600 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 42.840.285.184 Bytes frei
.
- - End Of File - - CD4734BFBC3D9213ACC9BA3F5F2F09CC
         

Antwort

Themen zu Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI
7-zip, autorun, avira, bho, bingbar, browser, call of duty, dateisystem, desktop, device driver, error, fehler, firefox, flash player, frage, google, google earth, helper, heuristiks/extra, heuristiks/shuriken, home, hotspot, hotspot shield, install.exe, internet, internet explorer, logfile, microsoft office word, mp3, nt.dll, office 2007, programm, registry, searchscopes, senden, software, usb, verweise, vista, warnung, windows, world at war



Ähnliche Themen: Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI


  1. Avira Antivir meldet Malware: PUA/DownlaodGuide.Gen und TR/Patched.Ren.Gen2
    Log-Analyse und Auswertung - 19.03.2015 (15)
  2. Avira meldet TR/Jorik.Totem.vz, TR/ATRAPS.Gen2, T/ATRAPS.Gen
    Plagegeister aller Art und deren Bekämpfung - 27.10.2013 (50)
  3. Avira AntiVir meldet Atraps/Gen und Gen2
    Log-Analyse und Auswertung - 09.08.2013 (3)
  4. Avira meldet W32/Patched.UC, TR/ATRAPS.Gen2, TR/Gendal.15360, JAVA/Joegek.KY, BDS/ZAccess.AY, EXP/CVE-2012-1723
    Log-Analyse und Auswertung - 27.05.2013 (9)
  5. Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (23)
  6. Avira meldet TR/ZAccess.H , TR/Sirefef.A.37 , TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (2)
  7. Avira meldet ständig Befall mit Tr/atraps.gen2
    Plagegeister aller Art und deren Bekämpfung - 13.10.2012 (13)
  8. W32/Patched.UA in "C:\Windows\System32\services.exe" + TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.GEN2
    Plagegeister aller Art und deren Bekämpfung - 26.08.2012 (2)
  9. Avira meldet TR/ATRAPS.Gen, ...Gen2, W32/Patched.UA und TR/Jorik.Totem.vz
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (1)
  10. Avira meldet TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.wjr
    Log-Analyse und Auswertung - 01.08.2012 (1)
  11. AVIRA meldet "W32/Patched.ZA", "TR/ATRAPS.Gen2", "TR/ATRAPS.Gen", "ZR/sirefe.P.487"
    Log-Analyse und Auswertung - 30.07.2012 (9)
  12. TR/Small.FI, TR/ATRAPS.Gen, TR/ATRAPS.GEN2 und W32/Patched.UA in "C:\Windows\System32\services.exe"
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (15)
  13. Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (3)
  14. TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität
    Plagegeister aller Art und deren Bekämpfung - 28.06.2012 (8)
  15. Atraps.gen2 und W32/patched.ub durch Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 26.06.2012 (1)
  16. Avira meldet Trojaner: TR/Sirefef.GC.1; TR/Small.FI und TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 15.06.2012 (3)
  17. Avira meldet Trojaner ATRAPS.GEN2 und Sirefef.AG.35
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (27)

Zum Thema Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI - Hallo liebe Helfer in der Not, seit Donnerstag letzter Woche meldet AVIRA (wie bei so vielen anderen hier auf dem board) in kurzen Abständen die Funde "W32/Patched.UA", "TR/ATRAPS.Gen2" und "TR/Small.FI". - Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI...
Archiv
Du betrachtest: Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.