TR/Small.FI und TR/ATRAPS.Gen2

cosinus · 28.06.2012, 13:43

Firmen-/Bürorechner werden hier eigentlich nicht bereinigt

Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

Zitat:

3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.
Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.

jogspr · 28.06.2012, 14:09

Das habe leider nicht gesehen, habe lediglich den Thread mit den Hinweisen, was bei Eröffnung eines Threads zu beachten ist gelesen. Gibt es denn jetzt noch die Möglichkeit Hilfe zu bekommen für mich?
Zu einer Spende ist meine Mutter bestimmt bereit.

cosinus · 29.06.2012, 09:55

Wie es da steht:

Zitat:

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).

Und deine Mutter hat keinen IT-Support in ihrer Nähe?

jogspr · 29.06.2012, 10:12

In dem 30.000 Seelen-Ort ist das IT-igste ein "Tintencenter". Deren Kenntnisse beschränken sich allerdings auf das Wiederbefüllen von Tonern...

Also nein!

Vielen Dank! :-)

cosinus · 29.06.2012, 12:24

Ok, machen wir weiter. Den zweiten überflüssig bis kontaproduktiven Virenscanner hast du deinstalliert?

Wenn ja: Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

jogspr · 29.06.2012, 16:36

Hallo Arne,

hier jetzt die Logfile des erneuten OTL-Custom Scan:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 29.06.2012 16:18:58 - Run 3
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\PC Sek Vorn\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
988,80 Mb Total Physical Memory | 449,09 Mb Available Physical Memory | 45,42% Memory free
1,97 Gb Paging File | 1,01 Gb Available in Paging File | 51,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,59 Gb Total Space | 185,78 Gb Free Space | 83,84% Space Free | Partition Type: NTFS
 
Computer Name: PCSEKVORN-PC | User Name: Verwaltung | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.29 16:08:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\PC Sek Vorn\Desktop\OTL.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.03.19 13:38:47 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer.exe
PRC - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.03.19 13:29:38 | 000,106,368 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\tv_w32.exe
PRC - [2011.07.31 15:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Programme\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.08.25 21:27:30 | 002,075,480 | ---- | M] (Dell, Inc.) -- C:\Programme\Dell\Dell Datasafe Online\NOBuAgent.exe
PRC - [2009.08.17 17:40:54 | 000,079,168 | ---- | M] (Broadcom Corp.) -- C:\Programme\Broadcom\BPowMon\BPowMon.exe
PRC - [2009.04.01 00:01:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\Realtek\Audio\HDA\AERTSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.13 13:05:58 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012.06.13 13:00:00 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012.05.14 13:00:54 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012.05.14 13:00:48 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012.05.14 13:00:30 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012.05.14 13:00:21 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.26 16:30:23 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.02.28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 14:01:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.08.25 21:27:30 | 002,075,480 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.08.17 17:40:54 | 000,079,168 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\Programme\Broadcom\BPowMon\BPowMon.exe -- (BPowMon)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.04.01 00:01:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\tmtdi.sys -- (tmtdi)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.21 22:50:48 | 000,273,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {9FBFBEB1-E0F9-4374-B2DC-A90E6BB5EB8F}
IE - HKLM\..\SearchScopes\{9FBFBEB1-E0F9-4374-B2DC-A90E6BB5EB8F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1796371981-4189133533-1706291684-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKU\S-1-5-21-1796371981-4189133533-1706291684-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1796371981-4189133533-1706291684-1001\..\SearchScopes,DefaultScope = {9FBFBEB1-E0F9-4374-B2DC-A90E6BB5EB8F}
IE - HKU\S-1-5-21-1796371981-4189133533-1706291684-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:5.82.0.1018
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010.12.09 09:28:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1045\FirefoxExtension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.26 16:30:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.06 11:54:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.05.14 15:26:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2012.06.18 17:19:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.18 17:19:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.01.09 15:33:49 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\PC SEK VORN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C1X3CBYM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.26 16:30:24 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.26 16:30:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.26 16:30:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.26 16:30:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.26 16:30:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.26 16:30:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.26 16:30:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1045\TmIEPlg.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Programme\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1796371981-4189133533-1706291684-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\All Users\529C50840382271D03A908ABB4EB23C1 [2012.06.12 14:53:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Adobe [2010.12.09 09:16:41 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Anwendungsdaten [2010.12.31 15:07:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Application Data [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Avira [2012.06.12 15:34:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\BTrieve [2010.12.31 17:20:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Dell [2010.12.09 09:19:03 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Dokumente [2010.12.31 15:07:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favoriten [2010.12.31 15:07:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favorites [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Lexware [2012.06.20 14:39:00 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2012.06.22 13:18:28 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\McAfee [2012.06.08 10:43:41 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2011.07.01 12:27:19 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2012.06.13 13:06:44 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Mozilla [2012.06.26 16:30:39 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PCDr [2011.05.30 09:04:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Startmenü [2010.12.31 15:07:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2010.12.09 09:13:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Trend Micro [2011.04.30 10:09:44 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Vorlagen [2010.12.31 15:07:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Anwendungsdaten [2010.12.31 15:07:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\AppData [2009.07.14 04:37:05 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2010.12.31 15:07:54 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Druckumgebung [2010.12.31 15:07:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Eigene Dateien [2010.12.31 15:07:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Favorites [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Lokale Einstellungen [2010.12.31 15:07:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Netzwerkumgebung [2010.12.31 15:07:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2009.07.14 04:04:25 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Startmenü [2010.12.31 15:07:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Vorlagen [2010.12.31 15:07:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\PC Sek Vorn\(SYS)BH1700_120203_110046.zip ()
O4 - Startup: C:\Users\PC Sek Vorn\Anwendungsdaten [2010.12.31 15:08:11 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\PC Sek Vorn\AppData [2010.12.31 15:08:11 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\PC Sek Vorn\BH1700_120229_095506.zip ()
O4 - Startup: C:\Users\PC Sek Vorn\BH1700_120314_111157.zip ()
O4 - Startup: C:\Users\PC Sek Vorn\BH1700_120321_102611.zip ()
O4 - Startup: C:\Users\PC Sek Vorn\BH1700_120404_092548.zip ()
O4 - Startup: C:\Users\PC Sek Vorn\BH1700_120426_170329.zip ()
O4 - Startup: C:\Users\PC Sek Vorn\BH1700_120507_174719.zip ()
O4 - Startup: C:\Users\PC Sek Vorn\BH1700_120518_104558.zip ()
O4 - Startup: C:\Users\PC Sek Vorn\BH1700_120523_110504.zip ()
O4 - Startup: C:\Users\PC Sek Vorn\BH1700_120613_090633.zip ()
O4 - Startup: C:\Users\PC Sek Vorn\BH1700_120620_092527.zip ()
O4 - Startup: C:\Users\PC Sek Vorn\Contacts [2012.02.17 09:33:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\PC Sek Vorn\Cookies [2010.12.31 15:08:11 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\PC Sek Vorn\defogger_reenable ()
O4 - Startup: C:\Users\PC Sek Vorn\Desktop [2012.06.29 16:08:04 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\PC Sek Vorn\Documents [2012.03.12 13:04:47 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\PC Sek Vorn\Downloads [2012.06.22 11:38:21 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\PC Sek Vorn\Druckumgebung [2010.12.31 15:08:11 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\PC Sek Vorn\Eigene Dateien [2010.12.31 15:08:11 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\PC Sek Vorn\Favorites [2012.03.30 10:31:05 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\PC Sek Vorn\Links [2012.02.17 09:33:09 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\PC Sek Vorn\Lokale Einstellungen [2010.12.31 15:08:11 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\PC Sek Vorn\Music [2012.02.17 09:33:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\PC Sek Vorn\Netzwerkumgebung [2010.12.31 15:08:11 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\PC Sek Vorn\NTUSER.DAT ()
O4 - Startup: C:\Users\PC Sek Vorn\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\PC Sek Vorn\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\PC Sek Vorn\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
O4 - Startup: C:\Users\PC Sek Vorn\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\PC Sek Vorn\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\PC Sek Vorn\ntuser.ini ()
O4 - Startup: C:\Users\PC Sek Vorn\Pictures [2012.02.17 09:33:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\PC Sek Vorn\Recent [2010.12.31 15:08:11 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\PC Sek Vorn\Saved Games [2012.02.17 09:33:09 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\PC Sek Vorn\Searches [2012.02.17 09:33:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\PC Sek Vorn\SendTo [2010.12.31 15:08:11 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\PC Sek Vorn\Startmenü [2010.12.31 15:08:11 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\PC Sek Vorn\Videos [2012.02.17 09:33:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\PC Sek Vorn\Vorlagen [2010.12.31 15:08:11 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\PC Sek Vorn\X16-32587.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Public\Desktop [2012.06.26 17:34:25 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2010.12.31 15:07:54 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2009.07.14 06:41:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2009.07.14 04:04:25 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Libraries [2010.12.31 15:07:53 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2009.07.14 06:41:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Pictures [2009.07.14 06:41:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2009.07.14 10:56:41 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2009.07.14 06:41:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Verwaltung\Anwendungsdaten [2012.06.27 16:51:14 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Verwaltung\AppData [2012.06.27 16:51:16 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Verwaltung\Cookies [2012.06.27 16:51:14 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Verwaltung\Desktop [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Verwaltung\Documents [2012.06.27 16:51:14 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Verwaltung\Downloads [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Verwaltung\Druckumgebung [2012.06.27 16:51:14 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Verwaltung\Eigene Dateien [2012.06.27 16:51:14 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Verwaltung\Favorites [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Verwaltung\Links [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Verwaltung\Lokale Einstellungen [2012.06.27 16:51:16 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Verwaltung\Music [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Verwaltung\Netzwerkumgebung [2012.06.27 16:51:14 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Verwaltung\NTUSER.DAT ()
O4 - Startup: C:\Users\Verwaltung\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Verwaltung\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Verwaltung\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
O4 - Startup: C:\Users\Verwaltung\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Verwaltung\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Verwaltung\ntuser.ini ()
O4 - Startup: C:\Users\Verwaltung\Pictures [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Verwaltung\Recent [2012.06.27 16:51:15 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Verwaltung\Saved Games [2009.07.14 04:04:25 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Verwaltung\SendTo [2012.06.27 16:51:15 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Verwaltung\Startmenü [2012.06.27 16:51:15 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Verwaltung\Videos [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Verwaltung\Vorlagen [2012.06.27 16:51:16 | 000,000,000 | -HSD | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.57.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3282CAD0-1213-4EE2-B719-464A72364978}: DhcpNameServer = 192.168.57.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1045\TmIEPlg.dll File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SharedAccess -  File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.27 16:51:16 | 000,000,000 | -HSD | C] -- C:\Users\Verwaltung\Vorlagen
[2012.06.27 16:51:16 | 000,000,000 | -HSD | C] -- C:\Users\Verwaltung\Lokale Einstellungen
[2012.06.27 16:51:15 | 000,000,000 | -HSD | C] -- C:\Users\Verwaltung\Startmenü
[2012.06.27 16:51:15 | 000,000,000 | -HSD | C] -- C:\Users\Verwaltung\SendTo
[2012.06.27 16:51:15 | 000,000,000 | -HSD | C] -- C:\Users\Verwaltung\Recent
[2012.06.27 16:51:14 | 000,000,000 | -HSD | C] -- C:\Users\Verwaltung\Netzwerkumgebung
[2012.06.27 16:51:14 | 000,000,000 | -HSD | C] -- C:\Users\Verwaltung\Eigene Dateien
[2012.06.27 16:51:14 | 000,000,000 | -HSD | C] -- C:\Users\Verwaltung\Druckumgebung
[2012.06.27 16:51:14 | 000,000,000 | -HSD | C] -- C:\Users\Verwaltung\Cookies
[2012.06.27 16:51:14 | 000,000,000 | -HSD | C] -- C:\Users\Verwaltung\Anwendungsdaten
[2012.06.27 16:51:09 | 000,000,000 | R--D | C] -- C:\Users\Verwaltung\Videos
[2012.06.27 16:51:09 | 000,000,000 | R--D | C] -- C:\Users\Verwaltung\Pictures
[2012.06.27 16:51:09 | 000,000,000 | R--D | C] -- C:\Users\Verwaltung\Music
[2012.06.27 16:51:09 | 000,000,000 | R--D | C] -- C:\Users\Verwaltung\Links
[2012.06.27 16:51:09 | 000,000,000 | R--D | C] -- C:\Users\Verwaltung\Favorites
[2012.06.27 16:51:09 | 000,000,000 | R--D | C] -- C:\Users\Verwaltung\Downloads
[2012.06.27 16:51:09 | 000,000,000 | R--D | C] -- C:\Users\Verwaltung\Documents
[2012.06.27 16:51:09 | 000,000,000 | R--D | C] -- C:\Users\Verwaltung\Desktop
[2012.06.27 16:51:09 | 000,000,000 | -H-D | C] -- C:\Users\Verwaltung\AppData
[2012.06.27 16:51:09 | 000,000,000 | ---D | C] -- C:\Users\Verwaltung\Saved Games
[2012.06.26 16:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.06.26 16:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.06.26 10:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.22 14:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.06.22 13:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.22 13:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.22 13:18:26 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.22 13:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.18 17:57:37 | 000,000,000 | ---D | C] -- C:\Logs
[2012.06.18 17:57:37 | 000,000,000 | ---D | C] -- \Logs
[2012.06.18 17:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.06.18 17:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.06.18 16:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012.06.12 15:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.06.12 15:34:41 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.06.12 15:34:30 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.06.12 15:34:27 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.06.12 15:34:24 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.06.12 15:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.06.12 15:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.06.08 12:50:54 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012.06.08 12:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\529C50840382271D03A908ABB4EB23C1
[2012.06.08 10:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.29 07:49:28 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 07:49:28 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 07:44:15 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2012.06.29 07:40:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.29 07:40:30 | 777,625,600 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.26 17:34:25 | 000,002,771 | ---- | M] () -- C:\Users\Public\Desktop\Lexware lohn+gehalt.lnk
[2012.06.26 16:58:39 | 000,002,759 | ---- | M] () -- C:\Users\Public\Desktop\Lexware buchhalter.lnk
[2012.06.18 16:37:55 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.06.14 08:30:34 | 000,314,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.13 13:04:51 | 000,808,372 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.13 13:04:51 | 000,770,254 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.13 13:04:51 | 000,179,076 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.13 13:04:51 | 000,155,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.12 15:35:27 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
 
========== Files Created - No Company Name ==========
 
[2012.06.26 10:28:57 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{59e74704-7a8c-b201-e149-d2fe65250c47}\U\800000cb.@
[2012.06.26 10:28:56 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{59e74704-7a8c-b201-e149-d2fe65250c47}\U\80000000.@
[2012.06.26 10:28:56 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{59e74704-7a8c-b201-e149-d2fe65250c47}\U\00000001.@
[2012.06.18 16:37:55 | 000,001,138 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.06.18 16:37:54 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.06.13 10:32:33 | 000,002,771 | ---- | C] () -- C:\Users\Public\Desktop\Lexware lohn+gehalt.lnk
[2012.06.12 15:35:27 | 000,002,018 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.04.17 15:58:12 | 000,207,728 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2012.04.17 15:58:12 | 000,138,608 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll
[2012.04.17 15:58:10 | 000,074,608 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll
[2012.04.17 15:58:08 | 000,309,616 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll
[2012.01.11 09:27:28 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{59e74704-7a8c-b201-e149-d2fe65250c47}\@
[2012.01.11 09:27:28 | 000,002,048 | -HS- | C] () -- C:\Users\PC Sek Vorn\AppData\Local\{59e74704-7a8c-b201-e149-d2fe65250c47}\@
[2011.05.13 10:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2011.05.13 10:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2011.05.13 10:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2010.12.09 18:00:34 | 000,003,755 | RH-- | C] () -- \dell.sdr
[2010.12.09 17:52:13 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.12.09 17:52:13 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.12.09 17:52:11 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.12.09 09:32:37 | 000,000,031 | ---- | C] () -- \tmuninst.ini
[2010.12.09 09:06:50 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010.12.09 09:06:50 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010.12.09 09:04:19 | 777,625,600 | -HS- | C] () -- \hiberfil.sys
[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009.07.14 04:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009.07.14 04:04:04 | 000,000,010 | ---- | C] () -- \config.sys
 
========== LOP Check ==========
 
[2012.06.12 14:53:35 | 000,000,000 | ---D | M] -- C:\Users\All Users\529C50840382271D03A908ABB4EB23C1
[2010.12.31 15:07:54 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2010.12.31 17:20:42 | 000,000,000 | ---D | M] -- C:\Users\All Users\BTrieve
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2010.12.31 15:07:54 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
[2010.12.31 15:07:54 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2012.06.20 14:39:00 | 000,000,000 | ---D | M] -- C:\Users\All Users\Lexware
[2011.05.30 09:04:36 | 000,000,000 | ---D | M] -- C:\Users\All Users\PCDr
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2010.12.31 15:07:54 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2010.12.31 15:07:54 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
[2010.12.31 15:07:54 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
[2009.07.14 04:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2010.12.31 15:07:54 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2010.12.31 15:07:54 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
[2010.12.31 15:07:54 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2010.12.31 15:07:54 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2010.12.31 15:07:54 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2009.07.14 04:04:25 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2010.12.31 15:07:54 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2010.12.31 15:07:54 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
[2010.12.31 15:08:11 | 000,000,000 | -HSD | M] -- C:\Users\PC Sek Vorn\Anwendungsdaten
[2010.12.31 15:08:11 | 000,000,000 | -H-D | M] -- C:\Users\PC Sek Vorn\AppData
[2012.02.17 09:33:08 | 000,000,000 | R--D | M] -- C:\Users\PC Sek Vorn\Contacts
[2010.12.31 15:08:11 | 000,000,000 | -HSD | M] -- C:\Users\PC Sek Vorn\Cookies
[2012.06.29 16:08:04 | 000,000,000 | R--D | M] -- C:\Users\PC Sek Vorn\Desktop
[2012.03.12 13:04:47 | 000,000,000 | R--D | M] -- C:\Users\PC Sek Vorn\Documents
[2012.06.22 11:38:21 | 000,000,000 | R--D | M] -- C:\Users\PC Sek Vorn\Downloads
[2010.12.31 15:08:11 | 000,000,000 | -HSD | M] -- C:\Users\PC Sek Vorn\Druckumgebung
[2010.12.31 15:08:11 | 000,000,000 | -HSD | M] -- C:\Users\PC Sek Vorn\Eigene Dateien
[2012.03.30 10:31:05 | 000,000,000 | R--D | M] -- C:\Users\PC Sek Vorn\Favorites
[2012.02.17 09:33:09 | 000,000,000 | R--D | M] -- C:\Users\PC Sek Vorn\Links
[2010.12.31 15:08:11 | 000,000,000 | -HSD | M] -- C:\Users\PC Sek Vorn\Lokale Einstellungen
[2012.02.17 09:33:08 | 000,000,000 | R--D | M] -- C:\Users\PC Sek Vorn\Music
[2010.12.31 15:08:11 | 000,000,000 | -HSD | M] -- C:\Users\PC Sek Vorn\Netzwerkumgebung
[2012.02.17 09:33:08 | 000,000,000 | R--D | M] -- C:\Users\PC Sek Vorn\Pictures
[2010.12.31 15:08:11 | 000,000,000 | -HSD | M] -- C:\Users\PC Sek Vorn\Recent
[2012.02.17 09:33:09 | 000,000,000 | R--D | M] -- C:\Users\PC Sek Vorn\Saved Games
[2012.02.17 09:33:08 | 000,000,000 | R--D | M] -- C:\Users\PC Sek Vorn\Searches
[2010.12.31 15:08:11 | 000,000,000 | -HSD | M] -- C:\Users\PC Sek Vorn\SendTo
[2010.12.31 15:08:11 | 000,000,000 | -HSD | M] -- C:\Users\PC Sek Vorn\Startmenü
[2012.02.17 09:33:08 | 000,000,000 | R--D | M] -- C:\Users\PC Sek Vorn\Videos
[2010.12.31 15:08:11 | 000,000,000 | -HSD | M] -- C:\Users\PC Sek Vorn\Vorlagen
[2012.06.26 17:34:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2010.12.31 15:07:54 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009.07.14 04:04:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2010.12.31 15:07:53 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2009.07.14 10:56:41 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
[2012.06.27 16:51:14 | 000,000,000 | -HSD | M] -- C:\Users\Verwaltung\Anwendungsdaten
[2012.06.27 16:51:16 | 000,000,000 | -H-D | M] -- C:\Users\Verwaltung\AppData
[2012.06.27 16:51:14 | 000,000,000 | -HSD | M] -- C:\Users\Verwaltung\Cookies
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Verwaltung\Desktop
[2012.06.27 16:51:14 | 000,000,000 | R--D | M] -- C:\Users\Verwaltung\Documents
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Verwaltung\Downloads
[2012.06.27 16:51:14 | 000,000,000 | -HSD | M] -- C:\Users\Verwaltung\Druckumgebung
[2012.06.27 16:51:14 | 000,000,000 | -HSD | M] -- C:\Users\Verwaltung\Eigene Dateien
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Verwaltung\Favorites
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Verwaltung\Links
[2012.06.27 16:51:16 | 000,000,000 | -HSD | M] -- C:\Users\Verwaltung\Lokale Einstellungen
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Verwaltung\Music
[2012.06.27 16:51:14 | 000,000,000 | -HSD | M] -- C:\Users\Verwaltung\Netzwerkumgebung
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Verwaltung\Pictures
[2012.06.27 16:51:15 | 000,000,000 | -HSD | M] -- C:\Users\Verwaltung\Recent
[2009.07.14 04:04:25 | 000,000,000 | ---D | M] -- C:\Users\Verwaltung\Saved Games
[2012.06.27 16:51:15 | 000,000,000 | -HSD | M] -- C:\Users\Verwaltung\SendTo
[2012.06.27 16:51:15 | 000,000,000 | -HSD | M] -- C:\Users\Verwaltung\Startmenü
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Verwaltung\Videos
[2012.06.27 16:51:16 | 000,000,000 | -HSD | M] -- C:\Users\Verwaltung\Vorlagen
[2012.05.29 08:20:24 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Verwaltung\AppData\Roaming\Media Center Programs
[2012.06.27 16:51:17 | 000,000,000 | --SD | M] -- C:\Users\Verwaltung\AppData\Roaming\Microsoft
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_dda2ecda9bf2e50d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.12.09 17:58:47 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2010.12.09 17:58:47 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

--- --- ---

[/code]

Vielen Dank!

cosinus · 01.07.2012, 14:01

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Files
C:\Users\All Users\529C50840382271D03A908ABB4EB23C1
C:\Windows\Installer\{59e74704-7a8c-b201-e149-d2fe65250c47}\U
C:\Windows\Installer\{59e74704-7a8c-b201-e149-d2fe65250c47}\@
C:\Users\PC Sek Vorn\AppData\Local\{59e74704-7a8c-b201-e149-d2fe65250c47}\@
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

jogspr · 02.07.2012, 16:35

Hallo Arne,

hier folgt jetzt das Log, nachdem ich den o.g. OTL-Fix durchgeführt habe:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== FILES ==========
C:\Users\All Users\529C50840382271D03A908ABB4EB23C1 folder moved successfully.
C:\Windows\Installer\{59e74704-7a8c-b201-e149-d2fe65250c47}\U folder moved successfully.
C:\Windows\Installer\{59e74704-7a8c-b201-e149-d2fe65250c47}\@ moved successfully.
C:\Users\PC Sek Vorn\AppData\Local\{59e74704-7a8c-b201-e149-d2fe65250c47}\@ moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
-> No Temporary Internet Files cache folder defined!
 
User: Default
-> No Temporary Internet Files cache folder defined!
 
User: Default User
-> No Temporary Internet Files cache folder defined!
 
User: PC Sek Vorn
-> No Temporary Internet Files cache folder defined!
 
User: Public
-> No Temporary Internet Files cache folder defined!
 
User: Verwaltung
-> No Temporary Internet Files cache folder defined!
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49632 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 0,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: PC Sek Vorn
 
User: Public
 
User: Verwaltung
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.1 log created on 07022012_172506

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Vielen Dank!

Edit: Ich weiss nicht, ob es irgendeinen Unterschied macht, Avira warnt vor "W32/Patched.ZA" . Die Warnung ist mir gerade aufgefallen, während ich versuche verschiedene Software auf den aktuellsten Stand zu bringen.

cosinus · 03.07.2012, 10:35

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

jogspr · 03.07.2012, 20:31

Hallo Arne,

hier kommt das TDSS-Killer Log:

Code:

ATTFilter

21:28:04.0243 3504	TDSS rootkit removing tool 2.7.44.0 Jul  2 2012 20:01:08
21:28:05.0678 3504	============================================================
21:28:05.0678 3504	Current date / time: 2012/07/03 21:28:05.0678
21:28:05.0678 3504	SystemInfo:
21:28:05.0678 3504	
21:28:05.0693 3504	OS Version: 6.1.7601 ServicePack: 1.0
21:28:05.0693 3504	Product type: Workstation
21:28:05.0693 3504	ComputerName: PCSEKVORN-PC
21:28:05.0693 3504	UserName: Verwaltung
21:28:05.0693 3504	Windows directory: C:\Windows
21:28:05.0693 3504	System windows directory: C:\Windows
21:28:05.0693 3504	Processor architecture: Intel x86
21:28:05.0693 3504	Number of processors: 1
21:28:05.0693 3504	Page size: 0x1000
21:28:05.0693 3504	Boot type: Normal boot
21:28:05.0693 3504	============================================================
21:28:07.0207 3504	Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:28:07.0238 3504	============================================================
21:28:07.0238 3504	\Device\Harddisk0\DR0:
21:28:07.0238 3504	MBR partitions:
21:28:07.0238 3504	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B800, BlocksNum 0x164D000
21:28:07.0238 3504	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1678800, BlocksNum 0x1BB30000
21:28:07.0238 3504	============================================================
21:28:07.0285 3504	C: <-> \Device\Harddisk0\DR0\Partition1
21:28:07.0331 3504	============================================================
21:28:07.0331 3504	Initialize success
21:28:07.0331 3504	============================================================
21:29:00.0637 2296	============================================================
21:29:00.0637 2296	Scan started
21:29:00.0637 2296	Mode: Manual; SigCheck; TDLFS; 
21:29:00.0637 2296	============================================================
21:29:01.0947 2296	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:29:02.0150 2296	1394ohci - ok
21:29:02.0228 2296	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:29:02.0259 2296	ACPI - ok
21:29:02.0290 2296	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:29:02.0368 2296	AcpiPmi - ok
21:29:02.0478 2296	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:29:02.0493 2296	AdobeARMservice - ok
21:29:02.0571 2296	AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:29:02.0602 2296	AdobeFlashPlayerUpdateSvc - ok
21:29:02.0665 2296	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:29:02.0696 2296	adp94xx - ok
21:29:02.0727 2296	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:29:02.0758 2296	adpahci - ok
21:29:02.0790 2296	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:29:02.0805 2296	adpu320 - ok
21:29:02.0914 2296	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:29:03.0024 2296	AeLookupSvc - ok
21:29:03.0086 2296	AERTFilters     (7a841462ad4749f8a07b27ae8e8947b8) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
21:29:03.0258 2296	AERTFilters - ok
21:29:03.0336 2296	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:29:03.0414 2296	AFD - ok
21:29:03.0460 2296	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:29:03.0476 2296	agp440 - ok
21:29:03.0507 2296	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:29:03.0523 2296	aic78xx - ok
21:29:03.0585 2296	ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:29:03.0648 2296	ALG - ok
21:29:03.0694 2296	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:29:03.0710 2296	aliide - ok
21:29:03.0741 2296	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:29:03.0757 2296	amdagp - ok
21:29:03.0772 2296	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:29:03.0788 2296	amdide - ok
21:29:03.0835 2296	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:29:03.0882 2296	AmdK8 - ok
21:29:03.0897 2296	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:29:03.0944 2296	AmdPPM - ok
21:29:03.0991 2296	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:29:04.0006 2296	amdsata - ok
21:29:04.0053 2296	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:29:04.0069 2296	amdsbs - ok
21:29:04.0100 2296	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:29:04.0116 2296	amdxata - ok
21:29:04.0209 2296	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:29:04.0225 2296	AntiVirSchedulerService - ok
21:29:04.0256 2296	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:29:04.0272 2296	AntiVirService - ok
21:29:04.0318 2296	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:29:04.0412 2296	AppID - ok
21:29:04.0459 2296	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:29:04.0521 2296	AppIDSvc - ok
21:29:04.0552 2296	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
21:29:04.0615 2296	Appinfo - ok
21:29:04.0662 2296	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:29:04.0677 2296	arc - ok
21:29:04.0693 2296	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:29:04.0724 2296	arcsas - ok
21:29:04.0755 2296	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:29:04.0849 2296	AsyncMac - ok
21:29:04.0880 2296	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:29:04.0896 2296	atapi - ok
21:29:04.0974 2296	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:29:05.0020 2296	AudioEndpointBuilder - ok
21:29:05.0036 2296	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:29:05.0067 2296	Audiosrv - ok
21:29:05.0114 2296	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
21:29:05.0145 2296	avgntflt - ok
21:29:05.0176 2296	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
21:29:05.0192 2296	avipbb - ok
21:29:05.0223 2296	avkmgr          (53e56450da16a1a7f0d002f511113f67) C:\Windows\system32\DRIVERS\avkmgr.sys
21:29:05.0239 2296	avkmgr - ok
21:29:05.0286 2296	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
21:29:05.0364 2296	AxInstSV - ok
21:29:05.0426 2296	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:29:05.0504 2296	b06bdrv - ok
21:29:05.0551 2296	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:29:05.0598 2296	b57nd60x - ok
21:29:05.0660 2296	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:29:05.0738 2296	BDESVC - ok
21:29:05.0754 2296	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:29:05.0816 2296	Beep - ok
21:29:05.0878 2296	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
21:29:05.0941 2296	BFE - ok
21:29:05.0956 2296	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:29:06.0003 2296	blbdrive - ok
21:29:06.0034 2296	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:29:06.0097 2296	bowser - ok
21:29:06.0175 2296	BPowMon         (104c980400850ea84f86cd31ae2eeece) C:\Program Files\Broadcom\BPowMon\BPowMon.exe
21:29:06.0190 2296	BPowMon - ok
21:29:06.0237 2296	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:29:06.0300 2296	BrFiltLo - ok
21:29:06.0315 2296	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:29:06.0378 2296	BrFiltUp - ok
21:29:06.0409 2296	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
21:29:06.0471 2296	Browser - ok
21:29:06.0502 2296	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:29:06.0565 2296	Brserid - ok
21:29:06.0596 2296	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:29:06.0627 2296	BrSerWdm - ok
21:29:06.0674 2296	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:29:06.0736 2296	BrUsbMdm - ok
21:29:06.0752 2296	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:29:06.0799 2296	BrUsbSer - ok
21:29:06.0830 2296	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:29:06.0861 2296	BTHMODEM - ok
21:29:06.0908 2296	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:29:06.0970 2296	bthserv - ok
21:29:07.0002 2296	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:29:07.0064 2296	cdfs - ok
21:29:07.0111 2296	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
21:29:07.0142 2296	cdrom - ok
21:29:07.0204 2296	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:29:07.0236 2296	CertPropSvc - ok
21:29:07.0282 2296	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:29:07.0329 2296	circlass - ok
21:29:07.0407 2296	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:29:07.0423 2296	CLFS - ok
21:29:07.0501 2296	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:29:07.0532 2296	clr_optimization_v2.0.50727_32 - ok
21:29:07.0594 2296	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:29:07.0626 2296	clr_optimization_v4.0.30319_32 - ok
21:29:07.0657 2296	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:29:07.0672 2296	CmBatt - ok
21:29:07.0704 2296	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:29:07.0719 2296	cmdide - ok
21:29:07.0766 2296	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
21:29:07.0813 2296	CNG - ok
21:29:07.0860 2296	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:29:07.0875 2296	Compbatt - ok
21:29:07.0922 2296	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:29:07.0984 2296	CompositeBus - ok
21:29:08.0016 2296	COMSysApp - ok
21:29:08.0078 2296	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:29:08.0125 2296	crcdisk - ok
21:29:08.0187 2296	CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
21:29:08.0250 2296	CryptSvc - ok
21:29:08.0312 2296	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:29:08.0374 2296	DcomLaunch - ok
21:29:08.0421 2296	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:29:08.0546 2296	defragsvc - ok
21:29:08.0593 2296	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:29:08.0655 2296	DfsC - ok
21:29:08.0718 2296	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
21:29:08.0764 2296	Dhcp - ok
21:29:08.0796 2296	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:29:08.0858 2296	discache - ok
21:29:08.0889 2296	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:29:08.0905 2296	Disk - ok
21:29:08.0952 2296	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
21:29:09.0030 2296	Dnscache - ok
21:29:09.0076 2296	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
21:29:09.0139 2296	dot3svc - ok
21:29:09.0186 2296	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
21:29:09.0248 2296	DPS - ok
21:29:09.0279 2296	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:29:09.0326 2296	drmkaud - ok
21:29:09.0404 2296	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:29:09.0451 2296	DXGKrnl - ok
21:29:09.0482 2296	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:29:09.0529 2296	EapHost - ok
21:29:09.0700 2296	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:29:09.0841 2296	ebdrv - ok
21:29:09.0950 2296	EFS             (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
21:29:09.0997 2296	EFS - ok
21:29:10.0059 2296	ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
21:29:10.0153 2296	ehRecvr - ok
21:29:10.0184 2296	ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
21:29:10.0309 2296	ehSched - ok
21:29:10.0402 2296	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:29:10.0434 2296	elxstor - ok
21:29:10.0465 2296	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:29:10.0496 2296	ErrDev - ok
21:29:10.0558 2296	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:29:10.0652 2296	EventSystem - ok
21:29:10.0683 2296	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:29:10.0746 2296	exfat - ok
21:29:10.0777 2296	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:29:10.0839 2296	fastfat - ok
21:29:10.0917 2296	Fax             (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
21:29:10.0980 2296	Fax - ok
21:29:10.0995 2296	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:29:11.0026 2296	fdc - ok
21:29:11.0058 2296	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:29:11.0120 2296	fdPHost - ok
21:29:11.0151 2296	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:29:11.0214 2296	FDResPub - ok
21:29:11.0245 2296	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:29:11.0260 2296	FileInfo - ok
21:29:11.0292 2296	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:29:11.0323 2296	Filetrace - ok
21:29:11.0338 2296	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:29:11.0370 2296	flpydisk - ok
21:29:11.0416 2296	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:29:11.0448 2296	FltMgr - ok
21:29:11.0526 2296	FontCache       (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
21:29:11.0619 2296	FontCache - ok
21:29:11.0682 2296	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:29:11.0697 2296	FontCache3.0.0.0 - ok
21:29:11.0728 2296	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:29:11.0744 2296	FsDepends - ok
21:29:11.0775 2296	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
21:29:11.0791 2296	Fs_Rec - ok
21:29:11.0853 2296	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:29:11.0884 2296	fvevol - ok
21:29:11.0931 2296	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:29:11.0947 2296	gagp30kx - ok
21:29:12.0009 2296	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
21:29:12.0118 2296	gpsvc - ok
21:29:12.0150 2296	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:29:12.0228 2296	hcw85cir - ok
21:29:12.0274 2296	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:29:12.0321 2296	HDAudBus - ok
21:29:12.0352 2296	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:29:12.0384 2296	HidBatt - ok
21:29:12.0415 2296	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:29:12.0446 2296	HidBth - ok
21:29:12.0477 2296	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:29:12.0508 2296	HidIr - ok
21:29:12.0540 2296	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
21:29:12.0602 2296	hidserv - ok
21:29:12.0664 2296	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
21:29:12.0696 2296	HidUsb - ok
21:29:12.0727 2296	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
21:29:12.0774 2296	hkmsvc - ok
21:29:12.0805 2296	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
21:29:12.0883 2296	HomeGroupListener - ok
21:29:12.0930 2296	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
21:29:12.0976 2296	HomeGroupProvider - ok
21:29:13.0023 2296	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:29:13.0039 2296	HpSAMD - ok
21:29:13.0132 2296	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:29:13.0179 2296	HTTP - ok
21:29:13.0210 2296	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:29:13.0226 2296	hwpolicy - ok
21:29:13.0273 2296	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:29:13.0304 2296	i8042prt - ok
21:29:13.0351 2296	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:29:13.0382 2296	iaStorV - ok
21:29:13.0507 2296	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:29:13.0538 2296	idsvc - ok
21:29:14.0100 2296	igfx            (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:29:14.0349 2296	igfx - ok
21:29:14.0521 2296	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:29:14.0536 2296	iirsp - ok
21:29:14.0614 2296	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
21:29:14.0677 2296	IKEEXT - ok
21:29:14.0880 2296	IntcAzAudAddService (94b1ff5d243d34b31380a2f79fc48959) C:\Windows\system32\drivers\RTKVHDA.sys
21:29:14.0973 2296	IntcAzAudAddService - ok
21:29:15.0114 2296	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:29:15.0129 2296	intelide - ok
21:29:15.0176 2296	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:29:15.0207 2296	intelppm - ok
21:29:15.0254 2296	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:29:15.0285 2296	IPBusEnum - ok
21:29:15.0316 2296	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:29:15.0348 2296	IpFilterDriver - ok
21:29:15.0394 2296	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:29:15.0426 2296	IPMIDRV - ok
21:29:15.0441 2296	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:29:15.0504 2296	IPNAT - ok
21:29:15.0535 2296	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:29:15.0597 2296	IRENUM - ok
21:29:15.0613 2296	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:29:15.0628 2296	isapnp - ok
21:29:15.0675 2296	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:29:15.0706 2296	iScsiPrt - ok
21:29:15.0769 2296	k57nd60x        (7ea81534e80570bdf6ee4a4248bba4d6) C:\Windows\system32\DRIVERS\k57nd60x.sys
21:29:15.0800 2296	k57nd60x - ok
21:29:15.0831 2296	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
21:29:15.0862 2296	kbdclass - ok
21:29:15.0909 2296	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
21:29:15.0940 2296	kbdhid - ok
21:29:15.0972 2296	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:29:16.0018 2296	KeyIso - ok
21:29:16.0034 2296	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
21:29:16.0050 2296	KSecDD - ok
21:29:16.0081 2296	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
21:29:16.0096 2296	KSecPkg - ok
21:29:16.0143 2296	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:29:16.0206 2296	KtmRm - ok
21:29:16.0252 2296	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
21:29:16.0315 2296	LanmanServer - ok
21:29:16.0346 2296	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
21:29:16.0408 2296	LanmanWorkstation - ok
21:29:16.0455 2296	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:29:16.0518 2296	lltdio - ok
21:29:16.0564 2296	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:29:16.0611 2296	lltdsvc - ok
21:29:16.0642 2296	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:29:16.0674 2296	lmhosts - ok
21:29:16.0720 2296	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:29:16.0736 2296	LSI_FC - ok
21:29:16.0767 2296	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:29:16.0783 2296	LSI_SAS - ok
21:29:16.0814 2296	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:29:16.0830 2296	LSI_SAS2 - ok
21:29:16.0845 2296	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:29:16.0876 2296	LSI_SCSI - ok
21:29:16.0908 2296	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:29:16.0954 2296	luafv - ok
21:29:17.0017 2296	Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
21:29:17.0064 2296	Mcx2Svc - ok
21:29:17.0079 2296	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:29:17.0095 2296	megasas - ok
21:29:17.0126 2296	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:29:17.0157 2296	MegaSR - ok
21:29:17.0188 2296	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:29:17.0235 2296	MMCSS - ok
21:29:17.0251 2296	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:29:17.0298 2296	Modem - ok
21:29:17.0329 2296	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:29:17.0360 2296	monitor - ok
21:29:17.0407 2296	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
21:29:17.0454 2296	mouclass - ok
21:29:17.0485 2296	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:29:17.0547 2296	mouhid - ok
21:29:17.0594 2296	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:29:17.0610 2296	mountmgr - ok
21:29:17.0688 2296	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:29:17.0703 2296	MozillaMaintenance - ok
21:29:17.0750 2296	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:29:17.0766 2296	mpio - ok
21:29:17.0812 2296	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:29:17.0859 2296	mpsdrv - ok
21:29:17.0937 2296	MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
21:29:18.0031 2296	MpsSvc - ok
21:29:18.0078 2296	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:29:18.0124 2296	MRxDAV - ok
21:29:18.0187 2296	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:29:18.0234 2296	mrxsmb - ok
21:29:18.0265 2296	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:29:18.0312 2296	mrxsmb10 - ok
21:29:18.0343 2296	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:29:18.0374 2296	mrxsmb20 - ok
21:29:18.0421 2296	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:29:18.0436 2296	msahci - ok
21:29:18.0468 2296	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:29:18.0499 2296	msdsm - ok
21:29:18.0546 2296	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:29:18.0592 2296	MSDTC - ok
21:29:18.0639 2296	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:29:18.0686 2296	Msfs - ok
21:29:18.0702 2296	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:29:18.0748 2296	mshidkmdf - ok
21:29:18.0764 2296	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:29:18.0780 2296	msisadrv - ok
21:29:18.0826 2296	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:29:18.0873 2296	MSiSCSI - ok
21:29:18.0873 2296	msiserver - ok
21:29:18.0920 2296	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:29:18.0982 2296	MSKSSRV - ok
21:29:18.0998 2296	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:29:19.0045 2296	MSPCLOCK - ok
21:29:19.0045 2296	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:29:19.0123 2296	MSPQM - ok
21:29:19.0170 2296	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:29:19.0185 2296	MsRPC - ok
21:29:19.0232 2296	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:29:19.0248 2296	mssmbios - ok
21:29:19.0279 2296	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:29:19.0326 2296	MSTEE - ok
21:29:19.0357 2296	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:29:19.0435 2296	MTConfig - ok
21:29:19.0450 2296	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:29:19.0466 2296	Mup - ok
21:29:19.0513 2296	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
21:29:19.0591 2296	napagent - ok
21:29:19.0653 2296	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:29:19.0684 2296	NativeWifiP - ok
21:29:19.0778 2296	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:29:19.0809 2296	NDIS - ok
21:29:19.0840 2296	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:29:19.0903 2296	NdisCap - ok
21:29:19.0934 2296	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:29:19.0996 2296	NdisTapi - ok
21:29:20.0028 2296	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:29:20.0090 2296	Ndisuio - ok
21:29:20.0137 2296	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:29:20.0199 2296	NdisWan - ok
21:29:20.0215 2296	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:29:20.0277 2296	NDProxy - ok
21:29:20.0308 2296	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:29:20.0355 2296	NetBIOS - ok
21:29:20.0386 2296	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:29:20.0433 2296	NetBT - ok
21:29:20.0480 2296	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:29:20.0511 2296	Netlogon - ok
21:29:20.0558 2296	Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:29:20.0620 2296	Netman - ok
21:29:20.0652 2296	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:29:20.0714 2296	netprofm - ok
21:29:20.0792 2296	NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:29:20.0823 2296	NetTcpPortSharing - ok
21:29:20.0854 2296	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:29:20.0886 2296	nfrd960 - ok
21:29:20.0932 2296	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
21:29:20.0979 2296	NlaSvc - ok
21:29:21.0198 2296	NOBU            (5515e0cf93b8c726385f49d5b10fecef) C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe
21:29:21.0260 2296	NOBU - ok
21:29:21.0400 2296	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:29:21.0447 2296	Npfs - ok
21:29:21.0478 2296	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:29:21.0525 2296	nsi - ok
21:29:21.0556 2296	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:29:21.0603 2296	nsiproxy - ok
21:29:21.0728 2296	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:29:21.0775 2296	Ntfs - ok
21:29:21.0806 2296	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:29:21.0837 2296	Null - ok
21:29:21.0868 2296	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:29:21.0900 2296	nvraid - ok
21:29:21.0931 2296	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:29:21.0962 2296	nvstor - ok
21:29:21.0993 2296	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:29:22.0009 2296	nv_agp - ok
21:29:22.0118 2296	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:29:22.0149 2296	odserv - ok
21:29:22.0196 2296	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:29:22.0243 2296	ohci1394 - ok
21:29:22.0305 2296	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:29:22.0321 2296	ose - ok
21:29:22.0570 2296	osppsvc         (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:29:22.0726 2296	osppsvc - ok
21:29:22.0851 2296	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:29:22.0960 2296	p2pimsvc - ok
21:29:23.0007 2296	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:29:23.0070 2296	p2psvc - ok
21:29:23.0132 2296	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:29:23.0163 2296	Parport - ok
21:29:23.0194 2296	partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
21:29:23.0210 2296	partmgr - ok
21:29:23.0241 2296	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:29:23.0272 2296	Parvdm - ok
21:29:23.0319 2296	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:29:23.0366 2296	PcaSvc - ok
21:29:23.0397 2296	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:29:23.0428 2296	pci - ok
21:29:23.0460 2296	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:29:23.0475 2296	pciide - ok
21:29:23.0506 2296	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:29:23.0538 2296	pcmcia - ok
21:29:23.0569 2296	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:29:23.0584 2296	pcw - ok
21:29:23.0647 2296	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:29:23.0725 2296	PEAUTH - ok
21:29:23.0881 2296	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
21:29:23.0943 2296	pla - ok
21:29:24.0084 2296	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
21:29:24.0146 2296	PlugPlay - ok
21:29:24.0177 2296	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:29:24.0208 2296	PNRPAutoReg - ok
21:29:24.0255 2296	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:29:24.0286 2296	PNRPsvc - ok
21:29:24.0333 2296	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
21:29:24.0396 2296	PolicyAgent - ok
21:29:24.0442 2296	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
21:29:24.0474 2296	Power - ok
21:29:24.0552 2296	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:29:24.0598 2296	PptpMiniport - ok
21:29:24.0614 2296	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:29:24.0645 2296	Processor - ok
21:29:24.0692 2296	ProfSvc         (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
21:29:24.0832 2296	ProfSvc - ok
21:29:24.0879 2296	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:29:24.0895 2296	ProtectedStorage - ok
21:29:24.0926 2296	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:29:24.0973 2296	Psched - ok
21:29:25.0020 2296	PSI             (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
21:29:25.0035 2296	PSI - ok
21:29:25.0144 2296	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:29:25.0207 2296	ql2300 - ok
21:29:25.0347 2296	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:29:25.0363 2296	ql40xx - ok
21:29:25.0410 2296	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:29:25.0456 2296	QWAVE - ok
21:29:25.0472 2296	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:29:25.0503 2296	QWAVEdrv - ok
21:29:25.0534 2296	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:29:25.0597 2296	RasAcd - ok
21:29:25.0644 2296	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:29:25.0690 2296	RasAgileVpn - ok
21:29:25.0722 2296	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:29:25.0768 2296	RasAuto - ok
21:29:25.0800 2296	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:29:25.0846 2296	Rasl2tp - ok
21:29:25.0893 2296	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
21:29:25.0971 2296	RasMan - ok
21:29:26.0002 2296	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:29:26.0049 2296	RasPppoe - ok
21:29:26.0080 2296	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:29:26.0127 2296	RasSstp - ok
21:29:26.0158 2296	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:29:26.0205 2296	rdbss - ok
21:29:26.0236 2296	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:29:26.0283 2296	rdpbus - ok
21:29:26.0314 2296	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:29:26.0377 2296	RDPCDD - ok
21:29:26.0424 2296	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:29:26.0517 2296	RDPENCDD - ok
21:29:26.0548 2296	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:29:26.0580 2296	RDPREFMP - ok
21:29:26.0626 2296	RDPWD           (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
21:29:26.0704 2296	RDPWD - ok
21:29:26.0751 2296	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:29:26.0782 2296	rdyboost - ok
21:29:26.0814 2296	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:29:26.0876 2296	RemoteAccess - ok
21:29:26.0907 2296	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:29:26.0954 2296	RemoteRegistry - ok
21:29:26.0985 2296	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:29:27.0048 2296	RpcEptMapper - ok
21:29:27.0094 2296	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:29:27.0141 2296	RpcLocator - ok
21:29:27.0188 2296	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:29:27.0250 2296	RpcSs - ok
21:29:27.0282 2296	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:29:27.0344 2296	rspndr - ok
21:29:27.0375 2296	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:29:27.0391 2296	SamSs - ok
21:29:27.0438 2296	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:29:27.0453 2296	sbp2port - ok
21:29:27.0500 2296	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:29:27.0562 2296	SCardSvr - ok
21:29:27.0609 2296	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:29:27.0656 2296	scfilter - ok
21:29:27.0734 2296	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
21:29:27.0812 2296	Schedule - ok
21:29:27.0859 2296	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:29:27.0906 2296	SCPolicySvc - ok
21:29:27.0937 2296	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
21:29:27.0984 2296	SDRSVC - ok
21:29:28.0015 2296	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:29:28.0046 2296	secdrv - ok
21:29:28.0077 2296	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:29:28.0124 2296	seclogon - ok
21:29:28.0374 2296	Secunia PSI Agent (f70a51eb03ee7046784ef62efce9528e) C:\Program Files\Secunia\PSI\PSIA.exe
21:29:28.0467 2296	Secunia PSI Agent - ok
21:29:28.0576 2296	Secunia Update Agent (ad56ceb08eeb517332355fde9e5939c8) C:\Program Files\Secunia\PSI\sua.exe
21:29:28.0623 2296	Secunia Update Agent - ok
21:29:28.0764 2296	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
21:29:28.0810 2296	SENS - ok
21:29:28.0842 2296	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:29:28.0888 2296	SensrSvc - ok
21:29:28.0951 2296	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:29:28.0966 2296	Serenum - ok
21:29:28.0998 2296	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:29:29.0029 2296	Serial - ok
21:29:29.0060 2296	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:29:29.0107 2296	sermouse - ok
21:29:29.0169 2296	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
21:29:29.0232 2296	SessionEnv - ok
21:29:29.0278 2296	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:29:29.0341 2296	sffdisk - ok
21:29:29.0372 2296	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:29:29.0419 2296	sffp_mmc - ok
21:29:29.0419 2296	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:29:29.0450 2296	sffp_sd - ok
21:29:29.0497 2296	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:29:29.0528 2296	sfloppy - ok
21:29:29.0590 2296	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
21:29:29.0622 2296	ShellHWDetection - ok
21:29:29.0653 2296	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:29:29.0668 2296	sisagp - ok
21:29:29.0700 2296	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:29:29.0715 2296	SiSRaid2 - ok
21:29:29.0746 2296	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:29:29.0778 2296	SiSRaid4 - ok
21:29:29.0809 2296	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:29:29.0840 2296	Smb - ok
21:29:29.0887 2296	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:29:29.0918 2296	SNMPTRAP - ok
21:29:29.0934 2296	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:29:29.0949 2296	spldr - ok
21:29:30.0027 2296	Spooler         (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
21:29:30.0105 2296	Spooler - ok
21:29:30.0308 2296	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
21:29:30.0417 2296	sppsvc - ok
21:29:30.0526 2296	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
21:29:30.0573 2296	sppuinotify - ok
21:29:30.0636 2296	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:29:30.0698 2296	srv - ok
21:29:30.0729 2296	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:29:30.0792 2296	srv2 - ok
21:29:30.0807 2296	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:29:30.0838 2296	srvnet - ok
21:29:30.0885 2296	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:29:30.0932 2296	SSDPSRV - ok
21:29:30.0963 2296	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
21:29:30.0979 2296	ssmdrv - ok
21:29:31.0010 2296	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:29:31.0072 2296	SstpSvc - ok
21:29:31.0104 2296	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:29:31.0119 2296	stexstor - ok
21:29:31.0182 2296	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
21:29:31.0244 2296	StiSvc - ok
21:29:31.0275 2296	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:29:31.0291 2296	swenum - ok
21:29:31.0338 2296	swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
21:29:31.0384 2296	swprv - ok
21:29:31.0478 2296	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
21:29:31.0540 2296	SysMain - ok
21:29:31.0572 2296	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
21:29:31.0618 2296	TabletInputService - ok
21:29:31.0665 2296	TapiSrv         (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
21:29:31.0728 2296	TapiSrv - ok
21:29:31.0759 2296	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
21:29:31.0884 2296	TBS - ok
21:29:31.0993 2296	Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
21:29:32.0055 2296	Tcpip - ok
21:29:32.0258 2296	TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
21:29:32.0289 2296	TCPIP6 - ok
21:29:32.0383 2296	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:29:32.0430 2296	tcpipreg - ok
21:29:32.0461 2296	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:29:32.0523 2296	TDPIPE - ok
21:29:32.0554 2296	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
21:29:32.0601 2296	TDTCP - ok
21:29:32.0648 2296	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:29:32.0710 2296	tdx - ok
21:29:32.0960 2296	TeamViewer7     (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
21:29:33.0038 2296	TeamViewer7 - ok
21:29:33.0178 2296	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:29:33.0194 2296	TermDD - ok
21:29:33.0256 2296	TermService     (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
21:29:33.0319 2296	TermService - ok
21:29:33.0334 2296	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
21:29:33.0381 2296	Themes - ok
21:29:33.0412 2296	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:29:33.0459 2296	THREADORDER - ok
21:29:33.0506 2296	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
21:29:33.0568 2296	TrkWks - ok
21:29:33.0631 2296	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
21:29:33.0678 2296	TrustedInstaller - ok
21:29:33.0709 2296	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:29:33.0740 2296	tssecsrv - ok
21:29:33.0787 2296	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:29:33.0834 2296	TsUsbFlt - ok
21:29:33.0896 2296	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:29:33.0943 2296	tunnel - ok
21:29:33.0974 2296	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:29:33.0990 2296	uagp35 - ok
21:29:34.0036 2296	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:29:34.0099 2296	udfs - ok
21:29:34.0146 2296	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
21:29:34.0177 2296	UI0Detect - ok
21:29:34.0224 2296	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:29:34.0239 2296	uliagpkx - ok
21:29:34.0302 2296	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
21:29:34.0317 2296	umbus - ok
21:29:34.0364 2296	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:29:34.0426 2296	UmPass - ok
21:29:34.0473 2296	upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
21:29:34.0536 2296	upnphost - ok
21:29:34.0567 2296	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
21:29:34.0645 2296	usbccgp - ok
21:29:34.0692 2296	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:29:34.0738 2296	usbcir - ok
21:29:34.0754 2296	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
21:29:34.0770 2296	usbehci - ok
21:29:34.0816 2296	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:29:34.0863 2296	usbhub - ok
21:29:34.0879 2296	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
21:29:34.0926 2296	usbohci - ok
21:29:34.0972 2296	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:29:34.0988 2296	usbprint - ok
21:29:35.0019 2296	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:29:35.0082 2296	USBSTOR - ok
21:29:35.0113 2296	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
21:29:35.0128 2296	usbuhci - ok
21:29:35.0160 2296	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
21:29:35.0206 2296	UxSms - ok
21:29:35.0238 2296	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:29:35.0269 2296	VaultSvc - ok
21:29:35.0300 2296	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:29:35.0316 2296	vdrvroot - ok
21:29:35.0440 2296	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
21:29:35.0487 2296	vds - ok
21:29:35.0534 2296	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:29:35.0581 2296	vga - ok
21:29:35.0612 2296	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:29:35.0643 2296	VgaSave - ok
21:29:35.0690 2296	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:29:35.0721 2296	vhdmp - ok
21:29:35.0768 2296	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:29:35.0784 2296	viaagp - ok
21:29:35.0815 2296	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:29:35.0846 2296	ViaC7 - ok
21:29:35.0862 2296	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:29:35.0877 2296	viaide - ok
21:29:35.0924 2296	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:29:35.0940 2296	volmgr - ok
21:29:35.0971 2296	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:29:36.0002 2296	volmgrx - ok
21:29:36.0049 2296	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:29:36.0080 2296	volsnap - ok
21:29:36.0127 2296	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:29:36.0142 2296	vsmraid - ok
21:29:36.0252 2296	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
21:29:36.0314 2296	VSS - ok
21:29:36.0345 2296	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
21:29:36.0376 2296	vwifibus - ok
21:29:36.0423 2296	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
21:29:36.0486 2296	W32Time - ok
21:29:36.0517 2296	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:29:36.0548 2296	WacomPen - ok
21:29:36.0595 2296	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:29:36.0642 2296	WANARP - ok
21:29:36.0657 2296	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:29:36.0688 2296	Wanarpv6 - ok
21:29:36.0829 2296	WatAdminSvc     (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
21:29:36.0876 2296	WatAdminSvc - ok
21:29:37.0063 2296	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
21:29:37.0156 2296	wbengine - ok
21:29:37.0188 2296	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
21:29:37.0250 2296	WbioSrvc - ok
21:29:37.0297 2296	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
21:29:37.0344 2296	wcncsvc - ok
21:29:37.0375 2296	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
21:29:37.0437 2296	WcsPlugInService - ok
21:29:37.0500 2296	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:29:37.0515 2296	Wd - ok
21:29:37.0562 2296	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:29:37.0593 2296	Wdf01000 - ok
21:29:37.0624 2296	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:29:37.0734 2296	WdiServiceHost - ok
21:29:37.0749 2296	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:29:37.0780 2296	WdiSystemHost - ok
21:29:37.0843 2296	WebClient       (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
21:29:37.0890 2296	WebClient - ok
21:29:37.0905 2296	Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
21:29:37.0952 2296	Wecsvc - ok
21:29:37.0983 2296	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
21:29:38.0030 2296	wercplsupport - ok
21:29:38.0061 2296	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
21:29:38.0124 2296	WerSvc - ok
21:29:38.0155 2296	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:29:38.0186 2296	WfpLwf - ok
21:29:38.0217 2296	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:29:38.0233 2296	WIMMount - ok
21:29:38.0264 2296	WinHttpAutoProxySvc - ok
21:29:38.0326 2296	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
21:29:38.0389 2296	Winmgmt - ok
21:29:38.0514 2296	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
21:29:38.0592 2296	WinRM - ok
21:29:38.0685 2296	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
21:29:38.0732 2296	Wlansvc - ok
21:29:38.0841 2296	wlcrasvc        (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:29:38.0857 2296	wlcrasvc - ok
21:29:39.0028 2296	wlidsvc         (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:29:39.0106 2296	wlidsvc - ok
21:29:39.0247 2296	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:29:39.0262 2296	WmiAcpi - ok
21:29:39.0325 2296	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
21:29:39.0372 2296	wmiApSrv - ok
21:29:39.0528 2296	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:29:39.0621 2296	WMPNetworkSvc - ok
21:29:39.0730 2296	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
21:29:39.0793 2296	WPCSvc - ok
21:29:39.0824 2296	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
21:29:39.0902 2296	WPDBusEnum - ok
21:29:39.0964 2296	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:29:39.0996 2296	ws2ifsl - ok
21:29:40.0011 2296	WSearch - ok
21:29:40.0058 2296	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:29:40.0089 2296	WudfPf - ok
21:29:40.0152 2296	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:29:40.0183 2296	WUDFRd - ok
21:29:40.0230 2296	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
21:29:40.0292 2296	wudfsvc - ok
21:29:40.0323 2296	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
21:29:40.0370 2296	WwanSvc - ok
21:29:40.0417 2296	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:29:40.0713 2296	\Device\Harddisk0\DR0 - ok
21:29:40.0713 2296	Boot (0x1200)   (59c27f2e11e634fb06124fc162134af6) \Device\Harddisk0\DR0\Partition0
21:29:40.0713 2296	\Device\Harddisk0\DR0\Partition0 - ok
21:29:40.0760 2296	Boot (0x1200)   (b7419dc6caeee7a9e41dbc882c11b75c) \Device\Harddisk0\DR0\Partition1
21:29:40.0760 2296	\Device\Harddisk0\DR0\Partition1 - ok
21:29:40.0760 2296	============================================================
21:29:40.0760 2296	Scan finished
21:29:40.0760 2296	============================================================
21:29:40.0791 2100	Detected object count: 0
21:29:40.0791 2100	Actual detected object count: 0

Vielen Dank!

cosinus · 04.07.2012, 16:31

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

jogspr · 05.07.2012, 09:37

Es gibt leider ein Problem bei der Ausführung von Combofix.

Ich bin so vorgegangen wie beschrieben, habe das Programm heruntergeladen, alle anderen Programme beendet, Virenscanner deaktiviert und dann Combofix ausgeführt. Darauf hat Combofix gemeldet, dass er den bereits deinstallierten Virenscanner (TrendMicro) erkannt hat, und die Benutzung durch diesen Beeinträchtigt wird und ich den Scanner deaktivieren soll. Das übder die Windowsfunktion zum Software Deinstallieren kein Eintrag der Trendmicro-Software zu finden war, habe ich von TrendMicro ein removal Tool heruntergeladen und ausgeführt. Danach neugestartet und dann wieder Combofix ausgeführt.
Das hat soweit funktioniert, bis der Computer irgendwann (während oder kurz nach der Wiederherstellungspunkterstellung) von selbst neu gestartet wurde. Darauf habe ich wieder das Benutzerprofil aufgerufen und seitdem blinkt im Rhythmus von Sekundenbruchteilen ein blaues Combofix-Fenster an nacheinander in der linken Bildschirmhälfte auf.
Auch ein weiterer Neustart ändert daran nichts.

cosinus · 05.07.2012, 11:34

Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.

jogspr · 05.07.2012, 14:18

Hallo Arne,

vielen Dank, es hat dieses Mal geklappt. Das Logfile kommt hier:

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-07-05.02 - Verwaltung 05.07.2012  15:02:20.2.1 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.989.403 [GMT 2:00]
ausgeführt von:: c:\users\PC Sek Vorn\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-- Vorheriger Suchlauf --
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe wurde wiederhergestellt 
.
--------
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-05 bis 2012-07-05  ))))))))))))))))))))))))))))))
.
.
2012-07-02 18:06 . 2012-06-14 22:19	85472	----a-w-	c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-07-02 17:40 . 2012-07-02 17:40	--------	d-----w-	c:\windows\en
2012-07-02 17:35 . 2012-07-02 17:35	--------	d-----w-	c:\windows\de
2012-07-02 17:30 . 2012-07-02 17:30	19736	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-02 17:27 . 2012-07-02 17:27	15712	----a-w-	c:\program files\Common Files\Windows Live\.cache\1238b741cd587805\MeshBetaRemover.exe
2012-07-02 17:27 . 2012-07-02 17:27	89944	----a-w-	c:\program files\Common Files\Windows Live\.cache\f8c9f7be1cd587704\DSETUP.dll
2012-07-02 17:27 . 2012-07-02 17:27	537432	----a-w-	c:\program files\Common Files\Windows Live\.cache\f8c9f7be1cd587704\DXSETUP.exe
2012-07-02 17:27 . 2012-07-02 17:27	1801048	----a-w-	c:\program files\Common Files\Windows Live\.cache\f8c9f7be1cd587704\dsetup32.dll
2012-07-02 17:07 . 2012-07-02 17:07	--------	d-----w-	c:\program files\Common Files\Adobe
2012-07-02 16:59 . 2012-07-02 16:59	--------	d-----w-	c:\program files\Common Files\Java
2012-07-02 16:04 . 2012-06-14 22:16	770384	----a-w-	c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-02 16:04 . 2012-06-14 22:16	421200	----a-w-	c:\program files\Mozilla Firefox\msvcp100.dll
2012-07-02 16:04 . 2012-07-02 16:04	--------	d-----w-	c:\program files\FileHippo.com
2012-07-02 15:56 . 2012-07-02 15:56	--------	d-----w-	c:\program files\Secunia
2012-07-02 15:25 . 2012-07-02 15:25	--------	d-----w-	C:\_OTL
2012-06-27 14:51 . 2012-07-04 12:23	--------	d-----w-	c:\users\Verwaltung
2012-06-26 14:30 . 2012-07-03 12:26	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2012-06-26 14:30 . 2012-06-14 22:17	624608	----a-w-	c:\program files\Mozilla Firefox\gkmedias.dll
2012-06-26 14:30 . 2012-06-14 22:17	43488	----a-w-	c:\program files\Mozilla Firefox\mozglue.dll
2012-06-26 14:30 . 2012-06-14 22:17	157608	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-26 14:30 . 2012-06-14 22:17	113120	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-06-26 08:34 . 2012-06-26 08:34	--------	d-----w-	c:\program files\ESET
2012-06-22 11:19 . 2012-06-22 11:19	--------	d-----w-	c:\users\PC Sek Vorn\AppData\Roaming\Malwarebytes
2012-06-22 11:18 . 2012-06-22 11:18	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-22 11:18 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-22 11:18 . 2012-06-22 11:18	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-06-22 06:28 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-22 06:28 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-22 06:28 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-22 06:28 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-22 06:28 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-22 06:28 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-22 06:28 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-22 06:27 . 2012-06-02 13:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-22 06:27 . 2012-06-02 13:12	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-06-18 15:57 . 2012-06-18 15:57	--------	d-----w-	C:\Logs
2012-06-18 15:19 . 2012-07-02 16:58	772592	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-06-18 15:18 . 2012-07-02 16:58	--------	d-----w-	c:\program files\Java
2012-06-18 14:37 . 2012-06-18 14:37	--------	d-----w-	c:\program files\TeamViewer
2012-06-13 10:00 . 2012-04-28 03:17	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-13 10:00 . 2012-04-07 11:26	2342400	----a-w-	c:\windows\system32\msi.dll
2012-06-13 10:00 . 2012-05-15 01:05	2343936	----a-w-	c:\windows\system32\win32k.sys
2012-06-13 10:00 . 2012-04-26 04:45	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-13 10:00 . 2012-04-26 04:45	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-13 10:00 . 2012-04-26 04:41	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-13 10:00 . 2012-05-01 04:44	164352	----a-w-	c:\windows\system32\profsvc.dll
2012-06-13 10:00 . 2012-04-24 04:36	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-13 10:00 . 2012-04-24 04:36	1158656	----a-w-	c:\windows\system32\crypt32.dll
2012-06-13 10:00 . 2012-04-24 04:36	103936	----a-w-	c:\windows\system32\cryptnet.dll
2012-06-12 14:18 . 2012-06-12 14:18	--------	d-----w-	c:\users\PC Sek Vorn\AppData\Local\Macromedia
2012-06-12 13:41 . 2012-06-12 13:41	--------	d-----w-	c:\users\PC Sek Vorn\AppData\Roaming\Avira
2012-06-12 13:34 . 2012-04-16 19:17	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-06-12 13:34 . 2012-04-27 08:20	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-06-12 13:34 . 2012-04-24 22:32	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-06-12 13:34 . 2012-06-12 13:34	--------	d-----w-	c:\programdata\Avira
2012-06-12 13:34 . 2012-06-12 13:34	--------	d-----w-	c:\program files\Avira
2012-06-08 10:50 . 2012-06-08 10:50	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2012-06-08 08:43 . 2012-06-08 08:43	--------	d-----w-	c:\programdata\McAfee
2012-06-08 08:43 . 2012-07-02 16:56	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-08 08:43 . 2012-07-02 16:56	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-02 16:58 . 2010-12-09 07:12	687600	----a-w-	c:\windows\system32\deployJava1.dll
2012-04-24 12:29 . 2012-04-24 12:29	4770160	----a-w-	c:\windows\system32\LxXtreme100.dll
2012-04-24 12:29 . 2012-04-24 12:29	104304	----a-w-	c:\windows\system32\LxUISettingsN100.dll
2012-04-24 12:29 . 2012-04-24 12:29	25968	----a-w-	c:\windows\system32\LxTPSW100.dll
2012-04-24 12:28 . 2012-04-24 12:28	1336688	----a-w-	c:\windows\system32\LxTool100.dll
2012-04-24 12:28 . 2012-04-24 12:28	63344	----a-w-	c:\windows\system32\LxPXTree100.dll
2012-04-24 12:28 . 2012-04-24 12:28	111472	----a-w-	c:\windows\system32\LxODBC100.dll
2012-04-24 12:28 . 2012-04-24 12:28	127344	----a-w-	c:\windows\system32\LxMail100.dll
2012-04-24 12:28 . 2012-04-24 12:28	200048	----a-w-	c:\windows\system32\LxDBAL100.dll
2012-04-24 12:28 . 2012-04-24 12:28	76656	----a-w-	c:\windows\system32\LxDAO100.dll
2012-04-24 12:28 . 2012-04-24 12:28	205168	----a-w-	c:\windows\system32\LxBasics100.dll
2012-04-17 13:58 . 2012-04-17 13:58	139120	----a-w-	c:\windows\system32\LXReportManage.ocx
2012-04-17 13:58 . 2012-04-17 13:58	207728	----a-w-	c:\windows\system32\LXPrnUtil10.dll
2012-04-17 13:58 . 2012-04-17 13:58	138608	----a-w-	c:\windows\system32\LxDNTvmc100.dll
2012-04-17 13:58 . 2012-04-17 13:58	74608	----a-w-	c:\windows\system32\LxDNTvm100.dll
2012-04-17 13:58 . 2012-04-17 13:58	309616	----a-w-	c:\windows\system32\LxDNT100.dll
2012-06-14 22:19 . 2012-07-02 18:06	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-12 7739936]
"Dell DataSafe Online"="c:\program files\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-25 927576]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\users\PC Sek Vorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TeamViewer 7.lnk - c:\program files\TeamViewer\Version7\TeamViewer.exe [2012-6-18 7357824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-6-27 572000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"77.76.214.0,255.255.254.0,192.168.57.182,1"=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-08 16:56]
.
.
------- Zusätzlicher Suchlauf -------
.
TCP: DhcpNameServer = 192.168.57.1
FF - ProfilePath - c:\users\Verwaltung\AppData\Roaming\Mozilla\Firefox\Profiles\di6kd9e6.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-05  15:15:04
ComboFix-quarantined-files.txt  2012-07-05 13:15
.
Vor Suchlauf: 15 Verzeichnis(se), 198.646.444.032 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 198.554.660.864 Bytes frei
.
- - End Of File - - 3467729CDCD98A7B634D55D0AEC45C4C

--- --- ---

cosinus · 05.07.2012, 16:05

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

05.07.2012, 11:34	#28
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	TR/Small.FI und TR/ATRAPS.Gen2 Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal. __________________ Logfiles bitte immer in CODE-Tags posten

TR/Small.FI und TR/ATRAPS.Gen2

Plagegeister aller Art und deren Bekämpfung: TR/Small.FI und TR/ATRAPS.Gen2