System Care Antivirus

Jami87 · 23.05.2013, 08:42

Hallo,

meine Schwester hat seit gestern (bzw. schon länger) den System Care Antivirus auf ihrem PC. Sie benötigt diesen aber unbedingt. Könnt ihr ihr eventuell helfen? (heute könnte ich noch für sie einiges erledigen, morgen müsste sie dann selbst ran) Wie lang würde es denn in etwa oder mindestens dauern? (Ich weiß, dass dies recht viel Zeit in Anspruch nimmt). Und: Kann ich von ihrem PC aus schreiben und antworten über das Forum oder wird das schwierig?!?

LG...

markusg · 23.05.2013, 10:53

währe eigendlich sinnvoller, wenn sie sich selbst angemeldet hätte, wird auf jeden fall länger als bis mmorgen dauern.
Wennn man seinen PC doch so dringend braucht, warum hat man keine Backups?

OK:
währe günstig n Zweitsystem zu haben, das Betroffene muss in den abgesicherten Modus gestartet werden, die ersten Programme und Logs via usb stick kopiert auf das Betroffene

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Jami87 · 23.05.2013, 12:13

Also ich habe jetzt bei meiner Schwester das mit dem OTL durchgeführt (allerdings nicht mit den Befehlen, sondern einfach nur so einen Quikscan gemacht - sollte ich das wiederholen?) und GMER läuft gerade (aber ich glaube, das dauert länger, oder?)
Allerdings im normalen und nicht im abgesicherten Modus - geht das trotzdem?

Meine Schwester hat wohl keine Backups, weil sie sich genauso gut bzw. gar nicht mit PC usw. auskennt wie ich :-(

Was ich komisch finde: Heute ging das Fenster mit dem "System Care Antivirus" gar nicht mehr auf - kann es sein, dass dieser sich nur "versteckt"? Allerdings hat auch ein Programm auf ihrem PC den Virus erkannt und fragt, ob die Einträge gelöscht werden sollen - das Programm heißt Microsoft System Essentials - würde dies vielleicht auch ausreichen?

markusg · 23.05.2013, 12:16

gmer abbrechen, bitte das machen was ich poste, danke
wenn du im normalen Modus arbeiten kannst, ist das ok, dann musst du nicht in den abgesicherten.

Jami87 · 23.05.2013, 12:18

Puh, ok, dann war wohl die Arbeit umsonst... Also dann gehe ich mal wieder zu meiner Schwester und breche GMER ab... Und stelle also auch die Virenscanner, etc. wieder an?!?
Und dann das, was du oben geschrieben hast?

markusg · 23.05.2013, 12:20

nein, während des scans von oben scanner auslassen bitte.
Wenn es funde gibt, wenn du ihn später anstellst, bitte posten mit pfadangabe als Text

Jami87 · 23.05.2013, 12:33

Also Microsoft Security Essentials hat vorhin schon folgendes gefunden: Rogue:Win32/Winwebsec
--> darunter stehen 3 Elemente, wo der System Care ANtivirus drin ist... Soll ich diese posten oder bringt dies nichts?

Und soll auf jeden Fall jetzt das OTL machen wie oben beschrieben?

markusg · 23.05.2013, 12:37

otl ja, Elemente posten, ja.

Jami87 · 23.05.2013, 13:03

ALso hier die OTL:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 23.05.2013 14:02:57 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,22 Gb Total Physical Memory | 0,67 Gb Available Physical Memory | 54,87% Memory free
2,30 Gb Paging File | 1,95 Gb Available in Paging File | 84,85% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 27,35 Gb Total Space | 0,98 Gb Free Space | 3,57% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.23 12:12:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
PRC - [2013.04.13 14:01:11 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2013.03.30 15:17:25 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2013.02.04 18:21:34 | 001,513,536 | ---- | M] (1und1 Mail und Media GmbH) -- C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
PRC - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2013.01.27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.07.03 10:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe
PRC - [2012.07.03 10:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2012.06.20 13:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\AAVUpdateManager\aavus.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.10 09:57:36 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2013.04.13 14:00:15 | 003,133,336 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\AAVUpdateManager\aavus.exe
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003.08.03 21:58:08 | 000,065,536 | ---- | M] () -- C:\Programme\Lexmark X1100 Series\ConvDIB.dll
MOD - [2003.07.29 15:27:40 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBKPP5C.DLL
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013.05.16 15:12:43 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.13 14:01:09 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.30 15:17:25 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2009.04.30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2006.10.23 04:39:22 | 000,071,072 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Haufe\iDesk\iDeskService\ideskservice.exe -- (HRService)
SRV - [2005.11.14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\smserial.sys -- (smserial)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOKUME~1\***~1\LOKALE~1\Temp\awtdypog.sys -- (awtdypog)
DRV - [2013.05.23 12:08:35 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{E71352C9-DB1E-46E4-B714-071ABD2F2522}\MpKsl055f6ff4.sys -- (MpKsl055f6ff4)
DRV - [2010.12.14 17:53:43 | 001,903,646 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctxS51.sys -- (ctxS51)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.01 01:03:30 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009.05.01 01:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2009.05.01 01:01:36 | 000,265,496 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.05.01 01:00:00 | 000,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009.04.30 17:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008.04.13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006.11.30 16:14:22 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45unic.sys -- (se45unic)
DRV - [2006.11.30 16:14:14 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45obex.sys -- (se45obex)
DRV - [2006.11.30 16:14:10 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45mgmt.sys -- (se45mgmt)
DRV - [2006.11.30 16:14:10 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45nd5.sys -- (se45nd5)
DRV - [2006.11.30 16:14:04 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45mdm.sys -- (se45mdm)
DRV - [2006.11.30 16:14:04 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45mdfl.sys -- (se45mdfl)
DRV - [2006.11.30 16:13:56 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45bus.sys -- (se45bus)
DRV - [2004.08.03 22:41:46 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004.08.03 22:41:46 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2004.08.03 22:41:44 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004.08.03 22:41:40 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004.08.03 22:41:40 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004.08.03 22:41:40 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\recagent.sys -- (RecAgent)
DRV - [2004.08.03 22:41:38 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004.01.28 07:57:06 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2003.10.20 13:39:56 | 000,073,856 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viaudio.sys -- (VIAudio)
DRV - [2003.07.02 05:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2003.05.26 14:57:50 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2001.08.17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hyrican.de
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hyrican.de
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hyrican.de
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hyrican.de
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1632050453-1386881348-2443237045-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1632050453-1386881348-2443237045-1006\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1632050453-1386881348-2443237045-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1632050453-1386881348-2443237045-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1632050453-1386881348-2443237045-1006\..\SearchScopes\{2EFC93D0-28E4-4E34-8E48-02CC9D811ECE}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-1632050453-1386881348-2443237045-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_deDE362
IE - HKU\S-1-5-21-1632050453-1386881348-2443237045-1006\..\SearchScopes\{75EFFF90-5434-446F-93A2-882031C7E007}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-1632050453-1386881348-2443237045-1006\..\SearchScopes\{81F2BCEC-6C38-48A1-B8AA-4FC131AE19FE}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-1632050453-1386881348-2443237045-1006\..\SearchScopes\{8C0B7AB9-1919-4D2F-BCE1-D59CF7A3E854}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=7ed84ad5-7e1c-4eef-b1f3-a5329f58e940&apn_sauid=14CB2E21-7CA7-49B4-B03D-C85F21A3B232
IE - HKU\S-1-5-21-1632050453-1386881348-2443237045-1006\..\SearchScopes\{901382FD-2BEE-4F01-A1CC-3F21476B9F27}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-21-1632050453-1386881348-2443237045-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE"
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.6
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.18.100015
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.13 14:01:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.05.15 17:38:01 | 000,000,000 | ---D | M]
 
[2009.08.09 15:49:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2013.05.18 11:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\yhzncjj2.default\extensions
[2010.05.31 11:44:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\yhzncjj2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.02.21 22:30:35 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\yhzncjj2.default\extensions\toolbar@ask.com
[2013.05.18 11:08:21 | 000,620,130 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\yhzncjj2.default\extensions\toolbar@web.de.xpi
[2013.05.18 11:08:35 | 000,001,050 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\yhzncjj2.default\searchplugins\11-suche.xml
[2013.05.23 12:09:34 | 000,002,413 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\yhzncjj2.default\searchplugins\askcom.xml
[2013.05.18 11:08:35 | 000,002,418 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\yhzncjj2.default\searchplugins\englische-ergebnisse.xml
[2013.05.18 11:08:35 | 000,010,701 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\yhzncjj2.default\searchplugins\gmx-suche.xml
[2013.05.18 11:08:35 | 000,002,432 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\yhzncjj2.default\searchplugins\lastminute.xml
[2013.05.18 11:08:35 | 000,005,682 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\yhzncjj2.default\searchplugins\webde-suche.xml
[2013.04.13 13:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.13 14:01:12 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Avira Toolbar = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.0_0\
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
 
O1 HOSTS File: ([2006.06.23 16:40:44 | 000,000,928 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1632050453-1386881348-2443237045-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1632050453-1386881348-2443237045-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-1632050453-1386881348-2443237045-1006\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-1632050453-1386881348-2443237045-1006\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [MailCheck IE Broker] C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [MSC] c:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [0utlook Express] xrrfa.exe File not found
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Microsoft Restore] scrgrd.exe File not found
O4 - HKU\.DEFAULT..\Run: [Microsoft Update] snlogsvc.exe File not found
O4 - HKU\.DEFAULT..\Run: [Microsoft Windows Update] wupdate.exe File not found
O4 - HKU\S-1-5-18..\Run: [0utlook Express] xrrfa.exe File not found
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [Microsoft Restore] scrgrd.exe File not found
O4 - HKU\S-1-5-18..\Run: [Microsoft Update] snlogsvc.exe File not found
O4 - HKU\S-1-5-18..\Run: [Microsoft Windows Update] wupdate.exe File not found
O4 - HKU\S-1-5-21-1632050453-1386881348-2443237045-1006..\Run: [1und1Dispatcher] C:\Programme\1und1Softwareaktualisierung\SchedDispatcher.exe (1&1 Mail & Media GmbH)
O4 - HKLM..\RunServices: [0utlook Express] xrrfa.exe File not found
O4 - HKLM..\RunServices: [63E8A5E7] C:\WINDOWS\System32\xivfm.exe File not found
O4 - HKLM..\RunServices: [Microsoft Windows Update] wupdate.exe File not found
O4 - HKU\.DEFAULT..\RunServices: [0utlook Express] xrrfa.exe File not found
O4 - HKU\S-1-5-18..\RunServices: [0utlook Express] xrrfa.exe File not found
O4 - HKU\S-1-5-21-1632050453-1386881348-2443237045-1006..\RunServices: [0utlook Express] xrrfa.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1632050453-1386881348-2443237045-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1632050453-1386881348-2443237045-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38013.2053125 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.30.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE0F0185-35B7-45AD-9061-4E757F8826B8}: DhcpNameServer = 10.30.2.254
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.01.27 11:24:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{174b4d56-6c46-11dc-8532-00e04cb6cada}\Shell\AutoRun\command - "" = F:\Anwendungen\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {032A6019-9DAA-40f9-A3B3-34ABB0AA0947} - Q813951
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {429D8DD3-05E0-4F56-B6D6-AC0730567C02} - Euro Update Tool
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6C298884-91FD-408C-9D90-5A59D2C29FD1} - Microsoft .NET Framework 1.1 Security Update (KB2742597)
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Programme\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C34F4917-ED43-439f-9023-97B0024A2B3B} - Q810847
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: Ip6FwHlp -  File not found
 
MsConfig - Services: "IDriverT"
MsConfig - Services: "HRService"
MsConfig - Services: "SLService"
MsConfig - Services: "AAV UpdateService"
MsConfig - Services: "LVPrcSrv"
MsConfig - Services: "idsvc"
MsConfig - Services: "gusvc"
MsConfig - Services: "gupdate"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk -  - File not found
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^Picture Motion Browser Medien-Prüfung.lnk - C:\Programme\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe - (Sony Corporation)
MsConfig - StartUpReg: 0utlook Express - hkey= - key= -  File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: BluetoothAuthenticationAgent - hkey= - key= -  File not found
MsConfig - StartUpReg: Cryptographic Service - hkey= - key= -  File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: InCD - hkey= - key= -  File not found
MsConfig - StartUpReg: Logitech Vid - hkey= - key= - C:\Programme\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
MsConfig - StartUpReg: Microsoft Windows Update - hkey= - key= -  File not found
MsConfig - StartUpReg: NeroCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickFinder Scheduler - hkey= - key= - C:\Programme\WordPerfect Office 11\Programs\QFSCHD110.EXE (Novell, Inc., c/o Corel Corporation Limited)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SMSERIAL - hkey= - key= -  File not found
MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= -  File not found
MsConfig - StartUpReg: swg - hkey= - key= - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: System Update - hkey= - key= -  File not found
MsConfig - StartUpReg: updateMgr - hkey= - key= -  File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.23 12:12:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2013.05.22 21:27:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\System Care Antivirus
[2013.05.19 11:02:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\E58CE4CD2E0520C40000E58BFF4827BD
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.23 14:03:02 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013.05.23 13:44:04 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.23 13:08:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.05.23 12:29:36 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\gmer_2.1.19163.exe
[2013.05.23 12:18:23 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013.05.23 12:12:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***r\Desktop\OTL.exe
[2013.05.23 12:12:06 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2013.05.23 12:08:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.05.23 12:08:30 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.23 12:08:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.23 12:08:07 | 1308,151,808 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.19 14:08:13 | 000,000,501 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2013.05.18 14:21:25 | 000,002,327 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\WordPerfect.lnk
[2013.05.18 10:37:07 | 000,157,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.05.16 15:10:23 | 000,459,250 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.05.16 15:10:23 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.05.16 15:10:23 | 000,084,754 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.05.16 15:10:23 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.05.16 15:04:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.05.13 21:13:46 | 000,104,825 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Rockott.qpw
[2013.05.13 21:09:09 | 000,002,319 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Quattro Pro.lnk
[2013.05.07 21:41:28 | 000,126,004 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Kita-Zaunbilder.wpd
[2013.05.07 21:14:29 | 000,006,976 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\HWK 2013 Beitragsbefreiuung.wpd
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.23 12:29:35 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\gmer_2.1.19163.exe
[2013.05.23 12:12:06 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2013.05.23 11:21:22 | 1308,151,808 | -HS- | C] () -- C:\hiberfil.sys
[2013.05.07 21:41:28 | 000,126,004 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Kita-Zaunbilder.wpd
[2013.05.07 21:14:29 | 000,006,976 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\HWK 2013 Beitragsbefreiuung.wpd
[2013.04.10 22:13:58 | 000,010,495 | ---- | C] () -- C:\Dokumente und Einstellungen\***\***_elster_2048.pfx
[2013.04.10 21:55:26 | 000,010,495 | ---- | C] () -- C:\Dokumente und Einstellungen\***\ronny_elster_2048.pfx
[2012.02.15 14:50:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009.08.04 21:19:05 | 000,000,050 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\newCOMer.ini
[2007.10.28 12:42:28 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007.04.09 14:29:01 | 000,013,824 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.06.28 21:07:39 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.01.10 19:58:49 | 000,000,240 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.java.policy
[2004.06.02 14:28:29 | 000,000,000 | R--- | C] () -- C:\Dokumente und Einstellungen\***\TFTP4860
[2004.03.06 16:07:20 | 000,061,678 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PFP110JPR.{PB
[2004.03.06 16:07:20 | 000,012,358 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PFP110JCM.{PB
 
========== ZeroAccess Check ==========
 
[2004.01.27 14:14:11 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2009.07.18 18:03:13 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.03.07 17:04:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1&1 Mail & Media GmbH
[2013.01.22 21:44:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV
[2007.01.07 14:18:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2004.03.05 22:58:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2012.10.08 12:51:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DesktopIcons
[2013.05.23 12:03:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\E58CE4CD2E0520C40000E58BFF4827BD
[2007.01.07 13:12:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe
[2007.01.07 13:13:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2007.11.25 20:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
[2013.03.07 17:04:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UUdb
[2004.01.27 11:31:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\InterTrust
[2004.01.27 11:31:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\InterTrust
[2009.03.18 11:55:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Teleca
[2013.03.07 17:03:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\1&1 Mail & Media GmbH
[2012.08.23 21:49:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AskToolbar
[2004.06.05 11:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CDZilla
[2007.02.19 20:30:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Haufe
[2004.01.27 11:31:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterTrust
[2004.03.06 15:47:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\klickRoute
[2010.01.09 17:26:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech
[2007.11.25 20:12:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Teleca
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2006.07.31 21:32:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2007.09.11 13:24:05 | 000,000,000 | ---D | M] -- C:\Drivers
[2009.08.23 17:27:39 | 000,000,000 | ---D | M] -- C:\e0068ab367b6a73f67
[2011.01.05 17:55:33 | 000,000,000 | ---D | M] -- C:\FTW
[2004.03.06 15:59:57 | 000,000,000 | ---D | M] -- C:\LEXWARE
[2013.05.18 10:40:25 | 000,000,000 | R--D | M] -- C:\Programme
[2013.05.23 11:53:46 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2009.02.10 10:48:32 | 000,000,000 | ---D | M] -- C:\spoolerlogs
[2004.09.14 19:03:10 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.05.23 11:13:45 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2008.04.14 04:23:08 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp
[2008.04.14 04:23:08 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2008.04.14 04:23:08 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp
[2008.04.14 04:23:08 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2008.04.14 04:23:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2008.04.14 04:23:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2008.04.14 04:23:08 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2004.01.27 11:12:24 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2004.01.27 11:24:24 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2010.02.09 21:43:32 | 000,001,086 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2010.02.09 21:43:33 | 000,001,090 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2012.08.14 22:12:50 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2012.08.23 21:33:37 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2013.02.26 21:13:05 | 000,000,386 | -H-- | C] () -- C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
 
< MD5 for: AGP440.SYS  >
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.06.03 21:28:48 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009.06.03 21:28:48 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2002.08.29 14:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.06.03 21:28:48 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002.08.29 14:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009.06.03 21:28:48 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2002.08.29 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2002.08.29 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2004.01.27 12:15:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004.01.27 12:15:30 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004.01.27 12:15:29 | 000,397,312 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2006.04.14 16:59:56 | 000,000,240 | ---- | M] () -- C:\Dokumente und Einstellungen\***\.java.policy
[2013.05.23 12:12:06 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2013.04.10 22:14:22 | 000,010,495 | ---- | M] () -- C:\Dokumente und Einstellungen\***\***_elster_2048.pfx
[2013.05.23 12:06:40 | 007,602,176 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2013.05.23 14:08:48 | 000,045,056 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.dat.LOG
[2013.05.23 12:06:40 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2013.04.10 21:55:40 | 000,010,495 | ---- | M] () -- C:\Dokumente und Einstellungen\***\ronny_elster_2048.pfx
[2004.06.02 14:28:29 | 000,000,000 | R--- | M] () -- C:\Dokumente und Einstellungen\***\TFTP4860
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2013.04.12 16:00:54 | 001,876,480 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< End of report >

--- --- ---

Und hier die Elemente aus der Microsoft Security Essentials Meldung:

folder:c:\dokumente und einstellungen\***\Startmenü\Programme\System Care Antivirus\
file:C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\E58CE4CD2E0520C40000E58BFF4827BD\E58CE4CD2E0520C40000E58BFF4827BD.exe
file:c:\dokumente und einstellungen\***\Desktop\System Care Antivirus.lnk

markusg · 23.05.2013, 13:20

Hi,
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Jami87 · 23.05.2013, 13:33

Hier das Ergebnis von TDSSKiller:

14:53:13.0937 1700 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:53:14.0062 1700 ============================================================
14:53:14.0062 1700 Current date / time: 2013/05/23 14:53:14.0062
14:53:14.0062 1700 SystemInfo:
14:53:14.0062 1700
14:53:14.0062 1700 OS Version: 5.1.2600 ServicePack: 3.0
14:53:14.0062 1700 Product type: Workstation
14:53:14.0062 1700 ComputerName: JANINE
14:53:14.0062 1700 UserName: Janine Werner
14:53:14.0062 1700 Windows directory: C:\WINDOWS
14:53:14.0062 1700 System windows directory: C:\WINDOWS
14:53:14.0062 1700 Processor architecture: Intel x86
14:53:14.0062 1700 Number of processors: 1
14:53:14.0062 1700 Page size: 0x1000
14:53:14.0062 1700 Boot type: Normal boot
14:53:14.0062 1700 ============================================================
14:53:16.0828 1700 Drive \Device\Harddisk0\DR0 - Size: 0x953C94000 (37.31 Gb), SectorSize: 0x200, Cylinders: 0x1306, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:53:16.0937 1700 ============================================================
14:53:16.0937 1700 \Device\Harddisk0\DR0:
14:53:16.0937 1700 MBR partitions:
14:53:16.0937 1700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x36B1F33
14:53:16.0937 1700 ============================================================
14:53:16.0968 1700 C: <-> \Device\Harddisk0\DR0\Partition1
14:53:16.0968 1700 ============================================================
14:53:16.0968 1700 Initialize success
14:53:16.0968 1700 ============================================================
14:55:23.0687 3572 ============================================================
14:55:23.0687 3572 Scan started
14:55:23.0687 3572 Mode: Manual; SigCheck; TDLFS;
14:55:23.0687 3572 ============================================================
14:55:30.0140 3572 ================ Scan system memory ========================
14:55:30.0140 3572 System memory - ok
14:55:30.0156 3572 ================ Scan services =============================
14:55:30.0343 3572 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Programme\AAVUpdateManager\aavus.exe
14:55:30.0531 3572 AAV UpdateService - ok
14:55:30.0937 3572 Abiosdsk - ok
14:55:30.0953 3572 abp480n5 - ok
14:55:31.0078 3572 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:55:34.0453 3572 ACPI - ok
14:55:34.0500 3572 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
14:55:34.0718 3572 ACPIEC - ok
14:55:34.0875 3572 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:55:35.0000 3572 AdobeFlashPlayerUpdateSvc - ok
14:55:35.0015 3572 adpu160m - ok
14:55:35.0093 3572 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:55:35.0296 3572 aec - ok
14:55:35.0390 3572 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:55:35.0453 3572 AFD - ok
14:55:35.0468 3572 Aha154x - ok
14:55:35.0500 3572 aic78u2 - ok
14:55:35.0531 3572 aic78xx - ok
14:55:35.0578 3572 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:55:35.0796 3572 Alerter - ok
14:55:35.0843 3572 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
14:55:36.0062 3572 ALG - ok
14:55:36.0078 3572 AliIde - ok
14:55:36.0156 3572 [ 3A0DAFAC778236559C14C7203FB550EB ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
14:55:36.0375 3572 AmdK7 - ok
14:55:36.0421 3572 amsint - ok
14:55:36.0453 3572 AppMgmt - ok
14:55:36.0468 3572 asc - ok
14:55:36.0500 3572 asc3350p - ok
14:55:36.0531 3572 asc3550 - ok
14:55:36.0593 3572 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
14:55:36.0687 3572 ASCTRM ( UnsignedFile.Multi.Generic ) - warning
14:55:36.0687 3572 ASCTRM - detected UnsignedFile.Multi.Generic (1)
14:55:36.0890 3572 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:55:36.0937 3572 aspnet_state - ok
14:55:37.0000 3572 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:55:37.0203 3572 AsyncMac - ok
14:55:37.0281 3572 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:55:37.0500 3572 atapi - ok
14:55:37.0531 3572 Atdisk - ok
14:55:37.0593 3572 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:55:37.0796 3572 Atmarpc - ok
14:55:37.0875 3572 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:55:38.0078 3572 AudioSrv - ok
14:55:38.0156 3572 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:55:38.0375 3572 audstub - ok
14:55:38.0453 3572 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:55:38.0734 3572 Beep - ok
14:55:38.0921 3572 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
14:55:39.0218 3572 BITS - ok
14:55:39.0296 3572 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
14:55:39.0515 3572 Browser - ok
14:55:39.0562 3572 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:55:39.0875 3572 cbidf2k - ok
14:55:39.0921 3572 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:55:40.0156 3572 CCDECODE - ok
14:55:40.0171 3572 cd20xrnt - ok
14:55:40.0234 3572 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:55:40.0515 3572 Cdaudio - ok
14:55:40.0578 3572 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:55:40.0781 3572 Cdfs - ok
14:55:40.0843 3572 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:55:41.0046 3572 Cdrom - ok
14:55:41.0062 3572 Changer - ok
14:55:41.0140 3572 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:55:41.0343 3572 CiSvc - ok
14:55:41.0421 3572 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:55:41.0609 3572 ClipSrv - ok
14:55:41.0687 3572 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:55:41.0734 3572 clr_optimization_v2.0.50727_32 - ok
14:55:41.0765 3572 CmdIde - ok
14:55:41.0781 3572 COMSysApp - ok
14:55:41.0828 3572 Cpqarray - ok
14:55:41.0906 3572 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:55:42.0109 3572 CryptSvc - ok
14:55:42.0796 3572 [ ED002F233AB7E89B3AD2D47DBD177014 ] ctxS51 C:\WINDOWS\system32\DRIVERS\ctxS51.sys
14:55:43.0421 3572 ctxS51 ( UnsignedFile.Multi.Generic ) - warning
14:55:43.0421 3572 ctxS51 - detected UnsignedFile.Multi.Generic (1)
14:55:43.0437 3572 dac2w2k - ok
14:55:43.0468 3572 dac960nt - ok
14:55:43.0656 3572 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:55:43.0828 3572 DcomLaunch - ok
14:55:43.0937 3572 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:55:44.0140 3572 Dhcp - ok
14:55:44.0218 3572 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:55:44.0406 3572 Disk - ok
14:55:44.0437 3572 dmadmin - ok
14:55:44.0750 3572 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:55:45.0156 3572 dmboot - ok
14:55:45.0234 3572 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:55:45.0453 3572 dmio - ok
14:55:45.0515 3572 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:55:45.0734 3572 dmload - ok
14:55:45.0781 3572 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
14:55:45.0968 3572 dmserver - ok
14:55:46.0015 3572 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:55:46.0234 3572 DMusic - ok
14:55:46.0312 3572 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:55:46.0375 3572 Dnscache - ok
14:55:46.0468 3572 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:55:46.0671 3572 Dot3svc - ok
14:55:46.0687 3572 dpti2o - ok
14:55:46.0750 3572 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:55:46.0953 3572 drmkaud - ok
14:55:47.0000 3572 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:55:47.0234 3572 EapHost - ok
14:55:47.0281 3572 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:55:47.0484 3572 ERSvc - ok
14:55:47.0593 3572 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
14:55:47.0687 3572 Eventlog - ok
14:55:47.0828 3572 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\System32\es.dll
14:55:47.0890 3572 EventSystem - ok
14:55:47.0953 3572 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:55:48.0171 3572 Fastfat - ok
14:55:48.0281 3572 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:55:48.0343 3572 FastUserSwitchingCompatibility - ok
14:55:48.0390 3572 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
14:55:48.0609 3572 Fdc - ok
14:55:48.0687 3572 [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5.sys
14:55:48.0953 3572 FETNDIS - ok
14:55:49.0015 3572 [ 29063004926B225C417E7147822F5866 ] FETNDISB C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
14:55:49.0078 3572 FETNDISB - ok
14:55:49.0140 3572 [ A75DDC492D2D1D6558AD8003A4ADB73A ] FilterService C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
14:55:49.0187 3572 FilterService - ok
14:55:49.0265 3572 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:55:49.0484 3572 Fips - ok
14:55:49.0531 3572 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:55:49.0718 3572 Flpydisk - ok
14:55:49.0796 3572 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
14:55:50.0000 3572 FltMgr - ok
14:55:50.0125 3572 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:55:50.0156 3572 FontCache3.0.0.0 - ok
14:55:50.0234 3572 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:55:50.0484 3572 Fs_Rec - ok
14:55:50.0562 3572 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:55:50.0875 3572 Ftdisk - ok
14:55:50.0906 3572 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
14:55:51.0078 3572 gameenum - ok
14:55:51.0140 3572 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:55:51.0343 3572 Gpc - ok
14:55:51.0468 3572 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
14:55:51.0531 3572 gupdate - ok
14:55:51.0593 3572 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
14:55:51.0609 3572 gupdatem - ok
14:55:51.0750 3572 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
14:55:51.0828 3572 gusvc - ok
14:55:51.0937 3572 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:55:52.0140 3572 helpsvc - ok
14:55:52.0171 3572 HidServ - ok
14:55:52.0234 3572 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:55:52.0437 3572 HidUsb - ok
14:55:52.0546 3572 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:55:52.0718 3572 hkmsvc - ok
14:55:52.0750 3572 hpn - ok
14:55:52.0859 3572 [ 532E3D11B7FC7A46C430847DB8656853 ] HRService C:\Programme\Haufe\iDesk\iDeskService\iDeskService.exe
14:55:52.0953 3572 HRService - ok
14:55:53.0093 3572 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:55:53.0140 3572 HTTP - ok
14:55:53.0203 3572 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:55:53.0390 3572 HTTPFilter - ok
14:55:53.0437 3572 i2omgmt - ok
14:55:53.0453 3572 i2omp - ok
14:55:53.0515 3572 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:55:53.0687 3572 i8042prt - ok
14:55:53.0890 3572 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:55:53.0953 3572 IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:55:53.0953 3572 IDriverT - detected UnsignedFile.Multi.Generic (1)
14:55:54.0343 3572 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:55:54.0906 3572 idsvc - ok
14:55:54.0953 3572 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:55:55.0109 3572 Imapi - ok
14:55:55.0250 3572 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\System32\imapi.exe
14:55:55.0515 3572 ImapiService - ok
14:55:55.0531 3572 ini910u - ok
14:55:55.0578 3572 IntelIde - ok
14:55:55.0625 3572 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
14:55:55.0796 3572 Ip6Fw - ok
14:55:55.0859 3572 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:55:56.0156 3572 IpFilterDriver - ok
14:55:56.0218 3572 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:55:56.0390 3572 IpInIp - ok
14:55:56.0468 3572 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:55:56.0656 3572 IpNat - ok
14:55:56.0718 3572 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:55:56.0890 3572 IPSec - ok
14:55:56.0937 3572 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:55:57.0125 3572 IRENUM - ok
14:55:57.0187 3572 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:55:57.0375 3572 isapnp - ok
14:55:57.0703 3572 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
14:55:57.0796 3572 JavaQuickStarterService - ok
14:55:57.0843 3572 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:55:58.0000 3572 Kbdclass - ok
14:55:58.0093 3572 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:55:58.0265 3572 kmixer - ok
14:55:58.0343 3572 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:55:58.0390 3572 KSecDD - ok
14:55:58.0500 3572 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:55:58.0562 3572 lanmanserver - ok
14:55:58.0671 3572 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:55:58.0718 3572 lanmanworkstation - ok
14:55:58.0734 3572 lbrtfdc - ok
14:55:58.0890 3572 [ 027D03D9D8AB95194A115A999E960AC0 ] LexBceS C:\WINDOWS\system32\LEXBCES.EXE
14:55:59.0078 3572 LexBceS - ok
14:55:59.0156 3572 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:55:59.0343 3572 LmHosts - ok
14:55:59.0437 3572 [ 01F0E010ACB61472163E9D02D3FF531A ] lvpopflt C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
14:55:59.0468 3572 lvpopflt - ok
14:55:59.0531 3572 [ C57C48FB9AE3EFB9848AF594E3123A63 ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
14:55:59.0625 3572 LVPr2Mon - ok
14:55:59.0781 3572 [ 5C7B88695CE461D8BDA4FE0C0E57E71D ] LVPrcSrv C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
14:55:59.0859 3572 LVPrcSrv - ok
14:56:00.0015 3572 [ 87ECCE893D8AEC5A9337B917742D339C ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
14:56:00.0062 3572 LVRS - ok
14:56:02.0296 3572 [ 291F69B3DDA0F033D2490C5BA5179F7C ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
14:56:04.0187 3572 LVUVC - ok
14:56:04.0234 3572 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:56:04.0406 3572 Messenger - ok
14:56:04.0484 3572 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:56:04.0750 3572 mnmdd - ok
14:56:04.0812 3572 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
14:56:05.0015 3572 mnmsrvc - ok
14:56:05.0046 3572 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:56:05.0234 3572 Modem - ok
14:56:05.0296 3572 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:56:05.0578 3572 MODEMCSA - ok
14:56:05.0609 3572 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:56:05.0781 3572 Mouclass - ok
14:56:05.0828 3572 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:56:06.0078 3572 mouhid - ok
14:56:06.0156 3572 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:56:06.0328 3572 MountMgr - ok
14:56:06.0421 3572 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
14:56:06.0484 3572 MozillaMaintenance - ok
14:56:06.0609 3572 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
14:56:06.0640 3572 MpFilter - ok
14:56:06.0796 3572 [ A69630D039C38018689190234F866D77 ] MpKsl41851d04 c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9AD6218E-97A2-4C01-BA76-189187703F41}\MpKsl41851d04.sys
14:56:06.0828 3572 MpKsl41851d04 - ok
14:56:06.0843 3572 mraid35x - ok
14:56:06.0937 3572 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:56:07.0125 3572 MRxDAV - ok
14:56:07.0343 3572 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:56:07.0515 3572 MRxSmb - ok
14:56:07.0578 3572 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\System32\msdtc.exe
14:56:07.0765 3572 MSDTC - ok
14:56:07.0812 3572 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:56:07.0984 3572 Msfs - ok
14:56:08.0015 3572 MSIServer - ok
14:56:08.0062 3572 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:56:08.0234 3572 MSKSSRV - ok
14:56:08.0328 3572 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc c:\Programme\Microsoft Security Client\MsMpEng.exe
14:56:08.0359 3572 MsMpSvc - ok
14:56:08.0437 3572 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:56:08.0609 3572 MSPCLOCK - ok
14:56:08.0640 3572 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:56:08.0812 3572 MSPQM - ok
14:56:08.0843 3572 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:56:09.0015 3572 mssmbios - ok
14:56:09.0062 3572 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
14:56:09.0234 3572 MSTEE - ok
14:56:09.0296 3572 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
14:56:09.0578 3572 ms_mpu401 - ok
14:56:09.0671 3572 [ C53775780148884AC87C455489A0C070 ] Mtlmnt5 C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
14:56:09.0828 3572 Mtlmnt5 - ok
14:56:10.0296 3572 [ 54886A652BF5685192141DF304E923FD ] Mtlstrm C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
14:56:10.0765 3572 Mtlstrm - ok
14:56:10.0859 3572 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:56:10.0906 3572 Mup - ok
14:56:10.0984 3572 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:56:11.0171 3572 NABTSFEC - ok
14:56:11.0328 3572 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
14:56:11.0562 3572 napagent - ok
14:56:11.0656 3572 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:56:11.0828 3572 NDIS - ok
14:56:11.0859 3572 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:56:12.0046 3572 NdisIP - ok
14:56:12.0093 3572 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:56:12.0125 3572 NdisTapi - ok
14:56:12.0187 3572 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:56:12.0343 3572 Ndisuio - ok
14:56:12.0390 3572 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:56:12.0593 3572 NdisWan - ok
14:56:12.0656 3572 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:56:12.0718 3572 NDProxy - ok
14:56:12.0765 3572 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:56:12.0921 3572 NetBIOS - ok
14:56:13.0015 3572 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:56:13.0187 3572 NetBT - ok
14:56:13.0281 3572 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
14:56:13.0531 3572 NetDDE - ok
14:56:13.0578 3572 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:56:13.0750 3572 NetDDEdsdm - ok
14:56:13.0812 3572 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\System32\lsass.exe
14:56:13.0984 3572 Netlogon - ok
14:56:14.0109 3572 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
14:56:14.0281 3572 Netman - ok
14:56:14.0390 3572 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:56:14.0468 3572 NetTcpPortSharing - ok
14:56:14.0593 3572 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
14:56:14.0625 3572 Nla - ok
14:56:14.0671 3572 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:56:14.0828 3572 Npfs - ok
14:56:15.0078 3572 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:56:15.0343 3572 Ntfs - ok
14:56:15.0390 3572 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
14:56:15.0546 3572 NtLmSsp - ok
14:56:15.0734 3572 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:56:15.0984 3572 NtmsSvc - ok
14:56:16.0093 3572 [ 576B34CEAE5B7E5D9FD2775E93B3DB53 ] NtMtlFax C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
14:56:16.0250 3572 NtMtlFax - ok
14:56:16.0312 3572 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:56:16.0593 3572 Null - ok
14:56:16.0656 3572 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:56:16.0906 3572 NwlnkFlt - ok
14:56:16.0937 3572 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:56:17.0203 3572 NwlnkFwd - ok
14:56:17.0250 3572 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:56:17.0421 3572 Parport - ok
14:56:17.0484 3572 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:56:17.0656 3572 PartMgr - ok
14:56:17.0718 3572 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:56:17.0953 3572 ParVdm - ok
14:56:18.0015 3572 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:56:18.0187 3572 PCI - ok
14:56:18.0203 3572 PCIDump - ok
14:56:18.0218 3572 PCIIde - ok
14:56:18.0296 3572 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
14:56:18.0515 3572 Pcmcia - ok
14:56:18.0531 3572 PDCOMP - ok
14:56:18.0562 3572 PDFRAME - ok
14:56:18.0578 3572 PDRELI - ok
14:56:18.0609 3572 PDRFRAME - ok
14:56:18.0640 3572 perc2 - ok
14:56:18.0671 3572 perc2hib - ok
14:56:18.0796 3572 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
14:56:18.0859 3572 PlugPlay - ok
14:56:18.0890 3572 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
14:56:19.0046 3572 PolicyAgent - ok
14:56:19.0125 3572 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:56:19.0296 3572 PptpMiniport - ok
14:56:19.0328 3572 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:56:19.0500 3572 ProtectedStorage - ok
14:56:19.0562 3572 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:56:19.0734 3572 PSched - ok
14:56:19.0812 3572 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:56:20.0093 3572 Ptilink - ok
14:56:20.0171 3572 [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:56:20.0187 3572 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
14:56:20.0187 3572 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
14:56:20.0218 3572 ql1080 - ok
14:56:20.0234 3572 Ql10wnt - ok
14:56:20.0265 3572 ql12160 - ok
14:56:20.0296 3572 ql1240 - ok
14:56:20.0312 3572 ql1280 - ok
14:56:20.0375 3572 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:56:20.0656 3572 RasAcd - ok
14:56:20.0750 3572 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:56:20.0921 3572 RasAuto - ok
14:56:20.0968 3572 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:56:21.0140 3572 Rasl2tp - ok
14:56:21.0250 3572 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:56:21.0453 3572 RasMan - ok
14:56:21.0515 3572 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:56:21.0703 3572 RasPppoe - ok
14:56:21.0750 3572 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:56:22.0015 3572 Raspti - ok
14:56:22.0093 3572 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:56:22.0281 3572 Rdbss - ok
14:56:22.0312 3572 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:56:22.0562 3572 RDPCDD - ok
14:56:22.0671 3572 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:56:22.0750 3572 RDPWD - ok
14:56:22.0843 3572 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:56:23.0062 3572 RDSessMgr - ok
14:56:23.0125 3572 [ E9AAA0092D74A9D371659C4C38882E12 ] RecAgent C:\WINDOWS\system32\DRIVERS\RecAgent.sys
14:56:23.0281 3572 RecAgent - ok
14:56:23.0359 3572 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:56:23.0546 3572 redbook - ok
14:56:23.0625 3572 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:56:23.0812 3572 RemoteAccess - ok
14:56:23.0875 3572 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\System32\locator.exe
14:56:24.0078 3572 RpcLocator - ok
14:56:24.0218 3572 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
14:56:24.0375 3572 RpcSs - ok
14:56:24.0484 3572 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\System32\rsvp.exe
14:56:24.0828 3572 RSVP - ok
14:56:24.0953 3572 [ 5AC35AE969A729227522E972885E3AA7 ] S3Psddr C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
14:56:25.0015 3572 S3Psddr - ok
14:56:25.0062 3572 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
14:56:25.0218 3572 SamSs - ok
14:56:25.0312 3572 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:56:25.0531 3572 SCardSvr - ok
14:56:25.0640 3572 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:56:25.0828 3572 Schedule - ok
14:56:25.0921 3572 [ 531EBC57DB331C8500C042D9F8A6AEF2 ] se45bus C:\WINDOWS\system32\DRIVERS\se45bus.sys
14:56:26.0156 3572 se45bus - ok
14:56:26.0203 3572 [ 148E7E813681D3A0A05F09826080CC2B ] se45mdfl C:\WINDOWS\system32\DRIVERS\se45mdfl.sys
14:56:26.0250 3572 se45mdfl - ok
14:56:26.0343 3572 [ B4CE022564D0D3FD7B0E5459AA12AA72 ] se45mdm C:\WINDOWS\system32\DRIVERS\se45mdm.sys
14:56:26.0375 3572 se45mdm - ok
14:56:26.0468 3572 [ 6D04EA9C049EBD78D64ADE447DE3F7EB ] se45mgmt C:\WINDOWS\system32\DRIVERS\se45mgmt.sys
14:56:26.0500 3572 se45mgmt - ok
14:56:26.0562 3572 [ FDC74BEAA13A801FAC574BC7AF1450C4 ] se45nd5 C:\WINDOWS\system32\DRIVERS\se45nd5.sys
14:56:26.0609 3572 se45nd5 - ok
14:56:26.0687 3572 [ 5E003693822460D37516D9A262DE9E11 ] se45obex C:\WINDOWS\system32\DRIVERS\se45obex.sys
14:56:26.0734 3572 se45obex - ok
14:56:26.0796 3572 [ FC7021ADB632200DA591A55A35A78ACC ] se45unic C:\WINDOWS\system32\DRIVERS\se45unic.sys
14:56:26.0828 3572 se45unic - ok
14:56:26.0875 3572 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:56:27.0046 3572 Secdrv - ok
14:56:27.0093 3572 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
14:56:27.0281 3572 seclogon - ok
14:56:27.0328 3572 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
14:56:27.0546 3572 SENS - ok
14:56:27.0609 3572 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:56:27.0781 3572 serenum - ok
14:56:27.0828 3572 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:56:28.0015 3572 Serial - ok
14:56:28.0078 3572 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:56:28.0250 3572 Sfloppy - ok
14:56:28.0406 3572 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:56:28.0671 3572 SharedAccess - ok
14:56:28.0750 3572 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:56:28.0781 3572 ShellHWDetection - ok
14:56:28.0812 3572 Simbad - ok
14:56:28.0937 3572 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
14:56:29.0000 3572 SkypeUpdate - ok
14:56:29.0062 3572 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:56:29.0218 3572 SLIP - ok
14:56:29.0406 3572 [ 2C1779C0FEB1F4A6033600305EBA623A ] Slntamr C:\WINDOWS\system32\DRIVERS\slntamr.sys
14:56:29.0625 3572 Slntamr - ok
14:56:29.0703 3572 [ F9B8E30E82EE95CF3E1D3E495599B99C ] SlNtHal C:\WINDOWS\system32\DRIVERS\Slnthal.sys
14:56:29.0859 3572 SlNtHal - ok
14:56:29.0906 3572 [ DB56BB2C55723815CF549D7FC50CFCEB ] SlWdmSup C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
14:56:30.0093 3572 SlWdmSup - ok
14:56:30.0109 3572 smserial - ok
14:56:30.0218 3572 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
14:56:30.0515 3572 SONYPVU1 - ok
14:56:30.0546 3572 Sparrow - ok
14:56:30.0593 3572 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:56:30.0750 3572 splitter - ok
14:56:30.0812 3572 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:56:30.0875 3572 Spooler - ok
14:56:30.0921 3572 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:56:31.0093 3572 sr - ok
14:56:31.0187 3572 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\System32\srsvc.dll
14:56:31.0359 3572 srservice - ok
14:56:31.0531 3572 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:56:31.0671 3572 Srv - ok
14:56:31.0750 3572 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:56:31.0921 3572 SSDPSRV - ok
14:56:31.0984 3572 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
14:56:32.0000 3572 ssmdrv - ok
14:56:32.0171 3572 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:56:32.0406 3572 stisvc - ok
14:56:32.0500 3572 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:56:32.0656 3572 streamip - ok
14:56:32.0718 3572 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:56:32.0890 3572 swenum - ok
14:56:32.0968 3572 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:56:33.0125 3572 swmidi - ok
14:56:33.0156 3572 SwPrv - ok
14:56:33.0187 3572 symc810 - ok
14:56:33.0218 3572 symc8xx - ok
14:56:33.0234 3572 sym_hi - ok
14:56:33.0265 3572 sym_u3 - ok
14:56:33.0343 3572 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:56:33.0562 3572 sysaudio - ok
14:56:33.0640 3572 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:56:33.0843 3572 SysmonLog - ok
14:56:34.0000 3572 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:56:34.0171 3572 TapiSrv - ok
14:56:34.0343 3572 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:56:34.0484 3572 Tcpip - ok
14:56:34.0546 3572 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:56:34.0703 3572 TDPIPE - ok
14:56:34.0765 3572 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:56:34.0953 3572 TDTCP - ok
14:56:35.0015 3572 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:56:35.0203 3572 TermDD - ok
14:56:35.0359 3572 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
14:56:35.0562 3572 TermService - ok
14:56:35.0656 3572 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
14:56:35.0671 3572 Themes - ok
14:56:35.0687 3572 TosIde - ok
14:56:35.0765 3572 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:56:35.0953 3572 TrkWks - ok
14:56:36.0046 3572 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:56:36.0218 3572 Udfs - ok
14:56:36.0250 3572 UIUSys - ok
14:56:36.0265 3572 ultra - ok
14:56:36.0468 3572 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:56:36.0734 3572 Update - ok
14:56:36.0859 3572 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
14:56:37.0015 3572 upnphost - ok
14:56:37.0078 3572 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
14:56:37.0265 3572 UPS - ok
14:56:37.0343 3572 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
14:56:37.0546 3572 usbaudio - ok
14:56:37.0625 3572 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:56:37.0796 3572 usbccgp - ok
14:56:37.0859 3572 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:56:38.0031 3572 usbehci - ok
14:56:38.0093 3572 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:56:38.0281 3572 usbhub - ok
14:56:38.0343 3572 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:56:38.0531 3572 usbprint - ok
14:56:38.0593 3572 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:56:38.0765 3572 usbscan - ok
14:56:38.0812 3572 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:56:39.0000 3572 USBSTOR - ok
14:56:39.0046 3572 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:56:39.0218 3572 usbuhci - ok
14:56:39.0265 3572 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:56:39.0421 3572 VgaSave - ok
14:56:39.0500 3572 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:56:39.0687 3572 viaagp - ok
14:56:39.0734 3572 [ 4B039BBD037B01F5DB5A144C837F283A ] viaagp1 C:\WINDOWS\system32\DRIVERS\viaagp1.sys
14:56:39.0781 3572 viaagp1 - ok
14:56:39.0843 3572 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
14:56:40.0031 3572 ViaIde - ok
14:56:40.0093 3572 [ 6B6A0F4B569452ED1E87525C12395F42 ] VIAudio C:\WINDOWS\system32\drivers\viaudio.sys
14:56:40.0171 3572 VIAudio - ok
14:56:40.0234 3572 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:56:40.0390 3572 VolSnap - ok
14:56:40.0578 3572 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
14:56:40.0859 3572 VSS - ok
14:56:40.0953 3572 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\System32\w32time.dll
14:56:41.0125 3572 W32Time - ok
14:56:41.0203 3572 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:56:41.0359 3572 Wanarp - ok
14:56:41.0390 3572 wanatw - ok
14:56:41.0406 3572 WDICA - ok
14:56:41.0484 3572 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:56:41.0656 3572 wdmaud - ok
14:56:41.0718 3572 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:56:41.0890 3572 WebClient - ok
14:56:42.0046 3572 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:56:42.0265 3572 winmgmt - ok
14:56:42.0359 3572 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
14:56:42.0437 3572 WmdmPmSN - ok
14:56:42.0625 3572 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
14:56:42.0828 3572 WmiApSrv - ok
14:56:43.0234 3572 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
14:56:43.0796 3572 WMPNetworkSvc - ok
14:56:43.0890 3572 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:56:44.0046 3572 wscsvc - ok
14:56:44.0109 3572 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:56:44.0296 3572 WSTCODEC - ok
14:56:44.0343 3572 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:56:44.0515 3572 wuauserv - ok
14:56:44.0578 3572 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:56:44.0640 3572 WudfPf - ok
14:56:44.0703 3572 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:56:44.0734 3572 WudfRd - ok
14:56:44.0796 3572 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
14:56:44.0843 3572 WudfSvc - ok
14:56:45.0109 3572 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:56:45.0359 3572 WZCSVC - ok
14:56:45.0453 3572 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:56:45.0656 3572 xmlprov - ok
14:56:45.0687 3572 ================ Scan global ===============================
14:56:45.0765 3572 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
14:56:45.0906 3572 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
14:56:46.0093 3572 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
14:56:46.0171 3572 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
14:56:46.0187 3572 [Global] - ok
14:56:46.0203 3572 ================ Scan MBR ==================================
14:56:46.0234 3572 [ D70E003772426DE74EB7664C570343CB ] \Device\Harddisk0\DR0
14:56:46.0687 3572 \Device\Harddisk0\DR0 - ok
14:56:46.0687 3572 ================ Scan VBR ==================================
14:56:46.0718 3572 [ A311F7FB62095BD5F55A92D2EE6EAF0F ] \Device\Harddisk0\DR0\Partition1
14:56:46.0718 3572 \Device\Harddisk0\DR0\Partition1 - ok
14:56:46.0734 3572 ============================================================
14:56:46.0734 3572 Scan finished
14:56:46.0734 3572 ============================================================
14:56:46.0875 0408 Detected object count: 4
14:56:46.0875 0408 Actual detected object count: 4
14:56:57.0421 0408 ASCTRM ( UnsignedFile.Multi.Generic ) - skipped by user
14:56:57.0421 0408 ASCTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:56:57.0421 0408 ctxS51 ( UnsignedFile.Multi.Generic ) - skipped by user
14:56:57.0421 0408 ctxS51 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:56:57.0437 0408 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:56:57.0437 0408 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:56:57.0437 0408 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
14:56:57.0437 0408 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg · 23.05.2013, 13:39

Hi,
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Jami87 · 23.05.2013, 13:49

Wie mache ich das denn mit den "Code-Tags"?

markusg · 23.05.2013, 13:52

kopiers einfach rein, das passt schon
ich poste dir auch die codes noch, da schreibst du es einfach dazwischen

Code:

ATTFilter

Jami87 · 23.05.2013, 14:00

Was meinst du mit "dazwischen" schreiben?

Combofix zeigt mir an, dass Anvira noch an ist - aber wie schalte ich das aus? Ich finde hier auf dem PC das Programm gar nicht bzw. keinen Ausschalt-Button :-(

23.05.2013, 12:20	#6
markusg /// Malware-holic	System Care Antivirus nein, während des scans von oben scanner auslassen bitte. Wenn es funde gibt, wenn du ihn später anstellst, bitte posten mit pfadangabe als Text __________________ --> System Care Antivirus

23.05.2013, 12:37	#8
markusg /// Malware-holic	System Care Antivirus otl ja, Elemente posten, ja. __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

System Care Antivirus

Plagegeister aller Art und deren Bekämpfung: System Care Antivirus