Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Mehrfacher Befall von Trojanern

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.08.2013, 18:13   #1
Pulcheria
 
Mehrfacher Befall von Trojanern - Standard

Mehrfacher Befall von Trojanern



Guten Abend,

mein Problem schildert sich wie folgt: Meine Eltern haben irgendwann Post von der Telekom erhalten, worin darauf aufmerksam gemacht wurde, dass von deren Rechner unerlaubt Spam-Massen-Mails versendet wurden und wohl unerlaubter Zugriff auf dessen Rechner ausgeübt wird.

Beim Versuch das Antiviren-Programm zu starten, fiel mir auf, dass dieses nicht mehr aktiv bzw. sich in keinster Weise mehr ausführen ließ.

Ich habe darauf hin den Rechner mit Windows 7 neu booten lassen und das alte System platt gemacht, um auf das neue System Avira installieren zu können. Die Partitionen habe ich beibehalten. Eigentlich wollte ich die externe Festplatte, auf der eine Sicherung vorab durchgeführt wurde, auf Viren überprüfen. Leider hat die Festplatte einen Schaden genommen. Die Daten (hauptsächlich Dokumente und Bilder) möchte ich gerne von der Festplatte "retten", um dann den Rechner gerne komplett (mit allen Partitionen) platt zu machen und neu aufzusetzen.

Avira hat 17 Trojaner und Backbones entdeckt wie TR/Crypt.XPACK.Gen, EXP/CVE-2012-1723, EXP/CVE-2011-3544, EXP/JAVA.Coniz.Gen, TR/Crypt.EPACK.Gen2, TR/Sirefef.AG.9, TR/ATRAPS.Gen2, TR/Sirefef.A77, BDS/Java.KBJ. Die Quellpfade sind unterschiedlich:
C:\Windows.old\Users\xxxx\AppData\LocalLow\...
C:\Windows.old\Users\xxxx\AppData\Local\...
C:\Windows.old\Users\xxxx\AppData\Roaming\...

Da ich nicht weiß, ob diese Trojaner sich auch an Office-Dokumente, Bilder, etc. heften suche ich Hilfe.

Mit vielen Grüßen
Pu
Angehängte Dateien
Dateityp: txt Ereignisse_2013-08-31.txt (12,8 KB, 131x aufgerufen)

Alt 31.08.2013, 19:57   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Mehrfacher Befall von Trojanern - Standard

Mehrfacher Befall von Trojanern



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 01.09.2013, 10:37   #3
Pulcheria
 
Mehrfacher Befall von Trojanern - Standard

Mehrfacher Befall von Trojanern



Hallo Schrauber,

vielen Dank für deine schnelle Antwort. Anbei die beiden txt-files:

FRST.txt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-09-2013
Ran by SYSTEM on MININT-1VFRF52 on 01-09-2013 10:29:02
Running from G:\
Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (All) ===========================

HKLM\...\Run: [] -  [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1573584 2012-08-22] (Ask)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345312 2013-04-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [26112 2009-07-14] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] explorer.exe [2613248 2009-07-14] (Microsoft Corporation)
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
BootExecute: autocheck autochk * 
AlternateShell: cmd.exe

==================== Services (All) ========================

S3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [62464 2009-07-14] (Microsoft Corporation)
S3 ALG; C:\Windows\System32\alg.exe [59392 2009-07-14] (Microsoft Corporation)
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-02-25] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-02-25] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [562744 2013-04-09] (Avira Operations GmbH & Co. KG)
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [27648 2009-07-14] (Microsoft Corporation)
S3 Appinfo; C:\Windows\System32\appinfo.dll [46592 2009-07-14] (Microsoft Corporation)
S2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [473088 2009-07-14] (Microsoft Corporation)
S2 Audiosrv; C:\Windows\System32\Audiosrv.dll [473088 2009-07-14] (Microsoft Corporation)
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [88064 2009-07-14] (Microsoft Corporation)
S3 BDESVC; C:\Windows\System32\bdesvc.dll [76800 2009-07-14] (Microsoft Corporation)
S2 BFE; C:\Windows\System32\bfe.dll [493568 2009-07-14] (Microsoft Corporation)
S3 BITS; C:\Windows\System32\qmgr.dll [589312 2009-07-14] (Microsoft Corporation)
S3 Browser; C:\Windows\System32\browser.dll [102400 2009-07-14] (Microsoft Corporation)
S3 bthserv; C:\Windows\system32\bthserv.dll [64512 2009-07-14] (Microsoft Corporation)
S3 CertPropSvc; C:\Windows\System32\certprop.dll [67584 2009-07-14] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [66384 2009-06-10] (Microsoft Corporation)
S3 COMSysApp; C:\Windows\system32\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
S2 CryptSvc; C:\Windows\system32\cryptsvc.dll [135680 2009-07-14] (Microsoft Corporation)
S2 DcomLaunch; C:\Windows\system32\rpcss.dll [376320 2009-07-14] (Microsoft Corporation)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-14] (Microsoft Corporation)
S2 Dhcp; C:\Windows\system32\dhcpcore.dll [253440 2009-07-14] (Microsoft Corporation)
S2 Dnscache; C:\Windows\System32\dnsrslvr.dll [132608 2009-07-14] (Microsoft Corporation)
S3 dot3svc; C:\Windows\System32\dot3svc.dll [214016 2009-07-14] (Microsoft Corporation)
S2 DPS; C:\Windows\system32\dps.dll [143360 2009-07-14] (Microsoft Corporation)
S3 EapHost; C:\Windows\System32\eapsvc.dll [98304 2009-07-14] (Microsoft Corporation)
S3 EFS; C:\Windows\System32\lsass.exe [22528 2009-07-14] (Microsoft Corporation)
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [557056 2009-07-14] (Microsoft Corporation)
S3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-14] (Microsoft Corporation)
S2 eventlog; C:\Windows\System32\wevtsvc.dll [1086464 2009-07-14] (Microsoft Corporation)
S2 EventSystem; C:\Windows\system32\es.dll [271360 2009-07-14] (Microsoft Corporation)
S3 Fax; C:\Windows\system32\fxssvc.exe [522752 2009-07-14] (Microsoft Corporation)
S3 fdPHost; C:\Windows\system32\fdPHost.dll [12800 2009-07-14] (Microsoft Corporation)
S3 FDResPub; C:\Windows\system32\fdrespub.dll [28160 2009-07-14] (Microsoft Corporation)
S3 FontCache; C:\Windows\system32\FntCache.dll [797696 2009-07-14] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [42856 2009-06-10] (Microsoft Corporation)
S2 gpsvc; C:\Windows\System32\gpsvc.dll [591360 2009-07-14] (Microsoft Corporation)
S3 hidserv; C:\Windows\system32\hidserv.dll [49152 2009-07-14] (Microsoft Corporation)
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [71168 2009-07-14] (Microsoft Corporation)
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [194560 2009-07-14] (Microsoft Corporation)
S3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [165376 2009-07-14] (Microsoft Corporation)
S3 idsvc; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [878416 2009-06-10] (Microsoft Corporation)
S3 IKEEXT; C:\Windows\System32\ikeext.dll [667136 2009-07-14] (Microsoft Corporation)
S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [78848 2009-07-14] (Microsoft Corporation)
S2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [497152 2009-07-14] (Microsoft Corporation)
S3 KeyIso; C:\Windows\system32\lsass.exe [22528 2009-07-14] (Microsoft Corporation)
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [308736 2009-07-14] (Microsoft Corporation)
S2 LanmanServer; C:\Windows\system32\srvsvc.dll [168448 2009-07-14] (Microsoft Corporation)
S2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [84480 2009-07-14] (Microsoft Corporation)
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [189952 2009-07-14] (Microsoft Corporation)
S2 lmhosts; C:\Windows\System32\lmhsvc.dll [18432 2009-07-14] (Microsoft Corporation)
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [67584 2009-07-14] (Microsoft Corporation)
S2 MMCSS; C:\Windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation)
S2 MpsSvc; C:\Windows\system32\mpssvc.dll [565760 2009-07-14] (Microsoft Corporation)
S3 MSDTC; C:\Windows\System32\msdtc.exe [134144 2009-07-14] (Microsoft Corporation)
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [114688 2009-07-14] (Microsoft Corporation)
S3 msiserver; C:\Windows\System32\msiexec.exe [73216 2009-07-14] (Microsoft Corporation)
S3 napagent; C:\Windows\system32\qagentRT.dll [330240 2009-07-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\system32\lsass.exe [22528 2009-07-14] (Microsoft Corporation)
S3 Netman; C:\Windows\System32\netman.dll [280576 2009-07-14] (Microsoft Corporation)
S3 netprofm; C:\Windows\System32\netprofm.dll [360448 2009-07-14] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [128848 2009-06-10] (Microsoft Corporation)
S2 NlaSvc; C:\Windows\System32\nlasvc.dll [242688 2009-07-14] (Microsoft Corporation)
S2 nsi; C:\Windows\system32\nsisvc.dll [19456 2009-07-14] (Microsoft Corporation)
S3 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)
S3 osppsvc; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4640000 2010-01-09] (Microsoft Corporation)
S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation)
S3 p2psvc; C:\Windows\system32\p2psvc.dll [327680 2009-07-14] (Microsoft Corporation)
S3 PcaSvc; C:\Windows\System32\pcasvc.dll [154624 2009-07-14] (Microsoft Corporation)
S3 pla; C:\Windows\system32\pla.dll [1508864 2009-07-14] (Microsoft Corporation)
S2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [294400 2009-07-14] (Microsoft Corporation)
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [20480 2009-07-14] (Microsoft Corporation)
S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation)
S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [350720 2009-07-14] (Microsoft Corporation)
S2 Power; C:\Windows\system32\umpo.dll [119808 2009-07-14] (Microsoft Corporation)
S2 ProfSvc; C:\Windows\system32\profsvc.dll [162816 2009-07-14] (Microsoft Corporation)
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [22528 2009-07-14] (Microsoft Corporation)
S3 QWAVE; C:\Windows\system32\qwave.dll [210944 2009-07-14] (Microsoft Corporation)
S3 RasAuto; C:\Windows\System32\rasauto.dll [90624 2009-07-14] (Microsoft Corporation)
S3 RasMan; C:\Windows\System32\rasmans.dll [285184 2009-07-14] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [75264 2009-07-14] (Microsoft Corporation)
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [112640 2009-07-14] (Microsoft Corporation)
S2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [43520 2009-07-14] (Microsoft Corporation)
S3 RpcLocator; C:\Windows\system32\locator.exe [9216 2009-07-14] (Microsoft Corporation)
S2 RpcSs; C:\Windows\system32\rpcss.dll [376320 2009-07-14] (Microsoft Corporation)
S2 SamSs; C:\Windows\system32\lsass.exe [22528 2009-07-14] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [132608 2009-07-14] (Microsoft Corporation)
S2 Schedule; C:\Windows\system32\schedsvc.dll [743424 2009-07-14] (Microsoft Corporation)
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [67584 2009-07-14] (Microsoft Corporation)
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [125952 2009-07-14] (Microsoft Corporation)
S3 seclogon; C:\Windows\system32\seclogon.dll [21504 2009-07-14] (Microsoft Corporation)
S2 SENS; C:\Windows\System32\sens.dll [49664 2009-07-14] (Microsoft Corporation)
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [25088 2009-07-14] (Microsoft Corporation)
S3 SessionEnv; C:\Windows\system32\sessenv.dll [99328 2009-07-14] (Microsoft Corporation)
S4 SharedAccess; C:\Windows\System32\ipnathlp.dll [300544 2009-07-14] (Microsoft Corporation)
S2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [328192 2009-07-14] (Microsoft Corporation)
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2009-07-14] (Microsoft Corporation)
S2 Spooler; C:\Windows\System32\spoolsv.exe [316416 2009-07-14] (Microsoft Corporation)
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3179520 2009-07-14] (Microsoft Corporation)
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [53760 2009-07-14] (Microsoft Corporation)
S3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [162816 2009-07-14] (Microsoft Corporation)
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [90112 2009-07-14] (Microsoft Corporation)
S3 StiSvc; C:\Windows\System32\wiaservc.dll [462336 2009-07-14] (Microsoft Corporation)
S3 swprv; C:\Windows\System32\swprv.dll [313856 2009-07-14] (Microsoft Corporation)
S2 SysMain; C:\Windows\system32\sysmain.dll [1169408 2009-07-14] (Microsoft Corporation)
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [73728 2009-07-14] (Microsoft Corporation)
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [241664 2009-07-14] (Microsoft Corporation)
S3 TBS; C:\Windows\System32\tbssvc.dll [55808 2009-07-14] (Microsoft Corporation)
S3 TermService; C:\Windows\System32\termsrv.dll [543232 2009-07-14] (Microsoft Corporation)
S2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-07-14] (Microsoft Corporation)
S3 THREADORDER; C:\Windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation)
S2 TrkWks; C:\Windows\System32\trkwks.dll [77312 2009-07-14] (Microsoft Corporation)
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [204800 2009-07-14] (Microsoft Corporation)
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [35840 2009-07-14] (Microsoft Corporation)
S3 upnphost; C:\Windows\System32\upnphost.dll [266752 2009-07-14] (Microsoft Corporation)
S2 UxSms; C:\Windows\System32\uxsms.dll [29696 2009-07-14] (Microsoft Corporation)
S3 VaultSvc; C:\Windows\system32\lsass.exe [22528 2009-07-14] (Microsoft Corporation)
S3 vds; C:\Windows\System32\vds.exe [452608 2009-07-14] (Microsoft Corporation)
S3 VSS; C:\Windows\system32\vssvc.exe [1025536 2009-07-14] (Microsoft Corporation)
S3 W32Time; C:\Windows\system32\w32time.dll [288768 2009-07-14] (Microsoft Corporation)
S3 wbengine; C:\Windows\system32\wbengine.exe [1202688 2009-07-14] (Microsoft Corporation)
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [151552 2009-07-14] (Microsoft Corporation)
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [276480 2009-07-14] (Microsoft Corporation)
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [32768 2009-07-14] (Microsoft Corporation)
S3 WdiServiceHost; C:\Windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation)
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation)
S3 WebClient; C:\Windows\System32\webclnt.dll [202240 2009-07-14] (Microsoft Corporation)
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [147968 2009-07-14] (Microsoft Corporation)
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [61440 2009-07-14] (Microsoft Corporation)
S3 WerSvc; C:\Windows\System32\WerSvc.dll [65024 2009-07-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S3 WinHttpAutoProxySvc; C:\Windows\System32\winhttp.dll [348672 2009-07-14] (Microsoft Corporation)
S2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [168960 2009-07-14] (Microsoft Corporation)
S3 WinRM; C:\Windows\system32\WsmSvc.dll [1175040 2009-07-14] (Microsoft Corporation)
S2 Wlansvc; C:\Windows\System32\wlansvc.dll [829440 2009-07-14] (Microsoft Corporation)
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [136192 2009-07-14] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1121280 2009-07-14] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-14] (Microsoft Corporation)
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [84480 2009-07-14] (Microsoft Corporation)
S2 wscsvc; C:\Windows\System32\wscsvc.dll [73728 2009-07-14] (Microsoft Corporation)
S2 WSearch; C:\Windows\system32\SearchIndexer.exe [428032 2009-07-14] (Microsoft Corporation)
S2 wuauserv; C:\Windows\system32\wuaueng.dll [1912832 2009-07-14] (Microsoft Corporation)
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [64512 2009-07-14] (Microsoft Corporation)
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [185856 2009-07-14] (Microsoft Corporation)

==================== Drivers (All) ==========================

S3 1394ohci; C:\Windows\System32\DRIVERS\1394ohci.sys [163328 2009-07-14] (Microsoft Corporation)
S0 ACPI; C:\Windows\System32\DRIVERS\ACPI.sys [274496 2009-07-14] (Microsoft Corporation)
S3 AcpiPmi; C:\Windows\system32\DRIVERS\acpipmi.sys [9728 2009-07-14] (Microsoft Corporation)
S3 adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [422976 2009-07-14] (Adaptec, Inc.)
S3 adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [297552 2009-07-14] (Adaptec, Inc.)
S3 adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [146512 2009-07-14] (Adaptec, Inc.)
S1 AFD; C:\Windows\system32\drivers\afd.sys [338944 2009-07-14] (Microsoft Corporation)
S3 agp440; C:\Windows\system32\DRIVERS\agp440.sys [53312 2009-07-14] (Microsoft Corporation)
S3 aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [70720 2009-07-14] (Adaptec, Inc.)
S3 aliide; C:\Windows\system32\DRIVERS\aliide.sys [14400 2009-07-14] (Acer Laboratories Inc.)
S3 amdagp; C:\Windows\system32\DRIVERS\amdagp.sys [53312 2009-07-14] (Microsoft Corporation)
S3 amdide; C:\Windows\system32\DRIVERS\amdide.sys [14912 2009-07-14] (Microsoft Corporation)
S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [55296 2009-07-14] (Microsoft Corporation)
S3 AmdPPM; C:\Windows\system32\DRIVERS\amdppm.sys [52736 2009-07-14] (Microsoft Corporation)
S3 amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [79952 2009-07-14] (Advanced Micro Devices)
S3 amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [159312 2009-07-14] (AMD Technologies Inc.)
S0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [23616 2009-07-14] (Advanced Micro Devices)
S3 AppID; C:\Windows\system32\drivers\appid.sys [50176 2009-07-14] (Microsoft Corporation)
S3 arc; C:\Windows\system32\DRIVERS\arc.sys [76368 2009-07-14] (Adaptec, Inc.)
S3 arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [86608 2009-07-14] (Adaptec, Inc.)
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17920 2009-07-14] (Microsoft Corporation)
S0 atapi; C:\Windows\System32\DRIVERS\atapi.sys [21584 2009-07-14] (Microsoft Corporation)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-02-27] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-02-27] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG)
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbdx.sys [430080 2009-07-13] (Broadcom Corporation)
S3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-13] (Broadcom Corporation)
S1 Beep; C:\Windows\System32\Drivers\Beep.sys [6144 2009-07-14] (Microsoft Corporation)
S1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [35328 2009-07-14] (Microsoft Corporation)
S3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2009-07-14] (Microsoft Corporation)
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [13568 2009-07-13] (Brother Industries, Ltd.)
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [5248 2009-07-13] (Brother Industries, Ltd.)
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [272128 2009-07-14] (Brother Industries Ltd.)
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-13] (Brother Industries Ltd.)
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-13] (Brother Industries Ltd.)
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-13] (Brother Industries Ltd.)
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [56320 2009-07-14] (Microsoft Corporation)
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70656 2009-07-14] (Microsoft Corporation)
S1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [108544 2009-07-14] (Microsoft Corporation)
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [37888 2009-07-14] (Microsoft Corporation)
S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [14080 2009-07-14] (Microsoft Corporation)
S3 cmdide; C:\Windows\system32\DRIVERS\cmdide.sys [15952 2009-07-14] (CMD Technology, Inc.)
S0 CNG; C:\Windows\System32\Drivers\cng.sys [369568 2009-07-14] (Microsoft Corporation)
S0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [19024 2009-07-14] (Microsoft Corporation)
S3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [31232 2009-07-14] (Microsoft Corporation)
S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [22096 2009-07-14] (Microsoft Corporation)
S1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [78336 2009-07-14] (Microsoft Corporation)
S1 discache; C:\Windows\System32\drivers\discache.sys [32256 2009-07-14] (Microsoft Corporation)
S0 Disk; C:\Windows\System32\DRIVERS\disk.sys [57424 2009-07-14] (Microsoft Corporation)
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5120 2009-07-14] (Microsoft Corporation)
S3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [720896 2009-07-14] (Microsoft Corporation)
S3 e1express; C:\Windows\System32\DRIVERS\e1e6032.sys [211456 2009-07-13] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-13] (Broadcom Corporation)
S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [453712 2009-07-14] (Emulex)
S3 ErrDev; C:\Windows\system32\DRIVERS\errdev.sys [7168 2009-07-14] (Microsoft Corporation)
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [142336 2009-07-14] (Microsoft Corporation)
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [148480 2009-07-14] (Microsoft Corporation)
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [25088 2009-07-14] (Microsoft Corporation)
S0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [58448 2009-07-14] (Microsoft Corporation)
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [28160 2009-07-14] (Microsoft Corporation)
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [19968 2009-07-14] (Microsoft Corporation)
S0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [198208 2009-07-14] (Microsoft Corporation)
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [46160 2009-07-14] (Microsoft Corporation)
S0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [19536 2009-07-14] (Microsoft Corporation)
S0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [194488 2009-07-14] (Microsoft Corporation)
S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [57936 2009-07-14] (Microsoft Corporation)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-13] (Hauppauge Computer Works, Inc.)
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [304128 2009-07-14] (Microsoft Corporation)
S3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [108544 2009-07-14] (Microsoft Corporation)
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [21504 2009-07-14] (Microsoft Corporation)
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [91136 2009-07-14] (Microsoft Corporation)
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [37888 2009-07-14] (Microsoft Corporation)
S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [24064 2009-07-14] (Microsoft Corporation)
S3 HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [67152 2009-07-14] (Hewlett-Packard Company)
S3 HTTP; C:\Windows\System32\drivers\HTTP.sys [513024 2009-07-14] (Microsoft Corporation)
S0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [13904 2009-07-14] (Microsoft Corporation)
S3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [80896 2009-07-14] (Microsoft Corporation)
S3 iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys [332352 2009-07-14] (Intel Corporation)
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [41040 2009-07-14] (Intel Corp./ICP vortex GmbH)
S0 intelide; C:\Windows\System32\DRIVERS\intelide.sys [15424 2009-07-14] (Microsoft Corporation)
S3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [53760 2009-07-14] (Microsoft Corporation)
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-14] (Microsoft Corporation)
S3 IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [65536 2009-07-14] (Microsoft Corporation)
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [101888 2009-07-14] (Microsoft Corporation)
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-14] (Microsoft Corporation)
S3 isapnp; C:\Windows\system32\DRIVERS\isapnp.sys [46656 2009-07-14] (Microsoft Corporation)
S3 iScsiPrt; C:\Windows\system32\DRIVERS\msiscsi.sys [186960 2009-07-14] (Microsoft Corporation)
S3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [42576 2009-07-14] (Microsoft Corporation)
S3 kbdhid; C:\Windows\system32\DRIVERS\kbdhid.sys [28160 2009-07-14] (Microsoft Corporation)
S0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [67664 2009-07-14] (Microsoft Corporation)
S0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [133200 2009-07-14] (Microsoft Corporation)
S2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [48128 2009-07-14] (Microsoft Corporation)
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [95824 2009-07-14] (LSI Corporation)
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [89168 2009-07-14] (LSI Corporation)
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [54864 2009-07-14] (LSI Corporation)
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [96848 2009-07-14] (LSI Corporation)
S2 luafv; C:\Windows\system32\drivers\luafv.sys [86528 2009-07-14] (Microsoft Corporation)
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [30800 2009-07-14] (LSI Corporation)
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [235584 2009-07-14] (LSI Corporation, Inc.)
S3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2009-07-14] (Microsoft Corporation)
S3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [23552 2009-07-14] (Microsoft Corporation)
S3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [41552 2009-07-14] (Microsoft Corporation)
S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [26112 2009-07-14] (Microsoft Corporation)
S0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78416 2009-07-14] (Microsoft Corporation)
S3 mpio; C:\Windows\system32\DRIVERS\mpio.sys [130624 2009-07-14] (Microsoft Corporation)
S3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [60416 2009-07-14] (Microsoft Corporation)
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [115712 2009-07-14] (Microsoft Corporation)
S3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [123392 2009-07-14] (Microsoft Corporation)
S3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [221184 2009-07-14] (Microsoft Corporation)
S3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [95744 2009-07-14] (Microsoft Corporation)
S0 msahci; C:\Windows\System32\DRIVERS\msahci.sys [27712 2009-07-14] (Microsoft Corporation)
S3 msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [115792 2009-07-14] (Microsoft Corporation)
S1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [22528 2009-07-14] (Microsoft Corporation)
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [4096 2009-07-14] (Microsoft Corporation)
S0 msisadrv; C:\Windows\System32\DRIVERS\msisadrv.sys [13888 2009-07-14] (Microsoft Corporation)
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8320 2009-07-14] (Microsoft Corporation)
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-14] (Microsoft Corporation)
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-14] (Microsoft Corporation)
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [162896 2009-07-14] (Microsoft Corporation)
S1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [28240 2009-07-14] (Microsoft Corporation)
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-14] (Microsoft Corporation)
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [12288 2009-07-14] (Microsoft Corporation)
S0 Mup; C:\Windows\System32\Drivers\mup.sys [49728 2009-07-14] (Microsoft Corporation)
S3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-14] (Microsoft Corporation)
S0 NDIS; C:\Windows\System32\drivers\ndis.sys [710720 2009-07-14] (Microsoft Corporation)
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-14] (Microsoft Corporation)
S3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-14] (Microsoft Corporation)
S3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [45568 2009-07-14] (Microsoft Corporation)
S3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2009-07-14] (Microsoft Corporation)
S3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [48128 2009-07-14] (Microsoft Corporation)
S1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-14] (Microsoft Corporation)
S1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2009-07-14] (Microsoft Corporation)
S3 netw5v32; C:\Windows\System32\DRIVERS\netw5v32.sys [4231168 2009-07-13] (Intel Corporation)
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [44624 2009-07-14] (IBM Corporation)
S1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [35328 2009-07-14] (Microsoft Corporation)
S1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-14] (Microsoft Corporation)
S3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1210432 2009-07-14] (Microsoft Corporation)
S1 Null; C:\Windows\System32\Drivers\Null.sys [4608 2009-07-14] (Microsoft Corporation)
S3 nvraid; C:\Windows\system32\DRIVERS\nvraid.sys [117312 2009-07-14] (NVIDIA Corporation)
S3 nvstor; C:\Windows\system32\DRIVERS\nvstor.sys [142416 2009-07-14] (NVIDIA Corporation)
S3 nv_agp; C:\Windows\system32\DRIVERS\nv_agp.sys [105024 2009-07-14] (Microsoft Corporation)
S3 ohci1394; C:\Windows\system32\DRIVERS\ohci1394.sys [62464 2009-07-14] (Microsoft Corporation)
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [79360 2009-07-14] (Microsoft Corporation)
S0 partmgr; C:\Windows\System32\drivers\partmgr.sys [56912 2009-07-14] (Microsoft Corporation)
S2 Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [8704 2009-07-14] (Microsoft Corporation)
S0 pci; C:\Windows\System32\DRIVERS\pci.sys [153680 2009-07-14] (Microsoft Corporation)
S3 pciide; C:\Windows\system32\DRIVERS\pciide.sys [12368 2009-07-14] (Microsoft Corporation)
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [180288 2009-07-14] (Microsoft Corporation)
S0 pcw; C:\Windows\System32\drivers\pcw.sys [43088 2009-07-14] (Microsoft Corporation)
S2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-14] (Microsoft Corporation)
S3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-14] (Microsoft Corporation)
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [52224 2009-07-14] (Microsoft Corporation)
S1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-14] (Microsoft Corporation)
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1383488 2009-07-14] (QLogic Corporation)
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [106064 2009-07-14] (QLogic Corporation)
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-14] (Microsoft Corporation)
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-14] (Microsoft Corporation)
S3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-14] (Microsoft Corporation)
S3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-14] (Microsoft Corporation)
S3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-14] (Microsoft Corporation)
S3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-14] (Microsoft Corporation)
S1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [241664 2009-07-14] (Microsoft Corporation)
S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [18944 2009-07-14] (Microsoft Corporation)
S1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2009-07-14] (Microsoft Corporation)
S1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-14] (Microsoft Corporation)
S1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-14] (Microsoft Corporation)
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [177152 2009-07-14] (Microsoft Corporation)
S0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [173648 2009-07-14] (Microsoft Corporation)
S2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-14] (Microsoft Corporation)
S3 sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [85568 2009-07-14] (Microsoft Corporation)
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2009-07-14] (Microsoft Corporation)
S3 sdbus; C:\Windows\System32\DRIVERS\sdbus.sys [84992 2009-07-14] (Microsoft Corporation)
S2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [20480 2009-07-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [17920 2009-07-14] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [83456 2009-07-14] (Microsoft Corporation)
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [19968 2009-07-14] (Microsoft Corporation)
S3 sffdisk; C:\Windows\system32\DRIVERS\sffdisk.sys [11264 2009-07-14] (Microsoft Corporation)
S3 sffp_mmc; C:\Windows\system32\DRIVERS\sffp_mmc.sys [12288 2009-07-14] (Microsoft Corporation)
S3 sffp_sd; C:\Windows\system32\DRIVERS\sffp_sd.sys [12800 2009-07-14] (Microsoft Corporation)
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [13824 2009-07-14] (Microsoft Corporation)
S3 sisagp; C:\Windows\system32\DRIVERS\sisagp.sys [52304 2009-07-14] (Microsoft Corporation)
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [40016 2009-07-14] (Silicon Integrated Systems Corp.)
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [77888 2009-07-14] (Silicon Integrated Systems)
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-14] (Microsoft Corporation)
S0 spldr; C:\Windows\System32\Drivers\spldr.sys [17472 2009-07-14] (Microsoft Corporation)
S3 srv; C:\Windows\System32\DRIVERS\srv.sys [309760 2009-07-14] (Microsoft Corporation)
S3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [306688 2009-07-14] (Microsoft Corporation)
S3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL3.SYS [207360 2009-07-13] (Conexant Systems, Inc.)
S3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [980992 2009-07-13] (Conexant Systems, Inc.)
S3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT3.SYS [661504 2009-07-13] (Conexant Systems, Inc.)
S3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [113664 2009-07-14] (Microsoft Corporation)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [21072 2009-07-14] (Promise Technology)
S3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12240 2009-07-14] (Microsoft Corporation)
S0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1285712 2009-07-14] (Microsoft Corporation)
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1285712 2009-07-14] (Microsoft Corporation)
S2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [34816 2009-07-14] (Microsoft Corporation)
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [17920 2009-07-14] (Microsoft Corporation)
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24064 2009-07-14] (Microsoft Corporation)
S1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74240 2009-07-14] (Microsoft Corporation)
S1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [51776 2009-07-14] (Microsoft Corporation)
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [30208 2009-07-14] (Microsoft Corporation)
S3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2009-07-14] (Microsoft Corporation)
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [55888 2009-07-14] (Microsoft Corporation)
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2009-07-14] (Microsoft Corporation)
S3 uliagpkx; C:\Windows\system32\DRIVERS\uliagpkx.sys [57424 2009-07-14] (Microsoft Corporation)
S3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [39936 2009-07-14] (Microsoft Corporation)
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [8192 2009-07-14] (Microsoft Corporation)
S3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [75264 2009-07-14] (Microsoft Corporation)
S3 usbcir; C:\Windows\system32\DRIVERS\usbcir.sys [86016 2009-07-14] (Microsoft Corporation)
S3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [41472 2009-07-14] (Microsoft Corporation)
S3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2009-07-14] (Microsoft Corporation)
S3 usbohci; C:\Windows\system32\DRIVERS\usbohci.sys [20480 2009-07-14] (Microsoft Corporation)
S3 usbprint; C:\Windows\system32\DRIVERS\usbprint.sys [19968 2009-07-14] (Microsoft Corporation)
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [74752 2009-07-14] (Microsoft Corporation)
S3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [24064 2009-07-14] (Microsoft Corporation)
S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [146176 2009-07-14] (Microsoft Corporation)
S0 vdrvroot; C:\Windows\System32\DRIVERS\vdrvroot.sys [32832 2009-07-14] (Microsoft Corporation)
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-14] (Microsoft Corporation)
S1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-14] (Microsoft Corporation)
S3 vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [159824 2009-07-14] (Microsoft Corporation)
S3 viaagp; C:\Windows\system32\DRIVERS\viaagp.sys [53328 2009-07-14] (Microsoft Corporation)
S3 ViaC7; C:\Windows\system32\DRIVERS\viac7.sys [52736 2009-07-14] (Microsoft Corporation)
S3 viaide; C:\Windows\system32\DRIVERS\viaide.sys [16976 2009-07-14] (VIA Technologies, Inc.)
S0 volmgr; C:\Windows\System32\DRIVERS\volmgr.sys [53312 2009-07-14] (Microsoft Corporation)
S0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] (Microsoft Corporation)
S0 volsnap; C:\Windows\System32\DRIVERS\volsnap.sys [245328 2009-07-14] (Microsoft Corporation)
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [141904 2009-07-14] (VIA Technologies Inc.,Ltd)
S3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [19968 2009-07-14] (Microsoft Corporation)
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [21632 2009-07-14] (Microsoft Corporation)
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2009-07-14] (Microsoft Corporation)
S1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2009-07-14] (Microsoft Corporation)
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [19024 2009-07-14] (Microsoft Corporation)
S0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [445008 2009-07-14] (Microsoft Corporation)
S1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-14] (Microsoft Corporation)
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [19008 2009-07-14] (Microsoft Corporation)
S3 Winsock; No ImagePath
S3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [11264 2009-07-14] (Microsoft Corporation)
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-14] (Microsoft Corporation)
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [92672 2009-07-14] (Microsoft Corporation)
S5 BattC; C:\Windows\System32\Drivers\BattC.sys [25168 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-01 08:59 - 2013-09-01 08:59 - 00099426 _____ C:\Windows\PFRO.log
2013-08-31 16:01 - 2013-08-31 16:01 - 00000000 ____D C:\Windows\PCHEALTH
2013-08-31 16:01 - 2013-08-31 16:01 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-08-31 16:01 - 2013-08-31 16:01 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-08-31 15:58 - 2013-08-31 15:58 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2013-08-31 15:57 - 2013-08-31 15:57 - 00000000 ____D C:\Users\Arnold\AppData\Local\Microsoft Help
2013-08-31 15:56 - 2013-08-31 16:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-31 15:56 - 2013-08-31 16:01 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-31 12:21 - 2013-08-31 11:42 - 00000000 ____D C:\Windows\Panther
2013-08-31 12:07 - 2013-08-31 12:07 - 00000000 ____D C:\Windows.old.001
2013-08-31 11:52 - 2013-08-31 11:52 - 00000000 ____D C:\Users\Arnold\AppData\Roaming\Avira
2013-08-31 11:50 - 2013-08-31 11:50 - 00002018 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-31 11:49 - 2013-08-31 11:50 - 00000000 ____D C:\ProgramData\Avira
2013-08-31 11:49 - 2013-08-31 11:49 - 00000000 ____D C:\Program Files\Avira
2013-08-31 11:49 - 2013-08-31 11:49 - 00000000 ____D C:\Program Files\Ask.com
2013-08-31 11:49 - 2013-03-06 15:13 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-08-31 11:49 - 2013-02-27 12:22 - 00135136 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-08-31 11:49 - 2013-02-27 12:22 - 00084744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-08-31 11:49 - 2012-08-27 14:50 - 00028520 _____ (Avira GmbH) C:\Windows\System32\Drivers\ssmdrv.sys
2013-08-31 11:45 - 2013-09-01 09:07 - 01472002 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-31 11:42 - 2013-08-31 11:43 - 00000000 ____D C:\users\Arnold
2013-08-31 11:42 - 2013-08-31 11:42 - 00000020 ___SH C:\Users\Arnold\ntuser.ini
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Arnold\Startmenü
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Arnold\Netzwerkumgebung
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Arnold\Druckumgebung
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Arnold\Documents\Eigene Musik
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Arnold\Documents\Eigene Bilder
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Arnold\AppData\Local\Verlauf
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 ____D C:\Users\Arnold\AppData\Local\VirtualStore
2013-08-31 11:27 - 2013-09-01 09:11 - 00025207 _____ C:\Windows\WindowsUpdate.log
2013-08-31 11:24 - 2013-08-31 11:28 - 00001313 _____ C:\Windows\TSSysprep.log

==================== One Month Modified Files and Folders =======

2013-09-01 10:23 - 2013-09-01 10:23 - 00000000 ____D C:\FRST
2013-09-01 09:11 - 2013-08-31 11:27 - 00025207 _____ C:\Windows\WindowsUpdate.log
2013-09-01 09:11 - 2009-07-14 05:34 - 00012208 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-01 09:11 - 2009-07-14 05:34 - 00012208 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-01 09:07 - 2013-08-31 11:45 - 01472002 _____ C:\Windows\System32\PerfStringBackup.INI
2013-09-01 09:02 - 2009-07-14 05:33 - 00341480 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-01 09:00 - 2009-07-14 05:39 - 00016716 _____ C:\Windows\setupact.log
2013-09-01 08:59 - 2013-09-01 08:59 - 00099426 _____ C:\Windows\PFRO.log
2013-08-31 16:12 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-31 16:11 - 2013-08-31 15:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-31 16:06 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\System
2013-08-31 16:06 - 2009-07-14 03:04 - 00000478 _____ C:\Windows\win.ini
2013-08-31 16:02 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-08-31 16:01 - 2013-08-31 16:01 - 00000000 ____D C:\Windows\PCHEALTH
2013-08-31 16:01 - 2013-08-31 16:01 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-08-31 16:01 - 2013-08-31 16:01 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-08-31 16:01 - 2013-08-31 15:56 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-31 15:58 - 2013-08-31 15:58 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2013-08-31 15:58 - 2009-07-14 09:57 - 00000000 ____D C:\Windows\ShellNew
2013-08-31 15:57 - 2013-08-31 15:57 - 00000000 ____D C:\Users\Arnold\AppData\Local\Microsoft Help
2013-08-31 15:55 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\System32\restore
2013-08-31 12:21 - 2009-10-24 08:43 - 00008192 __RSH C:\BOOTSECT.BAK
2013-08-31 12:21 - 2009-07-14 05:57 - 00025600 ___SH C:\Windows\System32\config\BCD-Template.LOG
2013-08-31 12:21 - 2009-07-14 05:52 - 00028672 _____ C:\Windows\System32\config\BCD-Template
2013-08-31 12:07 - 2013-08-31 12:07 - 00000000 ____D C:\Windows.old.001
2013-08-31 11:52 - 2013-08-31 11:52 - 00000000 ____D C:\Users\Arnold\AppData\Roaming\Avira
2013-08-31 11:50 - 2013-08-31 11:50 - 00002018 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-31 11:50 - 2013-08-31 11:49 - 00000000 ____D C:\ProgramData\Avira
2013-08-31 11:49 - 2013-08-31 11:49 - 00000000 ____D C:\Program Files\Avira
2013-08-31 11:49 - 2013-08-31 11:49 - 00000000 ____D C:\Program Files\Ask.com
2013-08-31 11:43 - 2013-08-31 11:42 - 00000000 ____D C:\users\Arnold
2013-08-31 11:42 - 2013-08-31 12:21 - 00000000 ____D C:\Windows\Panther
2013-08-31 11:42 - 2013-08-31 11:42 - 00000020 ___SH C:\Users\Arnold\ntuser.ini
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Arnold\Startmenü
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Arnold\Netzwerkumgebung
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Arnold\Druckumgebung
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Arnold\Documents\Eigene Musik
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Arnold\Documents\Eigene Bilder
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Arnold\AppData\Local\Verlauf
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 ____D C:\Users\Arnold\AppData\Local\VirtualStore
2013-08-31 11:42 - 2009-10-24 10:39 - 00000000 __SHD C:\Recovery
2013-08-31 11:42 - 2009-07-14 03:37 - 00000000 __RHD C:\users\Default
2013-08-31 11:42 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\Recovery
2013-08-31 11:42 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Windows NT
2013-08-31 11:41 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-08-31 11:28 - 2013-08-31 11:24 - 00001313 _____ C:\Windows\TSSysprep.log
2013-08-31 11:24 - 2009-07-14 05:34 - 00001774 _____ C:\Windows\DtcInstall.log

==================== Known DLLs (ALL) =========================

[2009-07-14 00:44] - [2009-07-14 02:15] - 0522240 ____A (Microsoft Corporation) C:\Windows\System32\clbcatq.dll
[2009-07-14 00:45] - [2009-07-14 02:16] - 1412608 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
[2009-07-14 01:20] - [2009-07-14 02:14] - 0640000 ____A (Microsoft Corporation) C:\Windows\System32\advapi32.dll
[2009-07-14 00:39] - [2009-07-14 02:15] - 0486912 ____A (Microsoft Corporation) C:\Windows\System32\COMDLG32.dll
[2009-07-14 00:26] - [2009-07-14 02:15] - 0304640 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
[2009-07-14 00:44] - [2009-07-14 02:15] - 2058240 ____A (Microsoft Corporation) C:\Windows\System32\IERTUTIL.dll
[2009-07-14 00:57] - [2009-07-14 02:15] - 0154624 ____A (Microsoft Corporation) C:\Windows\System32\IMAGEHLP.dll
[2009-07-14 00:25] - [2009-07-14 02:15] - 0118272 ____A (Microsoft Corporation) C:\Windows\System32\IMM32.dll
[2009-07-14 00:16] - [2009-07-14 02:15] - 0857088 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
[2009-07-14 00:25] - [2009-07-14 02:15] - 0026624 ____A (Microsoft Corporation) C:\Windows\System32\LPK.dll
[2009-07-14 00:28] - [2009-07-14 02:15] - 0828928 ____A (Microsoft Corporation) C:\Windows\System32\MSCTF.dll
[2009-07-14 00:12] - [2009-07-14 02:15] - 0690688 ____A (Microsoft Corporation) C:\Windows\System32\MSVCRT.dll
[2009-07-14 00:15] - [2009-07-14 02:09] - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\NORMALIZ.dll
[2009-07-14 00:12] - [2009-07-14 02:16] - 0008704 ____A (Microsoft Corporation) C:\Windows\System32\NSI.dll
[2009-07-14 00:44] - [2009-07-14 02:16] - 0571904 ____A (Microsoft Corporation) C:\Windows\System32\OLEAUT32.dll
[2009-07-14 00:15] - [2009-07-14 02:16] - 0006144 ____A (Microsoft Corporation) C:\Windows\System32\PSAPI.dll
[2009-07-14 00:13] - [2009-07-14 02:16] - 0652288 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
[2009-07-14 00:11] - [2009-07-14 02:16] - 0092160 ____A (Microsoft Corporation) C:\Windows\System32\sechost.dll
[2009-07-14 00:16] - [2009-07-14 02:16] - 1668608 ____A (Microsoft Corporation) C:\Windows\System32\Setupapi.dll
[2009-07-14 00:47] - [2009-07-14 02:16] - 12866560 ____A (Microsoft Corporation) C:\Windows\System32\SHELL32.dll
[2009-07-14 00:39] - [2009-07-14 02:16] - 0350208 ____A (Microsoft Corporation) C:\Windows\System32\SHLWAPI.dll
[2009-07-14 00:47] - [2009-07-14 02:16] - 1224704 ____A (Microsoft Corporation) C:\Windows\System32\URLMON.dll
[2009-07-14 00:24] - [2009-07-14 02:16] - 0811520 ____A (Microsoft Corporation) C:\Windows\System32\user32.dll
[2009-07-14 00:25] - [2009-07-14 02:16] - 0627200 ____A (Microsoft Corporation) C:\Windows\System32\USP10.dll
[2009-07-14 00:47] - [2009-07-14 02:16] - 0977920 ____A (Microsoft Corporation) C:\Windows\System32\WININET.dll
[2009-07-14 00:38] - [2009-07-14 02:16] - 0268800 ____A (Microsoft Corporation) C:\Windows\System32\WLDAP32.dll
[2009-07-14 00:12] - [2009-07-14 02:16] - 0206336 ____A (Microsoft Corporation) C:\Windows\System32\WS2_32.dll
[2009-07-14 00:16] - [2009-07-14 02:15] - 0315904 ____A (Microsoft Corporation) C:\Windows\System32\DifxApi.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-03-20 15:23:39
Restore point made on: 2013-03-20 16:13:55
Restore point made on: 2013-03-23 08:03:59
Restore point made on: 2013-04-05 19:25:55
Restore point made on: 2013-04-09 19:07:56
Restore point made on: 2013-04-09 19:09:40
Restore point made on: 2013-04-13 21:06:49
Restore point made on: 2013-05-10 19:00:11
Restore point made on: 2013-05-10 20:19:14
Restore point made on: 2013-05-11 17:18:39
Restore point made on: 2013-08-31 11:54:47
Restore point made on: 2013-08-31 13:32:37
Restore point made on: 2013-08-31 13:41:26
Restore point made on: 2013-08-31 15:55:49

==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 3070.05 MB
Available physical RAM: 2660.79 MB
Total Pagefile: 3068.33 MB
Available Pagefile: 2666.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1958.3 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:143.84 GB) (Free:9.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (HP_RECOVERY) (Fixed) (Total:5.21 GB) (Free:1.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:14.81 GB) (Free:14.81 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 041F6810)
Partition 1: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 8C88EF51)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)


LastRegBack: 2013-08-31 16:38

==================== End Of Log ============================
         
--- --- ---


Addition.txt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-09-2013
Ran by SYSTEM on MININT-1VFRF52 on 01-09-2013 10:29:02
Running from G:\
Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (All) ===========================

HKLM\...\Run: [] -  [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1573584 2012-08-22] (Ask)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345312 2013-04-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [26112 2009-07-14] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] explorer.exe [2613248 2009-07-14] (Microsoft Corporation)
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
BootExecute: autocheck autochk * 
AlternateShell: cmd.exe

==================== Services (All) ========================

S3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [62464 2009-07-14] (Microsoft Corporation)
S3 ALG; C:\Windows\System32\alg.exe [59392 2009-07-14] (Microsoft Corporation)
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-02-25] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-02-25] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [562744 2013-04-09] (Avira Operations GmbH & Co. KG)
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [27648 2009-07-14] (Microsoft Corporation)
S3 Appinfo; C:\Windows\System32\appinfo.dll [46592 2009-07-14] (Microsoft Corporation)
S2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [473088 2009-07-14] (Microsoft Corporation)
S2 Audiosrv; C:\Windows\System32\Audiosrv.dll [473088 2009-07-14] (Microsoft Corporation)
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [88064 2009-07-14] (Microsoft Corporation)
S3 BDESVC; C:\Windows\System32\bdesvc.dll [76800 2009-07-14] (Microsoft Corporation)
S2 BFE; C:\Windows\System32\bfe.dll [493568 2009-07-14] (Microsoft Corporation)
S3 BITS; C:\Windows\System32\qmgr.dll [589312 2009-07-14] (Microsoft Corporation)
S3 Browser; C:\Windows\System32\browser.dll [102400 2009-07-14] (Microsoft Corporation)
S3 bthserv; C:\Windows\system32\bthserv.dll [64512 2009-07-14] (Microsoft Corporation)
S3 CertPropSvc; C:\Windows\System32\certprop.dll [67584 2009-07-14] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [66384 2009-06-10] (Microsoft Corporation)
S3 COMSysApp; C:\Windows\system32\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
S2 CryptSvc; C:\Windows\system32\cryptsvc.dll [135680 2009-07-14] (Microsoft Corporation)
S2 DcomLaunch; C:\Windows\system32\rpcss.dll [376320 2009-07-14] (Microsoft Corporation)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-14] (Microsoft Corporation)
S2 Dhcp; C:\Windows\system32\dhcpcore.dll [253440 2009-07-14] (Microsoft Corporation)
S2 Dnscache; C:\Windows\System32\dnsrslvr.dll [132608 2009-07-14] (Microsoft Corporation)
S3 dot3svc; C:\Windows\System32\dot3svc.dll [214016 2009-07-14] (Microsoft Corporation)
S2 DPS; C:\Windows\system32\dps.dll [143360 2009-07-14] (Microsoft Corporation)
S3 EapHost; C:\Windows\System32\eapsvc.dll [98304 2009-07-14] (Microsoft Corporation)
S3 EFS; C:\Windows\System32\lsass.exe [22528 2009-07-14] (Microsoft Corporation)
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [557056 2009-07-14] (Microsoft Corporation)
S3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-14] (Microsoft Corporation)
S2 eventlog; C:\Windows\System32\wevtsvc.dll [1086464 2009-07-14] (Microsoft Corporation)
S2 EventSystem; C:\Windows\system32\es.dll [271360 2009-07-14] (Microsoft Corporation)
S3 Fax; C:\Windows\system32\fxssvc.exe [522752 2009-07-14] (Microsoft Corporation)
S3 fdPHost; C:\Windows\system32\fdPHost.dll [12800 2009-07-14] (Microsoft Corporation)
S3 FDResPub; C:\Windows\system32\fdrespub.dll [28160 2009-07-14] (Microsoft Corporation)
S3 FontCache; C:\Windows\system32\FntCache.dll [797696 2009-07-14] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [42856 2009-06-10] (Microsoft Corporation)
S2 gpsvc; C:\Windows\System32\gpsvc.dll [591360 2009-07-14] (Microsoft Corporation)
S3 hidserv; C:\Windows\system32\hidserv.dll [49152 2009-07-14] (Microsoft Corporation)
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [71168 2009-07-14] (Microsoft Corporation)
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [194560 2009-07-14] (Microsoft Corporation)
S3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [165376 2009-07-14] (Microsoft Corporation)
S3 idsvc; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [878416 2009-06-10] (Microsoft Corporation)
S3 IKEEXT; C:\Windows\System32\ikeext.dll [667136 2009-07-14] (Microsoft Corporation)
S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [78848 2009-07-14] (Microsoft Corporation)
S2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [497152 2009-07-14] (Microsoft Corporation)
S3 KeyIso; C:\Windows\system32\lsass.exe [22528 2009-07-14] (Microsoft Corporation)
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [308736 2009-07-14] (Microsoft Corporation)
S2 LanmanServer; C:\Windows\system32\srvsvc.dll [168448 2009-07-14] (Microsoft Corporation)
S2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [84480 2009-07-14] (Microsoft Corporation)
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [189952 2009-07-14] (Microsoft Corporation)
S2 lmhosts; C:\Windows\System32\lmhsvc.dll [18432 2009-07-14] (Microsoft Corporation)
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [67584 2009-07-14] (Microsoft Corporation)
S2 MMCSS; C:\Windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation)
S2 MpsSvc; C:\Windows\system32\mpssvc.dll [565760 2009-07-14] (Microsoft Corporation)
S3 MSDTC; C:\Windows\System32\msdtc.exe [134144 2009-07-14] (Microsoft Corporation)
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [114688 2009-07-14] (Microsoft Corporation)
S3 msiserver; C:\Windows\System32\msiexec.exe [73216 2009-07-14] (Microsoft Corporation)
S3 napagent; C:\Windows\system32\qagentRT.dll [330240 2009-07-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\system32\lsass.exe [22528 2009-07-14] (Microsoft Corporation)
S3 Netman; C:\Windows\System32\netman.dll [280576 2009-07-14] (Microsoft Corporation)
S3 netprofm; C:\Windows\System32\netprofm.dll [360448 2009-07-14] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [128848 2009-06-10] (Microsoft Corporation)
S2 NlaSvc; C:\Windows\System32\nlasvc.dll [242688 2009-07-14] (Microsoft Corporation)
S2 nsi; C:\Windows\system32\nsisvc.dll [19456 2009-07-14] (Microsoft Corporation)
S3 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)
S3 osppsvc; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4640000 2010-01-09] (Microsoft Corporation)
S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation)
S3 p2psvc; C:\Windows\system32\p2psvc.dll [327680 2009-07-14] (Microsoft Corporation)
S3 PcaSvc; C:\Windows\System32\pcasvc.dll [154624 2009-07-14] (Microsoft Corporation)
S3 pla; C:\Windows\system32\pla.dll [1508864 2009-07-14] (Microsoft Corporation)
S2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [294400 2009-07-14] (Microsoft Corporation)
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [20480 2009-07-14] (Microsoft Corporation)
S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation)
S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [350720 2009-07-14] (Microsoft Corporation)
S2 Power; C:\Windows\system32\umpo.dll [119808 2009-07-14] (Microsoft Corporation)
S2 ProfSvc; C:\Windows\system32\profsvc.dll [162816 2009-07-14] (Microsoft Corporation)
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [22528 2009-07-14] (Microsoft Corporation)
S3 QWAVE; C:\Windows\system32\qwave.dll [210944 2009-07-14] (Microsoft Corporation)
S3 RasAuto; C:\Windows\System32\rasauto.dll [90624 2009-07-14] (Microsoft Corporation)
S3 RasMan; C:\Windows\System32\rasmans.dll [285184 2009-07-14] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [75264 2009-07-14] (Microsoft Corporation)
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [112640 2009-07-14] (Microsoft Corporation)
S2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [43520 2009-07-14] (Microsoft Corporation)
S3 RpcLocator; C:\Windows\system32\locator.exe [9216 2009-07-14] (Microsoft Corporation)
S2 RpcSs; C:\Windows\system32\rpcss.dll [376320 2009-07-14] (Microsoft Corporation)
S2 SamSs; C:\Windows\system32\lsass.exe [22528 2009-07-14] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [132608 2009-07-14] (Microsoft Corporation)
S2 Schedule; C:\Windows\system32\schedsvc.dll [743424 2009-07-14] (Microsoft Corporation)
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [67584 2009-07-14] (Microsoft Corporation)
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [125952 2009-07-14] (Microsoft Corporation)
S3 seclogon; C:\Windows\system32\seclogon.dll [21504 2009-07-14] (Microsoft Corporation)
S2 SENS; C:\Windows\System32\sens.dll [49664 2009-07-14] (Microsoft Corporation)
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [25088 2009-07-14] (Microsoft Corporation)
S3 SessionEnv; C:\Windows\system32\sessenv.dll [99328 2009-07-14] (Microsoft Corporation)
S4 SharedAccess; C:\Windows\System32\ipnathlp.dll [300544 2009-07-14] (Microsoft Corporation)
S2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [328192 2009-07-14] (Microsoft Corporation)
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2009-07-14] (Microsoft Corporation)
S2 Spooler; C:\Windows\System32\spoolsv.exe [316416 2009-07-14] (Microsoft Corporation)
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3179520 2009-07-14] (Microsoft Corporation)
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [53760 2009-07-14] (Microsoft Corporation)
S3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [162816 2009-07-14] (Microsoft Corporation)
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [90112 2009-07-14] (Microsoft Corporation)
S3 StiSvc; C:\Windows\System32\wiaservc.dll [462336 2009-07-14] (Microsoft Corporation)
S3 swprv; C:\Windows\System32\swprv.dll [313856 2009-07-14] (Microsoft Corporation)
S2 SysMain; C:\Windows\system32\sysmain.dll [1169408 2009-07-14] (Microsoft Corporation)
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [73728 2009-07-14] (Microsoft Corporation)
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [241664 2009-07-14] (Microsoft Corporation)
S3 TBS; C:\Windows\System32\tbssvc.dll [55808 2009-07-14] (Microsoft Corporation)
S3 TermService; C:\Windows\System32\termsrv.dll [543232 2009-07-14] (Microsoft Corporation)
S2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-07-14] (Microsoft Corporation)
S3 THREADORDER; C:\Windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation)
S2 TrkWks; C:\Windows\System32\trkwks.dll [77312 2009-07-14] (Microsoft Corporation)
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [204800 2009-07-14] (Microsoft Corporation)
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [35840 2009-07-14] (Microsoft Corporation)
S3 upnphost; C:\Windows\System32\upnphost.dll [266752 2009-07-14] (Microsoft Corporation)
S2 UxSms; C:\Windows\System32\uxsms.dll [29696 2009-07-14] (Microsoft Corporation)
S3 VaultSvc; C:\Windows\system32\lsass.exe [22528 2009-07-14] (Microsoft Corporation)
S3 vds; C:\Windows\System32\vds.exe [452608 2009-07-14] (Microsoft Corporation)
S3 VSS; C:\Windows\system32\vssvc.exe [1025536 2009-07-14] (Microsoft Corporation)
S3 W32Time; C:\Windows\system32\w32time.dll [288768 2009-07-14] (Microsoft Corporation)
S3 wbengine; C:\Windows\system32\wbengine.exe [1202688 2009-07-14] (Microsoft Corporation)
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [151552 2009-07-14] (Microsoft Corporation)
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [276480 2009-07-14] (Microsoft Corporation)
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [32768 2009-07-14] (Microsoft Corporation)
S3 WdiServiceHost; C:\Windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation)
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation)
S3 WebClient; C:\Windows\System32\webclnt.dll [202240 2009-07-14] (Microsoft Corporation)
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [147968 2009-07-14] (Microsoft Corporation)
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [61440 2009-07-14] (Microsoft Corporation)
S3 WerSvc; C:\Windows\System32\WerSvc.dll [65024 2009-07-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S3 WinHttpAutoProxySvc; C:\Windows\System32\winhttp.dll [348672 2009-07-14] (Microsoft Corporation)
S2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [168960 2009-07-14] (Microsoft Corporation)
S3 WinRM; C:\Windows\system32\WsmSvc.dll [1175040 2009-07-14] (Microsoft Corporation)
S2 Wlansvc; C:\Windows\System32\wlansvc.dll [829440 2009-07-14] (Microsoft Corporation)
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [136192 2009-07-14] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1121280 2009-07-14] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-14] (Microsoft Corporation)
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [84480 2009-07-14] (Microsoft Corporation)
S2 wscsvc; C:\Windows\System32\wscsvc.dll [73728 2009-07-14] (Microsoft Corporation)
S2 WSearch; C:\Windows\system32\SearchIndexer.exe [428032 2009-07-14] (Microsoft Corporation)
S2 wuauserv; C:\Windows\system32\wuaueng.dll [1912832 2009-07-14] (Microsoft Corporation)
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [64512 2009-07-14] (Microsoft Corporation)
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [185856 2009-07-14] (Microsoft Corporation)

==================== Drivers (All) ==========================

S3 1394ohci; C:\Windows\System32\DRIVERS\1394ohci.sys [163328 2009-07-14] (Microsoft Corporation)
S0 ACPI; C:\Windows\System32\DRIVERS\ACPI.sys [274496 2009-07-14] (Microsoft Corporation)
S3 AcpiPmi; C:\Windows\system32\DRIVERS\acpipmi.sys [9728 2009-07-14] (Microsoft Corporation)
S3 adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [422976 2009-07-14] (Adaptec, Inc.)
S3 adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [297552 2009-07-14] (Adaptec, Inc.)
S3 adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [146512 2009-07-14] (Adaptec, Inc.)
S1 AFD; C:\Windows\system32\drivers\afd.sys [338944 2009-07-14] (Microsoft Corporation)
S3 agp440; C:\Windows\system32\DRIVERS\agp440.sys [53312 2009-07-14] (Microsoft Corporation)
S3 aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [70720 2009-07-14] (Adaptec, Inc.)
S3 aliide; C:\Windows\system32\DRIVERS\aliide.sys [14400 2009-07-14] (Acer Laboratories Inc.)
S3 amdagp; C:\Windows\system32\DRIVERS\amdagp.sys [53312 2009-07-14] (Microsoft Corporation)
S3 amdide; C:\Windows\system32\DRIVERS\amdide.sys [14912 2009-07-14] (Microsoft Corporation)
S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [55296 2009-07-14] (Microsoft Corporation)
S3 AmdPPM; C:\Windows\system32\DRIVERS\amdppm.sys [52736 2009-07-14] (Microsoft Corporation)
S3 amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [79952 2009-07-14] (Advanced Micro Devices)
S3 amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [159312 2009-07-14] (AMD Technologies Inc.)
S0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [23616 2009-07-14] (Advanced Micro Devices)
S3 AppID; C:\Windows\system32\drivers\appid.sys [50176 2009-07-14] (Microsoft Corporation)
S3 arc; C:\Windows\system32\DRIVERS\arc.sys [76368 2009-07-14] (Adaptec, Inc.)
S3 arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [86608 2009-07-14] (Adaptec, Inc.)
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17920 2009-07-14] (Microsoft Corporation)
S0 atapi; C:\Windows\System32\DRIVERS\atapi.sys [21584 2009-07-14] (Microsoft Corporation)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-02-27] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-02-27] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG)
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbdx.sys [430080 2009-07-13] (Broadcom Corporation)
S3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-13] (Broadcom Corporation)
S1 Beep; C:\Windows\System32\Drivers\Beep.sys [6144 2009-07-14] (Microsoft Corporation)
S1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [35328 2009-07-14] (Microsoft Corporation)
S3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2009-07-14] (Microsoft Corporation)
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [13568 2009-07-13] (Brother Industries, Ltd.)
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [5248 2009-07-13] (Brother Industries, Ltd.)
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [272128 2009-07-14] (Brother Industries Ltd.)
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-13] (Brother Industries Ltd.)
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-13] (Brother Industries Ltd.)
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-13] (Brother Industries Ltd.)
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [56320 2009-07-14] (Microsoft Corporation)
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70656 2009-07-14] (Microsoft Corporation)
S1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [108544 2009-07-14] (Microsoft Corporation)
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [37888 2009-07-14] (Microsoft Corporation)
S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [14080 2009-07-14] (Microsoft Corporation)
S3 cmdide; C:\Windows\system32\DRIVERS\cmdide.sys [15952 2009-07-14] (CMD Technology, Inc.)
S0 CNG; C:\Windows\System32\Drivers\cng.sys [369568 2009-07-14] (Microsoft Corporation)
S0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [19024 2009-07-14] (Microsoft Corporation)
S3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [31232 2009-07-14] (Microsoft Corporation)
S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [22096 2009-07-14] (Microsoft Corporation)
S1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [78336 2009-07-14] (Microsoft Corporation)
S1 discache; C:\Windows\System32\drivers\discache.sys [32256 2009-07-14] (Microsoft Corporation)
S0 Disk; C:\Windows\System32\DRIVERS\disk.sys [57424 2009-07-14] (Microsoft Corporation)
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5120 2009-07-14] (Microsoft Corporation)
S3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [720896 2009-07-14] (Microsoft Corporation)
S3 e1express; C:\Windows\System32\DRIVERS\e1e6032.sys [211456 2009-07-13] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-13] (Broadcom Corporation)
S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [453712 2009-07-14] (Emulex)
S3 ErrDev; C:\Windows\system32\DRIVERS\errdev.sys [7168 2009-07-14] (Microsoft Corporation)
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [142336 2009-07-14] (Microsoft Corporation)
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [148480 2009-07-14] (Microsoft Corporation)
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [25088 2009-07-14] (Microsoft Corporation)
S0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [58448 2009-07-14] (Microsoft Corporation)
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [28160 2009-07-14] (Microsoft Corporation)
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [19968 2009-07-14] (Microsoft Corporation)
S0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [198208 2009-07-14] (Microsoft Corporation)
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [46160 2009-07-14] (Microsoft Corporation)
S0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [19536 2009-07-14] (Microsoft Corporation)
S0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [194488 2009-07-14] (Microsoft Corporation)
S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [57936 2009-07-14] (Microsoft Corporation)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-13] (Hauppauge Computer Works, Inc.)
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [304128 2009-07-14] (Microsoft Corporation)
S3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [108544 2009-07-14] (Microsoft Corporation)
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [21504 2009-07-14] (Microsoft Corporation)
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [91136 2009-07-14] (Microsoft Corporation)
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [37888 2009-07-14] (Microsoft Corporation)
S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [24064 2009-07-14] (Microsoft Corporation)
S3 HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [67152 2009-07-14] (Hewlett-Packard Company)
S3 HTTP; C:\Windows\System32\drivers\HTTP.sys [513024 2009-07-14] (Microsoft Corporation)
S0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [13904 2009-07-14] (Microsoft Corporation)
S3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [80896 2009-07-14] (Microsoft Corporation)
S3 iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys [332352 2009-07-14] (Intel Corporation)
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [41040 2009-07-14] (Intel Corp./ICP vortex GmbH)
S0 intelide; C:\Windows\System32\DRIVERS\intelide.sys [15424 2009-07-14] (Microsoft Corporation)
S3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [53760 2009-07-14] (Microsoft Corporation)
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-14] (Microsoft Corporation)
S3 IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [65536 2009-07-14] (Microsoft Corporation)
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [101888 2009-07-14] (Microsoft Corporation)
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-14] (Microsoft Corporation)
S3 isapnp; C:\Windows\system32\DRIVERS\isapnp.sys [46656 2009-07-14] (Microsoft Corporation)
S3 iScsiPrt; C:\Windows\system32\DRIVERS\msiscsi.sys [186960 2009-07-14] (Microsoft Corporation)
S3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [42576 2009-07-14] (Microsoft Corporation)
S3 kbdhid; C:\Windows\system32\DRIVERS\kbdhid.sys [28160 2009-07-14] (Microsoft Corporation)
S0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [67664 2009-07-14] (Microsoft Corporation)
S0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [133200 2009-07-14] (Microsoft Corporation)
S2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [48128 2009-07-14] (Microsoft Corporation)
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [95824 2009-07-14] (LSI Corporation)
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [89168 2009-07-14] (LSI Corporation)
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [54864 2009-07-14] (LSI Corporation)
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [96848 2009-07-14] (LSI Corporation)
S2 luafv; C:\Windows\system32\drivers\luafv.sys [86528 2009-07-14] (Microsoft Corporation)
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [30800 2009-07-14] (LSI Corporation)
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [235584 2009-07-14] (LSI Corporation, Inc.)
S3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2009-07-14] (Microsoft Corporation)
S3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [23552 2009-07-14] (Microsoft Corporation)
S3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [41552 2009-07-14] (Microsoft Corporation)
S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [26112 2009-07-14] (Microsoft Corporation)
S0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78416 2009-07-14] (Microsoft Corporation)
S3 mpio; C:\Windows\system32\DRIVERS\mpio.sys [130624 2009-07-14] (Microsoft Corporation)
S3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [60416 2009-07-14] (Microsoft Corporation)
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [115712 2009-07-14] (Microsoft Corporation)
S3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [123392 2009-07-14] (Microsoft Corporation)
S3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [221184 2009-07-14] (Microsoft Corporation)
S3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [95744 2009-07-14] (Microsoft Corporation)
S0 msahci; C:\Windows\System32\DRIVERS\msahci.sys [27712 2009-07-14] (Microsoft Corporation)
S3 msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [115792 2009-07-14] (Microsoft Corporation)
S1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [22528 2009-07-14] (Microsoft Corporation)
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [4096 2009-07-14] (Microsoft Corporation)
S0 msisadrv; C:\Windows\System32\DRIVERS\msisadrv.sys [13888 2009-07-14] (Microsoft Corporation)
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8320 2009-07-14] (Microsoft Corporation)
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-14] (Microsoft Corporation)
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-14] (Microsoft Corporation)
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [162896 2009-07-14] (Microsoft Corporation)
S1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [28240 2009-07-14] (Microsoft Corporation)
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-14] (Microsoft Corporation)
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [12288 2009-07-14] (Microsoft Corporation)
S0 Mup; C:\Windows\System32\Drivers\mup.sys [49728 2009-07-14] (Microsoft Corporation)
S3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-14] (Microsoft Corporation)
S0 NDIS; C:\Windows\System32\drivers\ndis.sys [710720 2009-07-14] (Microsoft Corporation)
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-14] (Microsoft Corporation)
S3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-14] (Microsoft Corporation)
S3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [45568 2009-07-14] (Microsoft Corporation)
S3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2009-07-14] (Microsoft Corporation)
S3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [48128 2009-07-14] (Microsoft Corporation)
S1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-14] (Microsoft Corporation)
S1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2009-07-14] (Microsoft Corporation)
S3 netw5v32; C:\Windows\System32\DRIVERS\netw5v32.sys [4231168 2009-07-13] (Intel Corporation)
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [44624 2009-07-14] (IBM Corporation)
S1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [35328 2009-07-14] (Microsoft Corporation)
S1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-14] (Microsoft Corporation)
S3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1210432 2009-07-14] (Microsoft Corporation)
S1 Null; C:\Windows\System32\Drivers\Null.sys [4608 2009-07-14] (Microsoft Corporation)
S3 nvraid; C:\Windows\system32\DRIVERS\nvraid.sys [117312 2009-07-14] (NVIDIA Corporation)
S3 nvstor; C:\Windows\system32\DRIVERS\nvstor.sys [142416 2009-07-14] (NVIDIA Corporation)
S3 nv_agp; C:\Windows\system32\DRIVERS\nv_agp.sys [105024 2009-07-14] (Microsoft Corporation)
S3 ohci1394; C:\Windows\system32\DRIVERS\ohci1394.sys [62464 2009-07-14] (Microsoft Corporation)
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [79360 2009-07-14] (Microsoft Corporation)
S0 partmgr; C:\Windows\System32\drivers\partmgr.sys [56912 2009-07-14] (Microsoft Corporation)
S2 Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [8704 2009-07-14] (Microsoft Corporation)
S0 pci; C:\Windows\System32\DRIVERS\pci.sys [153680 2009-07-14] (Microsoft Corporation)
S3 pciide; C:\Windows\system32\DRIVERS\pciide.sys [12368 2009-07-14] (Microsoft Corporation)
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [180288 2009-07-14] (Microsoft Corporation)
S0 pcw; C:\Windows\System32\drivers\pcw.sys [43088 2009-07-14] (Microsoft Corporation)
S2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-14] (Microsoft Corporation)
S3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-14] (Microsoft Corporation)
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [52224 2009-07-14] (Microsoft Corporation)
S1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-14] (Microsoft Corporation)
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1383488 2009-07-14] (QLogic Corporation)
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [106064 2009-07-14] (QLogic Corporation)
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-14] (Microsoft Corporation)
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-14] (Microsoft Corporation)
S3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-14] (Microsoft Corporation)
S3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-14] (Microsoft Corporation)
S3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-14] (Microsoft Corporation)
S3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-14] (Microsoft Corporation)
S1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [241664 2009-07-14] (Microsoft Corporation)
S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [18944 2009-07-14] (Microsoft Corporation)
S1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2009-07-14] (Microsoft Corporation)
S1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-14] (Microsoft Corporation)
S1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-14] (Microsoft Corporation)
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [177152 2009-07-14] (Microsoft Corporation)
S0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [173648 2009-07-14] (Microsoft Corporation)
S2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-14] (Microsoft Corporation)
S3 sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [85568 2009-07-14] (Microsoft Corporation)
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2009-07-14] (Microsoft Corporation)
S3 sdbus; C:\Windows\System32\DRIVERS\sdbus.sys [84992 2009-07-14] (Microsoft Corporation)
S2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [20480 2009-07-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [17920 2009-07-14] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [83456 2009-07-14] (Microsoft Corporation)
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [19968 2009-07-14] (Microsoft Corporation)
S3 sffdisk; C:\Windows\system32\DRIVERS\sffdisk.sys [11264 2009-07-14] (Microsoft Corporation)
S3 sffp_mmc; C:\Windows\system32\DRIVERS\sffp_mmc.sys [12288 2009-07-14] (Microsoft Corporation)
S3 sffp_sd; C:\Windows\system32\DRIVERS\sffp_sd.sys [12800 2009-07-14] (Microsoft Corporation)
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [13824 2009-07-14] (Microsoft Corporation)
S3 sisagp; C:\Windows\system32\DRIVERS\sisagp.sys [52304 2009-07-14] (Microsoft Corporation)
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [40016 2009-07-14] (Silicon Integrated Systems Corp.)
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [77888 2009-07-14] (Silicon Integrated Systems)
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-14] (Microsoft Corporation)
S0 spldr; C:\Windows\System32\Drivers\spldr.sys [17472 2009-07-14] (Microsoft Corporation)
S3 srv; C:\Windows\System32\DRIVERS\srv.sys [309760 2009-07-14] (Microsoft Corporation)
S3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [306688 2009-07-14] (Microsoft Corporation)
S3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL3.SYS [207360 2009-07-13] (Conexant Systems, Inc.)
S3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [980992 2009-07-13] (Conexant Systems, Inc.)
S3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT3.SYS [661504 2009-07-13] (Conexant Systems, Inc.)
S3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [113664 2009-07-14] (Microsoft Corporation)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [21072 2009-07-14] (Promise Technology)
S3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12240 2009-07-14] (Microsoft Corporation)
S0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1285712 2009-07-14] (Microsoft Corporation)
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1285712 2009-07-14] (Microsoft Corporation)
S2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [34816 2009-07-14] (Microsoft Corporation)
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [17920 2009-07-14] (Microsoft Corporation)
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24064 2009-07-14] (Microsoft Corporation)
S1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74240 2009-07-14] (Microsoft Corporation)
S1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [51776 2009-07-14] (Microsoft Corporation)
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [30208 2009-07-14] (Microsoft Corporation)
S3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2009-07-14] (Microsoft Corporation)
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [55888 2009-07-14] (Microsoft Corporation)
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2009-07-14] (Microsoft Corporation)
S3 uliagpkx; C:\Windows\system32\DRIVERS\uliagpkx.sys [57424 2009-07-14] (Microsoft Corporation)
S3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [39936 2009-07-14] (Microsoft Corporation)
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [8192 2009-07-14] (Microsoft Corporation)
S3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [75264 2009-07-14] (Microsoft Corporation)
S3 usbcir; C:\Windows\system32\DRIVERS\usbcir.sys [86016 2009-07-14] (Microsoft Corporation)
S3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [41472 2009-07-14] (Microsoft Corporation)
S3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2009-07-14] (Microsoft Corporation)
S3 usbohci; C:\Windows\system32\DRIVERS\usbohci.sys [20480 2009-07-14] (Microsoft Corporation)
S3 usbprint; C:\Windows\system32\DRIVERS\usbprint.sys [19968 2009-07-14] (Microsoft Corporation)
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [74752 2009-07-14] (Microsoft Corporation)
S3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [24064 2009-07-14] (Microsoft Corporation)
S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [146176 2009-07-14] (Microsoft Corporation)
S0 vdrvroot; C:\Windows\System32\DRIVERS\vdrvroot.sys [32832 2009-07-14] (Microsoft Corporation)
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-14] (Microsoft Corporation)
S1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-14] (Microsoft Corporation)
S3 vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [159824 2009-07-14] (Microsoft Corporation)
S3 viaagp; C:\Windows\system32\DRIVERS\viaagp.sys [53328 2009-07-14] (Microsoft Corporation)
S3 ViaC7; C:\Windows\system32\DRIVERS\viac7.sys [52736 2009-07-14] (Microsoft Corporation)
S3 viaide; C:\Windows\system32\DRIVERS\viaide.sys [16976 2009-07-14] (VIA Technologies, Inc.)
S0 volmgr; C:\Windows\System32\DRIVERS\volmgr.sys [53312 2009-07-14] (Microsoft Corporation)
S0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] (Microsoft Corporation)
S0 volsnap; C:\Windows\System32\DRIVERS\volsnap.sys [245328 2009-07-14] (Microsoft Corporation)
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [141904 2009-07-14] (VIA Technologies Inc.,Ltd)
S3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [19968 2009-07-14] (Microsoft Corporation)
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [21632 2009-07-14] (Microsoft Corporation)
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2009-07-14] (Microsoft Corporation)
S1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2009-07-14] (Microsoft Corporation)
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [19024 2009-07-14] (Microsoft Corporation)
S0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [445008 2009-07-14] (Microsoft Corporation)
S1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-14] (Microsoft Corporation)
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [19008 2009-07-14] (Microsoft Corporation)
S3 Winsock; No ImagePath
S3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [11264 2009-07-14] (Microsoft Corporation)
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-14] (Microsoft Corporation)
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [92672 2009-07-14] (Microsoft Corporation)
S5 BattC; C:\Windows\System32\Drivers\BattC.sys [25168 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-01 08:59 - 2013-09-01 08:59 - 00099426 _____ C:\Windows\PFRO.log
2013-08-31 16:01 - 2013-08-31 16:01 - 00000000 ____D C:\Windows\PCHEALTH
2013-08-31 16:01 - 2013-08-31 16:01 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-08-31 16:01 - 2013-08-31 16:01 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-08-31 15:58 - 2013-08-31 15:58 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2013-08-31 15:57 - 2013-08-31 15:57 - 00000000 ____D C:\Users\Arnold\AppData\Local\Microsoft Help
2013-08-31 15:56 - 2013-08-31 16:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-31 15:56 - 2013-08-31 16:01 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-31 12:21 - 2013-08-31 11:42 - 00000000 ____D C:\Windows\Panther
2013-08-31 12:07 - 2013-08-31 12:07 - 00000000 ____D C:\Windows.old.001
2013-08-31 11:52 - 2013-08-31 11:52 - 00000000 ____D C:\Users\Arnold\AppData\Roaming\Avira
2013-08-31 11:50 - 2013-08-31 11:50 - 00002018 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-31 11:49 - 2013-08-31 11:50 - 00000000 ____D C:\ProgramData\Avira
2013-08-31 11:49 - 2013-08-31 11:49 - 00000000 ____D C:\Program Files\Avira
2013-08-31 11:49 - 2013-08-31 11:49 - 00000000 ____D C:\Program Files\Ask.com
2013-08-31 11:49 - 2013-03-06 15:13 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-08-31 11:49 - 2013-02-27 12:22 - 00135136 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-08-31 11:49 - 2013-02-27 12:22 - 00084744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-08-31 11:49 - 2012-08-27 14:50 - 00028520 _____ (Avira GmbH) C:\Windows\System32\Drivers\ssmdrv.sys
2013-08-31 11:45 - 2013-09-01 09:07 - 01472002 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-31 11:42 - 2013-08-31 11:43 - 00000000 ____D C:\users\Arnold
2013-08-31 11:42 - 2013-08-31 11:42 - 00000020 ___SH C:\Users\Arnold\ntuser.ini
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Arnold\Startmenü
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Arnold\Netzwerkumgebung
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Arnold\Druckumgebung
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Arnold\Documents\Eigene Musik
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Arnold\Documents\Eigene Bilder
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Arnold\AppData\Local\Verlauf
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 ____D C:\Users\Arnold\AppData\Local\VirtualStore
2013-08-31 11:27 - 2013-09-01 09:11 - 00025207 _____ C:\Windows\WindowsUpdate.log
2013-08-31 11:24 - 2013-08-31 11:28 - 00001313 _____ C:\Windows\TSSysprep.log

==================== One Month Modified Files and Folders =======

2013-09-01 10:23 - 2013-09-01 10:23 - 00000000 ____D C:\FRST
2013-09-01 09:11 - 2013-08-31 11:27 - 00025207 _____ C:\Windows\WindowsUpdate.log
2013-09-01 09:11 - 2009-07-14 05:34 - 00012208 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-01 09:11 - 2009-07-14 05:34 - 00012208 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-01 09:07 - 2013-08-31 11:45 - 01472002 _____ C:\Windows\System32\PerfStringBackup.INI
2013-09-01 09:02 - 2009-07-14 05:33 - 00341480 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-01 09:00 - 2009-07-14 05:39 - 00016716 _____ C:\Windows\setupact.log
2013-09-01 08:59 - 2013-09-01 08:59 - 00099426 _____ C:\Windows\PFRO.log
2013-08-31 16:12 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-31 16:11 - 2013-08-31 15:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-31 16:06 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\System
2013-08-31 16:06 - 2009-07-14 03:04 - 00000478 _____ C:\Windows\win.ini
2013-08-31 16:02 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-08-31 16:01 - 2013-08-31 16:01 - 00000000 ____D C:\Windows\PCHEALTH
2013-08-31 16:01 - 2013-08-31 16:01 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-08-31 16:01 - 2013-08-31 16:01 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-08-31 16:01 - 2013-08-31 15:56 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-31 15:58 - 2013-08-31 15:58 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2013-08-31 15:58 - 2009-07-14 09:57 - 00000000 ____D C:\Windows\ShellNew
2013-08-31 15:57 - 2013-08-31 15:57 - 00000000 ____D C:\Users\Arnold\AppData\Local\Microsoft Help
2013-08-31 15:55 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\System32\restore
2013-08-31 12:21 - 2009-10-24 08:43 - 00008192 __RSH C:\BOOTSECT.BAK
2013-08-31 12:21 - 2009-07-14 05:57 - 00025600 ___SH C:\Windows\System32\config\BCD-Template.LOG
2013-08-31 12:21 - 2009-07-14 05:52 - 00028672 _____ C:\Windows\System32\config\BCD-Template
2013-08-31 12:07 - 2013-08-31 12:07 - 00000000 ____D C:\Windows.old.001
2013-08-31 11:52 - 2013-08-31 11:52 - 00000000 ____D C:\Users\Arnold\AppData\Roaming\Avira
2013-08-31 11:50 - 2013-08-31 11:50 - 00002018 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-31 11:50 - 2013-08-31 11:49 - 00000000 ____D C:\ProgramData\Avira
2013-08-31 11:49 - 2013-08-31 11:49 - 00000000 ____D C:\Program Files\Avira
2013-08-31 11:49 - 2013-08-31 11:49 - 00000000 ____D C:\Program Files\Ask.com
2013-08-31 11:43 - 2013-08-31 11:42 - 00000000 ____D C:\users\Arnold
2013-08-31 11:42 - 2013-08-31 12:21 - 00000000 ____D C:\Windows\Panther
2013-08-31 11:42 - 2013-08-31 11:42 - 00000020 ___SH C:\Users\Arnold\ntuser.ini
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Arnold\Startmenü
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Arnold\Netzwerkumgebung
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Arnold\Druckumgebung
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Arnold\Documents\Eigene Musik
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Arnold\Documents\Eigene Bilder
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\Users\Arnold\AppData\Local\Verlauf
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-08-31 11:42 - 2013-08-31 11:42 - 00000000 ____D C:\Users\Arnold\AppData\Local\VirtualStore
2013-08-31 11:42 - 2009-10-24 10:39 - 00000000 __SHD C:\Recovery
2013-08-31 11:42 - 2009-07-14 03:37 - 00000000 __RHD C:\users\Default
2013-08-31 11:42 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\Recovery
2013-08-31 11:42 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Windows NT
2013-08-31 11:41 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-08-31 11:28 - 2013-08-31 11:24 - 00001313 _____ C:\Windows\TSSysprep.log
2013-08-31 11:24 - 2009-07-14 05:34 - 00001774 _____ C:\Windows\DtcInstall.log

==================== Known DLLs (ALL) =========================

[2009-07-14 00:44] - [2009-07-14 02:15] - 0522240 ____A (Microsoft Corporation) C:\Windows\System32\clbcatq.dll
[2009-07-14 00:45] - [2009-07-14 02:16] - 1412608 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
[2009-07-14 01:20] - [2009-07-14 02:14] - 0640000 ____A (Microsoft Corporation) C:\Windows\System32\advapi32.dll
[2009-07-14 00:39] - [2009-07-14 02:15] - 0486912 ____A (Microsoft Corporation) C:\Windows\System32\COMDLG32.dll
[2009-07-14 00:26] - [2009-07-14 02:15] - 0304640 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
[2009-07-14 00:44] - [2009-07-14 02:15] - 2058240 ____A (Microsoft Corporation) C:\Windows\System32\IERTUTIL.dll
[2009-07-14 00:57] - [2009-07-14 02:15] - 0154624 ____A (Microsoft Corporation) C:\Windows\System32\IMAGEHLP.dll
[2009-07-14 00:25] - [2009-07-14 02:15] - 0118272 ____A (Microsoft Corporation) C:\Windows\System32\IMM32.dll
[2009-07-14 00:16] - [2009-07-14 02:15] - 0857088 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
[2009-07-14 00:25] - [2009-07-14 02:15] - 0026624 ____A (Microsoft Corporation) C:\Windows\System32\LPK.dll
[2009-07-14 00:28] - [2009-07-14 02:15] - 0828928 ____A (Microsoft Corporation) C:\Windows\System32\MSCTF.dll
[2009-07-14 00:12] - [2009-07-14 02:15] - 0690688 ____A (Microsoft Corporation) C:\Windows\System32\MSVCRT.dll
[2009-07-14 00:15] - [2009-07-14 02:09] - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\NORMALIZ.dll
[2009-07-14 00:12] - [2009-07-14 02:16] - 0008704 ____A (Microsoft Corporation) C:\Windows\System32\NSI.dll
[2009-07-14 00:44] - [2009-07-14 02:16] - 0571904 ____A (Microsoft Corporation) C:\Windows\System32\OLEAUT32.dll
[2009-07-14 00:15] - [2009-07-14 02:16] - 0006144 ____A (Microsoft Corporation) C:\Windows\System32\PSAPI.dll
[2009-07-14 00:13] - [2009-07-14 02:16] - 0652288 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
[2009-07-14 00:11] - [2009-07-14 02:16] - 0092160 ____A (Microsoft Corporation) C:\Windows\System32\sechost.dll
[2009-07-14 00:16] - [2009-07-14 02:16] - 1668608 ____A (Microsoft Corporation) C:\Windows\System32\Setupapi.dll
[2009-07-14 00:47] - [2009-07-14 02:16] - 12866560 ____A (Microsoft Corporation) C:\Windows\System32\SHELL32.dll
[2009-07-14 00:39] - [2009-07-14 02:16] - 0350208 ____A (Microsoft Corporation) C:\Windows\System32\SHLWAPI.dll
[2009-07-14 00:47] - [2009-07-14 02:16] - 1224704 ____A (Microsoft Corporation) C:\Windows\System32\URLMON.dll
[2009-07-14 00:24] - [2009-07-14 02:16] - 0811520 ____A (Microsoft Corporation) C:\Windows\System32\user32.dll
[2009-07-14 00:25] - [2009-07-14 02:16] - 0627200 ____A (Microsoft Corporation) C:\Windows\System32\USP10.dll
[2009-07-14 00:47] - [2009-07-14 02:16] - 0977920 ____A (Microsoft Corporation) C:\Windows\System32\WININET.dll
[2009-07-14 00:38] - [2009-07-14 02:16] - 0268800 ____A (Microsoft Corporation) C:\Windows\System32\WLDAP32.dll
[2009-07-14 00:12] - [2009-07-14 02:16] - 0206336 ____A (Microsoft Corporation) C:\Windows\System32\WS2_32.dll
[2009-07-14 00:16] - [2009-07-14 02:15] - 0315904 ____A (Microsoft Corporation) C:\Windows\System32\DifxApi.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-03-20 15:23:39
Restore point made on: 2013-03-20 16:13:55
Restore point made on: 2013-03-23 08:03:59
Restore point made on: 2013-04-05 19:25:55
Restore point made on: 2013-04-09 19:07:56
Restore point made on: 2013-04-09 19:09:40
Restore point made on: 2013-04-13 21:06:49
Restore point made on: 2013-05-10 19:00:11
Restore point made on: 2013-05-10 20:19:14
Restore point made on: 2013-05-11 17:18:39
Restore point made on: 2013-08-31 11:54:47
Restore point made on: 2013-08-31 13:32:37
Restore point made on: 2013-08-31 13:41:26
Restore point made on: 2013-08-31 15:55:49

==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 3070.05 MB
Available physical RAM: 2660.79 MB
Total Pagefile: 3068.33 MB
Available Pagefile: 2666.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1958.3 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:143.84 GB) (Free:9.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (HP_RECOVERY) (Fixed) (Total:5.21 GB) (Free:1.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:14.81 GB) (Free:14.81 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 041F6810)
Partition 1: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 8C88EF51)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)


LastRegBack: 2013-08-31 16:38

==================== End Of Log ============================
         
--- --- ---


Viele Grüße
Pulcheria
__________________

Alt 01.09.2013, 13:46   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Mehrfacher Befall von Trojanern - Standard

Mehrfacher Befall von Trojanern



Bootet der Rechner nicht mehr normal? Wenn Doch die Scans bitte vom Desktop ausführen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.09.2013, 20:48   #5
Pulcheria
 
Mehrfacher Befall von Trojanern - Standard

Mehrfacher Befall von Trojanern



Guten Abend Schrauber,

ich bin versehentlich der Beschreibung für FRST im Board gefolgt (also Aufruf der .exe via BIOS). Tut mir leid für den Umstand. Anbei die Ergebnisse:

FRST.txt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-09-2013
Ran by Arnold (administrator) on ARNOLD-PC on 01-09-2013 20:45:24
Running from G:\
Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Microsoft Corporation) C:\Windows\system32\DFDWiz.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] -  [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1573584 2012-08-22] (Ask)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345312 2013-04-04] (Avira Operations GmbH & Co. KG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com?o=10148&l=dis&tb=AVR-4
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [562744 2013-04-09] (Avira Operations GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-02-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-02-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-01 11:23 - 2013-09-01 11:23 - 00000000 ____D C:\FRST
2013-09-01 09:59 - 2013-09-01 09:59 - 00099426 _____ C:\Windows\PFRO.log
2013-08-31 17:01 - 2013-08-31 17:01 - 00000000 ____D C:\Windows\PCHEALTH
2013-08-31 17:01 - 2013-08-31 17:01 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-08-31 17:01 - 2013-08-31 17:01 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-08-31 16:58 - 2013-08-31 16:58 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2013-08-31 16:57 - 2013-08-31 16:57 - 00000000 ____D C:\Users\Arnold\AppData\Local\Microsoft Help
2013-08-31 16:56 - 2013-08-31 17:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-31 16:56 - 2013-08-31 17:01 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-31 13:21 - 2013-08-31 12:42 - 00000000 ____D C:\Windows\Panther
2013-08-31 13:07 - 2013-08-31 13:07 - 00000000 ____D C:\Windows.old.001
2013-08-31 12:52 - 2013-08-31 12:52 - 00000000 ____D C:\Users\Arnold\AppData\Roaming\Avira
2013-08-31 12:50 - 2013-08-31 12:50 - 00002018 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-31 12:49 - 2013-08-31 12:50 - 00000000 ____D C:\ProgramData\Avira
2013-08-31 12:49 - 2013-08-31 12:49 - 00000000 ____D C:\Program Files\Avira
2013-08-31 12:49 - 2013-08-31 12:49 - 00000000 ____D C:\Program Files\Ask.com
2013-08-31 12:49 - 2013-03-06 16:13 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-31 12:49 - 2013-02-27 13:22 - 00135136 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-31 12:49 - 2013-02-27 13:22 - 00084744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-31 12:49 - 2012-08-27 15:50 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-08-31 12:45 - 2013-09-01 20:44 - 01472002 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-31 12:43 - 2013-08-31 12:43 - 00001415 _____ C:\Users\Arnold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-31 12:42 - 2013-08-31 12:43 - 00000000 ____D C:\Users\Arnold
2013-08-31 12:42 - 2013-08-31 12:42 - 00000020 ___SH C:\Users\Arnold\ntuser.ini
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Startmenü
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Netzwerkumgebung
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Druckumgebung
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Documents\Eigene Musik
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Documents\Eigene Bilder
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\AppData\Local\Verlauf
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 ____D C:\Users\Arnold\AppData\Local\VirtualStore
2013-08-31 12:42 - 2009-07-14 06:42 - 00000000 ___RD C:\Users\Arnold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-08-31 12:42 - 2009-07-14 06:37 - 00000000 ___RD C:\Users\Arnold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-08-31 12:27 - 2013-09-01 20:45 - 00034934 _____ C:\Windows\WindowsUpdate.log
2013-08-31 12:24 - 2013-08-31 12:28 - 00001313 _____ C:\Windows\TSSysprep.log

==================== One Month Modified Files and Folders =======

2013-09-01 20:45 - 2013-08-31 12:27 - 00034934 _____ C:\Windows\WindowsUpdate.log
2013-09-01 20:44 - 2013-08-31 12:45 - 01472002 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-01 20:43 - 2013-09-01 20:43 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-09-01 20:43 - 2009-07-14 06:39 - 00017474 _____ C:\Windows\setupact.log
2013-09-01 20:41 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-01 11:23 - 2013-09-01 11:23 - 00000000 ____D C:\FRST
2013-09-01 11:08 - 2009-07-14 06:34 - 00012208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-01 11:08 - 2009-07-14 06:34 - 00012208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-01 10:02 - 2009-07-14 06:33 - 00341480 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-01 09:59 - 2013-09-01 09:59 - 00099426 _____ C:\Windows\PFRO.log
2013-08-31 17:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-31 17:11 - 2013-08-31 16:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-31 17:06 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\System
2013-08-31 17:06 - 2009-07-14 04:04 - 00000478 _____ C:\Windows\win.ini
2013-08-31 17:02 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-08-31 17:01 - 2013-08-31 17:01 - 00000000 ____D C:\Windows\PCHEALTH
2013-08-31 17:01 - 2013-08-31 17:01 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-08-31 17:01 - 2013-08-31 17:01 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-08-31 17:01 - 2013-08-31 16:56 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-31 16:58 - 2013-08-31 16:58 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2013-08-31 16:58 - 2009-07-14 10:57 - 00000000 ____D C:\Windows\ShellNew
2013-08-31 16:57 - 2013-08-31 16:57 - 00000000 ____D C:\Users\Arnold\AppData\Local\Microsoft Help
2013-08-31 16:55 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\restore
2013-08-31 13:21 - 2009-10-24 09:43 - 00008192 __RSH C:\BOOTSECT.BAK
2013-08-31 13:21 - 2009-07-14 06:57 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2013-08-31 13:21 - 2009-07-14 06:52 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2013-08-31 13:07 - 2013-08-31 13:07 - 00000000 ____D C:\Windows.old.001
2013-08-31 12:52 - 2013-08-31 12:52 - 00000000 ____D C:\Users\Arnold\AppData\Roaming\Avira
2013-08-31 12:50 - 2013-08-31 12:50 - 00002018 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-31 12:50 - 2013-08-31 12:49 - 00000000 ____D C:\ProgramData\Avira
2013-08-31 12:49 - 2013-08-31 12:49 - 00000000 ____D C:\Program Files\Avira
2013-08-31 12:49 - 2013-08-31 12:49 - 00000000 ____D C:\Program Files\Ask.com
2013-08-31 12:43 - 2013-08-31 12:43 - 00001415 _____ C:\Users\Arnold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-31 12:43 - 2013-08-31 12:42 - 00000000 ____D C:\Users\Arnold
2013-08-31 12:42 - 2013-08-31 13:21 - 00000000 ____D C:\Windows\Panther
2013-08-31 12:42 - 2013-08-31 12:42 - 00000020 ___SH C:\Users\Arnold\ntuser.ini
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Startmenü
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Netzwerkumgebung
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Druckumgebung
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Documents\Eigene Musik
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Documents\Eigene Bilder
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\AppData\Local\Verlauf
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 ____D C:\Users\Arnold\AppData\Local\VirtualStore
2013-08-31 12:42 - 2009-10-24 11:39 - 00000000 __SHD C:\Recovery
2013-08-31 12:42 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-08-31 12:42 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\Recovery
2013-08-31 12:42 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Windows NT
2013-08-31 12:41 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-08-31 12:28 - 2013-08-31 12:24 - 00001313 _____ C:\Windows\TSSysprep.log
2013-08-31 12:24 - 2009-07-14 06:34 - 00001774 _____ C:\Windows\DtcInstall.log

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 11:00

==================== End Of Log ============================
         
--- --- ---


Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-09-2013
Ran by Arnold at 2013-09-01 20:45:48
Running from G:\
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Ask Toolbar (Version: 1.15.5.0)
Ask Toolbar Updater (HKCU Version: 1.3.1.26360)
Avira Free Antivirus (Version: 13.0.0.3640)
Definition update for Microsoft Office 2010 (KB982726)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
 

==================== Restore Points  =========================

31-08-2013 14:55:38 Installed Microsoft Office Home and Business 2010

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {48619F15-5877-4400-ABE1-E84F4E4DB6F8} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-08-22] ()

==================== Loaded Modules (whitelisted) =============

2009-07-14 01:23 - 2009-07-14 03:16 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\sdautoplay.dll
2009-07-14 01:23 - 2009-07-14 03:16 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\SPP.dll
2009-07-14 01:23 - 2009-07-14 03:16 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\VssTrace.DLL
2009-07-14 01:24 - 2009-07-14 03:16 - 00907264 _____ (Microsoft Corporation) C:\Windows\system32\sdengin2.dll
2009-07-14 01:25 - 2009-07-14 03:16 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2013-08-31 12:49 - 2013-02-15 14:15 - 00260832 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avsda.dll
2011-02-19 23:03 - 2011-02-19 23:03 - 04422992 _____ (Microsoft Corporation) C:\Windows\system32\mfc100u.dll
2011-02-19 00:40 - 2011-02-19 00:40 - 00773968 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR100.dll
2011-02-19 23:03 - 2011-02-19 23:03 - 00421200 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP100.dll
2009-07-14 01:37 - 2009-07-14 03:15 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\LOGONCLI.DLL
2009-07-14 01:37 - 2009-07-14 03:15 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\BROWCLI.DLL
2011-02-19 23:03 - 2011-02-19 23:03 - 00064336 _____ (Microsoft Corporation) C:\Windows\system32\MFC100DEU.DLL
2013-08-31 12:49 - 2013-04-15 20:28 - 00740408 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll
2013-08-31 12:49 - 2013-04-15 20:29 - 00054840 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\cfglib.dll
2013-08-31 12:49 - 2013-04-15 20:25 - 00344120 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccguard.dll
2013-08-31 12:49 - 2013-03-27 14:17 - 00030432 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgrdrc.dll
2013-08-31 12:49 - 2013-04-15 20:25 - 00229432 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgrdw.dll
2013-08-31 12:49 - 2013-04-15 20:31 - 00378424 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\grdcore.dll
2013-08-31 12:49 - 2013-04-15 20:30 - 00217656 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\gpipc.dll
2013-08-31 12:49 - 2013-01-25 10:25 - 00062320 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avipc.dll
2013-08-31 12:49 - 2013-04-15 20:28 - 00410680 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccwgrd.dll
2013-08-31 12:49 - 2013-04-09 22:27 - 00026168 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccwgrdrc.dll
2013-08-31 12:49 - 2013-04-15 20:28 - 00127032 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccwgrdw.dll
2013-08-31 12:49 - 2013-04-15 20:25 - 00784440 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgen.dll
2013-08-31 12:49 - 2013-02-15 14:15 - 00051936 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgenrc.dll
2013-08-31 12:49 - 2013-04-15 20:28 - 00218168 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccupdate.dll
2013-08-31 12:49 - 2012-12-07 09:39 - 00029472 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccupdrc.dll
2013-08-31 12:49 - 2013-04-15 20:25 - 00083000 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\cclic.dll
2013-08-31 12:49 - 2013-01-25 10:25 - 00011632 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\cclicrc.dll
2013-08-31 12:49 - 2013-04-17 18:28 - 00203832 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccmsg.dll
2013-08-31 12:49 - 2013-01-25 10:25 - 00010608 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccmsgrc.dll
2013-08-31 12:49 - 2012-12-07 09:39 - 04780832 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\rcimage.dll
2013-08-31 12:49 - 2013-01-25 10:25 - 00016240 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccmainrc.dll
2013-08-31 12:49 - 2013-04-15 20:28 - 00212536 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ccupdw.dll
2009-07-14 01:29 - 2009-07-14 03:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\tschannel.dll

==================== Faulty Device Manager Devices =============

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/31/2013 05:40:26 PM) (Source: Office Software Protection Platform Service) (User: )
Description: Acquisition of Secure Processor Certificate failed. hr=0x80072EE7

Error: (08/31/2013 05:40:26 PM) (Source: Office Software Protection Platform Service) (User: )
Description: License acquisition failure details. 
hr=0x80072EE7

Error: (08/31/2013 05:11:08 PM) (Source: MsiInstaller) (User: Arnold-PC)
Description: Produkt: Microsoft Office Shared MUI (German) 2010 - Update "Microsoft Office 2010 Service Pack 1 (SP1)" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (08/31/2013 05:11:05 PM) (Source: MsiInstaller) (User: Arnold-PC)
Description: Produkt: Microsoft Office Shared MUI (German) 2010 -- Fehler 1935. Fehler beim Installieren der Assemblykomponente '{10072946-A083-4D87-834D-F7CE17318438}'. HRESULT: 0x80070005. Assemblyschnittstelle: IAssemblyCacheItem, Funktion: Commit, Assemblyname: Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.resources,fileVersion="10.0.31007.0",version="10.0.0.00000",culture="de",publicKeyToken="B03F5F7F11D50A3A",processorArchitecture="MSIL"


System errors:
=============
Error: (09/01/2013 08:46:09 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.

Error: (09/01/2013 08:46:07 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.

Error: (09/01/2013 08:46:05 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.

Error: (09/01/2013 08:46:03 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.

Error: (09/01/2013 08:46:00 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.

Error: (09/01/2013 08:45:57 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.

Error: (09/01/2013 08:45:55 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.

Error: (09/01/2013 11:08:23 AM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.

Error: (09/01/2013 11:08:21 AM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.

Error: (09/01/2013 11:08:19 AM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.


Microsoft Office Sessions:
=========================
Error: (08/31/2013 05:40:26 PM) (Source: Office Software Protection Platform Service)(User: )
Description: hr=0x80072EE77b7d1f17-fdcb-4820-9789-9bec6e377821

Error: (08/31/2013 05:40:26 PM) (Source: Office Software Protection Platform Service)(User: )
Description: hr=0x80072EE700010001(0x00000000, 17:40:26:452 - hxxp://go.microsoft.com/fwlink/?LinkID=120748)
00020001(0x00000000, 17:40:26:452)
00030001(0x00000000, 17:40:26:608 - hxxp://go.microsoft.com)
00030002(0x00000000, 17:40:26:608 - 0)
00040001(0x00000000, 17:40:26:608 - hxxp://go.microsoft.com)
00040002(0x00000000, 17:40:26:624 - 1, <NULL>, <NULL>, <NULL>)
00040004(0x80072F94, 17:40:26:717 - <NULL>)
00040006(0x00000000, 17:40:26:717 - 1, hxxp://go.microsoft.com, <NULL>, <local>)
00020005(0x00000000, 17:40:26:717 - 0)
00020007(0x80072EE7, 17:40:26:733)
00010002(0x80072EE7, 17:40:26:733 - <NULL>)
00010003(0x80072EE7, 17:40:26:733)

Error: (08/31/2013 05:11:08 PM) (Source: MsiInstaller)(User: Arnold-PC)
Description: Microsoft Office Shared MUI (German) 2010Microsoft Office 2010 Service Pack 1 (SP1)1603(NULL)(NULL)(NULL)

Error: (08/31/2013 05:11:05 PM) (Source: MsiInstaller)(User: Arnold-PC)
Description: Produkt: Microsoft Office Shared MUI (German) 2010 -- Fehler 1935. Fehler beim Installieren der Assemblykomponente '{10072946-A083-4D87-834D-F7CE17318438}'. HRESULT: 0x80070005. Assemblyschnittstelle: IAssemblyCacheItem, Funktion: Commit, Assemblyname: Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.resources,fileVersion="10.0.31007.0",version="10.0.0.00000",culture="de",publicKeyToken="B03F5F7F11D50A3A",processorArchitecture="MSIL"(NULL)(NULL)(NULL)(NULL)(NULL)


==================== Memory info =========================== 

Percentage of memory in use: 21%
Total physical RAM: 3070.05 MB
Available physical RAM: 2408.33 MB
Total Pagefile: 6138.39 MB
Available Pagefile: 5457.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.35 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:143.84 GB) (Free:8.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (HP_RECOVERY) (Fixed) (Total:5.21 GB) (Free:1.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:14.81 GB) (Free:14.81 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 041F6810)
Partition 1: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 8C88EF51)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================
         
Viele Grüße,
Pulcheria


Alt 02.09.2013, 08:46   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Mehrfacher Befall von Trojanern - Standard

Mehrfacher Befall von Trojanern



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Mehrfacher Befall von Trojanern

Alt 02.09.2013, 21:31   #7
Pulcheria
 
Mehrfacher Befall von Trojanern - Standard

Mehrfacher Befall von Trojanern



Hallo Schrauber,

anbei die Ergebnisse von Malwarebytes Anti-Malware :

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.19.03

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Arnold :: ARNOLD-PC [Administrator]

Schutz: Aktiviert

02.09.2013 21:04:37
mbam-log-2013-09-02 (21-04-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 194867
Laufzeit: 2 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
von AdwCleaner

Code:
ATTFilter
# AdwCleaner v3.002 - Bericht erstellt am 02/09/2013 um 21:15:54
# Updated 01/09/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (32 bits)
# Benutzername : Arnold - ARNOLD-PC
# Gestartet von : G:\adwcleaner.exe
# Option : Lˆschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelˆscht : C:\Program Files\Ask.com
Ordner Gelˆscht : C:\Users\Arnold\AppData\Local\Temp\AskSearch
Ordner Gelˆscht : C:\Users\Arnold\AppData\LocalLow\AskToolbar
Datei Gelˆscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Verkn¸pfungen ] *****


***** [ Registrierungsdatenbank ] *****

[#] Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[#] Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48619F15-5877-4400-ABE1-E84F4E4DB6F8}
[#] Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{48619F15-5877-4400-ABE1-E84F4E4DB6F8}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Wert Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Wert Gelˆscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schl¸ssel Gelˆscht : HKCU\Software\Ask.com
Schl¸ssel Gelˆscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schl¸ssel Gelˆscht : HKLM\Software\AskToolbar
Schl¸ssel Gelˆscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Produkt Gelˆscht : Ask Toolbar

***** [ Browser ] *****

-\\ Internet Explorer v8.0.7600.16385


*************************

AdwCleaner[R0].txt - [6515 octets] - [02/09/2013 21:11:58]
AdwCleaner[S0].txt - [6337 octets] - [02/09/2013 21:15:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6397 octets] ##########
         
und Junkware Removal Tool

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.7 (09.01.2013:1)
OS: Windows 7 Home Premium x86
Ran by Arnold on 02.09.2013 at 21:23:23,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.09.2013 at 21:26:08,95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST.txt


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-09-2013
Ran by Arnold (administrator) on ARNOLD-PC on 02-09-2013 21:27:05
Running from G:\
Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\system32\DFDWiz.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345312 2013-04-04] (Avira Operations GmbH & Co. KG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com?o=10148&l=dis&tb=AVR-4
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-02-25] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-02-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-02-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-02 21:23 - 2013-09-02 21:23 - 00000000 ____D C:\Windows\ERUNT
2013-09-02 21:11 - 2013-09-02 21:16 - 00000000 ____D C:\AdwCleaner
2013-09-02 20:42 - 2013-09-02 20:42 - 00000000 ____D C:\Users\Arnold\AppData\Roaming\Malwarebytes
2013-09-02 20:41 - 2013-09-02 20:41 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-02 20:41 - 2013-09-02 20:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-02 20:41 - 2013-09-02 20:41 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-02 20:41 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-01 20:43 - 2013-09-01 20:43 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-09-01 11:23 - 2013-09-01 11:23 - 00000000 ____D C:\FRST
2013-09-01 09:59 - 2013-09-01 09:59 - 00099426 _____ C:\Windows\PFRO.log
2013-08-31 17:01 - 2013-08-31 17:01 - 00000000 ____D C:\Windows\PCHEALTH
2013-08-31 17:01 - 2013-08-31 17:01 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-08-31 17:01 - 2013-08-31 17:01 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-08-31 16:58 - 2013-08-31 16:58 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2013-08-31 16:57 - 2013-08-31 16:57 - 00000000 ____D C:\Users\Arnold\AppData\Local\Microsoft Help
2013-08-31 16:56 - 2013-08-31 17:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-31 16:56 - 2013-08-31 17:01 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-31 13:21 - 2013-08-31 12:42 - 00000000 ____D C:\Windows\Panther
2013-08-31 13:07 - 2013-08-31 13:07 - 00000000 ____D C:\Windows.old.001
2013-08-31 12:52 - 2013-08-31 12:52 - 00000000 ____D C:\Users\Arnold\AppData\Roaming\Avira
2013-08-31 12:50 - 2013-08-31 12:50 - 00002018 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-31 12:49 - 2013-08-31 12:50 - 00000000 ____D C:\ProgramData\Avira
2013-08-31 12:49 - 2013-08-31 12:49 - 00000000 ____D C:\Program Files\Avira
2013-08-31 12:49 - 2013-03-06 16:13 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-31 12:49 - 2013-02-27 13:22 - 00135136 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-31 12:49 - 2013-02-27 13:22 - 00084744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-31 12:49 - 2012-08-27 15:50 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-08-31 12:45 - 2013-09-02 21:22 - 01472002 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-31 12:43 - 2013-08-31 12:43 - 00001415 _____ C:\Users\Arnold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-31 12:42 - 2013-08-31 12:43 - 00000000 ____D C:\Users\Arnold
2013-08-31 12:42 - 2013-08-31 12:42 - 00000020 ___SH C:\Users\Arnold\ntuser.ini
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Startmenü
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Netzwerkumgebung
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Druckumgebung
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Documents\Eigene Musik
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Documents\Eigene Bilder
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\AppData\Local\Verlauf
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 ____D C:\Users\Arnold\AppData\Local\VirtualStore
2013-08-31 12:42 - 2009-07-14 06:42 - 00000000 ___RD C:\Users\Arnold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-08-31 12:42 - 2009-07-14 06:37 - 00000000 ___RD C:\Users\Arnold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-08-31 12:27 - 2013-09-02 21:17 - 00048255 _____ C:\Windows\WindowsUpdate.log
2013-08-31 12:24 - 2013-08-31 12:28 - 00001313 _____ C:\Windows\TSSysprep.log

==================== One Month Modified Files and Folders =======

2013-09-02 21:26 - 2013-09-02 21:26 - 00000626 _____ C:\Users\Arnold\Desktop\JRT.txt
2013-09-02 21:23 - 2013-09-02 21:23 - 00000000 ____D C:\Windows\ERUNT
2013-09-02 21:22 - 2013-08-31 12:45 - 01472002 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-02 21:21 - 2013-08-31 12:27 - 00048255 _____ C:\Windows\WindowsUpdate.log
2013-09-02 21:18 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-02 21:18 - 2009-07-14 06:39 - 00017586 _____ C:\Windows\setupact.log
2013-09-02 21:17 - 2009-07-14 06:34 - 00012208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-02 21:17 - 2009-07-14 06:34 - 00012208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-02 21:16 - 2013-09-02 21:11 - 00000000 ____D C:\AdwCleaner
2013-09-02 20:42 - 2013-09-02 20:42 - 00000000 ____D C:\Users\Arnold\AppData\Roaming\Malwarebytes
2013-09-02 20:41 - 2013-09-02 20:41 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-02 20:41 - 2013-09-02 20:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-02 20:41 - 2013-09-02 20:41 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-01 20:43 - 2013-09-01 20:43 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-09-01 11:23 - 2013-09-01 11:23 - 00000000 ____D C:\FRST
2013-09-01 10:02 - 2009-07-14 06:33 - 00341480 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-01 09:59 - 2013-09-01 09:59 - 00099426 _____ C:\Windows\PFRO.log
2013-08-31 17:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-31 17:11 - 2013-08-31 16:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-31 17:06 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\System
2013-08-31 17:06 - 2009-07-14 04:04 - 00000478 _____ C:\Windows\win.ini
2013-08-31 17:02 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-08-31 17:01 - 2013-08-31 17:01 - 00000000 ____D C:\Windows\PCHEALTH
2013-08-31 17:01 - 2013-08-31 17:01 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-08-31 17:01 - 2013-08-31 17:01 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-08-31 17:01 - 2013-08-31 16:56 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-31 16:58 - 2013-08-31 16:58 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2013-08-31 16:58 - 2009-07-14 10:57 - 00000000 ____D C:\Windows\ShellNew
2013-08-31 16:57 - 2013-08-31 16:57 - 00000000 ____D C:\Users\Arnold\AppData\Local\Microsoft Help
2013-08-31 16:55 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\restore
2013-08-31 13:21 - 2009-10-24 09:43 - 00008192 __RSH C:\BOOTSECT.BAK
2013-08-31 13:21 - 2009-07-14 06:57 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2013-08-31 13:21 - 2009-07-14 06:52 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2013-08-31 13:07 - 2013-08-31 13:07 - 00000000 ____D C:\Windows.old.001
2013-08-31 12:52 - 2013-08-31 12:52 - 00000000 ____D C:\Users\Arnold\AppData\Roaming\Avira
2013-08-31 12:50 - 2013-08-31 12:50 - 00002018 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-31 12:50 - 2013-08-31 12:49 - 00000000 ____D C:\ProgramData\Avira
2013-08-31 12:49 - 2013-08-31 12:49 - 00000000 ____D C:\Program Files\Avira
2013-08-31 12:43 - 2013-08-31 12:43 - 00001415 _____ C:\Users\Arnold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-31 12:43 - 2013-08-31 12:42 - 00000000 ____D C:\Users\Arnold
2013-08-31 12:42 - 2013-08-31 13:21 - 00000000 ____D C:\Windows\Panther
2013-08-31 12:42 - 2013-08-31 12:42 - 00000020 ___SH C:\Users\Arnold\ntuser.ini
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Startmenü
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Netzwerkumgebung
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Druckumgebung
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Documents\Eigene Musik
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Documents\Eigene Bilder
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\AppData\Local\Verlauf
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 ____D C:\Users\Arnold\AppData\Local\VirtualStore
2013-08-31 12:42 - 2009-10-24 11:39 - 00000000 __SHD C:\Recovery
2013-08-31 12:42 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-08-31 12:42 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\Recovery
2013-08-31 12:42 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Windows NT
2013-08-31 12:41 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-08-31 12:28 - 2013-08-31 12:24 - 00001313 _____ C:\Windows\TSSysprep.log
2013-08-31 12:24 - 2009-07-14 06:34 - 00001774 _____ C:\Windows\DtcInstall.log

Files to move or delete:
====================
C:\Users\Arnold\AppData\Local\Temp\Quarantine.exe
C:\Users\Arnold\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 11:00

==================== End Of Log ============================
         
--- --- ---

--- --- ---


und Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-09-2013
Ran by Arnold at 2013-09-02 21:28:33
Running from G:\
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Avira Free Antivirus (Version: 13.0.0.3640)
Definition update for Microsoft Office 2010 (KB982726)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
 

==================== Restore Points  =========================

31-08-2013 14:55:38 Installed Microsoft Office Home and Business 2010

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============


==================== Loaded Modules (whitelisted) =============

2013-09-02 20:41 - 2013-04-04 14:50 - 00527944 _____ (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
2013-09-02 20:41 - 2013-04-04 14:50 - 02191944 _____ (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
2011-02-19 23:03 - 2011-02-19 23:03 - 04422992 _____ (Microsoft Corporation) C:\Windows\system32\mfc100u.dll
2011-02-19 00:40 - 2011-02-19 00:40 - 00773968 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR100.dll
2011-02-19 23:03 - 2011-02-19 23:03 - 00421200 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP100.dll
2009-07-14 01:37 - 2009-07-14 03:15 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\LOGONCLI.DLL
2009-07-14 01:37 - 2009-07-14 03:15 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\BROWCLI.DLL
2011-02-19 23:03 - 2011-02-19 23:03 - 00064336 _____ (Microsoft Corporation) C:\Windows\system32\MFC100DEU.DLL
2013-08-31 12:49 - 2013-04-15 20:28 - 00740408 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll
2013-08-31 12:49 - 2013-04-15 20:29 - 00054840 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\cfglib.dll
2013-08-31 12:49 - 2013-04-15 20:25 - 00344120 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccguard.dll
2013-08-31 12:49 - 2013-03-27 14:17 - 00030432 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgrdrc.dll
2013-08-31 12:49 - 2013-04-15 20:25 - 00229432 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgrdw.dll
2013-08-31 12:49 - 2013-04-15 20:31 - 00378424 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\grdcore.dll
2013-08-31 12:49 - 2013-04-15 20:30 - 00217656 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\gpipc.dll
2013-08-31 12:49 - 2013-01-25 10:25 - 00062320 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avipc.dll
2013-08-31 12:49 - 2013-04-15 20:28 - 00410680 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccwgrd.dll
2013-08-31 12:49 - 2013-04-15 20:25 - 00784440 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgen.dll
2013-08-31 12:49 - 2013-02-15 14:15 - 00051936 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgenrc.dll
2013-08-31 12:49 - 2013-04-15 20:28 - 00218168 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccupdate.dll
2013-08-31 12:49 - 2012-12-07 09:39 - 00029472 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccupdrc.dll
2013-08-31 12:49 - 2013-04-15 20:25 - 00083000 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\cclic.dll
2013-08-31 12:49 - 2013-01-25 10:25 - 00011632 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\cclicrc.dll
2013-08-31 12:49 - 2013-04-17 18:28 - 00203832 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccmsg.dll
2013-08-31 12:49 - 2013-01-25 10:25 - 00010608 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccmsgrc.dll
2013-08-31 12:49 - 2012-12-07 09:39 - 04780832 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\rcimage.dll
2013-08-31 12:49 - 2013-01-25 10:25 - 00016240 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccmainrc.dll
2013-08-31 12:49 - 2013-04-15 20:28 - 00212536 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ccupdw.dll

==================== Faulty Device Manager Devices =============

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (09/02/2013 09:28:58 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.

Error: (09/02/2013 09:28:56 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.

Error: (09/02/2013 09:28:54 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.

Error: (09/02/2013 09:28:52 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.

Error: (09/02/2013 09:28:49 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.

Error: (09/02/2013 09:28:46 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.

Error: (09/02/2013 09:28:43 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 24%
Total physical RAM: 3070.05 MB
Available physical RAM: 2303.87 MB
Total Pagefile: 6138.39 MB
Available Pagefile: 5328.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.67 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:143.84 GB) (Free:8.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (HP_RECOVERY) (Fixed) (Total:5.21 GB) (Free:1.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:14.81 GB) (Free:14.79 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 041F6810)
Partition 1: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 8C88EF51)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================
         
Viele Grüße,
Pulcheria

Alt 03.09.2013, 08:42   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Mehrfacher Befall von Trojanern - Standard

Mehrfacher Befall von Trojanern




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.09.2013, 21:08   #9
Pulcheria
 
Mehrfacher Befall von Trojanern - Standard

Mehrfacher Befall von Trojanern



Hallo Schrauber,

eine Frage vorweg: auf der externen Festplatte, die ich für den ESET Online Scanner anschließen würde, befinden sich mehrere Backups und ich vermute somit auch ganz stark die zig Trojaner und Backbones, die vorher auf der Laptop-Festplatte waren.

Kann ich es wagen "online" mit dem Laptop zu gehen, um den Online-Scan durchzuführen? Oder sollte ich die Festplatte vorher komplett platt machen? Falls ja, kannst Du mir ggf. ein Tool empfehlen, womit ich so eine externe Festplatte richtig "sauber" bekomme?

Vielen Dank & viele Grüße

Pulcheria

Alt 04.09.2013, 09:48   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Mehrfacher Befall von Trojanern - Standard

Mehrfacher Befall von Trojanern



Wenn Du die Backups nicht brauchst, enfach über Windows formatieren, das reicht.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.09.2013, 22:55   #11
Pulcheria
 
Mehrfacher Befall von Trojanern - Standard

Mehrfacher Befall von Trojanern



Hallo Schrauber,

anbei das Log-file vom ESET Online Scanner (es wurden 2 threats gefunden):

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=963aeeedb5ea3c4e9665e4e9586f50c2
# engine=15010
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-04 08:37:10
# local_time=2013-09-04 10:37:10 (+0100, Mitteleurop‰ische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1799 16774141 100 97 380832 243750320 0 0
# compatibility_mode=5893 16776574 66 85 130765773 130765773 0 0
# scanned=349600
# found=2
# cleaned=0
# scan_time=8788
sh=2FC74C063A4F2D3C0D86D3A3543CF76101541D00 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Windows.old\Users\ARNOLD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0IADMRNE\kidstash_info[1].htm"
sh=8C1805CBA64C71CA6E4BE5D58A2278E5CAF18B4A ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Windows.old\Users\ARNOLD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0IADMRNE\kidstash_info[2].htm"
ESETSmartInstaller@High as downloader log:
all ok
         
und SecurityCheck

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.72  
 Windows 7  x86 (UAC is enabled)  
 Out of date service pack!! 
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus out of date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-09-2013
Ran by Arnold (administrator) on ARNOLD-PC on 04-09-2013 22:50:55
Running from G:\
Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\system32\DFDWiz.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345312 2013-04-04] (Avira Operations GmbH & Co. KG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com?o=10148&l=dis&tb=AVR-4
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-02-25] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-02-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-02-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-04 22:40 - 2013-04-04 14:07 - 02347384 _____ (ESET) C:\Users\Arnold\Desktop\esetsmartinstaller_enu.exe
2013-09-04 20:07 - 2012-06-03 00:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-09-04 20:07 - 2012-06-03 00:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-09-04 20:07 - 2012-06-03 00:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-09-04 20:07 - 2012-06-03 00:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-09-04 20:07 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-09-04 20:07 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-09-03 21:02 - 2013-09-03 21:02 - 00000000 ____D C:\Program Files\ESET
2013-09-03 20:59 - 2013-09-03 20:59 - 00086080 _____ C:\Users\Arnold\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-02 21:26 - 2013-09-02 21:26 - 00000626 _____ C:\Users\Arnold\Desktop\JRT.txt
2013-09-02 21:23 - 2013-09-02 21:23 - 00000000 ____D C:\Windows\ERUNT
2013-09-02 21:11 - 2013-09-02 21:16 - 00000000 ____D C:\AdwCleaner
2013-09-02 20:42 - 2013-09-02 20:42 - 00000000 ____D C:\Users\Arnold\AppData\Roaming\Malwarebytes
2013-09-02 20:41 - 2013-09-02 20:41 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-02 20:41 - 2013-09-02 20:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-02 20:41 - 2013-09-02 20:41 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-02 20:41 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-01 20:43 - 2013-09-01 20:43 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-09-01 11:23 - 2013-09-01 11:23 - 00000000 ____D C:\FRST
2013-09-01 09:59 - 2013-09-01 09:59 - 00099426 _____ C:\Windows\PFRO.log
2013-08-31 17:01 - 2013-08-31 17:01 - 00000000 ____D C:\Windows\PCHEALTH
2013-08-31 17:01 - 2013-08-31 17:01 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-08-31 17:01 - 2013-08-31 17:01 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-08-31 16:58 - 2013-08-31 16:58 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2013-08-31 16:57 - 2013-08-31 16:57 - 00000000 ____D C:\Users\Arnold\AppData\Local\Microsoft Help
2013-08-31 16:56 - 2013-08-31 17:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-31 16:56 - 2013-08-31 17:01 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-31 13:21 - 2013-08-31 12:42 - 00000000 ____D C:\Windows\Panther
2013-08-31 13:07 - 2013-08-31 13:07 - 00000000 ____D C:\Windows.old.001
2013-08-31 12:52 - 2013-08-31 12:52 - 00000000 ____D C:\Users\Arnold\AppData\Roaming\Avira
2013-08-31 12:50 - 2013-08-31 12:50 - 00002018 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-31 12:49 - 2013-08-31 12:50 - 00000000 ____D C:\ProgramData\Avira
2013-08-31 12:49 - 2013-08-31 12:49 - 00000000 ____D C:\Program Files\Avira
2013-08-31 12:49 - 2013-03-06 16:13 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-31 12:49 - 2013-02-27 13:22 - 00135136 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-31 12:49 - 2013-02-27 13:22 - 00084744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-31 12:49 - 2012-08-27 15:50 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-08-31 12:45 - 2013-09-04 20:07 - 01472002 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-31 12:43 - 2013-08-31 12:43 - 00001415 _____ C:\Users\Arnold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-31 12:42 - 2013-08-31 12:43 - 00000000 ____D C:\Users\Arnold
2013-08-31 12:42 - 2013-08-31 12:42 - 00000020 ___SH C:\Users\Arnold\ntuser.ini
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Startmenü
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Netzwerkumgebung
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Druckumgebung
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Documents\Eigene Musik
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Documents\Eigene Bilder
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\AppData\Local\Verlauf
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 ____D C:\Users\Arnold\AppData\Local\VirtualStore
2013-08-31 12:42 - 2009-07-14 06:42 - 00000000 ___RD C:\Users\Arnold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-08-31 12:42 - 2009-07-14 06:37 - 00000000 ___RD C:\Users\Arnold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-08-31 12:27 - 2013-09-04 20:42 - 01995663 _____ C:\Windows\WindowsUpdate.log
2013-08-31 12:24 - 2013-08-31 12:28 - 00001313 _____ C:\Windows\TSSysprep.log

==================== One Month Modified Files and Folders =======

2013-09-04 22:45 - 2013-09-04 22:47 - 00891115 _____ C:\Users\Arnold\Desktop\SecurityCheck.exe
2013-09-04 20:42 - 2013-08-31 12:27 - 01995663 _____ C:\Windows\WindowsUpdate.log
2013-09-04 20:42 - 2009-07-14 06:34 - 00013216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-04 20:42 - 2009-07-14 06:34 - 00013216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-04 20:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-04 20:07 - 2013-08-31 12:45 - 01472002 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-04 20:07 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Libraries
2013-09-04 20:05 - 2009-07-14 06:39 - 00017822 _____ C:\Windows\setupact.log
2013-09-04 19:48 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-03 21:02 - 2013-09-03 21:02 - 00000000 ____D C:\Program Files\ESET
2013-09-03 20:59 - 2013-09-03 20:59 - 00086080 _____ C:\Users\Arnold\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-02 21:26 - 2013-09-02 21:26 - 00000626 _____ C:\Users\Arnold\Desktop\JRT.txt
2013-09-02 21:23 - 2013-09-02 21:23 - 00000000 ____D C:\Windows\ERUNT
2013-09-02 21:16 - 2013-09-02 21:11 - 00000000 ____D C:\AdwCleaner
2013-09-02 20:42 - 2013-09-02 20:42 - 00000000 ____D C:\Users\Arnold\AppData\Roaming\Malwarebytes
2013-09-02 20:41 - 2013-09-02 20:41 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-02 20:41 - 2013-09-02 20:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-02 20:41 - 2013-09-02 20:41 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-01 20:43 - 2013-09-01 20:43 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-09-01 11:23 - 2013-09-01 11:23 - 00000000 ____D C:\FRST
2013-09-01 10:02 - 2009-07-14 06:33 - 00341480 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-01 09:59 - 2013-09-01 09:59 - 00099426 _____ C:\Windows\PFRO.log
2013-08-31 17:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-31 17:11 - 2013-08-31 16:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-31 17:06 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\System
2013-08-31 17:06 - 2009-07-14 04:04 - 00000478 _____ C:\Windows\win.ini
2013-08-31 17:02 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-08-31 17:01 - 2013-08-31 17:01 - 00000000 ____D C:\Windows\PCHEALTH
2013-08-31 17:01 - 2013-08-31 17:01 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-08-31 17:01 - 2013-08-31 17:01 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-08-31 17:01 - 2013-08-31 16:56 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-31 16:58 - 2013-08-31 16:58 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2013-08-31 16:58 - 2009-07-14 10:57 - 00000000 ____D C:\Windows\ShellNew
2013-08-31 16:57 - 2013-08-31 16:57 - 00000000 ____D C:\Users\Arnold\AppData\Local\Microsoft Help
2013-08-31 16:55 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\restore
2013-08-31 13:21 - 2009-10-24 09:43 - 00008192 __RSH C:\BOOTSECT.BAK
2013-08-31 13:21 - 2009-07-14 06:57 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2013-08-31 13:21 - 2009-07-14 06:52 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2013-08-31 13:07 - 2013-08-31 13:07 - 00000000 ____D C:\Windows.old.001
2013-08-31 12:52 - 2013-08-31 12:52 - 00000000 ____D C:\Users\Arnold\AppData\Roaming\Avira
2013-08-31 12:50 - 2013-08-31 12:50 - 00002018 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-31 12:50 - 2013-08-31 12:49 - 00000000 ____D C:\ProgramData\Avira
2013-08-31 12:49 - 2013-08-31 12:49 - 00000000 ____D C:\Program Files\Avira
2013-08-31 12:43 - 2013-08-31 12:43 - 00001415 _____ C:\Users\Arnold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-31 12:43 - 2013-08-31 12:42 - 00000000 ____D C:\Users\Arnold
2013-08-31 12:42 - 2013-08-31 13:21 - 00000000 ____D C:\Windows\Panther
2013-08-31 12:42 - 2013-08-31 12:42 - 00000020 ___SH C:\Users\Arnold\ntuser.ini
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Startmenü
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Netzwerkumgebung
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Druckumgebung
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Documents\Eigene Musik
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\Documents\Eigene Bilder
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\Users\Arnold\AppData\Local\Verlauf
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-08-31 12:42 - 2013-08-31 12:42 - 00000000 ____D C:\Users\Arnold\AppData\Local\VirtualStore
2013-08-31 12:42 - 2009-10-24 11:39 - 00000000 __SHD C:\Recovery
2013-08-31 12:42 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-08-31 12:42 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\Recovery
2013-08-31 12:42 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Windows NT
2013-08-31 12:41 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-08-31 12:28 - 2013-08-31 12:24 - 00001313 _____ C:\Windows\TSSysprep.log
2013-08-31 12:24 - 2009-07-14 06:34 - 00001774 _____ C:\Windows\DtcInstall.log

Files to move or delete:
====================
C:\Users\Arnold\AppData\Local\Temp\Quarantine.exe
C:\Users\Arnold\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 11:00

==================== End Of Log ============================
         
--- --- ---


und Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-09-2013
Ran by Arnold at 2013-09-04 22:53:24
Running from G:\
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Avira Free Antivirus (Version: 13.0.0.3640)
Definition update for Microsoft Office 2010 (KB982726)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
 

==================== Restore Points  =========================

31-08-2013 14:55:38 Installed Microsoft Office Home and Business 2010
04-09-2013 18:06:55 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============


==================== Loaded Modules (whitelisted) =============

2013-09-02 20:41 - 2013-04-04 14:50 - 00527944 _____ (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
2013-09-02 20:41 - 2013-04-04 14:50 - 02191944 _____ (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
2009-07-14 01:51 - 2009-07-14 03:16 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\xwizards.dll
2009-07-14 01:53 - 2009-07-14 03:16 - 00994816 _____ (Microsoft Corporation) C:\Windows\system32\wcnwiz.dll
2009-07-14 01:55 - 2009-07-14 03:16 - 00669696 _____ (Microsoft Corporation) C:\Windows\system32\WLanConn.dll
2009-07-14 02:13 - 2009-07-14 03:16 - 02255360 _____ (Microsoft Corporation) C:\Windows\System32\NLSData0007.dll
2009-07-13 22:46 - 2009-06-10 23:22 - 00015680 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\Fusion.dll
2009-07-14 10:47 - 2009-07-14 10:47 - 00093008 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\de\ShFusRes.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-08-31 12:49 - 2013-04-15 20:32 - 00154680 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\shlext.dll
2011-02-19 23:03 - 2011-02-19 23:03 - 04422992 _____ (Microsoft Corporation) C:\Windows\system32\mfc100u.dll
2011-02-19 00:40 - 2011-02-19 00:40 - 00773968 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR100.dll
2011-02-19 23:03 - 2011-02-19 23:03 - 00421200 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP100.dll
2011-02-19 23:03 - 2011-02-19 23:03 - 00064336 _____ (Microsoft Corporation) C:\Windows\system32\MFC100DEU.DLL
2009-07-14 01:23 - 2009-07-14 03:16 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\sdautoplay.dll
2009-07-14 01:23 - 2009-07-14 03:16 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\SPP.dll
2009-07-14 01:23 - 2009-07-14 03:16 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\VssTrace.DLL
2009-07-14 01:24 - 2009-07-14 03:16 - 00907264 _____ (Microsoft Corporation) C:\Windows\system32\sdengin2.dll
2009-07-14 01:25 - 2009-07-14 03:16 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2009-07-14 01:37 - 2009-07-14 03:15 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\LOGONCLI.DLL
2009-07-14 01:37 - 2009-07-14 03:15 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\BROWCLI.DLL
2013-08-31 12:49 - 2013-04-15 20:28 - 00740408 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll
2013-08-31 12:49 - 2013-04-15 20:29 - 00054840 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\cfglib.dll
2013-08-31 12:49 - 2013-04-15 20:25 - 00344120 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccguard.dll
2013-08-31 12:49 - 2013-03-27 14:17 - 00030432 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgrdrc.dll
2013-08-31 12:49 - 2013-04-15 20:25 - 00229432 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgrdw.dll
2013-08-31 12:49 - 2013-04-15 20:31 - 00378424 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\grdcore.dll
2013-08-31 12:49 - 2013-04-15 20:30 - 00217656 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\gpipc.dll
2013-08-31 12:49 - 2013-01-25 10:25 - 00062320 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avipc.dll
2013-08-31 12:49 - 2013-04-15 20:28 - 00410680 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccwgrd.dll
2013-08-31 12:49 - 2013-04-15 20:25 - 00784440 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgen.dll
2013-08-31 12:49 - 2013-02-15 14:15 - 00051936 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgenrc.dll
2013-08-31 12:49 - 2013-04-15 20:28 - 00218168 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccupdate.dll
2013-08-31 12:49 - 2012-12-07 09:39 - 00029472 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccupdrc.dll
2013-08-31 12:49 - 2013-04-15 20:25 - 00083000 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\cclic.dll
2013-08-31 12:49 - 2013-01-25 10:25 - 00011632 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\cclicrc.dll
2013-08-31 12:49 - 2013-04-17 18:28 - 00203832 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccmsg.dll
2013-08-31 12:49 - 2013-01-25 10:25 - 00010608 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccmsgrc.dll
2013-08-31 12:49 - 2012-12-07 09:39 - 04780832 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\rcimage.dll
2013-08-31 12:49 - 2013-01-25 10:25 - 00016240 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccmainrc.dll
2013-08-31 12:49 - 2013-04-15 20:28 - 00212536 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ccupdw.dll
2009-07-14 01:51 - 2009-07-14 03:16 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll

==================== Faulty Device Manager Devices =============

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (09/04/2013 10:53:44 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.

Error: (09/04/2013 10:53:42 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.

Error: (09/04/2013 10:53:40 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.

Error: (09/04/2013 10:53:38 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.

Error: (09/04/2013 10:53:35 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.

Error: (09/04/2013 10:53:33 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.

Error: (09/04/2013 10:53:30 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.

Error: (09/02/2013 10:04:33 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.

Error: (09/02/2013 10:04:31 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.

Error: (09/02/2013 10:04:27 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 39%
Total physical RAM: 3070.05 MB
Available physical RAM: 1847.41 MB
Total Pagefile: 6138.39 MB
Available Pagefile: 5067.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.93 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:143.84 GB) (Free:5.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (HP_RECOVERY) (Fixed) (Total:5.21 GB) (Free:1.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:14.81 GB) (Free:14.79 GB) FAT32
Drive h: () (Fixed) (Total:931.51 GB) (Free:931.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 041F6810)
Partition 1: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 8C88EF51)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 932 GB) (Disk ID: 6E880F94)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================
         
Viele Grüße,
Regina

Alt 05.09.2013, 09:49   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Mehrfacher Befall von Trojanern - Standard

Mehrfacher Befall von Trojanern



Im Windows.old Ordner, diesen komplett löschen, ist ne alte Windows Installation.

Windows Update so oft machen bis Servicepack installiert ist, dann bitte ein frisches FRST logfile.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.09.2013, 14:54   #13
Pulcheria
 
Mehrfacher Befall von Trojanern - Standard

Mehrfacher Befall von Trojanern



Hallo Schrauber,

ich müsste eigentlich nochmal den Laptop mit Windows XP neu aussetzen und dann mit Windows 7 upgraden. Andernfalls habe ich eine sehr schlechte Bildschirmauflösung. Ich habe in der Kürze den Laptop mit Windows 7 gebootet, um den Virenscanner zu aktivieren.

Sollte ich dann diese old-Version trotzdem löschen? Bzw. den Rechner erstmal mit XP neu booten, dann auf W7 upgraden und nochmal scannen?!

Viele Grüße,
Pulcheria

Alt 05.09.2013, 20:33   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Mehrfacher Befall von Trojanern - Standard

Mehrfacher Befall von Trojanern



Wenn Du das macsht erhälst Du wieder nen Windows.old Ordner.

Sichere doch einfach deine daten, mach Platt und installier direkt 7, das ist dann wenigstens sauber.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.09.2013, 21:54   #15
Pulcheria
 
Mehrfacher Befall von Trojanern - Standard

Mehrfacher Befall von Trojanern



Hallo Schrauber,

das Problem ist, dass das Notebook (HP Pavillon dv9000) nicht zu den HP-Modellen gehört, die Windows 7 unterstützen. Dass heißt leider, dass es keine Windows 7-Treibern oder -Software für das Notebook-Modell. Das habe ich erst festgestellt, als ich den Laptop mit Windows 7 gebootet habe und mich über die Bildschirmauflösung gewundert.

Das heißt leider, dass ich nochmal XP draufpacken und dann das Upgrade durchführen. :-(

Es sei denn es gibt noch andere Möglichkeit. :-/

Antwort

Themen zu Mehrfacher Befall von Trojanern
antiviren-programm, appdata, bds/java.kbj, externe festplatte, festplatte, nicht mehr, problem, retten, roaming, system, tr/atraps.gen, tr/atraps.gen2, tr/crypt.epack.gen2, tr/crypt.xpack.gen, trojaner, unterschiedlich, windows, windows 7, windows.old, zugriff



Ähnliche Themen: Mehrfacher Befall von Trojanern


  1. Schädlinge trotz mehrfacher Scans
    Log-Analyse und Auswertung - 02.06.2015 (19)
  2. Positiver Befall mit 4 Trojanern unter Windows7 #1
    Log-Analyse und Auswertung - 22.05.2015 (20)
  3. Acer Windows 7-Rechner * Befall von Viren und Trojanern? * Antivir Rescue CD beseitigt Viren/Trojanernicht
    Plagegeister aller Art und deren Bekämpfung - 14.12.2014 (15)
  4. Unter Win 7 HomePremium mehrfacher Trojaner-Befall
    Plagegeister aller Art und deren Bekämpfung - 09.07.2014 (19)
  5. Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ
    Log-Analyse und Auswertung - 15.02.2014 (86)
  6. Mehrfacher Befall BKA Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.01.2013 (34)
  7. Befall mehrer Rechner eines Haushalts mit multiplen Trojanern
    Plagegeister aller Art und deren Bekämpfung - 18.11.2012 (15)
  8. Mehrfacher Befall (Spy.BANKER.RS - EXP/Wimad.J - JS/Expack.VS)
    Log-Analyse und Auswertung - 20.07.2012 (12)
  9. Befall von 2 trojanern
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (1)
  10. 4-5 FIREFOXPROZESSE inkl mehrfacher Absturz beim Startup
    Plagegeister aller Art und deren Bekämpfung - 15.06.2011 (5)
  11. Mehrfacher Virenbefall mit z.B. BDS/Cycbot.B.1860
    Log-Analyse und Auswertung - 04.05.2011 (14)
  12. Multipler Befall von Trojanern
    Log-Analyse und Auswertung - 28.03.2011 (18)
  13. Befall mit sshnas21.dll und weiteren Trojanern - erfolgreich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 03.09.2010 (16)
  14. Befall mit Trojanern&Malware.Entfernen mit Antivir, Housecall, Spybot klappt nicht
    Plagegeister aller Art und deren Bekämpfung - 29.11.2008 (0)
  15. Befall von Antivirus xp, Trojanern und sonstiges
    Plagegeister aller Art und deren Bekämpfung - 16.09.2008 (8)
  16. Ad Aware läuft nicht mehr trotz mehrfacher Neuinstallation
    Antiviren-, Firewall- und andere Schutzprogramme - 20.06.2006 (3)
  17. Befall mit verschiedenen Trojanern!
    Plagegeister aller Art und deren Bekämpfung - 26.04.2006 (8)

Zum Thema Mehrfacher Befall von Trojanern - Guten Abend, mein Problem schildert sich wie folgt: Meine Eltern haben irgendwann Post von der Telekom erhalten, worin darauf aufmerksam gemacht wurde, dass von deren Rechner unerlaubt Spam-Massen-Mails versendet wurden - Mehrfacher Befall von Trojanern...
Archiv
Du betrachtest: Mehrfacher Befall von Trojanern auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.