Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   FakeAlert gbR und SystemCheck auf Windows Vista (https://www.trojaner-board.de/109685-fakealert-gbr-systemcheck-windows-vista.html)

Angela_64 12.02.2012 12:46
FakeAlert gbR und SystemCheck auf Windows Vista
 
Hallo, liebes Team,

gestern nachmittag am Rechner hat ein Programm hat ein Programm "chromeupdater" nach Administrator-Rechten gefragt. Nachdem ich das Programm nicht kenne, habe ich versucht, die Aufforderung wegzuklicken. Das hat mehrmals nicht funktioniert. Dann haben sich plötzlich alle Programme geschlossen und der Rechner ist neu gestartet. Nach dem Neustart war der Bildschirm schwarz, die Desktopsymbole und die Schnellstartleiste waren verschwunden und ein SystemCheck hat sich gestartet. Dieser SystemCheck hat angeblich alle möglichen Probleme mit Laufwerk C: und Speicherplatz gefunden. Die Aufforderung zum Bereinigen habe ich nicht angeklickt.

Ich habe dann nachfolgende Aktionen ausgeführt:
1. Systemwiederherstellung deaktiviert
2. McAfee Stinger installiert und laufen lassen. Das Programm hat vier infizierte Files gefunden und gelöscht.
Nachdem aber der Bildschirm weiterhin schwarz war und alle anderen Symptome ebenfalls nicht verschwunden sind, habe ich
3. Malwarebytes installiert und einen Quick-Scan durchgeführt. Das Programm hat zwei infizierte Objekte gefunden, die es entfernt hat.
4. TDSSKiller geladen und ausgeführt - ohne Befund
5. Malwarebytes Vollscan - ohn Befund
6. unhide geladen und ausgeführt - beim ersten Mal ohne Auswirkungen, dann ein zweites Mal mit stillgelegtem Virenscanner laufen lassen - ebenfalls ohne Änderung.
7. defogger - ohne Fehlermeldung
8. dds.txt:
Code:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19170  BrowserJavaVersion: 1.6.0_26
Run by Chef at 9:58:19 on 2012-02-12
Microsoft® Windows Vista™ Business  6.0.6002.2.1252.49.1031.18.3327.1517 [GMT 1:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\SYSTEM32\taskeng.exe
F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.UserSession.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\bgsvcgen.exe
C:\Windows\system32\conime.exe
F:\DATEV\PROGRAMM\B0001364\DtvScSer.exe
F:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe
F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
F:\DATEV\PROGRAMM\B0000150\ScWTS\DVCCSAWTSSetEntryNTE.exe
F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardManager.exe
F:\DATEV\PROGRAMM\Install\DvInesASDMon.Exe
C:\Program Files\Acronis\DriveMonitor\adm_tray.exe
F:\DATEV\PROGRAMM\B0000398\SiPaHost.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
F:\DATEV\PROGRAMM\Sws\LiMaServer.exe
F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
F:\DATEV\SYSTEM\rzpjwtch.exe
C:\Program Files\Netzmanager\netzmanager.exe
F:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE
F:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
F:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe
F:\DATEV\PROGRAMM\B0000404\msdisrv.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardService.exe
F:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
F:\DATEV\PROGRAMM\SWS\LiMaService.exe
C:\Windows\system32\wbem\wmiprvse.exe
F:\DATEV\PROGRAMM\B0001363\SCmIdentityScanner.exe
F:\DATEV\PROGRAMM\K0005003\Datev.Sdd.DataServer.exe
F:\DATEV\SYSTEM\NUKO\NKWLOGIN.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
F:\DATEV\PROGRAMM\K0008006\Datev.EO.Synchronization.Daemon.Launcher.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.datev.de/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - c:\program files\winload\tbWinl.dll
mURLSearchHooks: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - c:\program files\winload\tbWinl.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - c:\program files\winload\tbWinl.dll
BHO: {557F4852-8868-44dd-B5E9-9890AC4B1FD5} - No File
BHO: DtvIePwdSafeBHO Class: {6ef6b546-25fb-455b-801f-fdb3b3d39f9e} - f:\datev\programm\b0000397\DtvIePwdSafe.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: SCardBHOEvent Class: {af8cd625-e04a-4a8f-a90a-0c74846c2e30} - f:\datev\system\DVCCSAScardBHO002.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: DMS Schnellsuche: {bbfc5b4d-6bcd-4f13-ad6e-f6364f9dc621} - mscoree.dll
TB: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - c:\program files\winload\tbWinl.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [KeePass Password Safe] "c:\program files\keepass password safe\KeePass.exe"
uRun: [Datev.Arbeitsplatz.Scheduler.exe] f:\datev\programm\k0005000\Datev.Arbeitsplatz.Scheduler.exe
uRun: [DFÜ-Sammler] f:\datev\programm\rzkomm\ccsrv2.exe /SammlerEin /Delay 30
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [ScreenManager Pro for LCD] c:\program files\eizo\screenmanager pro for lcd\Lcdctrl.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DLPSP] "c:\program files\dell printers\additional color laser software\status monitor\DLPSP.EXE"
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [DVCCSAWTSSetEntryNTE] f:\datev\programm\b0000150\scwts\DVCCSAWTSSetEntryNTE.exe
mRun: [DATEV_SCardMan] f:\datev\programm\b0000347\scmgmt\ScardManager.exe
mRun: [DATEV Update-Monitor] "f:\datev\programm\install\DvInesASDMon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Skytel] Skytel.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [adm_tray.exe] c:\program files\acronis\drivemonitor\adm_tray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SiPaHost] f:\datev\programm\b0000398\sipahost.exe f:\datev\konfig\B0000398
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
StartupFolder: d:\benutzer\chef\appdata\roaming\micros~1\windows\startm~1\programs\startup\cd-menu.lnk - e:\MENU.exe
StartupFolder: d:\benutzer\chef\appdata\roaming\microsoft\windows\start menu\programs\startup\VIWAS - USB Scanner.url
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\basiss~1.lnk - f:\datev\programm\bsoffice\service\OfficeDiag.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\datev-~1.lnk - f:\datev\programm\a0000007\DHNC.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\df-man~1.lnk - f:\datev\programm\b0000000\dfuemngr\DfueMan.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\lizenz~1.lnk - f:\datev\programm\sws\LiMaServer.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rz-dru~1.lnk - f:\datev\system\rzpjwtch.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\skyuse~1.lnk - f:\datev\programm\b0001401\UpdateDevmode.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: An OneNote s&enden - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: adac.de\www
Trusted Zone: dell.com\support.euro
Trusted Zone: deutschepost.de\stampitweb
Trusted Zone: localhost
Trusted Zone: t-online.de\email
Trusted Zone: top20free.de\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.123.1
TCP: Interfaces\{5D50606D-CA42-4B5F-A889-FD51BCAB22AA} : DhcpNameServer = 192.168.123.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {ADD9AEE8-B916-4CD6-A04B-9386DF90D594} - msiexec /fus {ADD9AEE8-B916-4CD6-A04B-9386DF90D594} /quiet
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\benutzer\chef\appdata\roaming\mozilla\firefox\profiles\pcwqv1rc.default\
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npideapl.dll
FF - plugin: c:\program files\phonostar-player\npphonostarDetectNP.dll
FF - plugin: f:\datev\programm\a0000015\npdvbm.dll
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-12-20 40368]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-2-1 475704]
R2 DATEV Logon Service;DATEV Logon Service;f:\datev\programm\b0001364\DtvScSer.exe [2010-9-3 406112]
R2 DATEV Update-Service;DATEV Update-Service;f:\datev\programm\install\DvInesASDSvc.Exe [2011-7-25 172640]
R2 DATEV ViwasClientService;DATEV ViwasClientService;f:\datev\programm\viwas\Datev.Viwas.ClientService.exe [2011-9-6 63488]
R2 Datev.Framework.RemoteServiceModel.EnablerService;DATEV DFL-Service-Manager;f:\datev\system\datev.framework.remoteservicemodel.genericservice2010.exe datev.framework.remoteservicemodel.enablerservice -svcrunlevel=9999 --> f:\datev\system\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 [?]
R2 DatevPrintService;DATEV Druckservice;f:\datev\programm\b0001442\PSNTServ.exe [2010-12-8 79872]
R2 Dcmanag;DATEV DFÜ-System Dienst;f:\datev\programm\b0000000\dfuemngr\DcManag.exe [2011-11-4 176128]
R2 DLSDB;Dell Printer Status Database;c:\program files\dell printers\additional color laser software\status monitor\dlsdbnt.exe [2009-3-7 140184]
R2 DVckService;DVckService;f:\datev\programm\b0000150\scserver\DVckService.exe [2008-9-13 2409056]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-11-30 21504]
R2 KOBIL_MSDI;KOBIL_MSDI;f:\datev\programm\b0000404\msdisrv.exe [2010-8-25 194144]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2010-8-25 22816]
R2 McAfeeFramework;McAfee Framework-Dienst;c:\program files\mcafee\common framework\FrameworkService.exe [2009-8-25 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2010-8-25 147984]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2010-8-25 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-2-1 159608]
R2 msftesql$DATEV_CL_DE01;SQL Server-Volltextsuche (DATEV_CL_DE01);c:\program files\microsoft sql server\mssql.4\mssql\binn\msftesql.exe [2010-3-26 91992]
R2 msftesql$DATEV_SV_DE01;SQL Server-Volltextsuche (DATEV_SV_DE01);c:\program files\microsoft sql server\mssql.1\mssql\binn\msftesql.exe [2010-3-26 91992]
R2 MSSQL$DATEV_CL_DE01;SQL Server (DATEV_CL_DE01);c:\program files\microsoft sql server\mssql.4\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 MSSQL$DATEV_SV_DE01;SQL Server (DATEV_SV_DE01);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\program files\netzmanager\nminfrais2\Netzmanager_Service.exe [2010-3-22 9728]
R2 SC_Serv3D;SC_Serv3D;c:\windows\system32\drivers\d3_kafm.sys [2011-7-19 75320]
R2 SCardService;DATEV SmartCard Service;f:\datev\programm\b0000347\scmgmt\SCardService.exe [2010-9-22 292960]
R2 Sicherheitspaket-Dienst;Sicherheitspaket-Dienst;f:\datev\programm\b0000398\sipahostservice.exe f:\datev\konfig\b0000398 --> f:\datev\programm\b0000398\sipahostservice.exe f:\datev\konfig\B0000398 [?]
R3 Datev.Database.Conserve;DATEV Connection Service;f:\datev\system\datev.framework.remoteservicemodel.genericservice2010.exe datev.database.conserve svcrunlevel=1000 --> f:\datev\system\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [?]
R3 Datev.Framework.RemoteServices.Messaging.CentralMessagingService;DATEV Messaging-Service;f:\datev\system\datev.framework.remoteservicemodel.genericservice2010.exe datev.framework.remoteservices.messaging.centralmessagingservice -svcrunlevel=1000 --> f:\datev\system\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices.Messaging.CentralMessagingService -SvcRunLevel=1000 [?]
R3 KOBCCEX;KOBCCEX;c:\windows\system32\drivers\KOBCCEX.sys [2009-10-8 23424]
R3 KOBCCID;KOBCCID;c:\windows\system32\drivers\KOBCCID.sys [2009-10-8 84352]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-2-1 91896]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-2-1 43192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9889db9b3521a;Google Update Service (gupdate1c9889db9b3521a);c:\program files\google\update\GoogleUpdate.exe [2009-2-6 133104]
S3 Datev.Framework.RemoteServices;DATEV DFL Infrastruktur-Dienst;f:\datev\system\datev.framework.remoteservicemodel.genericservice2010.exe datev.framework.remoteservices -svcrunlevel=1000 --> f:\datev\system\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 [?]
S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\system32\drivers\DslTestSp5.sys [2008-11-27 26816]
S3 DVDFUEavmnwapi;DATEV DFÜ-Erweiterung-Zugriffssteuerung;"f:\datev\programm\b0000303\extranet\dvdfueavmnwapi.exe" --> f:\datev\programm\b0000303\extranet\DVDFUEavmnwapi.exe [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-6 133104]
S3 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run --> c:\windows\system32\hasplms.exe  -run [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-2-1 87656]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-12-10 7808]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-11 18:42:31        --------        d-----w-        d:\benutzer\chef\appdata\roaming\Malwarebytes
2012-02-11 18:42:22        --------        d-----w-        c:\programdata\Malwarebytes
2012-02-11 18:42:20        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-02-11 18:42:19        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-02-11 17:59:01        14664        ----a-w-        c:\windows\stinger.sys
2012-02-11 17:40:39        --------        d-----w-        c:\program files\stinger
2012-02-11 16:11:08        --------        d-----w-        C:\Quarantäne
2012-02-01 17:52:33        23864        ----a-w-        c:\program files\mozilla firefox\components\Scriptff.dll
2012-02-01 17:52:32        91896        ----a-w-        c:\windows\system32\drivers\mfeavfk.sys
2012-02-01 17:52:32        87656        ----a-w-        c:\windows\system32\drivers\mferkdet.sys
2012-02-01 17:52:32        76024        ----a-w-        c:\windows\system32\drivers\mfeapfk.sys
2012-02-01 17:52:32        43192        ----a-w-        c:\windows\system32\drivers\mfebopk.sys
2012-02-01 17:52:31        64208        ----a-w-        c:\windows\system32\drivers\mfetdik.sys
2012-02-01 17:52:31        475704        ----a-w-        c:\windows\system32\drivers\mfehidk.sys
2012-02-01 17:52:31        159608        ----a-w-        c:\windows\system32\mfevtps.exe
2012-02-01 17:51:41        --------        d-----w-        c:\program files\McAfee
2012-01-31 06:22:49        440192        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-01-31 06:22:49        278528        ----a-w-        c:\windows\system32\schannel.dll
2012-01-31 06:22:49        1259008        ----a-w-        c:\windows\system32\lsasrv.dll
2012-01-31 06:22:48        9728        ----a-w-        c:\windows\system32\lsass.exe
2012-01-31 06:22:48        72704        ----a-w-        c:\windows\system32\secur32.dll
2012-01-31 06:22:48        377344        ----a-w-        c:\windows\system32\winhttp.dll
.
==================== Find3M  ====================
.
2012-02-01 09:38:34        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-28 09:19:26        467968        ------w-        c:\windows\system32\rsct_ot.ocx
2011-11-25 15:59:48        376320        ----a-w-        c:\windows\system32\winsrv.dll
2011-11-23 13:37:27        2043904        ----a-w-        c:\windows\system32\win32k.sys
2011-11-18 20:23:34        1205064        ----a-w-        c:\windows\system32\ntdll.dll
2011-11-18 17:47:03        66560        ----a-w-        c:\windows\system32\packager.dll
2011-04-21 14:33:38        2897408        ----a-w-        c:\program files\EPortoInstaller2010_v2.1.msi
2011-04-21 14:33:30        436736        ----a-w-        c:\program files\setup.exe
.
============= FINISH:  9:59:53,55 ===============
attach.txt:
Code:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume1
Install Date: 13.09.2008 14:55:19
System Uptime: 12.02.2012 09:02:17 (0 hours ago)
.
Motherboard: FUJITSU SIEMENS |  | MS-7379VP
Processor: Intel(R) Core(TM)2 Quad  CPU  Q9300  @ 2.50GHz | CPU 1 | 2003/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 82,537 GiB free.
D: is FIXED (NTFS) - 206 GiB total, 103,851 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 144 GiB total, 84,977 GiB free.
G: is FIXED (NTFS) - 463 GiB total, 371,469 GiB free.
P: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
ACL 9
Acronis Drive Monitor
Acronis*True*Image*Home
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.2 - Deutsch
Adobe Reader 9.5.0 - Deutsch
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Arbeitsblätter Leporello 1
Audible Download Manager
Avanquest update
Avery Wizard 4.0
B1315AppGuid
Bonjour
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Crystal Reports Runtime XI
DATEV Belegtransfer V.3.11
DATEV Infragistics Runtime V.3.2
DATEV Installation V.2.9
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell-Druckersoftware
Dell MFP Laser 3115cn Dienstprogramme Ver.1.0.1.0
Dell MFP Laser 3115cn ScanButton-Manager Ver.1.1.0.0
Dell MFP Laser 3115cn Scanner-Treiber Ver.1.1.6.0
Deutsche Post E-Porto
Dialogseminar online V.3.0
flatster
Formularpraxis - Verlag Dr. Otto Schmidt
GeoSetter 3.3.60
GmbHR
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hardcopy (C:\Program Files\Hardcopy)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCloud
iPhone-Konfigurationsprogramm
iTunes
Java Auto Updater
Java(TM) 6 Update 17
Java(TM) 6 Update 18
Java(TM) 6 Update 26
KeeForm 2.01
KeePass Password Safe 1.17
KhalInstallWrapper
kobdfu x64x86 driver installation
KOBIL CCID driver x64x86
Logitech SetPoint
Malwarebytes Anti-Malware Version 1.60.1.1000
McAfee Agent
McAfee AntiSpyware Enterprise Module
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended DEU Language Pack
Microsoft Access 2002 Runtime
Microsoft Office 2010 Primary Interop Assemblies
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (German) 2010
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005-Abwärtskompatibilität
Microsoft SQL Server 2005 (DATEV_CL_DE01)
Microsoft SQL Server 2005 (DATEV_SV_DE01)
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XML Parser
MobileMe Control Panel
Motorola Phone Tools
Mozilla Firefox 10.0 (x86 de)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Nero 7 Essentials
Nero BurnLite 10
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
neroxml
Netzmanager
Notepad++
NVIDIA Drivers
Paragon Partition Manager 9.0 Personal
phonostar-Player Version 3.02.4
PHOTOfunSTUDIO 5.1 HD Edition
QuickTime
Realtek High Definition Audio Driver
Safari
ScreenManager Pro for LCD
Secunia PSI
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
SolveigMM AVI Trimmer
Spelling Dictionaries Support For Adobe Reader 9
SQLXML4
Stampit Home
TuneUp Utilities 2008
Unlocker 1.8.7
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Visual C++ 9.0 CRT (x86) WinSXS MSM
VLC media player 1.1.4
WeihnachtsTheme
Winload Toolbar
.
==== End Of File ===========================
9. GMER im abgesicherten Modus laufen lassen (anders hat es sich nicht starten lassen)

GMER.txt:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-12 11:31:44
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD1002FAEX-00Z3A0 rev.05.01D05
Running: w1fygi1p.exe; Driver: D:\Benutzer\Chef\AppData\Local\Temp\uxddqpod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                      mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                        hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                        tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                        timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

Device          \Driver\aksusb \Device\00000071                                              AKSCLASS.SYS (Aladdin Class Driver/Aladdin Knowledge Systems Ltd.)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                        hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                        tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                        timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                        hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                        tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                        timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                        hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                        tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                        timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                        hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                        tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                        timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\tdx \Device\Udp                                                      mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \FileSystem\fastfat \Fat                                                      fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SOFTWARE\Classes\CLSID\{64A3D41B-61A5-4834-9A42-FDE1C37B0005}@EditFlags  3

---- EOF - GMER 1.0.15 ----

Ich hoffe, ich habe das jetzt alles richtig gemacht mit den TXT.Files...

Meine Fragen sind nun:
- Ist das System jetzt wieder sauber oder muß ich noch weitere Bereinigungen durchführen?
- Welche der runtergeladenen Programme kann ich guten Gewissens wieder löschen?
- Muss ich sicherheitshalber alle meine Passwörter neu vergeben?
- Wie kann so ein Trojaner das System angreifen wenn ich nie mit Administratorrechten arbeite und im Hintergrund der McAfee Virenscanner läuft, der täglich mindestens zweimal auf Aktualisierungen zugreift. Außerdem bin ich - zumindest bewußt - nicht auf irgendwelchen "wilden Seiten" unterwegs. Emails aus unbekannten Quellen werden sofort gelöscht und Anhänge machen ich auch nicht nach Belieben auf.

Vielen Dank schon mal für Euere Hilfe
Angela

cosinus 12.02.2012 15:51
Zitat:
3. Malwarebytes installiert und einen Quick-Scan durchgeführt. Das Programm hat zwei infizierte Objekte gefunden, die es entfernt hat.
4. TDSSKiller geladen und ausgeführt - ohne Befund
5. Malwarebytes Vollscan - ohn Befund
Bitte auch davon alle Logs posten!!

Angela_64 12.02.2012 16:13
Hallo Arne,

hier sind die logs:

Malwarebytes Quick-Scan:
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.11.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Chef :: CALLAS [Administrator]

11.02.2012 19:43:41
mbam-log-2012-02-11 (19-43-41).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 261397
Laufzeit: 13 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
D:\Benutzer\XXX\AppData\Local\Temp\1CCC.tmp (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Benutzer\XXX\AppData\Local\Temp\chromeupdtr.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Benutzer\XXX\AppData\Local\Temp\ddSrHDXHvZXSqi.exe.tmp (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Malwarebytes Vollscan
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.11.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Chef :: CALLAS [Administrator]

11.02.2012 21:51:32
mbam-log-2012-02-11 (21-51-32).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 549233
Laufzeit: 2 Stunde(n), 54 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Und für den TDSSKiller finde ich leider kein Log :-(
Wenn ich auf Report gehe, sehe ich Systeminfo von jetzt, kann den Report aber auch nicht kopieren. Soll ich den nochmals laufen lassen?

Danke
Angela

cosinus 12.02.2012 16:15
Das passiert wenn du einfach Tools ausführt wenn man dich nciht angewiesen hat diese auszuführen.

Ich poste VOR dem Einsatz von TDSS immer das hier:
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Angela_64 12.02.2012 16:26
Habs gefunden :-)

Code:
21:49:42.0667 7336        TDSS rootkit removing tool 2.7.11.0 Feb  9 2012 10:12:57
21:49:43.0046 7336        ============================================================
21:49:43.0046 7336        Current date / time: 2012/02/11 21:49:43.0046
21:49:43.0046 7336        SystemInfo:
21:49:43.0047 7336       
21:49:43.0047 7336        OS Version: 6.0.6002 ServicePack: 2.0
21:49:43.0047 7336        Product type: Workstation
21:49:43.0047 7336        ComputerName: CALLAS
21:49:43.0047 7336        UserName: Chef
21:49:43.0047 7336        Windows directory: C:\Windows
21:49:43.0047 7336        System windows directory: C:\Windows
21:49:43.0047 7336        Processor architecture: Intel x86
21:49:43.0047 7336        Number of processors: 4
21:49:43.0047 7336        Page size: 0x1000
21:49:43.0047 7336        Boot type: Normal boot
21:49:43.0047 7336        ============================================================
21:49:43.0981 7336        Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:49:43.0984 7336        Drive \Device\Harddisk1\DR1 - Size: 0x3F380000 (0.99 Gb), SectorSize: 0x200, Cylinders: 0x80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:49:43.0985 7336        \Device\Harddisk0\DR0:
21:49:43.0985 7336        MBR used
21:49:43.0985 7336        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEEE596A
21:49:43.0985 7336        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xEEE59A9, BlocksNum 0x19B2DD56
21:49:44.0002 7336        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x28A1373E, BlocksNum 0x11F10BB2
21:49:44.0018 7336        \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3A92432F, BlocksNum 0x39DE1692
21:49:44.0018 7336        \Device\Harddisk1\DR1:
21:49:44.0019 7336        MBR used
21:49:44.0104 7336        Initialize success
21:49:44.0104 7336        ============================================================
21:49:50.0567 8056        ============================================================
21:49:50.0567 8056        Scan started
21:49:50.0567 8056        Mode: Manual;
21:49:50.0567 8056        ============================================================
21:49:51.0225 8056        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:49:51.0227 8056        ACPI - ok
21:49:51.0263 8056        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:49:51.0266 8056        adp94xx - ok
21:49:51.0289 8056        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:49:51.0291 8056        adpahci - ok
21:49:51.0304 8056        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:49:51.0305 8056        adpu160m - ok
21:49:51.0319 8056        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:49:51.0320 8056        adpu320 - ok
21:49:51.0349 8056        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:49:51.0351 8056        AFD - ok
21:49:51.0373 8056        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
21:49:51.0373 8056        agp440 - ok
21:49:51.0391 8056        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:49:51.0392 8056        aic78xx - ok
21:49:51.0422 8056        aksfridge      (730e9d3bb324fb1899005aea63c6782d) C:\Windows\system32\drivers\aksfridge.sys
21:49:51.0425 8056        aksfridge - ok
21:49:51.0449 8056        akshasp        (64fc197d24a2b240598f29ce0a6660c0) C:\Windows\system32\DRIVERS\akshasp.sys
21:49:51.0451 8056        akshasp - ok
21:49:51.0470 8056        aksusb          (cce6c56f18d214de8d66f3f2a774cd5b) C:\Windows\system32\DRIVERS\aksusb.sys
21:49:51.0471 8056        aksusb - ok
21:49:51.0484 8056        aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
21:49:51.0485 8056        aliide - ok
21:49:51.0504 8056        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
21:49:51.0504 8056        amdagp - ok
21:49:51.0522 8056        amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
21:49:51.0523 8056        amdide - ok
21:49:51.0540 8056        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:49:51.0541 8056        AmdK7 - ok
21:49:51.0556 8056        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
21:49:51.0557 8056        AmdK8 - ok
21:49:51.0574 8056        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:49:51.0575 8056        arc - ok
21:49:51.0593 8056        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:49:51.0595 8056        arcsas - ok
21:49:51.0645 8056        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:49:51.0646 8056        AsyncMac - ok
21:49:51.0663 8056        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:49:51.0663 8056        atapi - ok
21:49:51.0700 8056        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:49:51.0700 8056        Beep - ok
21:49:51.0714 8056        blbdrive - ok
21:49:51.0751 8056        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:49:51.0752 8056        bowser - ok
21:49:51.0778 8056        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:49:51.0779 8056        BrFiltLo - ok
21:49:51.0793 8056        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:49:51.0794 8056        BrFiltUp - ok
21:49:51.0813 8056        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:49:51.0814 8056        Brserid - ok
21:49:51.0832 8056        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:49:51.0833 8056        BrSerWdm - ok
21:49:51.0851 8056        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:49:51.0851 8056        BrUsbMdm - ok
21:49:51.0863 8056        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:49:51.0863 8056        BrUsbSer - ok
21:49:51.0880 8056        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:49:51.0880 8056        BTHMODEM - ok
21:49:51.0900 8056        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:49:51.0901 8056        cdfs - ok
21:49:51.0929 8056        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:49:51.0930 8056        cdrom - ok
21:49:51.0948 8056        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
21:49:51.0949 8056        circlass - ok
21:49:51.0986 8056        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:49:51.0988 8056        CLFS - ok
21:49:52.0004 8056        cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
21:49:52.0005 8056        cmdide - ok
21:49:52.0018 8056        Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
21:49:52.0018 8056        Compbatt - ok
21:49:52.0029 8056        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:49:52.0030 8056        crcdisk - ok
21:49:52.0048 8056        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:49:52.0049 8056        Crusoe - ok
21:49:52.0079 8056        CSC            (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
21:49:52.0082 8056        CSC - ok
21:49:52.0173 8056        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:49:52.0174 8056        DfsC - ok
21:49:52.0188 8056        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:49:52.0189 8056        disk - ok
21:49:52.0232 8056        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:49:52.0233 8056        drmkaud - ok
21:49:52.0261 8056        dsltestSp5      (c6b2e10cfe79169c72f0269087b9a603) C:\Windows\system32\Drivers\dsltestSp5.sys
21:49:52.0261 8056        dsltestSp5 - ok
21:49:52.0296 8056        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:49:52.0300 8056        DXGKrnl - ok
21:49:52.0318 8056        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:49:52.0319 8056        E1G60 - ok
21:49:52.0347 8056        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:49:52.0348 8056        Ecache - ok
21:49:52.0373 8056        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:49:52.0375 8056        elxstor - ok
21:49:52.0402 8056        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:49:52.0403 8056        exfat - ok
21:49:52.0418 8056        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:49:52.0420 8056        fastfat - ok
21:49:52.0436 8056        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:49:52.0437 8056        fdc - ok
21:49:52.0459 8056        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:49:52.0460 8056        FileInfo - ok
21:49:52.0509 8056        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:49:52.0510 8056        Filetrace - ok
21:49:52.0552 8056        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:49:52.0553 8056        flpydisk - ok
21:49:52.0563 8056        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:49:52.0565 8056        FltMgr - ok
21:49:52.0593 8056        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:49:52.0594 8056        Fs_Rec - ok
21:49:52.0614 8056        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:49:52.0615 8056        gagp30kx - ok
21:49:52.0642 8056        GEARAspiWDM    (df6e37b27a9a1a498c6d9f29995b7a03) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:49:52.0642 8056        GEARAspiWDM - ok
21:49:52.0686 8056        Hardlock        (a9d587e31dbee3e9bd97fefece0ba874) C:\Windows\system32\drivers\hardlock.sys
21:49:52.0690 8056        Hardlock - ok
21:49:52.0717 8056        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:49:52.0718 8056        HdAudAddService - ok
21:49:52.0744 8056        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:49:52.0748 8056        HDAudBus - ok
21:49:52.0765 8056        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:49:52.0766 8056        HidBth - ok
21:49:52.0788 8056        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:49:52.0789 8056        HidIr - ok
21:49:52.0805 8056        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:49:52.0806 8056        HidUsb - ok
21:49:52.0831 8056        hotcore3        (d308726110a6011514dcdfc6e3fc21f2) C:\Windows\system32\drivers\hotcore3.sys
21:49:52.0831 8056        hotcore3 - ok
21:49:52.0855 8056        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:49:52.0856 8056        HpCISSs - ok
21:49:52.0880 8056        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:49:52.0883 8056        HTTP - ok
21:49:52.0894 8056        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:49:52.0896 8056        i2omp - ok
21:49:52.0927 8056        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:49:52.0928 8056        i8042prt - ok
21:49:52.0950 8056        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:49:52.0952 8056        iaStorV - ok
21:49:52.0963 8056        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:49:52.0964 8056        iirsp - ok
21:49:53.0029 8056        IntcAzAudAddService (4c01298060cf930d26a75a86b874b6ae) C:\Windows\system32\drivers\RTKVHDA.sys
21:49:53.0043 8056        IntcAzAudAddService - ok
21:49:53.0074 8056        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:49:53.0075 8056        intelide - ok
21:49:53.0099 8056        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:49:53.0100 8056        intelppm - ok
21:49:53.0129 8056        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:49:53.0130 8056        IpFilterDriver - ok
21:49:53.0141 8056        IpInIp - ok
21:49:53.0152 8056        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:49:53.0153 8056        IPMIDRV - ok
21:49:53.0179 8056        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:49:53.0180 8056        IPNAT - ok
21:49:53.0223 8056        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:49:53.0224 8056        IRENUM - ok
21:49:53.0233 8056        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
21:49:53.0234 8056        isapnp - ok
21:49:53.0253 8056        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:49:53.0254 8056        iScsiPrt - ok
21:49:53.0263 8056        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:49:53.0264 8056        iteatapi - ok
21:49:53.0273 8056        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:49:53.0274 8056        iteraid - ok
21:49:53.0291 8056        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:49:53.0292 8056        kbdclass - ok
21:49:53.0313 8056        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:49:53.0314 8056        kbdhid - ok
21:49:53.0340 8056        KOBCCEX        (3fc4be9a867fb4fb2a2f33a3b8a60446) C:\Windows\system32\drivers\KOBCCEX.sys
21:49:53.0341 8056        KOBCCEX - ok
21:49:53.0357 8056        KOBCCID        (93c4f4a67d1e372e0d8d24392c53ca2b) C:\Windows\system32\drivers\KOBCCID.sys
21:49:53.0359 8056        KOBCCID - ok
21:49:53.0387 8056        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
21:49:53.0390 8056        KSecDD - ok
21:49:53.0449 8056        LEqdUsb        (70035567754bed4e6ad353ca3f175127) C:\Windows\system32\Drivers\LEqdUsb.Sys
21:49:53.0449 8056        LEqdUsb - ok
21:49:53.0469 8056        LHidEqd        (32491b6bae0afad1d7a62c0ef0af4321) C:\Windows\system32\Drivers\LHidEqd.Sys
21:49:53.0470 8056        LHidEqd - ok
21:49:53.0492 8056        LHidFilt        (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:49:53.0493 8056        LHidFilt - ok
21:49:53.0507 8056        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:49:53.0508 8056        lltdio - ok
21:49:53.0529 8056        LMouFilt        (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:49:53.0530 8056        LMouFilt - ok
21:49:53.0549 8056        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:49:53.0551 8056        LSI_FC - ok
21:49:53.0569 8056        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:49:53.0571 8056        LSI_SAS - ok
21:49:53.0590 8056        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:49:53.0591 8056        LSI_SCSI - ok
21:49:53.0610 8056        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:49:53.0611 8056        luafv - ok
21:49:53.0651 8056        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:49:53.0664 8056        megasas - ok
21:49:53.0709 8056        mfeapfk        (a8d2c54c2f71f5cba7ca2734341e57e6) C:\Windows\system32\drivers\mfeapfk.sys
21:49:53.0710 8056        mfeapfk - ok
21:49:53.0727 8056        mfeavfk        (28bb783d85df19e9e007e81daf40adcc) C:\Windows\system32\drivers\mfeavfk.sys
21:49:53.0729 8056        mfeavfk - ok
21:49:53.0746 8056        mfebopk        (8e43e242073e9db5aa165ebe273ffd09) C:\Windows\system32\drivers\mfebopk.sys
21:49:53.0747 8056        mfebopk - ok
21:49:53.0831 8056        mfehidk        (37800fbb68d88e3c3e49bb9c97233e87) C:\Windows\system32\drivers\mfehidk.sys
21:49:53.0834 8056        mfehidk - ok
21:49:53.0856 8056        mferkdet        (47c91e229b129047f0138011ddf9f92f) C:\Windows\system32\drivers\mferkdet.sys
21:49:53.0857 8056        mferkdet - ok
21:49:53.0875 8056        mfetdik        (78efa6fd2a486c476045eaa1d2f218b7) C:\Windows\system32\drivers\mfetdik.sys
21:49:53.0876 8056        mfetdik - ok
21:49:53.0896 8056        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:49:53.0897 8056        Modem - ok
21:49:53.0917 8056        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:49:53.0919 8056        monitor - ok
21:49:53.0940 8056        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:49:53.0941 8056        mouclass - ok
21:49:53.0953 8056        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:49:53.0954 8056        mouhid - ok
21:49:53.0972 8056        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:49:53.0972 8056        MountMgr - ok
21:49:53.0988 8056        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:49:53.0990 8056        mpio - ok
21:49:54.0007 8056        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:49:54.0009 8056        mpsdrv - ok
21:49:54.0021 8056        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:49:54.0022 8056        Mraid35x - ok
21:49:54.0041 8056        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:49:54.0042 8056        MRxDAV - ok
21:49:54.0059 8056        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:49:54.0062 8056        mrxsmb - ok
21:49:54.0086 8056        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:49:54.0088 8056        mrxsmb10 - ok
21:49:54.0099 8056        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:49:54.0100 8056        mrxsmb20 - ok
21:49:54.0109 8056        msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
21:49:54.0110 8056        msahci - ok
21:49:54.0121 8056        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:49:54.0123 8056        msdsm - ok
21:49:54.0141 8056        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:49:54.0142 8056        Msfs - ok
21:49:54.0177 8056        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:49:54.0178 8056        msisadrv - ok
21:49:54.0207 8056        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:49:54.0208 8056        MSKSSRV - ok
21:49:54.0239 8056        msloop          (0a562f61d84bf1988e4dd6413b76c1d4) C:\Windows\system32\DRIVERS\loop.sys
21:49:54.0240 8056        msloop - ok
21:49:54.0262 8056        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:49:54.0263 8056        MSPCLOCK - ok
21:49:54.0288 8056        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:49:54.0289 8056        MSPQM - ok
21:49:54.0304 8056        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:49:54.0306 8056        MsRPC - ok
21:49:54.0323 8056        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:49:54.0324 8056        mssmbios - ok
21:49:54.0344 8056        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:49:54.0345 8056        MSTEE - ok
21:49:54.0363 8056        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:49:54.0364 8056        Mup - ok
21:49:54.0402 8056        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:49:54.0403 8056        NativeWifiP - ok
21:49:54.0448 8056        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:49:54.0455 8056        NDIS - ok
21:49:54.0480 8056        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:49:54.0481 8056        NdisTapi - ok
21:49:54.0492 8056        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:49:54.0493 8056        Ndisuio - ok
21:49:54.0517 8056        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:49:54.0518 8056        NdisWan - ok
21:49:54.0536 8056        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:49:54.0537 8056        NDProxy - ok
21:49:54.0556 8056        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:49:54.0557 8056        NetBIOS - ok
21:49:54.0581 8056        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:49:54.0583 8056        netbt - ok
21:49:54.0617 8056        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:49:54.0618 8056        nfrd960 - ok
21:49:54.0632 8056        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:49:54.0634 8056        Npfs - ok
21:49:54.0652 8056        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:49:54.0653 8056        nsiproxy - ok
21:49:54.0675 8056        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:49:54.0682 8056        Ntfs - ok
21:49:54.0699 8056        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:49:54.0700 8056        ntrigdigi - ok
21:49:54.0720 8056        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:49:54.0721 8056        Null - ok
21:49:54.0843 8056        nvlddmkm        (977f4622c4f2152331a4f1aee78269dd) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:49:54.0889 8056        nvlddmkm - ok
21:49:54.0900 8056        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:49:54.0901 8056        nvraid - ok
21:49:54.0911 8056        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:49:54.0912 8056        nvstor - ok
21:49:54.0929 8056        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
21:49:54.0931 8056        nv_agp - ok
21:49:54.0939 8056        NwlnkFlt - ok
21:49:54.0950 8056        NwlnkFwd - ok
21:49:54.0973 8056        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:49:54.0974 8056        ohci1394 - ok
21:49:55.0021 8056        Parport        (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
21:49:55.0023 8056        Parport - ok
21:49:55.0033 8056        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:49:55.0034 8056        partmgr - ok
21:49:55.0050 8056        Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
21:49:55.0051 8056        Parvdm - ok
21:49:55.0074 8056        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:49:55.0076 8056        pci - ok
21:49:55.0085 8056        pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
21:49:55.0086 8056        pciide - ok
21:49:55.0104 8056        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:49:55.0105 8056        pcmcia - ok
21:49:55.0133 8056        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:49:55.0139 8056        PEAUTH - ok
21:49:55.0181 8056        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:49:55.0182 8056        PptpMiniport - ok
21:49:55.0192 8056        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:49:55.0193 8056        Processor - ok
21:49:55.0217 8056        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:49:55.0219 8056        PSched - ok
21:49:55.0233 8056        PSI            (2bd178004165081538baa6e67970254f) C:\Windows\system32\DRIVERS\psi_mf.sys
21:49:55.0234 8056        PSI - ok
21:49:55.0259 8056        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:49:55.0265 8056        ql2300 - ok
21:49:55.0276 8056        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:49:55.0279 8056        ql40xx - ok
21:49:55.0298 8056        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:49:55.0299 8056        QWAVEdrv - ok
21:49:55.0311 8056        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:49:55.0312 8056        RasAcd - ok
21:49:55.0332 8056        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:49:55.0334 8056        Rasl2tp - ok
21:49:55.0350 8056        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:49:55.0351 8056        RasPppoe - ok
21:49:55.0377 8056        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:49:55.0379 8056        RasSstp - ok
21:49:55.0401 8056        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:49:55.0403 8056        rdbss - ok
21:49:55.0417 8056        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:49:55.0418 8056        RDPCDD - ok
21:49:55.0469 8056        rdpdr          (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
21:49:55.0471 8056        rdpdr - ok
21:49:55.0488 8056        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:49:55.0489 8056        RDPENCDD - ok
21:49:55.0512 8056        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:49:55.0515 8056        RDPWD - ok
21:49:55.0547 8056        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:49:55.0548 8056        rspndr - ok
21:49:55.0566 8056        RTL8169        (17b1d7ce7af11fb24db1def9621c033b) C:\Windows\system32\DRIVERS\Rtlh86.sys
21:49:55.0569 8056        RTL8169 - ok
21:49:55.0584 8056        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:49:55.0586 8056        sbp2port - ok
21:49:55.0629 8056        SC_Serv3D      (c88132c1a5fa5281958669febf7e63cd) C:\Windows\system32\drivers\d3_kafm.sys
21:49:55.0630 8056        SC_Serv3D - ok
21:49:55.0667 8056        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:49:55.0668 8056        secdrv - ok
21:49:55.0690 8056        Serenum        (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
21:49:55.0691 8056        Serenum - ok
21:49:55.0710 8056        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
21:49:55.0712 8056        Serial - ok
21:49:55.0737 8056        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:49:55.0738 8056        sermouse - ok
21:49:55.0766 8056        sffdisk        (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
21:49:55.0767 8056        sffdisk - ok
21:49:55.0778 8056        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
21:49:55.0779 8056        sffp_mmc - ok
21:49:55.0796 8056        sffp_sd        (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
21:49:55.0798 8056        sffp_sd - ok
21:49:55.0812 8056        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:49:55.0813 8056        sfloppy - ok
21:49:55.0842 8056        SipIMNDI - ok
21:49:55.0864 8056        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
21:49:55.0865 8056        sisagp - ok
21:49:55.0875 8056        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:49:55.0876 8056        SiSRaid2 - ok
21:49:55.0888 8056        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:49:55.0890 8056        SiSRaid4 - ok
21:49:55.0915 8056        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:49:55.0917 8056        Smb - ok
21:49:55.0954 8056        snapman        (c3bf55189aa92b8f919108ef9e4accae) C:\Windows\system32\DRIVERS\snapman.sys
21:49:55.0955 8056        snapman - ok
21:49:55.0991 8056        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:49:55.0992 8056        spldr - ok
21:49:56.0026 8056        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:49:56.0028 8056        srv - ok
21:49:56.0072 8056        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:49:56.0074 8056        srv2 - ok
21:49:56.0148 8056        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:49:56.0149 8056        srvnet - ok
21:49:56.0189 8056        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:49:56.0190 8056        swenum - ok
21:49:56.0208 8056        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:49:56.0209 8056        Symc8xx - ok
21:49:56.0219 8056        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:49:56.0221 8056        Sym_hi - ok
21:49:56.0231 8056        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:49:56.0233 8056        Sym_u3 - ok
21:49:56.0279 8056        Tcpip          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:49:56.0285 8056        Tcpip - ok
21:49:56.0312 8056        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:49:56.0319 8056        Tcpip6 - ok
21:49:56.0345 8056        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:49:56.0346 8056        tcpipreg - ok
21:49:56.0366 8056        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:49:56.0368 8056        TDPIPE - ok
21:49:56.0383 8056        tdrpman        (3b7b6779eb231f731bba8f9fe67aadfc) C:\Windows\system32\DRIVERS\tdrpman.sys
21:49:56.0386 8056        tdrpman - ok
21:49:56.0405 8056        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:49:56.0406 8056        TDTCP - ok
21:49:56.0432 8056        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:49:56.0434 8056        tdx - ok
21:49:56.0458 8056        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:49:56.0459 8056        TermDD - ok
21:49:56.0478 8056        tifsfilter      (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys
21:49:56.0479 8056        tifsfilter - ok
21:49:56.0495 8056        timounter      (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys
21:49:56.0498 8056        timounter - ok
21:49:56.0529 8056        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:49:56.0530 8056        tssecsrv - ok
21:49:56.0571 8056        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:49:56.0572 8056        tunmp - ok
21:49:56.0603 8056        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:49:56.0604 8056        tunnel - ok
21:49:56.0621 8056        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:49:56.0623 8056        uagp35 - ok
21:49:56.0656 8056        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:49:56.0658 8056        udfs - ok
21:49:56.0697 8056        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
21:49:56.0699 8056        uliagpkx - ok
21:49:56.0723 8056        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:49:56.0724 8056        uliahci - ok
21:49:56.0736 8056        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:49:56.0738 8056        UlSata - ok
21:49:56.0749 8056        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:49:56.0751 8056        ulsata2 - ok
21:49:56.0775 8056        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:49:56.0776 8056        umbus - ok
21:49:56.0816 8056        UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys
21:49:56.0817 8056        UnlockerDriver5 - ok
21:49:56.0857 8056        USBAAPL        (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
21:49:56.0858 8056        USBAAPL - ok
21:49:56.0907 8056        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:49:56.0925 8056        usbccgp - ok
21:49:56.0948 8056        USBCCID        (e0b8489aeda9ea33361037be6a8cf1ca) C:\Windows\system32\DRIVERS\usbccid.sys
21:49:56.0950 8056        USBCCID - ok
21:49:56.0960 8056        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:49:56.0961 8056        usbcir - ok
21:49:56.0983 8056        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:49:56.0985 8056        usbehci - ok
21:49:57.0018 8056        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:49:57.0019 8056        usbhub - ok
21:49:57.0030 8056        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:49:57.0031 8056        usbohci - ok
21:49:57.0055 8056        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:49:57.0056 8056        usbprint - ok
21:49:57.0076 8056        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:49:57.0077 8056        usbscan - ok
21:49:57.0099 8056        usbsermpt      (caad3467fbfae8a380f67e9c7150a85e) C:\Windows\system32\DRIVERS\usbsermpt.sys
21:49:57.0099 8056        usbsermpt - ok
21:49:57.0115 8056        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:49:57.0116 8056        USBSTOR - ok
21:49:57.0145 8056        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:49:57.0147 8056        usbuhci - ok
21:49:57.0179 8056        vga            (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
21:49:57.0180 8056        vga - ok
21:49:57.0220 8056        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:49:57.0229 8056        VgaSave - ok
21:49:57.0269 8056        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
21:49:57.0271 8056        viaagp - ok
21:49:57.0292 8056        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:49:57.0293 8056        ViaC7 - ok
21:49:57.0306 8056        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
21:49:57.0307 8056        viaide - ok
21:49:57.0354 8056        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:49:57.0355 8056        volmgr - ok
21:49:57.0398 8056        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:49:57.0400 8056        volmgrx - ok
21:49:57.0418 8056        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:49:57.0420 8056        volsnap - ok
21:49:57.0440 8056        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:49:57.0442 8056        vsmraid - ok
21:49:57.0490 8056        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:49:57.0503 8056        WacomPen - ok
21:49:57.0526 8056        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:49:57.0528 8056        Wanarp - ok
21:49:57.0532 8056        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:49:57.0533 8056        Wanarpv6 - ok
21:49:57.0552 8056        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:49:57.0553 8056        Wd - ok
21:49:57.0574 8056        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:49:57.0578 8056        Wdf01000 - ok
21:49:57.0640 8056        WmiAcpi        (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
21:49:57.0642 8056        WmiAcpi - ok
21:49:57.0679 8056        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:49:57.0681 8056        WpdUsb - ok
21:49:57.0703 8056        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:49:57.0705 8056        ws2ifsl - ok
21:49:57.0739 8056        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:49:57.0740 8056        WUDFRd - ok
21:49:57.0764 8056        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:49:57.0790 8056        \Device\Harddisk0\DR0 - ok
21:49:57.0798 8056        MBR (0x1B8)    (30846f685a15ae1a0eb72dba1be67584) \Device\Harddisk1\DR1
21:49:59.0635 8056        \Device\Harddisk1\DR1 - ok
21:49:59.0638 8056        Boot (0x1200)  (c37465d8a4c69118f0d52e9e3c833572) \Device\Harddisk0\DR0\Partition0
21:49:59.0639 8056        \Device\Harddisk0\DR0\Partition0 - ok
21:49:59.0649 8056        Boot (0x1200)  (c6901efadb9c3f5567722e916c3528ff) \Device\Harddisk0\DR0\Partition1
21:49:59.0649 8056        \Device\Harddisk0\DR0\Partition1 - ok
21:49:59.0659 8056        Boot (0x1200)  (0baeeed678a8ddbaeb4ca1f38ac1cbde) \Device\Harddisk0\DR0\Partition2
21:49:59.0660 8056        \Device\Harddisk0\DR0\Partition2 - ok
21:49:59.0676 8056        Boot (0x1200)  (e83b67015b7e4481e32f8d986828347b) \Device\Harddisk0\DR0\Partition3
21:49:59.0676 8056        \Device\Harddisk0\DR0\Partition3 - ok
21:49:59.0677 8056        ============================================================
21:49:59.0677 8056        Scan finished
21:49:59.0677 8056        ============================================================
21:49:59.0687 4520        Detected object count: 0
21:49:59.0687 4520        Actual detected object count: 0
21:50:06.0473 7932        Deinitialize success

cosinus 12.02.2012 16:30
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Angela_64 12.02.2012 21:02
So, der Scan hat jetzt leider ein bißerl gedauert und ich befürchte er hat auch was gefunden.

Log:

Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5ef4140709363d4c9e4f35637810bd5b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-12 07:16:51
# local_time=2012-02-12 08:16:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 46223248 166594595 0 0
# compatibility_mode=8192 67108863 100 0 4531 4531 0 0
# scanned=379937
# found=4
# cleaned=0
# scan_time=12318
D:\Benutzer\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\2528ac4f-695562a9        Java/Agent.EA trojan (unable to clean)        00000000000000000000000000000000        I
D:\Benutzer\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\71a5af11-64d4eeb9        Java/Exploit.CVE-2011-3544.T trojan (unable to clean)        00000000000000000000000000000000        I
D:\Benutzer\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\161564f5-246b9b6e        a variant of Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean)        00000000000000000000000000000000        I
D:\Benutzer\XXX\Downloads\SoftonicDownloader25577.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
Gruß
Angela

cosinus 13.02.2012 10:28
Zitat:
D:\Benutzer\XXX\Downloads\SoftonicDownloader25577.exe
Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen


Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Angela_64 13.02.2012 11:16
Der Scan ging ja direkt mal schnell :-)

OTL.txt:

Code:
OTL logfile created on: 13.02.2012 10:40:56 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = D:\Benutzer\XXX\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 51,42% Memory free
6,73 Gb Paging File | 4,50 Gb Available in Paging File | 66,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,45 Gb Total Space | 82,94 Gb Free Space | 69,44% Space Free | Partition Type: NTFS
Drive D: | 205,59 Gb Total Space | 104,04 Gb Free Space | 50,60% Space Free | Partition Type: NTFS
Drive F: | 143,53 Gb Total Space | 84,63 Gb Free Space | 58,97% Space Free | Partition Type: NTFS
Drive G: | 462,94 Gb Total Space | 371,47 Gb Free Space | 80,24% Space Free | Partition Type: NTFS
Drive P: | 1009,51 Mb Total Space | 1009,22 Mb Free Space | 99,97% Space Free | Partition Type: FAT32
 
Computer Name: CALLAS | User Name: Chef | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.13 10:36:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Benutzer\XXX\Desktop\OTL.exe
PRC - [2012.02.11 18:40:44 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011.12.09 02:20:00 | 000,079,872 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0001442\PSNTServ.exe
PRC - [2011.11.04 08:51:48 | 000,176,128 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe
PRC - [2011.09.13 09:40:36 | 000,184,320 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\Check\DkDataSvr.exe
PRC - [2011.09.09 05:30:00 | 000,080,992 | ---- | M] (DATEV eG) -- F:\DATEV\SYSTEM\Nuko\NKWLOGIN.exe
PRC - [2011.09.06 14:25:54 | 000,009,824 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.UserSession.exe
PRC - [2011.09.06 14:22:46 | 000,063,488 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe
PRC - [2011.09.01 18:12:16 | 000,010,848 | ---- | M] (DATEV eG) -- F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
PRC - [2011.07.25 02:49:00 | 000,269,920 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\Install\DvInesASDMon.Exe
PRC - [2011.07.25 02:49:00 | 000,172,640 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe
PRC - [2011.06.28 09:22:08 | 000,549,472 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000150\ScWTS\DVCCSAWTSSetEntryNTE.exe
PRC - [2011.06.28 09:18:54 | 002,409,056 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe
PRC - [2011.05.09 14:52:04 | 000,271,456 | ---- | M] (Datev eG) -- F:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe
PRC - [2011.05.09 14:52:02 | 000,595,552 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000398\SiPaHost.exe
PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.12.10 17:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe
PRC - [2010.12.10 17:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2010.11.26 15:53:14 | 000,878,176 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\Sws\LiMaService.exe
PRC - [2010.11.26 15:53:14 | 000,378,976 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\Sws\LiMaServer.exe
PRC - [2010.09.22 16:47:40 | 000,368,736 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardManager.exe
PRC - [2010.09.22 16:47:22 | 000,292,960 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardService.exe
PRC - [2010.09.13 17:58:00 | 000,866,912 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0001363\SCmIdentityScanner.exe
PRC - [2010.09.03 14:50:22 | 000,406,112 | ---- | M] (DATEV e.G.) -- F:\DATEV\PROGRAMM\B0001364\DtvScSer.exe
PRC - [2010.08.25 20:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2010.08.25 20:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010.08.25 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2010.08.25 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010.08.25 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe
PRC - [2010.06.04 17:59:08 | 000,533,808 | ---- | M] (Acronis) -- C:\Programme\Acronis\DriveMonitor\adm_tray.exe
PRC - [2010.06.04 17:57:46 | 003,427,312 | ---- | M] (Acronis) -- C:\Programme\Acronis\DriveMonitor\adm.exe
PRC - [2010.03.26 02:07:42 | 000,091,992 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\msftesql.exe
PRC - [2010.03.26 02:07:42 | 000,091,992 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
PRC - [2010.03.22 16:19:11 | 001,540,096 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\netzmanager.exe
PRC - [2010.03.22 15:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2009.10.27 18:23:50 | 000,660,504 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009.10.27 18:20:18 | 000,365,560 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009.08.25 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009.08.25 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\UdaterUI.exe
PRC - [2009.08.25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe
PRC - [2009.08.25 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\McTray.exe
PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.10 22:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.06.18 07:13:20 | 000,036,448 | ---- | M] (DATEV eG) -- F:\DATEV\SYSTEM\RzpjWtch.exe
PRC - [2008.04.21 23:27:06 | 000,498,952 | ---- | M] () -- C:\Programme\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2008.04.21 23:00:36 | 000,911,168 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2008.04.21 22:54:38 | 002,622,296 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008.03.26 12:21:30 | 005,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.01 18:51:15 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\Datev.Viwas.UserSession.Interfaces\6.1.0.0__cbc631f1c682336b\Datev.Viwas.UserSession.Interfaces.dll
MOD - [2012.02.01 08:56:40 | 000,559,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Mic#\ab897c9ae44064f06a572ace612ef96a\Datev.Framework.MicroParts.Interface.ni.dll
MOD - [2012.02.01 08:56:35 | 000,092,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Lic#\9af47ea84c5be571f69a62e7ac94c9e7\Datev.Framework.LicenseManagement.PlugIn.ni.dll
MOD - [2012.02.01 08:56:31 | 002,413,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Int#\6a6701bcb6da8f46138f5b1640780d7e\Datev.Framework.Interface.ni.dll
MOD - [2012.02.01 08:56:25 | 000,064,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Env#\ae95f9864b550d732008d36bbf8fa83c\Datev.Framework.Environment.ni.dll
MOD - [2012.02.01 08:56:22 | 000,209,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Dir#\bdad833b78b3073f32424e5094f3087d\Datev.Framework.DirectStart.ni.dll
MOD - [2012.02.01 08:56:03 | 000,114,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Stor#\5366d4f5a42e8eb59356a2268c79791b\Datev.ConfigDB.StorageProvider.ni.dll
MOD - [2012.02.01 08:56:03 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Plug#\fd32ce8960bd6f90fabce86a6691d5fa\Datev.ConfigDB.PlugIn.ni.dll
MOD - [2012.02.01 08:56:02 | 000,664,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB\ebabcc37e465653b44e7534ce4ef497e\Datev.ConfigDB.ni.dll
MOD - [2012.02.01 08:56:02 | 000,064,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Inte#\b74271af9aa9c73597572b99b8c71446\Datev.ConfigDB.Interfaces.ni.dll
MOD - [2012.02.01 08:38:32 | 000,922,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Dia#\866dc35fd221fbfeb1aba2bd2bf08b4c\Datev.Framework.Diagnostics.RealTimeTracing.ni.dll
MOD - [2012.02.01 08:38:30 | 002,469,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Mic#\cfc192a04e1d1d97ee4f00297a630fc4\Datev.Framework.MicroKernel.ni.dll
MOD - [2012.01.12 18:53:34 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\6a1e2938633d08d9d97c6940a537b1ff\System.IdentityModel.ni.dll
MOD - [2012.01.12 18:53:32 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\a2046fbb45b00425d083cc8706b75479\System.ServiceModel.ni.dll
MOD - [2012.01.12 18:52:59 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
MOD - [2012.01.12 18:52:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
MOD - [2011.10.16 18:44:39 | 001,072,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\16c385f23b5e493899f0d206dfb60094\System.IdentityModel.ni.dll
MOD - [2011.10.16 18:44:37 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\559ebac0a85ae55da09827b8048f77bd\System.ServiceModel.ni.dll
MOD - [2011.10.16 18:42:18 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\aab1c287bc73a03c51b55fb3f102c27e\System.ServiceProcess.ni.dll
MOD - [2011.10.16 18:42:10 | 000,244,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\6df772247e44fc7cdaba2a87318ded7a\System.Runtime.Caching.ni.dll
MOD - [2011.10.16 18:41:53 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\41a4f6cc5d596e952fd880ae1a47308f\System.Runtime.DurableInstancing.ni.dll
MOD - [2011.10.16 18:41:53 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\caf1d94cb89859c72d6c8cd8774068d3\System.Transactions.ni.dll
MOD - [2011.10.16 18:41:51 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\993f89ba22499c379d2a9dd25d13cd94\System.Runtime.Serialization.ni.dll
MOD - [2011.10.16 18:41:51 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\398a52caf1e9fd1a6ea9dd589b0f6e68\SMDiagnostics.ni.dll
MOD - [2011.10.16 18:41:48 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\bd729791a7504ef9ecb4ad6ebfd94935\System.Xml.Linq.ni.dll
MOD - [2011.10.16 18:04:35 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a3ffdc1316821b5ceb32c9a788334329\System.Xaml.ni.dll
MOD - [2011.10.16 17:47:35 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4b4c359912c1241246f50a4c47dbab3c\System.Runtime.Serialization.ni.dll
MOD - [2011.10.16 17:47:30 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\a800035f1686fdb0b7a019b954a37cfe\SMDiagnostics.ni.dll
MOD - [2011.10.16 17:45:37 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011.10.16 17:44:16 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\02768700bc8f762ccfe37785ba8eb498\System.EnterpriseServices.ni.dll
MOD - [2011.10.16 17:44:15 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8f3b3ab45e3e5fa61aa6cbfe2a8b61af\System.Transactions.ni.dll
MOD - [2011.10.16 17:44:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011.10.13 07:01:34 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011.10.13 07:01:03 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011.10.13 07:00:49 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011.10.13 07:00:06 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll
MOD - [2011.10.13 07:00:02 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll
MOD - [2011.10.13 06:59:45 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll
MOD - [2011.10.13 06:59:33 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
MOD - [2011.10.13 06:59:29 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011.10.13 06:59:22 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.10.12 17:02:39 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\44a7d2597981a82da8b9e3e2298602de\System.Core.ni.dll
MOD - [2011.10.12 17:02:37 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\419103071a5a5d17738afbe9dd03d58a\System.Xml.ni.dll
MOD - [2011.10.12 17:02:33 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\17bfc7131aca3a393f430121f79307bd\System.Drawing.ni.dll
MOD - [2011.10.12 17:02:33 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\4844dd28e0611d1ebd1e449fe822c2a5\System.Configuration.ni.dll
MOD - [2011.10.12 17:02:31 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll
MOD - [2011.10.12 17:02:24 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
MOD - [2011.06.28 09:22:06 | 000,068,704 | ---- | M] () -- F:\DATEV\PROGRAMM\B0000150\ScServer\ScEventSourcePlugin.dll
MOD - [2011.05.09 14:52:00 | 000,203,264 | ---- | M] () -- F:\DATEV\SYSTEM\DVCCSipaHostApidll.dll
MOD - [2010.07.12 09:05:32 | 000,030,304 | ---- | M] () -- F:\DATEV\PROGRAMM\B0000150\ScServer\ScWinMagicPlugin.dll
MOD - [2010.06.04 17:40:26 | 000,012,128 | ---- | M] () -- C:\Programme\Common Files\Acronis\DriveMonitor\Common\icudt38.dll
MOD - [2009.09.22 16:06:38 | 000,087,040 | ---- | M] () -- F:\DATEV\PROGRAMM\B0000391\DokSchutzShExt.dll
MOD - [2009.09.16 17:24:04 | 000,101,888 | ---- | M] () -- F:\DATEV\SYSTEM\DVCCDBNETCONVAPIAX300.DLL
MOD - [2009.03.29 20:42:20 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.03.29 20:42:14 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.29 20:42:14 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2009.03.29 20:42:14 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.03.29 20:42:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.18 10:39:54 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll
MOD - [2008.05.02 05:15:37 | 000,010,240 | ---- | M] () -- C:\Programme\Unlocker\UnlockerCOM.dll
MOD - [2008.04.21 22:43:20 | 001,336,600 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\fox.dll
MOD - [2005.08.22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Programme\McAfee\Common Framework\cryptocme2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (DVDFUEavmnwapi)
SRV - File not found [On_Demand | Running] --  -- (Datev.Framework.RemoteServices.Messaging.CentralMessagingService)
SRV - File not found [On_Demand | Running] --  -- (Datev.Framework.RemoteServices)
SRV - File not found [Auto | Running] --  -- (Datev.Framework.RemoteServiceModel.EnablerService)
SRV - File not found [On_Demand | Running] --  -- (Datev.Database.Conserve)
SRV - [2012.02.11 18:40:44 | 000,159,608 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011.12.09 02:20:00 | 000,079,872 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\B0001442\PSNTServ.exe -- (DatevPrintService)
SRV - [2011.11.04 08:51:48 | 000,176,128 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe -- (Dcmanag)
SRV - [2011.09.06 14:22:46 | 000,063,488 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe -- (DATEV ViwasClientService)
SRV - [2011.07.25 02:49:00 | 000,172,640 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe -- (DATEV Update-Service)
SRV - [2011.06.28 09:18:54 | 002,409,056 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe -- (DVckService)
SRV - [2011.05.09 14:52:04 | 000,271,456 | ---- | M] (Datev eG) [Auto | Running] -- F:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe -- (Sicherheitspaket-Dienst)
SRV - [2010.09.22 16:47:22 | 000,292,960 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardService.exe -- (SCardService)
SRV - [2010.09.03 14:50:22 | 000,406,112 | ---- | M] (DATEV e.G.) [Auto | Running] -- F:\DATEV\PROGRAMM\B0001364\DtvScSer.exe -- (DATEV Logon Service)
SRV - [2010.08.25 20:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2010.08.25 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010.08.25 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)
SRV - [2010.08.25 07:54:06 | 000,194,144 | ---- | M] (KOBIL Systems GmbH) [Disabled | Stopped] -- F:\DATEV\PROGRAMM\B0000404\msdisrv.exe -- (KOBIL_MSDI)
SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.22 15:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2009.10.27 18:23:50 | 000,660,504 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.08.25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009.07.20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.01.28 09:52:46 | 002,790,400 | ---- | M] (Aladdin Knowledge Systems Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2008.12.29 16:27:40 | 000,361,728 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.05.29 09:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.04.21 23:27:06 | 000,498,952 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2006.12.07 16:52:14 | 000,140,184 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)
SRV - [2006.12.07 16:52:10 | 000,095,128 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.02.11 18:40:44 | 000,475,704 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012.02.11 18:40:44 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011.07.19 14:28:42 | 000,075,320 | ---- | M] (Datev eG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\d3_kafm.sys -- (SC_Serv3D)
DRV - [2010.08.25 20:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010.08.25 20:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010.08.25 20:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010.08.25 20:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010.03.04 12:50:14 | 000,261,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.10.08 15:45:22 | 000,023,424 | ---- | M] (KOBIL Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KOBCCEX.sys -- (KOBCCEX)
DRV - [2009.10.08 15:45:10 | 000,084,352 | ---- | M] (KOBIL Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KOBCCID.sys -- (KOBCCID)
DRV - [2009.07.09 13:18:56 | 000,587,776 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2009.06.22 09:06:32 | 000,016,384 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.06.17 17:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009.06.17 17:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009.05.21 15:43:20 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2009.02.03 02:10:12 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2009.01.16 10:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008.12.29 18:08:51 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008.12.29 18:08:51 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008.12.29 18:08:50 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008.12.29 18:08:48 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2008.12.10 15:17:14 | 000,007,808 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2008.08.29 13:19:36 | 000,040,368 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2008.03.19 18:30:00 | 007,438,432 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.01.19 06:55:32 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2008.01.19 06:49:30 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2007.09.12 17:24:00 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DslTestSp5.sys -- (dsltestSp5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.datev.de/portal/ShowPage.do?pid=dpi&nid=302
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.datev.de/
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.6.18
FF - prefs.js..extensions.enabledItems: {1f91cde0-c040-11da-a94d-0800200c9a66}:3.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:1.0.2
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.9.99999
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@datev.de/DATEV_BestellManager,version=1.7: F:\DATEV\PROGRAMM\A0000015\npdvbm.dll ( DATEV eG)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files\phonostar-Player\npphonostarDetectNP.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 08:40:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.01 08:22:33 | 000,000,000 | ---D | M]
 
[2009.02.01 13:57:41 | 000,000,000 | ---D | M] (No name found) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Extensions
[2012.02.01 10:13:56 | 000,000,000 | ---D | M] (No name found) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions
[2010.08.17 09:12:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.01 10:13:55 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.07.27 13:20:58 | 000,000,000 | ---D | M] (FoxClocks) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2011.05.15 09:42:40 | 000,000,000 | ---D | M] (Conduit Engine) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\engine@conduit.com
[2011.07.27 13:21:08 | 000,000,000 | ---D | M] ("Nero Toolbar") -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\toolbar@ask.com
[2012.02.02 08:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- D:\BENUTZER\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCWQV1RC.DEFAULT\EXTENSIONS\{1F91CDE0-C040-11DA-A94D-0800200C9A66}.XPI
() (No name found) -- D:\BENUTZER\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCWQV1RC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- D:\BENUTZER\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCWQV1RC.DEFAULT\EXTENSIONS\FINDER@MEINGUTSCHEINCODE.DE.XPI
[2012.01.29 17:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.08.25 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.05.25 15:10:28 | 001,386,600 | ---- | M] (LINK & LINK Software) -- C:\Program Files\mozilla firefox\plugins\npideapl.dll
[2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.29 14:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (no name) - {557F4852-8868-44dd-B5E9-9890AC4B1FD5} - No CLSID value found.
O2 - BHO: (DtvIePwdSafeBHO Class) - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - F:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe.dll (DATEV eG)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - F:\DATEV\SYSTEM\DVCCSASCardBHO002.dll (DATEV eG)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [adm_tray.exe] C:\Programme\Acronis\DriveMonitor\adm_tray.exe (Acronis)
O4 - HKLM..\Run: [DATEV Update-Monitor] F:\DATEV\PROGRAMM\Install\DvInesASDMon.exe (DATEV eG)
O4 - HKLM..\Run: [DATEV_SCardMan] F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardManager.exe (DATEV eG)
O4 - HKLM..\Run: [Dell MFP Color Laser Printer 3115cn Launcher] C:\Program Files\Dell Printers\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe (Dell Inc.)
O4 - HKLM..\Run: [DVCCSAWTSSetEntryNTE] F:\DATEV\PROGRAMM\B0000150\ScWTS\DVCCSAWTSSetEntryNTE.exe (DATEV eG)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ScreenManager Pro for LCD] C:\Programme\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe (EIZO NANAO CORPORATION)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SiPaHost] F:\DATEV\PROGRAMM\B0000398\SiPaHost.exe (DATEV eG)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [Datev.Arbeitsplatz.Scheduler.exe] F:\DATEV\PROGRAMM\K0005000\Datev.Arbeitsplatz.Scheduler.exe (DATEV eG)
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [DFÜ-Sammler] F:\DATEV\PROGRAMM\RZKOMM\ccsrv2.exe ()
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [GGAopsUxiAA.exe] C:\ProgramData\GGAopsUxiAA.exe File not found
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [KeePass Password Safe] C:\Program Files\KeePass Password Safe\KeePass.exe (Dominik Reichl)
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe File not found
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002..\Run: [Datev.Arbeitsplatz.Scheduler.exe] F:\DATEV\PROGRAMM\K0005000\Datev.Arbeitsplatz.Scheduler.exe (DATEV eG)
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002..\Run: [DFÜ-Sammler] F:\DATEV\PROGRAMM\RZKOMM\ccsrv2.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: D:\Benutzer\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found
O4 - Startup: D:\Benutzer\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CD-MENU.LNK =  File not found
O4 - Startup: D:\Benutzer\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VIWAS - USB Scanner.url ()
O4 - Startup: D:\Benutzer\Didi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found
O4 - Startup: D:\Benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DATEV Arbeitsplatz.lnk = F:\DATEV\PROGRAMM\K0005000\Arbeitsplatz.exe (DATEV eG)
O4 - Startup: D:\Benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O4 - Startup: D:\Benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O4 - Startup: D:\Benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .IPC - C:\Programme\Mozilla Firefox\plugins\npideapl.dll (LINK & LINK Software)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: bio-discount-markt.de ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.com ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.com ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.de ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.de ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.de ([www] http is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.de ([www] https is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.de ([www.wissensvermittlung] * in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datevnet.de ([*.services] http is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datevnet.de ([*.services] https is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datevstadt.de ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datevstadt.de ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: handelsblatt.com ([www] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: ing-diba.de ([www] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: jonglieren-lernen.de ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: kaufdown.de ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: lswb.de ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: lufthansa.com ([newsletter] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: premium-content-center.de ([www.vhb] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: staatsoper.de ([secure] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: sueddeutsche.de ([kaufdown] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: sueddeutsche.de ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: sued-west.com ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: vkb.de ([cms] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: wirtschaftspresse.biz ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: adac.de ([www] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.at ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.at ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.com ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.com ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.de ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.de ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.de ([www] http is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.de ([www] https is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datevnet.de ([*.services] http is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datevnet.de ([*.services] https is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datevstadt.de ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datevstadt.de ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: dell.com ([support.euro] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: deutschepost.de ([stampitweb] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: localhost ([]http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: localhost ([]https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: t-online.de ([email] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: top20free.de ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Ranges: LocalHost ([http] in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D50606D-CA42-4B5F-A889-FD51BCAB22AA}: DhcpNameServer = 192.168.123.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Benutzer\Public\Pictures\Sample Pictures\Tornado2.jpg
O24 - Desktop BackupWallPaper: D:\Benutzer\Public\Pictures\Sample Pictures\Tornado2.jpg
O30 - LSA: Authentication Packages - (relog_ap) -C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk - C:\Programme\Audible\Bin\AudibleDownloadHelper.exe - (Audible, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hardcopy.LNK - C:\Programme\Hardcopy\hardcopy.exe - (sw4you, Siegfried Weckmann)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe - (Logitech, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.1 HD Edition.lnk - C:\Programme\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe - (Panasonic Corporation)
MsConfig - StartUpFolder: D:^Benutzer^Chef^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: DLPSP - hkey= - key= - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KeePass Password Safe - hkey= - key= - C:\Program Files\KeePass Password Safe\KeePass.exe (Dominik Reichl)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: phonostarTimer - hkey= - key= - C:\Programme\phonostar-Player\phonostarTimer.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: STAMPIT-Tray - hkey= - key= - C:\Programme\STAMPIT\Binary\STRAY.EXE (Deutsche Post AG)
MsConfig - StartUpReg: UnlockerAssistant - hkey= - key= - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 0
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: McAfeeEngineService - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0F1D198F-E5EA-4542-930E-2FB2B099F3F3} - LanaConfigTool_3383
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ADD9AEE8-B916-4CD6-A04B-9386DF90D594} - msiexec /fus {ADD9AEE8-B916-4CD6-A04B-9386DF90D594} /quiet
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - tsccvid.dll File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.12 16:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.02.11 19:42:31 | 000,000,000 | ---D | C] -- D:\Benutzer\Chef\AppData\Roaming\Malwarebytes
[2012.02.11 19:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.11 19:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.11 19:42:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.11 19:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.11 18:59:01 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012.02.11 18:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012.02.11 17:11:08 | 000,000,000 | ---D | C] -- C:\Quarantäne
[2012.02.01 18:52:32 | 000,091,896 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2012.02.01 18:52:32 | 000,087,656 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2012.02.01 18:52:32 | 000,076,024 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2012.02.01 18:52:32 | 000,043,192 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2012.02.01 18:52:31 | 000,475,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2012.02.01 18:52:31 | 000,159,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2012.02.01 18:52:31 | 000,064,208 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfetdik.sys
[2012.02.01 18:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.02.01 18:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.02.01 18:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2012.02.01 14:07:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.13 10:41:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.13 10:32:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.02.13 10:23:01 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7B350D1C-3775-4BB6-855B-FA96CDF39FC4}.job
[2012.02.13 09:51:53 | 000,003,680 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.13 09:51:53 | 000,003,680 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.13 07:58:03 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.13 07:51:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.12 09:28:13 | 000,000,000 | ---- | M] () -- D:\Benutzer\Chef\defogger_reenable
[2012.02.11 18:59:01 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012.02.11 18:40:44 | 000,475,704 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2012.02.11 18:40:44 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2012.02.11 18:40:44 | 000,087,656 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2012.02.09 17:24:20 | 001,009,612 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.09 17:24:20 | 000,911,982 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.09 17:24:20 | 000,278,674 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.09 17:24:20 | 000,219,280 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.02 19:58:34 | 000,000,705 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.02.01 19:03:30 | 000,000,021 | ---- | M] () -- C:\Windows\DvInesKurusOleServer003.INI
[2012.02.01 11:03:37 | 000,000,694 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DATEV-Hinweis Mitteilungsdienst.lnk
[2012.02.01 10:39:00 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\DATEV Arbeitsplatz pro V.2.03.lnk
[2012.02.01 10:38:34 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.02.01 10:30:51 | 000,000,862 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office SR V.5.02 Initialisierung.lnk
[2012.02.01 10:17:34 | 000,000,849 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk
[2012.02.01 09:22:10 | 000,000,828 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DFÜ-Manager.lnk
[2012.02.01 09:00:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\WPACLTASK_107450-38-2011-Prüfungsautomatisierung Lansche_Prüfungsautomatisierung_Lansche.job
[2012.02.01 09:00:00 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\WPACLTASK_107450-38-2011-Prüfungsautomatisierung Lansche_Prüfungsautomatisierung_FIBU.job
[2012.02.01 08:34:11 | 000,000,102 | ---- | M] () -- C:\Windows\Startup.INI
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.12 11:35:43 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office SR V.5.02 Initialisierung.lnk
[2012.02.12 11:35:43 | 000,000,849 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk
[2012.02.12 11:35:43 | 000,000,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DFÜ-Manager.lnk
[2012.02.12 11:35:43 | 000,000,719 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lizenz-Manager Server.lnk
[2012.02.12 11:35:43 | 000,000,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RZ-Druckertreiber V.2.3.lnk
[2012.02.12 09:28:13 | 000,000,000 | ---- | C] () -- D:\Benutzer\Chef\defogger_reenable
[2012.02.01 10:39:00 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\DATEV Arbeitsplatz pro V.2.03.lnk
[2012.02.01 08:22:33 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.10.19 15:23:20 | 002,897,408 | ---- | C] () -- C:\Program Files\EPortoInstaller2010_v2.1.msi
[2011.10.19 15:23:20 | 000,436,736 | ---- | C] () -- C:\Program Files\setup.exe
[2011.07.01 12:55:07 | 000,000,130 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.04.19 13:37:11 | 000,000,093 | ---- | C] () -- D:\Benutzer\Chef\AppData\Roaming\BEVI.CFG
[2010.12.17 08:38:47 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.09.22 16:48:26 | 000,032,352 | ---- | C] () -- C:\Windows\System32\JNILibrary.dll
[2010.09.22 16:48:06 | 000,114,272 | ---- | C] () -- C:\Windows\System32\INetCert.dll
[2010.07.26 11:12:23 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.07.26 11:12:23 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.07.26 11:12:23 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.07.26 11:12:23 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.07.26 11:12:23 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.07.26 11:12:23 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.07.26 11:12:23 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.07.26 11:12:23 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.07.26 11:12:23 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.07.26 11:12:23 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.07.26 11:12:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.07.26 11:12:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.07.26 11:12:23 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.07.26 11:12:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.07.26 11:12:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.07.26 11:12:23 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.07.26 11:12:23 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.07.26 11:12:23 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010.07.26 11:12:23 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.04.16 07:40:49 | 000,000,118 | ---- | C] () -- C:\Windows\gmbhr.ini
[2010.04.16 07:40:39 | 000,015,840 | ---- | C] () -- C:\Windows\System32\Machnm1.exe
[2009.12.03 08:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.10.28 16:58:03 | 000,000,068 | ---- | C] () -- C:\Windows\wlep1.ini
[2009.10.21 07:45:09 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.10.21 07:44:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.21 07:44:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.30 11:05:48 | 000,290,816 | ---- | C] () -- C:\Windows\System32\nsldap32v60.dll
[2009.05.26 09:31:09 | 000,014,680 | ---- | C] () -- C:\Windows\System32\skypdfmonpro.dll
[2009.05.26 09:31:09 | 000,012,632 | ---- | C] () -- C:\Windows\System32\skypdfmonuipro.dll
[2009.05.25 21:00:46 | 000,000,021 | ---- | C] () -- C:\Windows\KurusDeinstall.INI
[2009.05.21 10:33:06 | 000,000,012 | ---- | C] () -- C:\Windows\Ulead32.ini
[2009.05.17 12:27:18 | 000,000,164 | ---- | C] () -- C:\Windows\DEINSTAL.INI
[2009.05.17 12:05:44 | 000,000,000 | ---- | C] () -- C:\Windows\netop.ini
[2009.05.17 09:28:58 | 000,000,095 | ---- | C] () -- D:\Benutzer\Chef\AppData\Local\fusioncache.dat
[2009.05.17 08:57:01 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI
[2009.05.17 08:54:29 | 000,000,101 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI
[2009.05.17 08:54:28 | 000,000,101 | ---- | C] () -- C:\Windows\dvinesinstart001.INI
[2009.05.17 08:52:06 | 000,000,102 | ---- | C] () -- C:\Windows\Startup.INI
[2009.01.02 13:52:17 | 000,008,192 | ---- | C] () -- D:\Benutzer\Chef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.28 15:03:13 | 000,000,705 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.12.20 12:47:34 | 004,244,744 | ---- | C] () -- C:\Windows\System32\qtp-mt334.dll
[2008.12.20 12:47:34 | 000,247,560 | ---- | C] () -- C:\Windows\System32\prgiso.dll
[2008.11.30 14:19:21 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2008.11.30 12:58:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.30 17:00:22 | 000,048,640 | ---- | C] () -- C:\Windows\System32\nsldapssl32v60.dll
[2008.10.30 16:59:24 | 000,025,088 | ---- | C] () -- C:\Windows\System32\nsldappr32v60.dll
[2008.09.26 17:40:50 | 000,024,376 | ---- | C] () -- C:\Windows\System32\TALDM32A.dll
[2008.09.26 17:40:50 | 000,022,832 | ---- | C] () -- C:\Windows\System32\TALDM32.DLL
[2008.09.26 17:40:48 | 000,052,536 | ---- | C] () -- C:\Windows\System32\TAL12832.DLL
[2008.09.13 13:53:35 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2008.07.09 16:23:08 | 000,255,288 | ---- | C] () -- C:\Windows\System32\SBSPAIN3.DLL
[2008.07.09 16:22:28 | 000,075,576 | ---- | C] () -- C:\Windows\System32\ENCODE32.DLL
[2007.01.15 08:19:16 | 000,016,473 | ---- | C] () -- C:\Windows\System32\SELF32.INI
[2006.11.02 16:42:41 | 001,009,612 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:42:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:42:41 | 000,278,674 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:42:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:43 | 000,342,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,911,982 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,219,280 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.08.16 12:48:16 | 000,036,864 | ---- | C] () -- C:\Windows\System32\OrdMen.dll
[2005.08.16 12:48:14 | 000,081,920 | ---- | C] () -- C:\Windows\System32\SOFFICK2.dll
[2005.08.16 12:47:52 | 000,045,056 | ---- | C] () -- C:\Windows\System32\SBSPAIN2.DLL
[2005.08.16 12:47:52 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SBSPAINT.DLL
[2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2003.09.24 11:42:12 | 000,000,093 | ---- | C] () -- C:\Windows\tm.ini
[2003.09.24 10:42:00 | 000,000,093 | ---- | C] () -- C:\Windows\System32\tm.ini
[2001.05.07 14:51:42 | 000,001,091 | ---- | C] () -- C:\Windows\PCDBAudit.ini
[1999.08.26 14:50:36 | 000,020,480 | ---- | C] () -- C:\Windows\System32\ddma32.dll
[1999.01.19 14:18:30 | 000,110,080 | ---- | C] () -- C:\Windows\System32\LFPNG60N.DLL
[1999.01.19 14:18:30 | 000,046,080 | ---- | C] () -- C:\Windows\System32\LFTIF60N.DLL
[1999.01.19 14:18:30 | 000,043,008 | ---- | C] () -- C:\Windows\System32\LTFIL60N.DLL
[1999.01.19 14:18:30 | 000,020,480 | ---- | C] () -- C:\Windows\System32\LFPSD60N.DLL
[1999.01.19 14:18:30 | 000,019,968 | ---- | C] () -- C:\Windows\System32\LFTGA60N.DLL
[1999.01.19 14:18:30 | 000,019,456 | ---- | C] () -- C:\Windows\System32\LFWPG60N.DLL
[1999.01.19 14:18:30 | 000,019,456 | ---- | C] () -- C:\Windows\System32\LFWMF60N.DLL
[1999.01.19 14:18:28 | 000,176,128 | ---- | C] () -- C:\Windows\System32\LFFAX60N.DLL
[1999.01.19 14:18:28 | 000,141,824 | ---- | C] () -- C:\Windows\System32\LFCMP60N.DLL
[1999.01.19 14:18:28 | 000,023,552 | ---- | C] () -- C:\Windows\System32\LFPCX60N.DLL
[1999.01.19 14:18:28 | 000,022,528 | ---- | C] () -- C:\Windows\System32\LFPCT60N.DLL
[1999.01.19 14:18:28 | 000,022,528 | ---- | C] () -- C:\Windows\System32\LFEPS60N.DLL
[1999.01.19 14:18:28 | 000,022,016 | ---- | C] () -- C:\Windows\System32\LFBMP60N.DLL
[1999.01.19 14:18:28 | 000,018,432 | ---- | C] () -- C:\Windows\System32\LFMSP60N.DLL
[1999.01.19 14:18:28 | 000,017,920 | ---- | C] () -- C:\Windows\System32\LFMAC60N.DLL
[1998.05.07 13:10:16 | 000,069,632 | ---- | C] () -- C:\Windows\System32\ODMA32.DLL
[1995.05.19 10:13:00 | 000,005,440 | ---- | C] () -- C:\Windows\System32\WINDVS16.DLL
[1995.02.14 23:11:00 | 000,017,920 | ---- | C] () -- C:\Windows\System32\IMPLODE.DLL
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.12.25 18:07:00 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Adobe
[2009.05.22 16:09:45 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Ahead
[2009.09.13 12:26:18 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Apple Computer
[2011.07.21 14:19:41 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\DATEV
[2010.10.06 20:17:09 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\DivX
[2010.05.13 13:14:32 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\DMS
[2008.12.31 12:36:21 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Google
[2009.05.18 19:35:41 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Help
[2008.12.20 12:32:22 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Identities
[2010.07.26 11:12:22 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\InstallShield
[2009.02.01 13:50:16 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\KeePass
[2009.05.22 09:15:59 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Logitech
[2008.12.23 13:51:17 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Macromedia
[2012.02.11 19:42:31 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Malwarebytes
[2011.07.01 12:53:27 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\McAfee
[2009.06.24 07:56:49 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\MGS
[2011.03.24 15:16:46 | 000,000,000 | --SD | M] -- D:\Benutzer\Chef\AppData\Roaming\Microsoft
[2009.02.01 13:57:41 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Mozilla
[2009.02.08 14:01:44 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Notepad++
[2009.10.21 07:36:38 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\phonostar GmbH
[2009.11.20 10:17:38 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\phonostar-Player
[2008.12.20 12:54:12 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\T-Online
[2008.12.29 16:14:42 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\TuneUp Software
 
< %APPDATA%\*.exe /s >
[2008.12.25 17:36:29 | 000,025,214 | R--- | M] () -- D:\Benutzer\Chef\AppData\Roaming\Microsoft\Installer\{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}\_52312b2a.exe
[2011.11.08 18:59:33 | 000,347,088 | ---- | M] (Ask.com) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\toolbar@ask.com\chrome\content\NeroApplicationManager.exe
[2011.03.24 09:49:20 | 002,844,552 | ---- | M] (Ask.com                                                      ) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
[2011.07.27 16:32:14 | 012,727,952 | ---- | M] (                                                            ) -- D:\Benutzer\Chef\AppData\Roaming\phonostar GmbH\phonostar-Player\update.exe
[1 D:\Benutzer\Chef\AppData\Roaming\phonostar GmbH\phonostar-Player\*.tmp files -> D:\Benutzer\Chef\AppData\Roaming\phonostar GmbH\phonostar-Player\*.tmp -> ]
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.11.27 22:02:08 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.11.27 22:02:08 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.11.27 22:02:08 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2010.03.05 10:25:58 | 000,043,520 | ---- | M] (Panasonic Corporation) MD5=5DC962B15A2057814728D2BDE118BE07 -- C:\Program Files\Panasonic\PHOTOfunSTUDIO 5.1 HD\Core\EventLog\EventLog.dll
[2010.03.05 10:25:58 | 000,043,520 | ---- | M] (Panasonic Corporation) MD5=5DC962B15A2057814728D2BDE118BE07 -- C:\Program Files\Panasonic\PHOTOfunSTUDIO 5.1 HD\Core\Spec\AVCHD\BDCore\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.11.27 21:49:57 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.11.27 21:49:57 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >

Angela_64 13.02.2012 11:17
Und hier das zweite log, weil nicht alles in einen Post gepasst hat.

Extras.txt:
uuups - brauch ma ja gar ned...


Gruß
Angela

cosinus 13.02.2012 13:00
Zitat:
(DATEV eG) -- F:\DATEV\SYSTEM\Nuko\NKWLOGIN.exe
Ist das ein gewerblich genutzer Rechner?

Angela_64 13.02.2012 13:47
Der wird u.a. fürs Büro benutzt.

Gruß
Angela

cosinus 13.02.2012 13:54
Bei Bürorechnern solltest du überlegen ob du einen derartigen Kompromiss überhaupt eingehen willst.
Wieso habt ihr keinen EDV-Support für einen gewerblich genutzeten Rechner, der im Büro steht?

Angela_64 13.02.2012 13:55
Weil ich das bisher immer ganz gut alleine hinbekommen habe...

Welchen Kompromiss?

cosinus 13.02.2012 14:16
Zitat:
Weil ich das bisher immer ganz gut alleine hinbekommen habe...
Wir sprechen hier aber nicht mehr von einer Homeumgebung wo im schlimmsten Fall man seinen Status via Facebook nicht mehr der Welt mitteilen kann.
Ich glaube dein Rechner ist schon ein fast unverzichtbares Hilfsmittel geworden oder kannst du dir einen Ausfall leisten und dann dich selbst um alles kümmern, während die andere Arbeit liegen bleibt? Kundenbetreuuung etc.? Na ich weiß nicht.

Zitat:
Welchen Kompromiss?
Eine Bereinigung ist nur ein Kompromiss! Infizierte Bürorechner sollte man vorrangig plätten und neu installieren wenn es geht, nur im Notfall bereinigen. Hast du denn da überhaupt Zeit für, eine Bereinigung kann schon länger dauern, und dein Tagesgeschäft steht dann still? :confused:


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:38 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131