Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   FakeAlert gbR und SystemCheck auf Windows Vista (https://www.trojaner-board.de/109685-fakealert-gbr-systemcheck-windows-vista.html)

Angela_64 12.02.2012 12:46
FakeAlert gbR und SystemCheck auf Windows Vista
 
Hallo, liebes Team,

gestern nachmittag am Rechner hat ein Programm hat ein Programm "chromeupdater" nach Administrator-Rechten gefragt. Nachdem ich das Programm nicht kenne, habe ich versucht, die Aufforderung wegzuklicken. Das hat mehrmals nicht funktioniert. Dann haben sich plötzlich alle Programme geschlossen und der Rechner ist neu gestartet. Nach dem Neustart war der Bildschirm schwarz, die Desktopsymbole und die Schnellstartleiste waren verschwunden und ein SystemCheck hat sich gestartet. Dieser SystemCheck hat angeblich alle möglichen Probleme mit Laufwerk C: und Speicherplatz gefunden. Die Aufforderung zum Bereinigen habe ich nicht angeklickt.

Ich habe dann nachfolgende Aktionen ausgeführt:
1. Systemwiederherstellung deaktiviert
2. McAfee Stinger installiert und laufen lassen. Das Programm hat vier infizierte Files gefunden und gelöscht.
Nachdem aber der Bildschirm weiterhin schwarz war und alle anderen Symptome ebenfalls nicht verschwunden sind, habe ich
3. Malwarebytes installiert und einen Quick-Scan durchgeführt. Das Programm hat zwei infizierte Objekte gefunden, die es entfernt hat.
4. TDSSKiller geladen und ausgeführt - ohne Befund
5. Malwarebytes Vollscan - ohn Befund
6. unhide geladen und ausgeführt - beim ersten Mal ohne Auswirkungen, dann ein zweites Mal mit stillgelegtem Virenscanner laufen lassen - ebenfalls ohne Änderung.
7. defogger - ohne Fehlermeldung
8. dds.txt:
Code:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19170  BrowserJavaVersion: 1.6.0_26
Run by Chef at 9:58:19 on 2012-02-12
Microsoft® Windows Vista™ Business  6.0.6002.2.1252.49.1031.18.3327.1517 [GMT 1:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\SYSTEM32\taskeng.exe
F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.UserSession.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\bgsvcgen.exe
C:\Windows\system32\conime.exe
F:\DATEV\PROGRAMM\B0001364\DtvScSer.exe
F:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe
F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
F:\DATEV\PROGRAMM\B0000150\ScWTS\DVCCSAWTSSetEntryNTE.exe
F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardManager.exe
F:\DATEV\PROGRAMM\Install\DvInesASDMon.Exe
C:\Program Files\Acronis\DriveMonitor\adm_tray.exe
F:\DATEV\PROGRAMM\B0000398\SiPaHost.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
F:\DATEV\PROGRAMM\Sws\LiMaServer.exe
F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
F:\DATEV\SYSTEM\rzpjwtch.exe
C:\Program Files\Netzmanager\netzmanager.exe
F:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE
F:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
F:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe
F:\DATEV\PROGRAMM\B0000404\msdisrv.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardService.exe
F:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
F:\DATEV\PROGRAMM\SWS\LiMaService.exe
C:\Windows\system32\wbem\wmiprvse.exe
F:\DATEV\PROGRAMM\B0001363\SCmIdentityScanner.exe
F:\DATEV\PROGRAMM\K0005003\Datev.Sdd.DataServer.exe
F:\DATEV\SYSTEM\NUKO\NKWLOGIN.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
F:\DATEV\PROGRAMM\K0008006\Datev.EO.Synchronization.Daemon.Launcher.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.datev.de/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - c:\program files\winload\tbWinl.dll
mURLSearchHooks: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - c:\program files\winload\tbWinl.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - c:\program files\winload\tbWinl.dll
BHO: {557F4852-8868-44dd-B5E9-9890AC4B1FD5} - No File
BHO: DtvIePwdSafeBHO Class: {6ef6b546-25fb-455b-801f-fdb3b3d39f9e} - f:\datev\programm\b0000397\DtvIePwdSafe.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: SCardBHOEvent Class: {af8cd625-e04a-4a8f-a90a-0c74846c2e30} - f:\datev\system\DVCCSAScardBHO002.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: DMS Schnellsuche: {bbfc5b4d-6bcd-4f13-ad6e-f6364f9dc621} - mscoree.dll
TB: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - c:\program files\winload\tbWinl.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [KeePass Password Safe] "c:\program files\keepass password safe\KeePass.exe"
uRun: [Datev.Arbeitsplatz.Scheduler.exe] f:\datev\programm\k0005000\Datev.Arbeitsplatz.Scheduler.exe
uRun: [DFÜ-Sammler] f:\datev\programm\rzkomm\ccsrv2.exe /SammlerEin /Delay 30
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [ScreenManager Pro for LCD] c:\program files\eizo\screenmanager pro for lcd\Lcdctrl.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DLPSP] "c:\program files\dell printers\additional color laser software\status monitor\DLPSP.EXE"
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [DVCCSAWTSSetEntryNTE] f:\datev\programm\b0000150\scwts\DVCCSAWTSSetEntryNTE.exe
mRun: [DATEV_SCardMan] f:\datev\programm\b0000347\scmgmt\ScardManager.exe
mRun: [DATEV Update-Monitor] "f:\datev\programm\install\DvInesASDMon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Skytel] Skytel.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [adm_tray.exe] c:\program files\acronis\drivemonitor\adm_tray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SiPaHost] f:\datev\programm\b0000398\sipahost.exe f:\datev\konfig\B0000398
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
StartupFolder: d:\benutzer\chef\appdata\roaming\micros~1\windows\startm~1\programs\startup\cd-menu.lnk - e:\MENU.exe
StartupFolder: d:\benutzer\chef\appdata\roaming\microsoft\windows\start menu\programs\startup\VIWAS - USB Scanner.url
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\basiss~1.lnk - f:\datev\programm\bsoffice\service\OfficeDiag.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\datev-~1.lnk - f:\datev\programm\a0000007\DHNC.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\df-man~1.lnk - f:\datev\programm\b0000000\dfuemngr\DfueMan.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\lizenz~1.lnk - f:\datev\programm\sws\LiMaServer.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rz-dru~1.lnk - f:\datev\system\rzpjwtch.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\skyuse~1.lnk - f:\datev\programm\b0001401\UpdateDevmode.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: An OneNote s&enden - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: adac.de\www
Trusted Zone: dell.com\support.euro
Trusted Zone: deutschepost.de\stampitweb
Trusted Zone: localhost
Trusted Zone: t-online.de\email
Trusted Zone: top20free.de\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.123.1
TCP: Interfaces\{5D50606D-CA42-4B5F-A889-FD51BCAB22AA} : DhcpNameServer = 192.168.123.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {ADD9AEE8-B916-4CD6-A04B-9386DF90D594} - msiexec /fus {ADD9AEE8-B916-4CD6-A04B-9386DF90D594} /quiet
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\benutzer\chef\appdata\roaming\mozilla\firefox\profiles\pcwqv1rc.default\
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npideapl.dll
FF - plugin: c:\program files\phonostar-player\npphonostarDetectNP.dll
FF - plugin: f:\datev\programm\a0000015\npdvbm.dll
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-12-20 40368]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-2-1 475704]
R2 DATEV Logon Service;DATEV Logon Service;f:\datev\programm\b0001364\DtvScSer.exe [2010-9-3 406112]
R2 DATEV Update-Service;DATEV Update-Service;f:\datev\programm\install\DvInesASDSvc.Exe [2011-7-25 172640]
R2 DATEV ViwasClientService;DATEV ViwasClientService;f:\datev\programm\viwas\Datev.Viwas.ClientService.exe [2011-9-6 63488]
R2 Datev.Framework.RemoteServiceModel.EnablerService;DATEV DFL-Service-Manager;f:\datev\system\datev.framework.remoteservicemodel.genericservice2010.exe datev.framework.remoteservicemodel.enablerservice -svcrunlevel=9999 --> f:\datev\system\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 [?]
R2 DatevPrintService;DATEV Druckservice;f:\datev\programm\b0001442\PSNTServ.exe [2010-12-8 79872]
R2 Dcmanag;DATEV DFÜ-System Dienst;f:\datev\programm\b0000000\dfuemngr\DcManag.exe [2011-11-4 176128]
R2 DLSDB;Dell Printer Status Database;c:\program files\dell printers\additional color laser software\status monitor\dlsdbnt.exe [2009-3-7 140184]
R2 DVckService;DVckService;f:\datev\programm\b0000150\scserver\DVckService.exe [2008-9-13 2409056]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-11-30 21504]
R2 KOBIL_MSDI;KOBIL_MSDI;f:\datev\programm\b0000404\msdisrv.exe [2010-8-25 194144]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2010-8-25 22816]
R2 McAfeeFramework;McAfee Framework-Dienst;c:\program files\mcafee\common framework\FrameworkService.exe [2009-8-25 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2010-8-25 147984]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2010-8-25 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-2-1 159608]
R2 msftesql$DATEV_CL_DE01;SQL Server-Volltextsuche (DATEV_CL_DE01);c:\program files\microsoft sql server\mssql.4\mssql\binn\msftesql.exe [2010-3-26 91992]
R2 msftesql$DATEV_SV_DE01;SQL Server-Volltextsuche (DATEV_SV_DE01);c:\program files\microsoft sql server\mssql.1\mssql\binn\msftesql.exe [2010-3-26 91992]
R2 MSSQL$DATEV_CL_DE01;SQL Server (DATEV_CL_DE01);c:\program files\microsoft sql server\mssql.4\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 MSSQL$DATEV_SV_DE01;SQL Server (DATEV_SV_DE01);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\program files\netzmanager\nminfrais2\Netzmanager_Service.exe [2010-3-22 9728]
R2 SC_Serv3D;SC_Serv3D;c:\windows\system32\drivers\d3_kafm.sys [2011-7-19 75320]
R2 SCardService;DATEV SmartCard Service;f:\datev\programm\b0000347\scmgmt\SCardService.exe [2010-9-22 292960]
R2 Sicherheitspaket-Dienst;Sicherheitspaket-Dienst;f:\datev\programm\b0000398\sipahostservice.exe f:\datev\konfig\b0000398 --> f:\datev\programm\b0000398\sipahostservice.exe f:\datev\konfig\B0000398 [?]
R3 Datev.Database.Conserve;DATEV Connection Service;f:\datev\system\datev.framework.remoteservicemodel.genericservice2010.exe datev.database.conserve svcrunlevel=1000 --> f:\datev\system\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [?]
R3 Datev.Framework.RemoteServices.Messaging.CentralMessagingService;DATEV Messaging-Service;f:\datev\system\datev.framework.remoteservicemodel.genericservice2010.exe datev.framework.remoteservices.messaging.centralmessagingservice -svcrunlevel=1000 --> f:\datev\system\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices.Messaging.CentralMessagingService -SvcRunLevel=1000 [?]
R3 KOBCCEX;KOBCCEX;c:\windows\system32\drivers\KOBCCEX.sys [2009-10-8 23424]
R3 KOBCCID;KOBCCID;c:\windows\system32\drivers\KOBCCID.sys [2009-10-8 84352]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-2-1 91896]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-2-1 43192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9889db9b3521a;Google Update Service (gupdate1c9889db9b3521a);c:\program files\google\update\GoogleUpdate.exe [2009-2-6 133104]
S3 Datev.Framework.RemoteServices;DATEV DFL Infrastruktur-Dienst;f:\datev\system\datev.framework.remoteservicemodel.genericservice2010.exe datev.framework.remoteservices -svcrunlevel=1000 --> f:\datev\system\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 [?]
S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\system32\drivers\DslTestSp5.sys [2008-11-27 26816]
S3 DVDFUEavmnwapi;DATEV DFÜ-Erweiterung-Zugriffssteuerung;"f:\datev\programm\b0000303\extranet\dvdfueavmnwapi.exe" --> f:\datev\programm\b0000303\extranet\DVDFUEavmnwapi.exe [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-6 133104]
S3 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run --> c:\windows\system32\hasplms.exe  -run [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-2-1 87656]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-12-10 7808]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-11 18:42:31        --------        d-----w-        d:\benutzer\chef\appdata\roaming\Malwarebytes
2012-02-11 18:42:22        --------        d-----w-        c:\programdata\Malwarebytes
2012-02-11 18:42:20        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-02-11 18:42:19        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-02-11 17:59:01        14664        ----a-w-        c:\windows\stinger.sys
2012-02-11 17:40:39        --------        d-----w-        c:\program files\stinger
2012-02-11 16:11:08        --------        d-----w-        C:\Quarantäne
2012-02-01 17:52:33        23864        ----a-w-        c:\program files\mozilla firefox\components\Scriptff.dll
2012-02-01 17:52:32        91896        ----a-w-        c:\windows\system32\drivers\mfeavfk.sys
2012-02-01 17:52:32        87656        ----a-w-        c:\windows\system32\drivers\mferkdet.sys
2012-02-01 17:52:32        76024        ----a-w-        c:\windows\system32\drivers\mfeapfk.sys
2012-02-01 17:52:32        43192        ----a-w-        c:\windows\system32\drivers\mfebopk.sys
2012-02-01 17:52:31        64208        ----a-w-        c:\windows\system32\drivers\mfetdik.sys
2012-02-01 17:52:31        475704        ----a-w-        c:\windows\system32\drivers\mfehidk.sys
2012-02-01 17:52:31        159608        ----a-w-        c:\windows\system32\mfevtps.exe
2012-02-01 17:51:41        --------        d-----w-        c:\program files\McAfee
2012-01-31 06:22:49        440192        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-01-31 06:22:49        278528        ----a-w-        c:\windows\system32\schannel.dll
2012-01-31 06:22:49        1259008        ----a-w-        c:\windows\system32\lsasrv.dll
2012-01-31 06:22:48        9728        ----a-w-        c:\windows\system32\lsass.exe
2012-01-31 06:22:48        72704        ----a-w-        c:\windows\system32\secur32.dll
2012-01-31 06:22:48        377344        ----a-w-        c:\windows\system32\winhttp.dll
.
==================== Find3M  ====================
.
2012-02-01 09:38:34        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-28 09:19:26        467968        ------w-        c:\windows\system32\rsct_ot.ocx
2011-11-25 15:59:48        376320        ----a-w-        c:\windows\system32\winsrv.dll
2011-11-23 13:37:27        2043904        ----a-w-        c:\windows\system32\win32k.sys
2011-11-18 20:23:34        1205064        ----a-w-        c:\windows\system32\ntdll.dll
2011-11-18 17:47:03        66560        ----a-w-        c:\windows\system32\packager.dll
2011-04-21 14:33:38        2897408        ----a-w-        c:\program files\EPortoInstaller2010_v2.1.msi
2011-04-21 14:33:30        436736        ----a-w-        c:\program files\setup.exe
.
============= FINISH:  9:59:53,55 ===============
attach.txt:
Code:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume1
Install Date: 13.09.2008 14:55:19
System Uptime: 12.02.2012 09:02:17 (0 hours ago)
.
Motherboard: FUJITSU SIEMENS |  | MS-7379VP
Processor: Intel(R) Core(TM)2 Quad  CPU  Q9300  @ 2.50GHz | CPU 1 | 2003/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 82,537 GiB free.
D: is FIXED (NTFS) - 206 GiB total, 103,851 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 144 GiB total, 84,977 GiB free.
G: is FIXED (NTFS) - 463 GiB total, 371,469 GiB free.
P: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
ACL 9
Acronis Drive Monitor
Acronis*True*Image*Home
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.2 - Deutsch
Adobe Reader 9.5.0 - Deutsch
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Arbeitsblätter Leporello 1
Audible Download Manager
Avanquest update
Avery Wizard 4.0
B1315AppGuid
Bonjour
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Crystal Reports Runtime XI
DATEV Belegtransfer V.3.11
DATEV Infragistics Runtime V.3.2
DATEV Installation V.2.9
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell-Druckersoftware
Dell MFP Laser 3115cn Dienstprogramme Ver.1.0.1.0
Dell MFP Laser 3115cn ScanButton-Manager Ver.1.1.0.0
Dell MFP Laser 3115cn Scanner-Treiber Ver.1.1.6.0
Deutsche Post E-Porto
Dialogseminar online V.3.0
flatster
Formularpraxis - Verlag Dr. Otto Schmidt
GeoSetter 3.3.60
GmbHR
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hardcopy (C:\Program Files\Hardcopy)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCloud
iPhone-Konfigurationsprogramm
iTunes
Java Auto Updater
Java(TM) 6 Update 17
Java(TM) 6 Update 18
Java(TM) 6 Update 26
KeeForm 2.01
KeePass Password Safe 1.17
KhalInstallWrapper
kobdfu x64x86 driver installation
KOBIL CCID driver x64x86
Logitech SetPoint
Malwarebytes Anti-Malware Version 1.60.1.1000
McAfee Agent
McAfee AntiSpyware Enterprise Module
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended DEU Language Pack
Microsoft Access 2002 Runtime
Microsoft Office 2010 Primary Interop Assemblies
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (German) 2010
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005-Abwärtskompatibilität
Microsoft SQL Server 2005 (DATEV_CL_DE01)
Microsoft SQL Server 2005 (DATEV_SV_DE01)
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XML Parser
MobileMe Control Panel
Motorola Phone Tools
Mozilla Firefox 10.0 (x86 de)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Nero 7 Essentials
Nero BurnLite 10
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
neroxml
Netzmanager
Notepad++
NVIDIA Drivers
Paragon Partition Manager 9.0 Personal
phonostar-Player Version 3.02.4
PHOTOfunSTUDIO 5.1 HD Edition
QuickTime
Realtek High Definition Audio Driver
Safari
ScreenManager Pro for LCD
Secunia PSI
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
SolveigMM AVI Trimmer
Spelling Dictionaries Support For Adobe Reader 9
SQLXML4
Stampit Home
TuneUp Utilities 2008
Unlocker 1.8.7
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Visual C++ 9.0 CRT (x86) WinSXS MSM
VLC media player 1.1.4
WeihnachtsTheme
Winload Toolbar
.
==== End Of File ===========================
9. GMER im abgesicherten Modus laufen lassen (anders hat es sich nicht starten lassen)

GMER.txt:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-12 11:31:44
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD1002FAEX-00Z3A0 rev.05.01D05
Running: w1fygi1p.exe; Driver: D:\Benutzer\Chef\AppData\Local\Temp\uxddqpod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                      mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                        hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                        tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                        timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

Device          \Driver\aksusb \Device\00000071                                              AKSCLASS.SYS (Aladdin Class Driver/Aladdin Knowledge Systems Ltd.)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                        hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                        tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                        timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                        hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                        tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                        timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                        hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                        tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                        timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                        hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                        tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                        timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\tdx \Device\Udp                                                      mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \FileSystem\fastfat \Fat                                                      fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SOFTWARE\Classes\CLSID\{64A3D41B-61A5-4834-9A42-FDE1C37B0005}@EditFlags  3

---- EOF - GMER 1.0.15 ----

Ich hoffe, ich habe das jetzt alles richtig gemacht mit den TXT.Files...

Meine Fragen sind nun:
- Ist das System jetzt wieder sauber oder muß ich noch weitere Bereinigungen durchführen?
- Welche der runtergeladenen Programme kann ich guten Gewissens wieder löschen?
- Muss ich sicherheitshalber alle meine Passwörter neu vergeben?
- Wie kann so ein Trojaner das System angreifen wenn ich nie mit Administratorrechten arbeite und im Hintergrund der McAfee Virenscanner läuft, der täglich mindestens zweimal auf Aktualisierungen zugreift. Außerdem bin ich - zumindest bewußt - nicht auf irgendwelchen "wilden Seiten" unterwegs. Emails aus unbekannten Quellen werden sofort gelöscht und Anhänge machen ich auch nicht nach Belieben auf.

Vielen Dank schon mal für Euere Hilfe
Angela

cosinus 12.02.2012 15:51
Zitat:
3. Malwarebytes installiert und einen Quick-Scan durchgeführt. Das Programm hat zwei infizierte Objekte gefunden, die es entfernt hat.
4. TDSSKiller geladen und ausgeführt - ohne Befund
5. Malwarebytes Vollscan - ohn Befund
Bitte auch davon alle Logs posten!!

Angela_64 12.02.2012 16:13
Hallo Arne,

hier sind die logs:

Malwarebytes Quick-Scan:
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.11.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Chef :: CALLAS [Administrator]

11.02.2012 19:43:41
mbam-log-2012-02-11 (19-43-41).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 261397
Laufzeit: 13 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
D:\Benutzer\XXX\AppData\Local\Temp\1CCC.tmp (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Benutzer\XXX\AppData\Local\Temp\chromeupdtr.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Benutzer\XXX\AppData\Local\Temp\ddSrHDXHvZXSqi.exe.tmp (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Malwarebytes Vollscan
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.11.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Chef :: CALLAS [Administrator]

11.02.2012 21:51:32
mbam-log-2012-02-11 (21-51-32).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 549233
Laufzeit: 2 Stunde(n), 54 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Und für den TDSSKiller finde ich leider kein Log :-(
Wenn ich auf Report gehe, sehe ich Systeminfo von jetzt, kann den Report aber auch nicht kopieren. Soll ich den nochmals laufen lassen?

Danke
Angela

cosinus 12.02.2012 16:15
Das passiert wenn du einfach Tools ausführt wenn man dich nciht angewiesen hat diese auszuführen.

Ich poste VOR dem Einsatz von TDSS immer das hier:
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Angela_64 12.02.2012 16:26
Habs gefunden :-)

Code:
21:49:42.0667 7336        TDSS rootkit removing tool 2.7.11.0 Feb  9 2012 10:12:57
21:49:43.0046 7336        ============================================================
21:49:43.0046 7336        Current date / time: 2012/02/11 21:49:43.0046
21:49:43.0046 7336        SystemInfo:
21:49:43.0047 7336       
21:49:43.0047 7336        OS Version: 6.0.6002 ServicePack: 2.0
21:49:43.0047 7336        Product type: Workstation
21:49:43.0047 7336        ComputerName: CALLAS
21:49:43.0047 7336        UserName: Chef
21:49:43.0047 7336        Windows directory: C:\Windows
21:49:43.0047 7336        System windows directory: C:\Windows
21:49:43.0047 7336        Processor architecture: Intel x86
21:49:43.0047 7336        Number of processors: 4
21:49:43.0047 7336        Page size: 0x1000
21:49:43.0047 7336        Boot type: Normal boot
21:49:43.0047 7336        ============================================================
21:49:43.0981 7336        Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:49:43.0984 7336        Drive \Device\Harddisk1\DR1 - Size: 0x3F380000 (0.99 Gb), SectorSize: 0x200, Cylinders: 0x80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:49:43.0985 7336        \Device\Harddisk0\DR0:
21:49:43.0985 7336        MBR used
21:49:43.0985 7336        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEEE596A
21:49:43.0985 7336        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xEEE59A9, BlocksNum 0x19B2DD56
21:49:44.0002 7336        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x28A1373E, BlocksNum 0x11F10BB2
21:49:44.0018 7336        \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3A92432F, BlocksNum 0x39DE1692
21:49:44.0018 7336        \Device\Harddisk1\DR1:
21:49:44.0019 7336        MBR used
21:49:44.0104 7336        Initialize success
21:49:44.0104 7336        ============================================================
21:49:50.0567 8056        ============================================================
21:49:50.0567 8056        Scan started
21:49:50.0567 8056        Mode: Manual;
21:49:50.0567 8056        ============================================================
21:49:51.0225 8056        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:49:51.0227 8056        ACPI - ok
21:49:51.0263 8056        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:49:51.0266 8056        adp94xx - ok
21:49:51.0289 8056        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:49:51.0291 8056        adpahci - ok
21:49:51.0304 8056        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:49:51.0305 8056        adpu160m - ok
21:49:51.0319 8056        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:49:51.0320 8056        adpu320 - ok
21:49:51.0349 8056        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:49:51.0351 8056        AFD - ok
21:49:51.0373 8056        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
21:49:51.0373 8056        agp440 - ok
21:49:51.0391 8056        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:49:51.0392 8056        aic78xx - ok
21:49:51.0422 8056        aksfridge      (730e9d3bb324fb1899005aea63c6782d) C:\Windows\system32\drivers\aksfridge.sys
21:49:51.0425 8056        aksfridge - ok
21:49:51.0449 8056        akshasp        (64fc197d24a2b240598f29ce0a6660c0) C:\Windows\system32\DRIVERS\akshasp.sys
21:49:51.0451 8056        akshasp - ok
21:49:51.0470 8056        aksusb          (cce6c56f18d214de8d66f3f2a774cd5b) C:\Windows\system32\DRIVERS\aksusb.sys
21:49:51.0471 8056        aksusb - ok
21:49:51.0484 8056        aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
21:49:51.0485 8056        aliide - ok
21:49:51.0504 8056        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
21:49:51.0504 8056        amdagp - ok
21:49:51.0522 8056        amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
21:49:51.0523 8056        amdide - ok
21:49:51.0540 8056        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:49:51.0541 8056        AmdK7 - ok
21:49:51.0556 8056        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
21:49:51.0557 8056        AmdK8 - ok
21:49:51.0574 8056        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:49:51.0575 8056        arc - ok
21:49:51.0593 8056        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:49:51.0595 8056        arcsas - ok
21:49:51.0645 8056        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:49:51.0646 8056        AsyncMac - ok
21:49:51.0663 8056        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:49:51.0663 8056        atapi - ok
21:49:51.0700 8056        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:49:51.0700 8056        Beep - ok
21:49:51.0714 8056        blbdrive - ok
21:49:51.0751 8056        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:49:51.0752 8056        bowser - ok
21:49:51.0778 8056        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:49:51.0779 8056        BrFiltLo - ok
21:49:51.0793 8056        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:49:51.0794 8056        BrFiltUp - ok
21:49:51.0813 8056        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:49:51.0814 8056        Brserid - ok
21:49:51.0832 8056        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:49:51.0833 8056        BrSerWdm - ok
21:49:51.0851 8056        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:49:51.0851 8056        BrUsbMdm - ok
21:49:51.0863 8056        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:49:51.0863 8056        BrUsbSer - ok
21:49:51.0880 8056        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:49:51.0880 8056        BTHMODEM - ok
21:49:51.0900 8056        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:49:51.0901 8056        cdfs - ok
21:49:51.0929 8056        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:49:51.0930 8056        cdrom - ok
21:49:51.0948 8056        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
21:49:51.0949 8056        circlass - ok
21:49:51.0986 8056        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:49:51.0988 8056        CLFS - ok
21:49:52.0004 8056        cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
21:49:52.0005 8056        cmdide - ok
21:49:52.0018 8056        Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
21:49:52.0018 8056        Compbatt - ok
21:49:52.0029 8056        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:49:52.0030 8056        crcdisk - ok
21:49:52.0048 8056        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:49:52.0049 8056        Crusoe - ok
21:49:52.0079 8056        CSC            (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
21:49:52.0082 8056        CSC - ok
21:49:52.0173 8056        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:49:52.0174 8056        DfsC - ok
21:49:52.0188 8056        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:49:52.0189 8056        disk - ok
21:49:52.0232 8056        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:49:52.0233 8056        drmkaud - ok
21:49:52.0261 8056        dsltestSp5      (c6b2e10cfe79169c72f0269087b9a603) C:\Windows\system32\Drivers\dsltestSp5.sys
21:49:52.0261 8056        dsltestSp5 - ok
21:49:52.0296 8056        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:49:52.0300 8056        DXGKrnl - ok
21:49:52.0318 8056        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:49:52.0319 8056        E1G60 - ok
21:49:52.0347 8056        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:49:52.0348 8056        Ecache - ok
21:49:52.0373 8056        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:49:52.0375 8056        elxstor - ok
21:49:52.0402 8056        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:49:52.0403 8056        exfat - ok
21:49:52.0418 8056        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:49:52.0420 8056        fastfat - ok
21:49:52.0436 8056        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:49:52.0437 8056        fdc - ok
21:49:52.0459 8056        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:49:52.0460 8056        FileInfo - ok
21:49:52.0509 8056        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:49:52.0510 8056        Filetrace - ok
21:49:52.0552 8056        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:49:52.0553 8056        flpydisk - ok
21:49:52.0563 8056        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:49:52.0565 8056        FltMgr - ok
21:49:52.0593 8056        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:49:52.0594 8056        Fs_Rec - ok
21:49:52.0614 8056        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:49:52.0615 8056        gagp30kx - ok
21:49:52.0642 8056        GEARAspiWDM    (df6e37b27a9a1a498c6d9f29995b7a03) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:49:52.0642 8056        GEARAspiWDM - ok
21:49:52.0686 8056        Hardlock        (a9d587e31dbee3e9bd97fefece0ba874) C:\Windows\system32\drivers\hardlock.sys
21:49:52.0690 8056        Hardlock - ok
21:49:52.0717 8056        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:49:52.0718 8056        HdAudAddService - ok
21:49:52.0744 8056        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:49:52.0748 8056        HDAudBus - ok
21:49:52.0765 8056        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:49:52.0766 8056        HidBth - ok
21:49:52.0788 8056        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:49:52.0789 8056        HidIr - ok
21:49:52.0805 8056        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:49:52.0806 8056        HidUsb - ok
21:49:52.0831 8056        hotcore3        (d308726110a6011514dcdfc6e3fc21f2) C:\Windows\system32\drivers\hotcore3.sys
21:49:52.0831 8056        hotcore3 - ok
21:49:52.0855 8056        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:49:52.0856 8056        HpCISSs - ok
21:49:52.0880 8056        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:49:52.0883 8056        HTTP - ok
21:49:52.0894 8056        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:49:52.0896 8056        i2omp - ok
21:49:52.0927 8056        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:49:52.0928 8056        i8042prt - ok
21:49:52.0950 8056        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:49:52.0952 8056        iaStorV - ok
21:49:52.0963 8056        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:49:52.0964 8056        iirsp - ok
21:49:53.0029 8056        IntcAzAudAddService (4c01298060cf930d26a75a86b874b6ae) C:\Windows\system32\drivers\RTKVHDA.sys
21:49:53.0043 8056        IntcAzAudAddService - ok
21:49:53.0074 8056        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:49:53.0075 8056        intelide - ok
21:49:53.0099 8056        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:49:53.0100 8056        intelppm - ok
21:49:53.0129 8056        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:49:53.0130 8056        IpFilterDriver - ok
21:49:53.0141 8056        IpInIp - ok
21:49:53.0152 8056        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:49:53.0153 8056        IPMIDRV - ok
21:49:53.0179 8056        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:49:53.0180 8056        IPNAT - ok
21:49:53.0223 8056        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:49:53.0224 8056        IRENUM - ok
21:49:53.0233 8056        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
21:49:53.0234 8056        isapnp - ok
21:49:53.0253 8056        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:49:53.0254 8056        iScsiPrt - ok
21:49:53.0263 8056        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:49:53.0264 8056        iteatapi - ok
21:49:53.0273 8056        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:49:53.0274 8056        iteraid - ok
21:49:53.0291 8056        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:49:53.0292 8056        kbdclass - ok
21:49:53.0313 8056        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:49:53.0314 8056        kbdhid - ok
21:49:53.0340 8056        KOBCCEX        (3fc4be9a867fb4fb2a2f33a3b8a60446) C:\Windows\system32\drivers\KOBCCEX.sys
21:49:53.0341 8056        KOBCCEX - ok
21:49:53.0357 8056        KOBCCID        (93c4f4a67d1e372e0d8d24392c53ca2b) C:\Windows\system32\drivers\KOBCCID.sys
21:49:53.0359 8056        KOBCCID - ok
21:49:53.0387 8056        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
21:49:53.0390 8056        KSecDD - ok
21:49:53.0449 8056        LEqdUsb        (70035567754bed4e6ad353ca3f175127) C:\Windows\system32\Drivers\LEqdUsb.Sys
21:49:53.0449 8056        LEqdUsb - ok
21:49:53.0469 8056        LHidEqd        (32491b6bae0afad1d7a62c0ef0af4321) C:\Windows\system32\Drivers\LHidEqd.Sys
21:49:53.0470 8056        LHidEqd - ok
21:49:53.0492 8056        LHidFilt        (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:49:53.0493 8056        LHidFilt - ok
21:49:53.0507 8056        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:49:53.0508 8056        lltdio - ok
21:49:53.0529 8056        LMouFilt        (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:49:53.0530 8056        LMouFilt - ok
21:49:53.0549 8056        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:49:53.0551 8056        LSI_FC - ok
21:49:53.0569 8056        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:49:53.0571 8056        LSI_SAS - ok
21:49:53.0590 8056        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:49:53.0591 8056        LSI_SCSI - ok
21:49:53.0610 8056        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:49:53.0611 8056        luafv - ok
21:49:53.0651 8056        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:49:53.0664 8056        megasas - ok
21:49:53.0709 8056        mfeapfk        (a8d2c54c2f71f5cba7ca2734341e57e6) C:\Windows\system32\drivers\mfeapfk.sys
21:49:53.0710 8056        mfeapfk - ok
21:49:53.0727 8056        mfeavfk        (28bb783d85df19e9e007e81daf40adcc) C:\Windows\system32\drivers\mfeavfk.sys
21:49:53.0729 8056        mfeavfk - ok
21:49:53.0746 8056        mfebopk        (8e43e242073e9db5aa165ebe273ffd09) C:\Windows\system32\drivers\mfebopk.sys
21:49:53.0747 8056        mfebopk - ok
21:49:53.0831 8056        mfehidk        (37800fbb68d88e3c3e49bb9c97233e87) C:\Windows\system32\drivers\mfehidk.sys
21:49:53.0834 8056        mfehidk - ok
21:49:53.0856 8056        mferkdet        (47c91e229b129047f0138011ddf9f92f) C:\Windows\system32\drivers\mferkdet.sys
21:49:53.0857 8056        mferkdet - ok
21:49:53.0875 8056        mfetdik        (78efa6fd2a486c476045eaa1d2f218b7) C:\Windows\system32\drivers\mfetdik.sys
21:49:53.0876 8056        mfetdik - ok
21:49:53.0896 8056        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:49:53.0897 8056        Modem - ok
21:49:53.0917 8056        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:49:53.0919 8056        monitor - ok
21:49:53.0940 8056        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:49:53.0941 8056        mouclass - ok
21:49:53.0953 8056        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:49:53.0954 8056        mouhid - ok
21:49:53.0972 8056        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:49:53.0972 8056        MountMgr - ok
21:49:53.0988 8056        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:49:53.0990 8056        mpio - ok
21:49:54.0007 8056        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:49:54.0009 8056        mpsdrv - ok
21:49:54.0021 8056        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:49:54.0022 8056        Mraid35x - ok
21:49:54.0041 8056        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:49:54.0042 8056        MRxDAV - ok
21:49:54.0059 8056        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:49:54.0062 8056        mrxsmb - ok
21:49:54.0086 8056        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:49:54.0088 8056        mrxsmb10 - ok
21:49:54.0099 8056        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:49:54.0100 8056        mrxsmb20 - ok
21:49:54.0109 8056        msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
21:49:54.0110 8056        msahci - ok
21:49:54.0121 8056        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:49:54.0123 8056        msdsm - ok
21:49:54.0141 8056        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:49:54.0142 8056        Msfs - ok
21:49:54.0177 8056        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:49:54.0178 8056        msisadrv - ok
21:49:54.0207 8056        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:49:54.0208 8056        MSKSSRV - ok
21:49:54.0239 8056        msloop          (0a562f61d84bf1988e4dd6413b76c1d4) C:\Windows\system32\DRIVERS\loop.sys
21:49:54.0240 8056        msloop - ok
21:49:54.0262 8056        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:49:54.0263 8056        MSPCLOCK - ok
21:49:54.0288 8056        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:49:54.0289 8056        MSPQM - ok
21:49:54.0304 8056        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:49:54.0306 8056        MsRPC - ok
21:49:54.0323 8056        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:49:54.0324 8056        mssmbios - ok
21:49:54.0344 8056        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:49:54.0345 8056        MSTEE - ok
21:49:54.0363 8056        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:49:54.0364 8056        Mup - ok
21:49:54.0402 8056        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:49:54.0403 8056        NativeWifiP - ok
21:49:54.0448 8056        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:49:54.0455 8056        NDIS - ok
21:49:54.0480 8056        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:49:54.0481 8056        NdisTapi - ok
21:49:54.0492 8056        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:49:54.0493 8056        Ndisuio - ok
21:49:54.0517 8056        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:49:54.0518 8056        NdisWan - ok
21:49:54.0536 8056        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:49:54.0537 8056        NDProxy - ok
21:49:54.0556 8056        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:49:54.0557 8056        NetBIOS - ok
21:49:54.0581 8056        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:49:54.0583 8056        netbt - ok
21:49:54.0617 8056        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:49:54.0618 8056        nfrd960 - ok
21:49:54.0632 8056        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:49:54.0634 8056        Npfs - ok
21:49:54.0652 8056        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:49:54.0653 8056        nsiproxy - ok
21:49:54.0675 8056        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:49:54.0682 8056        Ntfs - ok
21:49:54.0699 8056        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:49:54.0700 8056        ntrigdigi - ok
21:49:54.0720 8056        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:49:54.0721 8056        Null - ok
21:49:54.0843 8056        nvlddmkm        (977f4622c4f2152331a4f1aee78269dd) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:49:54.0889 8056        nvlddmkm - ok
21:49:54.0900 8056        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:49:54.0901 8056        nvraid - ok
21:49:54.0911 8056        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:49:54.0912 8056        nvstor - ok
21:49:54.0929 8056        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
21:49:54.0931 8056        nv_agp - ok
21:49:54.0939 8056        NwlnkFlt - ok
21:49:54.0950 8056        NwlnkFwd - ok
21:49:54.0973 8056        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:49:54.0974 8056        ohci1394 - ok
21:49:55.0021 8056        Parport        (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
21:49:55.0023 8056        Parport - ok
21:49:55.0033 8056        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:49:55.0034 8056        partmgr - ok
21:49:55.0050 8056        Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
21:49:55.0051 8056        Parvdm - ok
21:49:55.0074 8056        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:49:55.0076 8056        pci - ok
21:49:55.0085 8056        pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
21:49:55.0086 8056        pciide - ok
21:49:55.0104 8056        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:49:55.0105 8056        pcmcia - ok
21:49:55.0133 8056        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:49:55.0139 8056        PEAUTH - ok
21:49:55.0181 8056        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:49:55.0182 8056        PptpMiniport - ok
21:49:55.0192 8056        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:49:55.0193 8056        Processor - ok
21:49:55.0217 8056        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:49:55.0219 8056        PSched - ok
21:49:55.0233 8056        PSI            (2bd178004165081538baa6e67970254f) C:\Windows\system32\DRIVERS\psi_mf.sys
21:49:55.0234 8056        PSI - ok
21:49:55.0259 8056        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:49:55.0265 8056        ql2300 - ok
21:49:55.0276 8056        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:49:55.0279 8056        ql40xx - ok
21:49:55.0298 8056        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:49:55.0299 8056        QWAVEdrv - ok
21:49:55.0311 8056        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:49:55.0312 8056        RasAcd - ok
21:49:55.0332 8056        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:49:55.0334 8056        Rasl2tp - ok
21:49:55.0350 8056        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:49:55.0351 8056        RasPppoe - ok
21:49:55.0377 8056        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:49:55.0379 8056        RasSstp - ok
21:49:55.0401 8056        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:49:55.0403 8056        rdbss - ok
21:49:55.0417 8056        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:49:55.0418 8056        RDPCDD - ok
21:49:55.0469 8056        rdpdr          (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
21:49:55.0471 8056        rdpdr - ok
21:49:55.0488 8056        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:49:55.0489 8056        RDPENCDD - ok
21:49:55.0512 8056        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:49:55.0515 8056        RDPWD - ok
21:49:55.0547 8056        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:49:55.0548 8056        rspndr - ok
21:49:55.0566 8056        RTL8169        (17b1d7ce7af11fb24db1def9621c033b) C:\Windows\system32\DRIVERS\Rtlh86.sys
21:49:55.0569 8056        RTL8169 - ok
21:49:55.0584 8056        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:49:55.0586 8056        sbp2port - ok
21:49:55.0629 8056        SC_Serv3D      (c88132c1a5fa5281958669febf7e63cd) C:\Windows\system32\drivers\d3_kafm.sys
21:49:55.0630 8056        SC_Serv3D - ok
21:49:55.0667 8056        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:49:55.0668 8056        secdrv - ok
21:49:55.0690 8056        Serenum        (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
21:49:55.0691 8056        Serenum - ok
21:49:55.0710 8056        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
21:49:55.0712 8056        Serial - ok
21:49:55.0737 8056        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:49:55.0738 8056        sermouse - ok
21:49:55.0766 8056        sffdisk        (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
21:49:55.0767 8056        sffdisk - ok
21:49:55.0778 8056        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
21:49:55.0779 8056        sffp_mmc - ok
21:49:55.0796 8056        sffp_sd        (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
21:49:55.0798 8056        sffp_sd - ok
21:49:55.0812 8056        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:49:55.0813 8056        sfloppy - ok
21:49:55.0842 8056        SipIMNDI - ok
21:49:55.0864 8056        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
21:49:55.0865 8056        sisagp - ok
21:49:55.0875 8056        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:49:55.0876 8056        SiSRaid2 - ok
21:49:55.0888 8056        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:49:55.0890 8056        SiSRaid4 - ok
21:49:55.0915 8056        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:49:55.0917 8056        Smb - ok
21:49:55.0954 8056        snapman        (c3bf55189aa92b8f919108ef9e4accae) C:\Windows\system32\DRIVERS\snapman.sys
21:49:55.0955 8056        snapman - ok
21:49:55.0991 8056        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:49:55.0992 8056        spldr - ok
21:49:56.0026 8056        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:49:56.0028 8056        srv - ok
21:49:56.0072 8056        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:49:56.0074 8056        srv2 - ok
21:49:56.0148 8056        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:49:56.0149 8056        srvnet - ok
21:49:56.0189 8056        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:49:56.0190 8056        swenum - ok
21:49:56.0208 8056        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:49:56.0209 8056        Symc8xx - ok
21:49:56.0219 8056        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:49:56.0221 8056        Sym_hi - ok
21:49:56.0231 8056        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:49:56.0233 8056        Sym_u3 - ok
21:49:56.0279 8056        Tcpip          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:49:56.0285 8056        Tcpip - ok
21:49:56.0312 8056        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:49:56.0319 8056        Tcpip6 - ok
21:49:56.0345 8056        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:49:56.0346 8056        tcpipreg - ok
21:49:56.0366 8056        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:49:56.0368 8056        TDPIPE - ok
21:49:56.0383 8056        tdrpman        (3b7b6779eb231f731bba8f9fe67aadfc) C:\Windows\system32\DRIVERS\tdrpman.sys
21:49:56.0386 8056        tdrpman - ok
21:49:56.0405 8056        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:49:56.0406 8056        TDTCP - ok
21:49:56.0432 8056        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:49:56.0434 8056        tdx - ok
21:49:56.0458 8056        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:49:56.0459 8056        TermDD - ok
21:49:56.0478 8056        tifsfilter      (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys
21:49:56.0479 8056        tifsfilter - ok
21:49:56.0495 8056        timounter      (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys
21:49:56.0498 8056        timounter - ok
21:49:56.0529 8056        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:49:56.0530 8056        tssecsrv - ok
21:49:56.0571 8056        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:49:56.0572 8056        tunmp - ok
21:49:56.0603 8056        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:49:56.0604 8056        tunnel - ok
21:49:56.0621 8056        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:49:56.0623 8056        uagp35 - ok
21:49:56.0656 8056        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:49:56.0658 8056        udfs - ok
21:49:56.0697 8056        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
21:49:56.0699 8056        uliagpkx - ok
21:49:56.0723 8056        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:49:56.0724 8056        uliahci - ok
21:49:56.0736 8056        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:49:56.0738 8056        UlSata - ok
21:49:56.0749 8056        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:49:56.0751 8056        ulsata2 - ok
21:49:56.0775 8056        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:49:56.0776 8056        umbus - ok
21:49:56.0816 8056        UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys
21:49:56.0817 8056        UnlockerDriver5 - ok
21:49:56.0857 8056        USBAAPL        (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
21:49:56.0858 8056        USBAAPL - ok
21:49:56.0907 8056        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:49:56.0925 8056        usbccgp - ok
21:49:56.0948 8056        USBCCID        (e0b8489aeda9ea33361037be6a8cf1ca) C:\Windows\system32\DRIVERS\usbccid.sys
21:49:56.0950 8056        USBCCID - ok
21:49:56.0960 8056        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:49:56.0961 8056        usbcir - ok
21:49:56.0983 8056        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:49:56.0985 8056        usbehci - ok
21:49:57.0018 8056        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:49:57.0019 8056        usbhub - ok
21:49:57.0030 8056        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:49:57.0031 8056        usbohci - ok
21:49:57.0055 8056        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:49:57.0056 8056        usbprint - ok
21:49:57.0076 8056        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:49:57.0077 8056        usbscan - ok
21:49:57.0099 8056        usbsermpt      (caad3467fbfae8a380f67e9c7150a85e) C:\Windows\system32\DRIVERS\usbsermpt.sys
21:49:57.0099 8056        usbsermpt - ok
21:49:57.0115 8056        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:49:57.0116 8056        USBSTOR - ok
21:49:57.0145 8056        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:49:57.0147 8056        usbuhci - ok
21:49:57.0179 8056        vga            (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
21:49:57.0180 8056        vga - ok
21:49:57.0220 8056        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:49:57.0229 8056        VgaSave - ok
21:49:57.0269 8056        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
21:49:57.0271 8056        viaagp - ok
21:49:57.0292 8056        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:49:57.0293 8056        ViaC7 - ok
21:49:57.0306 8056        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
21:49:57.0307 8056        viaide - ok
21:49:57.0354 8056        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:49:57.0355 8056        volmgr - ok
21:49:57.0398 8056        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:49:57.0400 8056        volmgrx - ok
21:49:57.0418 8056        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:49:57.0420 8056        volsnap - ok
21:49:57.0440 8056        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:49:57.0442 8056        vsmraid - ok
21:49:57.0490 8056        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:49:57.0503 8056        WacomPen - ok
21:49:57.0526 8056        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:49:57.0528 8056        Wanarp - ok
21:49:57.0532 8056        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:49:57.0533 8056        Wanarpv6 - ok
21:49:57.0552 8056        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:49:57.0553 8056        Wd - ok
21:49:57.0574 8056        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:49:57.0578 8056        Wdf01000 - ok
21:49:57.0640 8056        WmiAcpi        (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
21:49:57.0642 8056        WmiAcpi - ok
21:49:57.0679 8056        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:49:57.0681 8056        WpdUsb - ok
21:49:57.0703 8056        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:49:57.0705 8056        ws2ifsl - ok
21:49:57.0739 8056        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:49:57.0740 8056        WUDFRd - ok
21:49:57.0764 8056        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:49:57.0790 8056        \Device\Harddisk0\DR0 - ok
21:49:57.0798 8056        MBR (0x1B8)    (30846f685a15ae1a0eb72dba1be67584) \Device\Harddisk1\DR1
21:49:59.0635 8056        \Device\Harddisk1\DR1 - ok
21:49:59.0638 8056        Boot (0x1200)  (c37465d8a4c69118f0d52e9e3c833572) \Device\Harddisk0\DR0\Partition0
21:49:59.0639 8056        \Device\Harddisk0\DR0\Partition0 - ok
21:49:59.0649 8056        Boot (0x1200)  (c6901efadb9c3f5567722e916c3528ff) \Device\Harddisk0\DR0\Partition1
21:49:59.0649 8056        \Device\Harddisk0\DR0\Partition1 - ok
21:49:59.0659 8056        Boot (0x1200)  (0baeeed678a8ddbaeb4ca1f38ac1cbde) \Device\Harddisk0\DR0\Partition2
21:49:59.0660 8056        \Device\Harddisk0\DR0\Partition2 - ok
21:49:59.0676 8056        Boot (0x1200)  (e83b67015b7e4481e32f8d986828347b) \Device\Harddisk0\DR0\Partition3
21:49:59.0676 8056        \Device\Harddisk0\DR0\Partition3 - ok
21:49:59.0677 8056        ============================================================
21:49:59.0677 8056        Scan finished
21:49:59.0677 8056        ============================================================
21:49:59.0687 4520        Detected object count: 0
21:49:59.0687 4520        Actual detected object count: 0
21:50:06.0473 7932        Deinitialize success

cosinus 12.02.2012 16:30
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Angela_64 12.02.2012 21:02
So, der Scan hat jetzt leider ein bißerl gedauert und ich befürchte er hat auch was gefunden.

Log:

Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5ef4140709363d4c9e4f35637810bd5b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-12 07:16:51
# local_time=2012-02-12 08:16:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 46223248 166594595 0 0
# compatibility_mode=8192 67108863 100 0 4531 4531 0 0
# scanned=379937
# found=4
# cleaned=0
# scan_time=12318
D:\Benutzer\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\2528ac4f-695562a9        Java/Agent.EA trojan (unable to clean)        00000000000000000000000000000000        I
D:\Benutzer\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\71a5af11-64d4eeb9        Java/Exploit.CVE-2011-3544.T trojan (unable to clean)        00000000000000000000000000000000        I
D:\Benutzer\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\161564f5-246b9b6e        a variant of Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean)        00000000000000000000000000000000        I
D:\Benutzer\XXX\Downloads\SoftonicDownloader25577.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
Gruß
Angela

cosinus 13.02.2012 10:28
Zitat:
D:\Benutzer\XXX\Downloads\SoftonicDownloader25577.exe
Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen


Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Angela_64 13.02.2012 11:16
Der Scan ging ja direkt mal schnell :-)

OTL.txt:

Code:
OTL logfile created on: 13.02.2012 10:40:56 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = D:\Benutzer\XXX\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 51,42% Memory free
6,73 Gb Paging File | 4,50 Gb Available in Paging File | 66,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,45 Gb Total Space | 82,94 Gb Free Space | 69,44% Space Free | Partition Type: NTFS
Drive D: | 205,59 Gb Total Space | 104,04 Gb Free Space | 50,60% Space Free | Partition Type: NTFS
Drive F: | 143,53 Gb Total Space | 84,63 Gb Free Space | 58,97% Space Free | Partition Type: NTFS
Drive G: | 462,94 Gb Total Space | 371,47 Gb Free Space | 80,24% Space Free | Partition Type: NTFS
Drive P: | 1009,51 Mb Total Space | 1009,22 Mb Free Space | 99,97% Space Free | Partition Type: FAT32
 
Computer Name: CALLAS | User Name: Chef | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.13 10:36:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Benutzer\XXX\Desktop\OTL.exe
PRC - [2012.02.11 18:40:44 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011.12.09 02:20:00 | 000,079,872 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0001442\PSNTServ.exe
PRC - [2011.11.04 08:51:48 | 000,176,128 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe
PRC - [2011.09.13 09:40:36 | 000,184,320 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\Check\DkDataSvr.exe
PRC - [2011.09.09 05:30:00 | 000,080,992 | ---- | M] (DATEV eG) -- F:\DATEV\SYSTEM\Nuko\NKWLOGIN.exe
PRC - [2011.09.06 14:25:54 | 000,009,824 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.UserSession.exe
PRC - [2011.09.06 14:22:46 | 000,063,488 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe
PRC - [2011.09.01 18:12:16 | 000,010,848 | ---- | M] (DATEV eG) -- F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
PRC - [2011.07.25 02:49:00 | 000,269,920 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\Install\DvInesASDMon.Exe
PRC - [2011.07.25 02:49:00 | 000,172,640 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe
PRC - [2011.06.28 09:22:08 | 000,549,472 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000150\ScWTS\DVCCSAWTSSetEntryNTE.exe
PRC - [2011.06.28 09:18:54 | 002,409,056 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe
PRC - [2011.05.09 14:52:04 | 000,271,456 | ---- | M] (Datev eG) -- F:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe
PRC - [2011.05.09 14:52:02 | 000,595,552 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000398\SiPaHost.exe
PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.12.10 17:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe
PRC - [2010.12.10 17:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2010.11.26 15:53:14 | 000,878,176 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\Sws\LiMaService.exe
PRC - [2010.11.26 15:53:14 | 000,378,976 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\Sws\LiMaServer.exe
PRC - [2010.09.22 16:47:40 | 000,368,736 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardManager.exe
PRC - [2010.09.22 16:47:22 | 000,292,960 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardService.exe
PRC - [2010.09.13 17:58:00 | 000,866,912 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0001363\SCmIdentityScanner.exe
PRC - [2010.09.03 14:50:22 | 000,406,112 | ---- | M] (DATEV e.G.) -- F:\DATEV\PROGRAMM\B0001364\DtvScSer.exe
PRC - [2010.08.25 20:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2010.08.25 20:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010.08.25 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2010.08.25 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010.08.25 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe
PRC - [2010.06.04 17:59:08 | 000,533,808 | ---- | M] (Acronis) -- C:\Programme\Acronis\DriveMonitor\adm_tray.exe
PRC - [2010.06.04 17:57:46 | 003,427,312 | ---- | M] (Acronis) -- C:\Programme\Acronis\DriveMonitor\adm.exe
PRC - [2010.03.26 02:07:42 | 000,091,992 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\msftesql.exe
PRC - [2010.03.26 02:07:42 | 000,091,992 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
PRC - [2010.03.22 16:19:11 | 001,540,096 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\netzmanager.exe
PRC - [2010.03.22 15:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2009.10.27 18:23:50 | 000,660,504 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009.10.27 18:20:18 | 000,365,560 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009.08.25 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009.08.25 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\UdaterUI.exe
PRC - [2009.08.25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe
PRC - [2009.08.25 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\McTray.exe
PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.10 22:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.06.18 07:13:20 | 000,036,448 | ---- | M] (DATEV eG) -- F:\DATEV\SYSTEM\RzpjWtch.exe
PRC - [2008.04.21 23:27:06 | 000,498,952 | ---- | M] () -- C:\Programme\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2008.04.21 23:00:36 | 000,911,168 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2008.04.21 22:54:38 | 002,622,296 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008.03.26 12:21:30 | 005,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.01 18:51:15 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\Datev.Viwas.UserSession.Interfaces\6.1.0.0__cbc631f1c682336b\Datev.Viwas.UserSession.Interfaces.dll
MOD - [2012.02.01 08:56:40 | 000,559,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Mic#\ab897c9ae44064f06a572ace612ef96a\Datev.Framework.MicroParts.Interface.ni.dll
MOD - [2012.02.01 08:56:35 | 000,092,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Lic#\9af47ea84c5be571f69a62e7ac94c9e7\Datev.Framework.LicenseManagement.PlugIn.ni.dll
MOD - [2012.02.01 08:56:31 | 002,413,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Int#\6a6701bcb6da8f46138f5b1640780d7e\Datev.Framework.Interface.ni.dll
MOD - [2012.02.01 08:56:25 | 000,064,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Env#\ae95f9864b550d732008d36bbf8fa83c\Datev.Framework.Environment.ni.dll
MOD - [2012.02.01 08:56:22 | 000,209,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Dir#\bdad833b78b3073f32424e5094f3087d\Datev.Framework.DirectStart.ni.dll
MOD - [2012.02.01 08:56:03 | 000,114,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Stor#\5366d4f5a42e8eb59356a2268c79791b\Datev.ConfigDB.StorageProvider.ni.dll
MOD - [2012.02.01 08:56:03 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Plug#\fd32ce8960bd6f90fabce86a6691d5fa\Datev.ConfigDB.PlugIn.ni.dll
MOD - [2012.02.01 08:56:02 | 000,664,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB\ebabcc37e465653b44e7534ce4ef497e\Datev.ConfigDB.ni.dll
MOD - [2012.02.01 08:56:02 | 000,064,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Inte#\b74271af9aa9c73597572b99b8c71446\Datev.ConfigDB.Interfaces.ni.dll
MOD - [2012.02.01 08:38:32 | 000,922,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Dia#\866dc35fd221fbfeb1aba2bd2bf08b4c\Datev.Framework.Diagnostics.RealTimeTracing.ni.dll
MOD - [2012.02.01 08:38:30 | 002,469,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Mic#\cfc192a04e1d1d97ee4f00297a630fc4\Datev.Framework.MicroKernel.ni.dll
MOD - [2012.01.12 18:53:34 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\6a1e2938633d08d9d97c6940a537b1ff\System.IdentityModel.ni.dll
MOD - [2012.01.12 18:53:32 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\a2046fbb45b00425d083cc8706b75479\System.ServiceModel.ni.dll
MOD - [2012.01.12 18:52:59 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
MOD - [2012.01.12 18:52:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
MOD - [2011.10.16 18:44:39 | 001,072,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\16c385f23b5e493899f0d206dfb60094\System.IdentityModel.ni.dll
MOD - [2011.10.16 18:44:37 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\559ebac0a85ae55da09827b8048f77bd\System.ServiceModel.ni.dll
MOD - [2011.10.16 18:42:18 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\aab1c287bc73a03c51b55fb3f102c27e\System.ServiceProcess.ni.dll
MOD - [2011.10.16 18:42:10 | 000,244,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\6df772247e44fc7cdaba2a87318ded7a\System.Runtime.Caching.ni.dll
MOD - [2011.10.16 18:41:53 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\41a4f6cc5d596e952fd880ae1a47308f\System.Runtime.DurableInstancing.ni.dll
MOD - [2011.10.16 18:41:53 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\caf1d94cb89859c72d6c8cd8774068d3\System.Transactions.ni.dll
MOD - [2011.10.16 18:41:51 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\993f89ba22499c379d2a9dd25d13cd94\System.Runtime.Serialization.ni.dll
MOD - [2011.10.16 18:41:51 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\398a52caf1e9fd1a6ea9dd589b0f6e68\SMDiagnostics.ni.dll
MOD - [2011.10.16 18:41:48 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\bd729791a7504ef9ecb4ad6ebfd94935\System.Xml.Linq.ni.dll
MOD - [2011.10.16 18:04:35 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a3ffdc1316821b5ceb32c9a788334329\System.Xaml.ni.dll
MOD - [2011.10.16 17:47:35 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4b4c359912c1241246f50a4c47dbab3c\System.Runtime.Serialization.ni.dll
MOD - [2011.10.16 17:47:30 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\a800035f1686fdb0b7a019b954a37cfe\SMDiagnostics.ni.dll
MOD - [2011.10.16 17:45:37 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011.10.16 17:44:16 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\02768700bc8f762ccfe37785ba8eb498\System.EnterpriseServices.ni.dll
MOD - [2011.10.16 17:44:15 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8f3b3ab45e3e5fa61aa6cbfe2a8b61af\System.Transactions.ni.dll
MOD - [2011.10.16 17:44:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011.10.13 07:01:34 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011.10.13 07:01:03 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011.10.13 07:00:49 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011.10.13 07:00:06 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll
MOD - [2011.10.13 07:00:02 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll
MOD - [2011.10.13 06:59:45 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll
MOD - [2011.10.13 06:59:33 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
MOD - [2011.10.13 06:59:29 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011.10.13 06:59:22 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.10.12 17:02:39 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\44a7d2597981a82da8b9e3e2298602de\System.Core.ni.dll
MOD - [2011.10.12 17:02:37 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\419103071a5a5d17738afbe9dd03d58a\System.Xml.ni.dll
MOD - [2011.10.12 17:02:33 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\17bfc7131aca3a393f430121f79307bd\System.Drawing.ni.dll
MOD - [2011.10.12 17:02:33 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\4844dd28e0611d1ebd1e449fe822c2a5\System.Configuration.ni.dll
MOD - [2011.10.12 17:02:31 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll
MOD - [2011.10.12 17:02:24 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
MOD - [2011.06.28 09:22:06 | 000,068,704 | ---- | M] () -- F:\DATEV\PROGRAMM\B0000150\ScServer\ScEventSourcePlugin.dll
MOD - [2011.05.09 14:52:00 | 000,203,264 | ---- | M] () -- F:\DATEV\SYSTEM\DVCCSipaHostApidll.dll
MOD - [2010.07.12 09:05:32 | 000,030,304 | ---- | M] () -- F:\DATEV\PROGRAMM\B0000150\ScServer\ScWinMagicPlugin.dll
MOD - [2010.06.04 17:40:26 | 000,012,128 | ---- | M] () -- C:\Programme\Common Files\Acronis\DriveMonitor\Common\icudt38.dll
MOD - [2009.09.22 16:06:38 | 000,087,040 | ---- | M] () -- F:\DATEV\PROGRAMM\B0000391\DokSchutzShExt.dll
MOD - [2009.09.16 17:24:04 | 000,101,888 | ---- | M] () -- F:\DATEV\SYSTEM\DVCCDBNETCONVAPIAX300.DLL
MOD - [2009.03.29 20:42:20 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.03.29 20:42:14 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.29 20:42:14 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2009.03.29 20:42:14 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.03.29 20:42:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.18 10:39:54 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll
MOD - [2008.05.02 05:15:37 | 000,010,240 | ---- | M] () -- C:\Programme\Unlocker\UnlockerCOM.dll
MOD - [2008.04.21 22:43:20 | 001,336,600 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\fox.dll
MOD - [2005.08.22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Programme\McAfee\Common Framework\cryptocme2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (DVDFUEavmnwapi)
SRV - File not found [On_Demand | Running] --  -- (Datev.Framework.RemoteServices.Messaging.CentralMessagingService)
SRV - File not found [On_Demand | Running] --  -- (Datev.Framework.RemoteServices)
SRV - File not found [Auto | Running] --  -- (Datev.Framework.RemoteServiceModel.EnablerService)
SRV - File not found [On_Demand | Running] --  -- (Datev.Database.Conserve)
SRV - [2012.02.11 18:40:44 | 000,159,608 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011.12.09 02:20:00 | 000,079,872 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\B0001442\PSNTServ.exe -- (DatevPrintService)
SRV - [2011.11.04 08:51:48 | 000,176,128 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe -- (Dcmanag)
SRV - [2011.09.06 14:22:46 | 000,063,488 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe -- (DATEV ViwasClientService)
SRV - [2011.07.25 02:49:00 | 000,172,640 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe -- (DATEV Update-Service)
SRV - [2011.06.28 09:18:54 | 002,409,056 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe -- (DVckService)
SRV - [2011.05.09 14:52:04 | 000,271,456 | ---- | M] (Datev eG) [Auto | Running] -- F:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe -- (Sicherheitspaket-Dienst)
SRV - [2010.09.22 16:47:22 | 000,292,960 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardService.exe -- (SCardService)
SRV - [2010.09.03 14:50:22 | 000,406,112 | ---- | M] (DATEV e.G.) [Auto | Running] -- F:\DATEV\PROGRAMM\B0001364\DtvScSer.exe -- (DATEV Logon Service)
SRV - [2010.08.25 20:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2010.08.25 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010.08.25 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)
SRV - [2010.08.25 07:54:06 | 000,194,144 | ---- | M] (KOBIL Systems GmbH) [Disabled | Stopped] -- F:\DATEV\PROGRAMM\B0000404\msdisrv.exe -- (KOBIL_MSDI)
SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.22 15:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2009.10.27 18:23:50 | 000,660,504 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.08.25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009.07.20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.01.28 09:52:46 | 002,790,400 | ---- | M] (Aladdin Knowledge Systems Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2008.12.29 16:27:40 | 000,361,728 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.05.29 09:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.04.21 23:27:06 | 000,498,952 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2006.12.07 16:52:14 | 000,140,184 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)
SRV - [2006.12.07 16:52:10 | 000,095,128 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.02.11 18:40:44 | 000,475,704 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012.02.11 18:40:44 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011.07.19 14:28:42 | 000,075,320 | ---- | M] (Datev eG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\d3_kafm.sys -- (SC_Serv3D)
DRV - [2010.08.25 20:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010.08.25 20:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010.08.25 20:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010.08.25 20:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010.03.04 12:50:14 | 000,261,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.10.08 15:45:22 | 000,023,424 | ---- | M] (KOBIL Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KOBCCEX.sys -- (KOBCCEX)
DRV - [2009.10.08 15:45:10 | 000,084,352 | ---- | M] (KOBIL Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KOBCCID.sys -- (KOBCCID)
DRV - [2009.07.09 13:18:56 | 000,587,776 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2009.06.22 09:06:32 | 000,016,384 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.06.17 17:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009.06.17 17:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009.05.21 15:43:20 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2009.02.03 02:10:12 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2009.01.16 10:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008.12.29 18:08:51 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008.12.29 18:08:51 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008.12.29 18:08:50 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008.12.29 18:08:48 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2008.12.10 15:17:14 | 000,007,808 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2008.08.29 13:19:36 | 000,040,368 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2008.03.19 18:30:00 | 007,438,432 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.01.19 06:55:32 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2008.01.19 06:49:30 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2007.09.12 17:24:00 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DslTestSp5.sys -- (dsltestSp5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.datev.de/portal/ShowPage.do?pid=dpi&nid=302
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.datev.de/
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.6.18
FF - prefs.js..extensions.enabledItems: {1f91cde0-c040-11da-a94d-0800200c9a66}:3.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:1.0.2
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.9.99999
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@datev.de/DATEV_BestellManager,version=1.7: F:\DATEV\PROGRAMM\A0000015\npdvbm.dll ( DATEV eG)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files\phonostar-Player\npphonostarDetectNP.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 08:40:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.01 08:22:33 | 000,000,000 | ---D | M]
 
[2009.02.01 13:57:41 | 000,000,000 | ---D | M] (No name found) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Extensions
[2012.02.01 10:13:56 | 000,000,000 | ---D | M] (No name found) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions
[2010.08.17 09:12:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.01 10:13:55 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.07.27 13:20:58 | 000,000,000 | ---D | M] (FoxClocks) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2011.05.15 09:42:40 | 000,000,000 | ---D | M] (Conduit Engine) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\engine@conduit.com
[2011.07.27 13:21:08 | 000,000,000 | ---D | M] ("Nero Toolbar") -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\toolbar@ask.com
[2012.02.02 08:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- D:\BENUTZER\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCWQV1RC.DEFAULT\EXTENSIONS\{1F91CDE0-C040-11DA-A94D-0800200C9A66}.XPI
() (No name found) -- D:\BENUTZER\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCWQV1RC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- D:\BENUTZER\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCWQV1RC.DEFAULT\EXTENSIONS\FINDER@MEINGUTSCHEINCODE.DE.XPI
[2012.01.29 17:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.08.25 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.05.25 15:10:28 | 001,386,600 | ---- | M] (LINK & LINK Software) -- C:\Program Files\mozilla firefox\plugins\npideapl.dll
[2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.29 14:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (no name) - {557F4852-8868-44dd-B5E9-9890AC4B1FD5} - No CLSID value found.
O2 - BHO: (DtvIePwdSafeBHO Class) - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - F:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe.dll (DATEV eG)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - F:\DATEV\SYSTEM\DVCCSASCardBHO002.dll (DATEV eG)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [adm_tray.exe] C:\Programme\Acronis\DriveMonitor\adm_tray.exe (Acronis)
O4 - HKLM..\Run: [DATEV Update-Monitor] F:\DATEV\PROGRAMM\Install\DvInesASDMon.exe (DATEV eG)
O4 - HKLM..\Run: [DATEV_SCardMan] F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardManager.exe (DATEV eG)
O4 - HKLM..\Run: [Dell MFP Color Laser Printer 3115cn Launcher] C:\Program Files\Dell Printers\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe (Dell Inc.)
O4 - HKLM..\Run: [DVCCSAWTSSetEntryNTE] F:\DATEV\PROGRAMM\B0000150\ScWTS\DVCCSAWTSSetEntryNTE.exe (DATEV eG)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ScreenManager Pro for LCD] C:\Programme\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe (EIZO NANAO CORPORATION)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SiPaHost] F:\DATEV\PROGRAMM\B0000398\SiPaHost.exe (DATEV eG)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [Datev.Arbeitsplatz.Scheduler.exe] F:\DATEV\PROGRAMM\K0005000\Datev.Arbeitsplatz.Scheduler.exe (DATEV eG)
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [DFÜ-Sammler] F:\DATEV\PROGRAMM\RZKOMM\ccsrv2.exe ()
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [GGAopsUxiAA.exe] C:\ProgramData\GGAopsUxiAA.exe File not found
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [KeePass Password Safe] C:\Program Files\KeePass Password Safe\KeePass.exe (Dominik Reichl)
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe File not found
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002..\Run: [Datev.Arbeitsplatz.Scheduler.exe] F:\DATEV\PROGRAMM\K0005000\Datev.Arbeitsplatz.Scheduler.exe (DATEV eG)
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002..\Run: [DFÜ-Sammler] F:\DATEV\PROGRAMM\RZKOMM\ccsrv2.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: D:\Benutzer\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found
O4 - Startup: D:\Benutzer\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CD-MENU.LNK =  File not found
O4 - Startup: D:\Benutzer\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VIWAS - USB Scanner.url ()
O4 - Startup: D:\Benutzer\Didi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found
O4 - Startup: D:\Benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DATEV Arbeitsplatz.lnk = F:\DATEV\PROGRAMM\K0005000\Arbeitsplatz.exe (DATEV eG)
O4 - Startup: D:\Benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O4 - Startup: D:\Benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O4 - Startup: D:\Benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .IPC - C:\Programme\Mozilla Firefox\plugins\npideapl.dll (LINK & LINK Software)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: bio-discount-markt.de ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.com ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.com ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.de ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.de ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.de ([www] http is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.de ([www] https is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.de ([www.wissensvermittlung] * in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datevnet.de ([*.services] http is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datevnet.de ([*.services] https is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datevstadt.de ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datevstadt.de ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: handelsblatt.com ([www] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: ing-diba.de ([www] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: jonglieren-lernen.de ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: kaufdown.de ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: lswb.de ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: lufthansa.com ([newsletter] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: premium-content-center.de ([www.vhb] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: staatsoper.de ([secure] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: sueddeutsche.de ([kaufdown] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: sueddeutsche.de ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: sued-west.com ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: vkb.de ([cms] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: wirtschaftspresse.biz ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: adac.de ([www] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.at ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.at ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.com ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.com ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.de ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.de ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.de ([www] http is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.de ([www] https is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datevnet.de ([*.services] http is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datevnet.de ([*.services] https is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datevstadt.de ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datevstadt.de ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: dell.com ([support.euro] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: deutschepost.de ([stampitweb] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: localhost ([]http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: localhost ([]https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: t-online.de ([email] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: top20free.de ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Ranges: LocalHost ([http] in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D50606D-CA42-4B5F-A889-FD51BCAB22AA}: DhcpNameServer = 192.168.123.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Benutzer\Public\Pictures\Sample Pictures\Tornado2.jpg
O24 - Desktop BackupWallPaper: D:\Benutzer\Public\Pictures\Sample Pictures\Tornado2.jpg
O30 - LSA: Authentication Packages - (relog_ap) -C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk - C:\Programme\Audible\Bin\AudibleDownloadHelper.exe - (Audible, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hardcopy.LNK - C:\Programme\Hardcopy\hardcopy.exe - (sw4you, Siegfried Weckmann)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe - (Logitech, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.1 HD Edition.lnk - C:\Programme\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe - (Panasonic Corporation)
MsConfig - StartUpFolder: D:^Benutzer^Chef^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: DLPSP - hkey= - key= - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KeePass Password Safe - hkey= - key= - C:\Program Files\KeePass Password Safe\KeePass.exe (Dominik Reichl)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: phonostarTimer - hkey= - key= - C:\Programme\phonostar-Player\phonostarTimer.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: STAMPIT-Tray - hkey= - key= - C:\Programme\STAMPIT\Binary\STRAY.EXE (Deutsche Post AG)
MsConfig - StartUpReg: UnlockerAssistant - hkey= - key= - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 0
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: McAfeeEngineService - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0F1D198F-E5EA-4542-930E-2FB2B099F3F3} - LanaConfigTool_3383
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ADD9AEE8-B916-4CD6-A04B-9386DF90D594} - msiexec /fus {ADD9AEE8-B916-4CD6-A04B-9386DF90D594} /quiet
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - tsccvid.dll File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.12 16:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.02.11 19:42:31 | 000,000,000 | ---D | C] -- D:\Benutzer\Chef\AppData\Roaming\Malwarebytes
[2012.02.11 19:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.11 19:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.11 19:42:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.11 19:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.11 18:59:01 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012.02.11 18:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012.02.11 17:11:08 | 000,000,000 | ---D | C] -- C:\Quarantäne
[2012.02.01 18:52:32 | 000,091,896 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2012.02.01 18:52:32 | 000,087,656 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2012.02.01 18:52:32 | 000,076,024 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2012.02.01 18:52:32 | 000,043,192 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2012.02.01 18:52:31 | 000,475,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2012.02.01 18:52:31 | 000,159,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2012.02.01 18:52:31 | 000,064,208 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfetdik.sys
[2012.02.01 18:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.02.01 18:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.02.01 18:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2012.02.01 14:07:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.13 10:41:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.13 10:32:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.02.13 10:23:01 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7B350D1C-3775-4BB6-855B-FA96CDF39FC4}.job
[2012.02.13 09:51:53 | 000,003,680 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.13 09:51:53 | 000,003,680 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.13 07:58:03 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.13 07:51:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.12 09:28:13 | 000,000,000 | ---- | M] () -- D:\Benutzer\Chef\defogger_reenable
[2012.02.11 18:59:01 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012.02.11 18:40:44 | 000,475,704 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2012.02.11 18:40:44 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2012.02.11 18:40:44 | 000,087,656 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2012.02.09 17:24:20 | 001,009,612 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.09 17:24:20 | 000,911,982 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.09 17:24:20 | 000,278,674 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.09 17:24:20 | 000,219,280 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.02 19:58:34 | 000,000,705 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.02.01 19:03:30 | 000,000,021 | ---- | M] () -- C:\Windows\DvInesKurusOleServer003.INI
[2012.02.01 11:03:37 | 000,000,694 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DATEV-Hinweis Mitteilungsdienst.lnk
[2012.02.01 10:39:00 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\DATEV Arbeitsplatz pro V.2.03.lnk
[2012.02.01 10:38:34 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.02.01 10:30:51 | 000,000,862 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office SR V.5.02 Initialisierung.lnk
[2012.02.01 10:17:34 | 000,000,849 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk
[2012.02.01 09:22:10 | 000,000,828 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DFÜ-Manager.lnk
[2012.02.01 09:00:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\WPACLTASK_107450-38-2011-Prüfungsautomatisierung Lansche_Prüfungsautomatisierung_Lansche.job
[2012.02.01 09:00:00 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\WPACLTASK_107450-38-2011-Prüfungsautomatisierung Lansche_Prüfungsautomatisierung_FIBU.job
[2012.02.01 08:34:11 | 000,000,102 | ---- | M] () -- C:\Windows\Startup.INI
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.12 11:35:43 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office SR V.5.02 Initialisierung.lnk
[2012.02.12 11:35:43 | 000,000,849 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk
[2012.02.12 11:35:43 | 000,000,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DFÜ-Manager.lnk
[2012.02.12 11:35:43 | 000,000,719 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lizenz-Manager Server.lnk
[2012.02.12 11:35:43 | 000,000,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RZ-Druckertreiber V.2.3.lnk
[2012.02.12 09:28:13 | 000,000,000 | ---- | C] () -- D:\Benutzer\Chef\defogger_reenable
[2012.02.01 10:39:00 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\DATEV Arbeitsplatz pro V.2.03.lnk
[2012.02.01 08:22:33 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.10.19 15:23:20 | 002,897,408 | ---- | C] () -- C:\Program Files\EPortoInstaller2010_v2.1.msi
[2011.10.19 15:23:20 | 000,436,736 | ---- | C] () -- C:\Program Files\setup.exe
[2011.07.01 12:55:07 | 000,000,130 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.04.19 13:37:11 | 000,000,093 | ---- | C] () -- D:\Benutzer\Chef\AppData\Roaming\BEVI.CFG
[2010.12.17 08:38:47 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.09.22 16:48:26 | 000,032,352 | ---- | C] () -- C:\Windows\System32\JNILibrary.dll
[2010.09.22 16:48:06 | 000,114,272 | ---- | C] () -- C:\Windows\System32\INetCert.dll
[2010.07.26 11:12:23 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.07.26 11:12:23 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.07.26 11:12:23 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.07.26 11:12:23 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.07.26 11:12:23 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.07.26 11:12:23 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.07.26 11:12:23 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.07.26 11:12:23 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.07.26 11:12:23 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.07.26 11:12:23 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.07.26 11:12:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.07.26 11:12:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.07.26 11:12:23 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.07.26 11:12:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.07.26 11:12:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.07.26 11:12:23 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.07.26 11:12:23 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.07.26 11:12:23 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010.07.26 11:12:23 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.04.16 07:40:49 | 000,000,118 | ---- | C] () -- C:\Windows\gmbhr.ini
[2010.04.16 07:40:39 | 000,015,840 | ---- | C] () -- C:\Windows\System32\Machnm1.exe
[2009.12.03 08:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.10.28 16:58:03 | 000,000,068 | ---- | C] () -- C:\Windows\wlep1.ini
[2009.10.21 07:45:09 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.10.21 07:44:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.21 07:44:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.30 11:05:48 | 000,290,816 | ---- | C] () -- C:\Windows\System32\nsldap32v60.dll
[2009.05.26 09:31:09 | 000,014,680 | ---- | C] () -- C:\Windows\System32\skypdfmonpro.dll
[2009.05.26 09:31:09 | 000,012,632 | ---- | C] () -- C:\Windows\System32\skypdfmonuipro.dll
[2009.05.25 21:00:46 | 000,000,021 | ---- | C] () -- C:\Windows\KurusDeinstall.INI
[2009.05.21 10:33:06 | 000,000,012 | ---- | C] () -- C:\Windows\Ulead32.ini
[2009.05.17 12:27:18 | 000,000,164 | ---- | C] () -- C:\Windows\DEINSTAL.INI
[2009.05.17 12:05:44 | 000,000,000 | ---- | C] () -- C:\Windows\netop.ini
[2009.05.17 09:28:58 | 000,000,095 | ---- | C] () -- D:\Benutzer\Chef\AppData\Local\fusioncache.dat
[2009.05.17 08:57:01 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI
[2009.05.17 08:54:29 | 000,000,101 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI
[2009.05.17 08:54:28 | 000,000,101 | ---- | C] () -- C:\Windows\dvinesinstart001.INI
[2009.05.17 08:52:06 | 000,000,102 | ---- | C] () -- C:\Windows\Startup.INI
[2009.01.02 13:52:17 | 000,008,192 | ---- | C] () -- D:\Benutzer\Chef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.28 15:03:13 | 000,000,705 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.12.20 12:47:34 | 004,244,744 | ---- | C] () -- C:\Windows\System32\qtp-mt334.dll
[2008.12.20 12:47:34 | 000,247,560 | ---- | C] () -- C:\Windows\System32\prgiso.dll
[2008.11.30 14:19:21 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2008.11.30 12:58:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.30 17:00:22 | 000,048,640 | ---- | C] () -- C:\Windows\System32\nsldapssl32v60.dll
[2008.10.30 16:59:24 | 000,025,088 | ---- | C] () -- C:\Windows\System32\nsldappr32v60.dll
[2008.09.26 17:40:50 | 000,024,376 | ---- | C] () -- C:\Windows\System32\TALDM32A.dll
[2008.09.26 17:40:50 | 000,022,832 | ---- | C] () -- C:\Windows\System32\TALDM32.DLL
[2008.09.26 17:40:48 | 000,052,536 | ---- | C] () -- C:\Windows\System32\TAL12832.DLL
[2008.09.13 13:53:35 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2008.07.09 16:23:08 | 000,255,288 | ---- | C] () -- C:\Windows\System32\SBSPAIN3.DLL
[2008.07.09 16:22:28 | 000,075,576 | ---- | C] () -- C:\Windows\System32\ENCODE32.DLL
[2007.01.15 08:19:16 | 000,016,473 | ---- | C] () -- C:\Windows\System32\SELF32.INI
[2006.11.02 16:42:41 | 001,009,612 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:42:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:42:41 | 000,278,674 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:42:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:43 | 000,342,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,911,982 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,219,280 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.08.16 12:48:16 | 000,036,864 | ---- | C] () -- C:\Windows\System32\OrdMen.dll
[2005.08.16 12:48:14 | 000,081,920 | ---- | C] () -- C:\Windows\System32\SOFFICK2.dll
[2005.08.16 12:47:52 | 000,045,056 | ---- | C] () -- C:\Windows\System32\SBSPAIN2.DLL
[2005.08.16 12:47:52 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SBSPAINT.DLL
[2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2003.09.24 11:42:12 | 000,000,093 | ---- | C] () -- C:\Windows\tm.ini
[2003.09.24 10:42:00 | 000,000,093 | ---- | C] () -- C:\Windows\System32\tm.ini
[2001.05.07 14:51:42 | 000,001,091 | ---- | C] () -- C:\Windows\PCDBAudit.ini
[1999.08.26 14:50:36 | 000,020,480 | ---- | C] () -- C:\Windows\System32\ddma32.dll
[1999.01.19 14:18:30 | 000,110,080 | ---- | C] () -- C:\Windows\System32\LFPNG60N.DLL
[1999.01.19 14:18:30 | 000,046,080 | ---- | C] () -- C:\Windows\System32\LFTIF60N.DLL
[1999.01.19 14:18:30 | 000,043,008 | ---- | C] () -- C:\Windows\System32\LTFIL60N.DLL
[1999.01.19 14:18:30 | 000,020,480 | ---- | C] () -- C:\Windows\System32\LFPSD60N.DLL
[1999.01.19 14:18:30 | 000,019,968 | ---- | C] () -- C:\Windows\System32\LFTGA60N.DLL
[1999.01.19 14:18:30 | 000,019,456 | ---- | C] () -- C:\Windows\System32\LFWPG60N.DLL
[1999.01.19 14:18:30 | 000,019,456 | ---- | C] () -- C:\Windows\System32\LFWMF60N.DLL
[1999.01.19 14:18:28 | 000,176,128 | ---- | C] () -- C:\Windows\System32\LFFAX60N.DLL
[1999.01.19 14:18:28 | 000,141,824 | ---- | C] () -- C:\Windows\System32\LFCMP60N.DLL
[1999.01.19 14:18:28 | 000,023,552 | ---- | C] () -- C:\Windows\System32\LFPCX60N.DLL
[1999.01.19 14:18:28 | 000,022,528 | ---- | C] () -- C:\Windows\System32\LFPCT60N.DLL
[1999.01.19 14:18:28 | 000,022,528 | ---- | C] () -- C:\Windows\System32\LFEPS60N.DLL
[1999.01.19 14:18:28 | 000,022,016 | ---- | C] () -- C:\Windows\System32\LFBMP60N.DLL
[1999.01.19 14:18:28 | 000,018,432 | ---- | C] () -- C:\Windows\System32\LFMSP60N.DLL
[1999.01.19 14:18:28 | 000,017,920 | ---- | C] () -- C:\Windows\System32\LFMAC60N.DLL
[1998.05.07 13:10:16 | 000,069,632 | ---- | C] () -- C:\Windows\System32\ODMA32.DLL
[1995.05.19 10:13:00 | 000,005,440 | ---- | C] () -- C:\Windows\System32\WINDVS16.DLL
[1995.02.14 23:11:00 | 000,017,920 | ---- | C] () -- C:\Windows\System32\IMPLODE.DLL
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.12.25 18:07:00 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Adobe
[2009.05.22 16:09:45 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Ahead
[2009.09.13 12:26:18 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Apple Computer
[2011.07.21 14:19:41 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\DATEV
[2010.10.06 20:17:09 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\DivX
[2010.05.13 13:14:32 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\DMS
[2008.12.31 12:36:21 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Google
[2009.05.18 19:35:41 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Help
[2008.12.20 12:32:22 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Identities
[2010.07.26 11:12:22 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\InstallShield
[2009.02.01 13:50:16 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\KeePass
[2009.05.22 09:15:59 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Logitech
[2008.12.23 13:51:17 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Macromedia
[2012.02.11 19:42:31 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Malwarebytes
[2011.07.01 12:53:27 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\McAfee
[2009.06.24 07:56:49 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\MGS
[2011.03.24 15:16:46 | 000,000,000 | --SD | M] -- D:\Benutzer\Chef\AppData\Roaming\Microsoft
[2009.02.01 13:57:41 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Mozilla
[2009.02.08 14:01:44 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Notepad++
[2009.10.21 07:36:38 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\phonostar GmbH
[2009.11.20 10:17:38 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\phonostar-Player
[2008.12.20 12:54:12 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\T-Online
[2008.12.29 16:14:42 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\TuneUp Software
 
< %APPDATA%\*.exe /s >
[2008.12.25 17:36:29 | 000,025,214 | R--- | M] () -- D:\Benutzer\Chef\AppData\Roaming\Microsoft\Installer\{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}\_52312b2a.exe
[2011.11.08 18:59:33 | 000,347,088 | ---- | M] (Ask.com) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\toolbar@ask.com\chrome\content\NeroApplicationManager.exe
[2011.03.24 09:49:20 | 002,844,552 | ---- | M] (Ask.com                                                      ) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
[2011.07.27 16:32:14 | 012,727,952 | ---- | M] (                                                            ) -- D:\Benutzer\Chef\AppData\Roaming\phonostar GmbH\phonostar-Player\update.exe
[1 D:\Benutzer\Chef\AppData\Roaming\phonostar GmbH\phonostar-Player\*.tmp files -> D:\Benutzer\Chef\AppData\Roaming\phonostar GmbH\phonostar-Player\*.tmp -> ]
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.11.27 22:02:08 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.11.27 22:02:08 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.11.27 22:02:08 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2010.03.05 10:25:58 | 000,043,520 | ---- | M] (Panasonic Corporation) MD5=5DC962B15A2057814728D2BDE118BE07 -- C:\Program Files\Panasonic\PHOTOfunSTUDIO 5.1 HD\Core\EventLog\EventLog.dll
[2010.03.05 10:25:58 | 000,043,520 | ---- | M] (Panasonic Corporation) MD5=5DC962B15A2057814728D2BDE118BE07 -- C:\Program Files\Panasonic\PHOTOfunSTUDIO 5.1 HD\Core\Spec\AVCHD\BDCore\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.11.27 21:49:57 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.11.27 21:49:57 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >

Angela_64 13.02.2012 11:17
Und hier das zweite log, weil nicht alles in einen Post gepasst hat.

Extras.txt:
uuups - brauch ma ja gar ned...


Gruß
Angela

cosinus 13.02.2012 13:00
Zitat:
(DATEV eG) -- F:\DATEV\SYSTEM\Nuko\NKWLOGIN.exe
Ist das ein gewerblich genutzer Rechner?

Angela_64 13.02.2012 13:47
Der wird u.a. fürs Büro benutzt.

Gruß
Angela

cosinus 13.02.2012 13:54
Bei Bürorechnern solltest du überlegen ob du einen derartigen Kompromiss überhaupt eingehen willst.
Wieso habt ihr keinen EDV-Support für einen gewerblich genutzeten Rechner, der im Büro steht?

Angela_64 13.02.2012 13:55
Weil ich das bisher immer ganz gut alleine hinbekommen habe...

Welchen Kompromiss?

cosinus 13.02.2012 14:16
Zitat:
Weil ich das bisher immer ganz gut alleine hinbekommen habe...
Wir sprechen hier aber nicht mehr von einer Homeumgebung wo im schlimmsten Fall man seinen Status via Facebook nicht mehr der Welt mitteilen kann.
Ich glaube dein Rechner ist schon ein fast unverzichtbares Hilfsmittel geworden oder kannst du dir einen Ausfall leisten und dann dich selbst um alles kümmern, während die andere Arbeit liegen bleibt? Kundenbetreuuung etc.? Na ich weiß nicht.

Zitat:
Welchen Kompromiss?
Eine Bereinigung ist nur ein Kompromiss! Infizierte Bürorechner sollte man vorrangig plätten und neu installieren wenn es geht, nur im Notfall bereinigen. Hast du denn da überhaupt Zeit für, eine Bereinigung kann schon länger dauern, und dein Tagesgeschäft steht dann still? :confused:

Angela_64 13.02.2012 14:23
Das Tagesgeschäft steht sowieso still egal ob ich den Rechner bereinigen muss oder neu aufsetzen oder ob ich einen neuen Rechner komplett neu installiere (was sowieso demnächst ansteht, aber halt nicht jetzt sofort). Und in diesem Fall kann ich gar nicht abschätzen wie verseucht der Rechner ist mit welchen Auswirkungen :-(

cosinus 13.02.2012 14:49
Egal. Mach wir einfach weiter.

Zitat:
[2012.02.01 10:13:55 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.05.15 09:42:40 | 000,000,000 | ---D | M] (Conduit Engine) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\engine@conduit.com
[2011.07.27 13:21:08 | 000,000,000 | ---D | M] ("Nero Toolbar") -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\toolbar@ask.com
Wieso müllst du dir das System mit nutzlosen Toolbars zu?
Deinstalliere über Systemsteuerung unter Software bzw. Programme und Funktionen alles wo Toolbar zu sehen ist. Bei zukünftigen Programminstallation immer die benutzerdefinierte Methode anklicken, damit man bei der Installation mögliche Toolbars abwählen kann.
Deinstalliere bei der Gelegenheit auch alle anderen unnötigen Programme über die Systemsteuerung.

Angela_64 13.02.2012 15:17
o.k. Mozilla Add-ons sind deinstalliert und überflüssige Programme auch.

Gruß
Angela

cosinus 13.02.2012 15:47
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Angela_64 13.02.2012 16:23
Hier kommt das neue OTL Log:

Code:
OTL logfile created on: 13.02.2012 15:50:23 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = D:\Benutzer\XXX\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 43,90% Memory free
6,73 Gb Paging File | 4,26 Gb Available in Paging File | 63,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,45 Gb Total Space | 81,66 Gb Free Space | 68,37% Space Free | Partition Type: NTFS
Drive D: | 205,59 Gb Total Space | 104,03 Gb Free Space | 50,60% Space Free | Partition Type: NTFS
Drive F: | 143,53 Gb Total Space | 84,63 Gb Free Space | 58,96% Space Free | Partition Type: NTFS
Drive G: | 462,94 Gb Total Space | 371,47 Gb Free Space | 80,24% Space Free | Partition Type: NTFS
Drive P: | 1009,51 Mb Total Space | 1009,22 Mb Free Space | 99,97% Space Free | Partition Type: FAT32
 
Computer Name: CALLAS | User Name: Chef | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.13 10:36:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Benutzer\XXX\Desktop\OTL.exe
PRC - [2012.02.11 18:40:44 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011.12.09 02:20:00 | 000,079,872 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0001442\PSNTServ.exe
PRC - [2011.12.08 08:48:00 | 000,027,136 | ---- | M] (DATEV e.G.) -- F:\DATEV\SYSTEM\DVREWEDZSMSTR030A.exe
PRC - [2011.11.04 08:51:48 | 000,176,128 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe
PRC - [2011.09.13 09:40:36 | 000,184,320 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\Check\DkDataSvr.exe
PRC - [2011.09.09 05:30:00 | 000,080,992 | ---- | M] (DATEV eG) -- F:\DATEV\SYSTEM\Nuko\NKWLOGIN.exe
PRC - [2011.09.06 14:25:54 | 000,009,824 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.UserSession.exe
PRC - [2011.09.06 14:22:46 | 000,063,488 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe
PRC - [2011.09.01 18:12:16 | 000,010,848 | ---- | M] (DATEV eG) -- F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
PRC - [2011.07.25 02:49:00 | 000,269,920 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\Install\DvInesASDMon.Exe
PRC - [2011.07.25 02:49:00 | 000,172,640 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe
PRC - [2011.06.28 09:22:08 | 000,549,472 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000150\ScWTS\DVCCSAWTSSetEntryNTE.exe
PRC - [2011.06.28 09:18:54 | 002,409,056 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe
PRC - [2011.05.09 14:52:04 | 000,271,456 | ---- | M] (Datev eG) -- F:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe
PRC - [2011.05.09 14:52:02 | 000,595,552 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000398\SiPaHost.exe
PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.12.10 17:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe
PRC - [2010.12.10 17:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2010.11.26 15:53:14 | 000,878,176 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\Sws\LiMaService.exe
PRC - [2010.11.26 15:53:14 | 000,378,976 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\Sws\LiMaServer.exe
PRC - [2010.09.22 16:47:40 | 000,368,736 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardManager.exe
PRC - [2010.09.22 16:47:22 | 000,292,960 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardService.exe
PRC - [2010.09.13 17:58:00 | 000,866,912 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0001363\SCmIdentityScanner.exe
PRC - [2010.09.03 14:50:22 | 000,406,112 | ---- | M] (DATEV e.G.) -- F:\DATEV\PROGRAMM\B0001364\DtvScSer.exe
PRC - [2010.08.25 20:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2010.08.25 20:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010.08.25 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2010.08.25 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010.08.25 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe
PRC - [2010.06.04 17:59:08 | 000,533,808 | ---- | M] (Acronis) -- C:\Programme\Acronis\DriveMonitor\adm_tray.exe
PRC - [2010.06.04 17:57:46 | 003,427,312 | ---- | M] (Acronis) -- C:\Programme\Acronis\DriveMonitor\adm.exe
PRC - [2010.03.26 02:07:42 | 000,091,992 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\msftesql.exe
PRC - [2010.03.26 02:07:42 | 000,091,992 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
PRC - [2010.03.22 16:19:11 | 001,540,096 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\netzmanager.exe
PRC - [2010.03.22 15:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.10.27 18:23:50 | 000,660,504 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009.10.27 18:20:18 | 000,365,560 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009.08.25 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009.08.25 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\UdaterUI.exe
PRC - [2009.08.25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe
PRC - [2009.08.25 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\McTray.exe
PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.10 22:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.06.18 07:13:20 | 000,036,448 | ---- | M] (DATEV eG) -- F:\DATEV\SYSTEM\RzpjWtch.exe
PRC - [2008.04.21 23:27:06 | 000,498,952 | ---- | M] () -- C:\Programme\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2008.04.21 23:00:36 | 000,911,168 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2008.04.21 22:54:38 | 002,622,296 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008.03.26 12:21:30 | 005,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.01 18:51:15 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\Datev.Viwas.UserSession.Interfaces\6.1.0.0__cbc631f1c682336b\Datev.Viwas.UserSession.Interfaces.dll
MOD - [2012.02.01 08:56:40 | 000,559,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Mic#\ab897c9ae44064f06a572ace612ef96a\Datev.Framework.MicroParts.Interface.ni.dll
MOD - [2012.02.01 08:56:35 | 000,092,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Lic#\9af47ea84c5be571f69a62e7ac94c9e7\Datev.Framework.LicenseManagement.PlugIn.ni.dll
MOD - [2012.02.01 08:56:31 | 002,413,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Int#\6a6701bcb6da8f46138f5b1640780d7e\Datev.Framework.Interface.ni.dll
MOD - [2012.02.01 08:56:25 | 000,064,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Env#\ae95f9864b550d732008d36bbf8fa83c\Datev.Framework.Environment.ni.dll
MOD - [2012.02.01 08:56:22 | 000,209,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Dir#\bdad833b78b3073f32424e5094f3087d\Datev.Framework.DirectStart.ni.dll
MOD - [2012.02.01 08:56:03 | 000,114,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Stor#\5366d4f5a42e8eb59356a2268c79791b\Datev.ConfigDB.StorageProvider.ni.dll
MOD - [2012.02.01 08:56:03 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Plug#\fd32ce8960bd6f90fabce86a6691d5fa\Datev.ConfigDB.PlugIn.ni.dll
MOD - [2012.02.01 08:56:02 | 000,664,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB\ebabcc37e465653b44e7534ce4ef497e\Datev.ConfigDB.ni.dll
MOD - [2012.02.01 08:56:02 | 000,064,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Inte#\b74271af9aa9c73597572b99b8c71446\Datev.ConfigDB.Interfaces.ni.dll
MOD - [2012.02.01 08:38:32 | 000,922,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Dia#\866dc35fd221fbfeb1aba2bd2bf08b4c\Datev.Framework.Diagnostics.RealTimeTracing.ni.dll
MOD - [2012.02.01 08:38:30 | 002,469,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Mic#\cfc192a04e1d1d97ee4f00297a630fc4\Datev.Framework.MicroKernel.ni.dll
MOD - [2012.01.12 18:53:34 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\6a1e2938633d08d9d97c6940a537b1ff\System.IdentityModel.ni.dll
MOD - [2012.01.12 18:53:32 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\a2046fbb45b00425d083cc8706b75479\System.ServiceModel.ni.dll
MOD - [2012.01.12 18:52:59 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
MOD - [2012.01.12 18:52:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
MOD - [2011.10.16 18:44:39 | 001,072,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\16c385f23b5e493899f0d206dfb60094\System.IdentityModel.ni.dll
MOD - [2011.10.16 18:44:37 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\559ebac0a85ae55da09827b8048f77bd\System.ServiceModel.ni.dll
MOD - [2011.10.16 18:42:18 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\aab1c287bc73a03c51b55fb3f102c27e\System.ServiceProcess.ni.dll
MOD - [2011.10.16 18:42:10 | 000,244,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\6df772247e44fc7cdaba2a87318ded7a\System.Runtime.Caching.ni.dll
MOD - [2011.10.16 18:41:53 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\41a4f6cc5d596e952fd880ae1a47308f\System.Runtime.DurableInstancing.ni.dll
MOD - [2011.10.16 18:41:53 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\caf1d94cb89859c72d6c8cd8774068d3\System.Transactions.ni.dll
MOD - [2011.10.16 18:41:51 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\993f89ba22499c379d2a9dd25d13cd94\System.Runtime.Serialization.ni.dll
MOD - [2011.10.16 18:41:51 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\398a52caf1e9fd1a6ea9dd589b0f6e68\SMDiagnostics.ni.dll
MOD - [2011.10.16 18:41:48 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\bd729791a7504ef9ecb4ad6ebfd94935\System.Xml.Linq.ni.dll
MOD - [2011.10.16 18:04:35 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a3ffdc1316821b5ceb32c9a788334329\System.Xaml.ni.dll
MOD - [2011.10.16 17:47:35 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4b4c359912c1241246f50a4c47dbab3c\System.Runtime.Serialization.ni.dll
MOD - [2011.10.16 17:47:30 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\a800035f1686fdb0b7a019b954a37cfe\SMDiagnostics.ni.dll
MOD - [2011.10.16 17:45:37 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011.10.16 17:44:16 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\02768700bc8f762ccfe37785ba8eb498\System.EnterpriseServices.ni.dll
MOD - [2011.10.16 17:44:15 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8f3b3ab45e3e5fa61aa6cbfe2a8b61af\System.Transactions.ni.dll
MOD - [2011.10.16 17:44:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011.10.13 07:01:34 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011.10.13 07:01:03 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011.10.13 07:00:49 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011.10.13 07:00:06 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll
MOD - [2011.10.13 07:00:02 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll
MOD - [2011.10.13 06:59:45 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll
MOD - [2011.10.13 06:59:33 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
MOD - [2011.10.13 06:59:29 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011.10.13 06:59:22 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.10.12 17:02:39 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\44a7d2597981a82da8b9e3e2298602de\System.Core.ni.dll
MOD - [2011.10.12 17:02:37 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\419103071a5a5d17738afbe9dd03d58a\System.Xml.ni.dll
MOD - [2011.10.12 17:02:33 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\17bfc7131aca3a393f430121f79307bd\System.Drawing.ni.dll
MOD - [2011.10.12 17:02:33 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\4844dd28e0611d1ebd1e449fe822c2a5\System.Configuration.ni.dll
MOD - [2011.10.12 17:02:31 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll
MOD - [2011.10.12 17:02:24 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
MOD - [2011.06.28 09:22:06 | 000,068,704 | ---- | M] () -- F:\DATEV\PROGRAMM\B0000150\ScServer\ScEventSourcePlugin.dll
MOD - [2011.05.09 14:52:00 | 000,203,264 | ---- | M] () -- F:\DATEV\SYSTEM\DVCCSipaHostApidll.dll
MOD - [2010.07.12 09:05:32 | 000,030,304 | ---- | M] () -- F:\DATEV\PROGRAMM\B0000150\ScServer\ScWinMagicPlugin.dll
MOD - [2010.06.04 17:40:26 | 000,012,128 | ---- | M] () -- C:\Programme\Common Files\Acronis\DriveMonitor\Common\icudt38.dll
MOD - [2009.09.22 16:06:38 | 000,087,040 | ---- | M] () -- F:\DATEV\PROGRAMM\B0000391\DokSchutzShExt.dll
MOD - [2009.09.16 17:24:04 | 000,101,888 | ---- | M] () -- F:\DATEV\SYSTEM\DVCCDBNETCONVAPIAX300.DLL
MOD - [2009.03.29 20:42:20 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.03.29 20:42:14 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.29 20:42:14 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2009.03.29 20:42:14 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.03.29 20:42:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.18 10:39:54 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll
MOD - [2009.01.18 14:50:02 | 000,417,792 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\AdobeXMP.dll
MOD - [2008.05.02 05:15:37 | 000,010,240 | ---- | M] () -- C:\Programme\Unlocker\UnlockerCOM.dll
MOD - [2008.04.21 22:43:20 | 001,336,600 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\fox.dll
MOD - [2007.11.16 16:02:18 | 000,479,232 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ccme_base.dll
MOD - [2007.11.16 16:02:18 | 000,401,408 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\cryptocme2.dll
MOD - [2005.08.22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Programme\McAfee\Common Framework\cryptocme2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (DVDFUEavmnwapi)
SRV - File not found [On_Demand | Running] --  -- (Datev.Framework.RemoteServices.Messaging.CentralMessagingService)
SRV - File not found [On_Demand | Running] --  -- (Datev.Framework.RemoteServices)
SRV - File not found [Auto | Running] --  -- (Datev.Framework.RemoteServiceModel.EnablerService)
SRV - File not found [On_Demand | Running] --  -- (Datev.Database.Conserve)
SRV - [2012.02.11 18:40:44 | 000,159,608 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011.12.09 02:20:00 | 000,079,872 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\B0001442\PSNTServ.exe -- (DatevPrintService)
SRV - [2011.11.04 08:51:48 | 000,176,128 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe -- (Dcmanag)
SRV - [2011.09.06 14:22:46 | 000,063,488 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe -- (DATEV ViwasClientService)
SRV - [2011.07.25 02:49:00 | 000,172,640 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe -- (DATEV Update-Service)
SRV - [2011.06.28 09:18:54 | 002,409,056 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe -- (DVckService)
SRV - [2011.05.09 14:52:04 | 000,271,456 | ---- | M] (Datev eG) [Auto | Running] -- F:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe -- (Sicherheitspaket-Dienst)
SRV - [2010.09.22 16:47:22 | 000,292,960 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardService.exe -- (SCardService)
SRV - [2010.09.03 14:50:22 | 000,406,112 | ---- | M] (DATEV e.G.) [Auto | Running] -- F:\DATEV\PROGRAMM\B0001364\DtvScSer.exe -- (DATEV Logon Service)
SRV - [2010.08.25 20:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2010.08.25 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010.08.25 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)
SRV - [2010.08.25 07:54:06 | 000,194,144 | ---- | M] (KOBIL Systems GmbH) [Disabled | Stopped] -- F:\DATEV\PROGRAMM\B0000404\msdisrv.exe -- (KOBIL_MSDI)
SRV - [2010.03.22 15:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2009.10.27 18:23:50 | 000,660,504 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.08.25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009.07.20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.01.28 09:52:46 | 002,790,400 | ---- | M] (Aladdin Knowledge Systems Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2008.12.29 16:27:40 | 000,361,728 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.05.29 09:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.04.21 23:27:06 | 000,498,952 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2006.12.07 16:52:14 | 000,140,184 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)
SRV - [2006.12.07 16:52:10 | 000,095,128 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.02.11 18:40:44 | 000,475,704 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012.02.11 18:40:44 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011.07.19 14:28:42 | 000,075,320 | ---- | M] (Datev eG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\d3_kafm.sys -- (SC_Serv3D)
DRV - [2010.08.25 20:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010.08.25 20:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010.08.25 20:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010.08.25 20:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010.03.04 12:50:14 | 000,261,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.10.08 15:45:22 | 000,023,424 | ---- | M] (KOBIL Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KOBCCEX.sys -- (KOBCCEX)
DRV - [2009.10.08 15:45:10 | 000,084,352 | ---- | M] (KOBIL Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KOBCCID.sys -- (KOBCCID)
DRV - [2009.07.09 13:18:56 | 000,587,776 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2009.06.22 09:06:32 | 000,016,384 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.06.17 17:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009.06.17 17:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009.05.21 15:43:20 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2009.02.03 02:10:12 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2009.01.16 10:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008.12.29 18:08:51 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008.12.29 18:08:51 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008.12.29 18:08:50 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008.12.29 18:08:48 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2008.08.29 13:19:36 | 000,040,368 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2008.03.19 18:30:00 | 007,438,432 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.01.19 06:55:32 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2008.01.19 06:49:30 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2007.09.12 17:24:00 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DslTestSp5.sys -- (dsltestSp5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.datev.de/portal/ShowPage.do?pid=dpi&nid=302
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.datev.de/
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.6.18
FF - prefs.js..extensions.enabledItems: {1f91cde0-c040-11da-a94d-0800200c9a66}:3.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:1.0.2
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.9.99999
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@datev.de/DATEV_BestellManager,version=1.7: F:\DATEV\PROGRAMM\A0000015\npdvbm.dll ( DATEV eG)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files\phonostar-Player\npphonostarDetectNP.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 08:40:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.01 08:22:33 | 000,000,000 | ---D | M]
 
[2009.02.01 13:57:41 | 000,000,000 | ---D | M] (No name found) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Extensions
[2012.02.13 15:10:02 | 000,000,000 | ---D | M] (No name found) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions
[2011.07.27 13:20:58 | 000,000,000 | ---D | M] (FoxClocks) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2012.02.02 08:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.09.13 18:39:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
() (No name found) -- D:\BENUTZER\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCWQV1RC.DEFAULT\EXTENSIONS\{1F91CDE0-C040-11DA-A94D-0800200C9A66}.XPI
() (No name found) -- D:\BENUTZER\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCWQV1RC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.01.29 17:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.08.25 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.05.25 15:10:28 | 001,386,600 | ---- | M] (LINK & LINK Software) -- C:\Program Files\mozilla firefox\plugins\npideapl.dll
[2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.29 14:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {557F4852-8868-44dd-B5E9-9890AC4B1FD5} - No CLSID value found.
O2 - BHO: (DtvIePwdSafeBHO Class) - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - F:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe.dll (DATEV eG)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - F:\DATEV\SYSTEM\DVCCSASCardBHO002.dll (DATEV eG)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found.
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [adm_tray.exe] C:\Programme\Acronis\DriveMonitor\adm_tray.exe (Acronis)
O4 - HKLM..\Run: [DATEV Update-Monitor] F:\DATEV\PROGRAMM\Install\DvInesASDMon.exe (DATEV eG)
O4 - HKLM..\Run: [DATEV_SCardMan] F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardManager.exe (DATEV eG)
O4 - HKLM..\Run: [Dell MFP Color Laser Printer 3115cn Launcher] C:\Program Files\Dell Printers\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe (Dell Inc.)
O4 - HKLM..\Run: [DVCCSAWTSSetEntryNTE] F:\DATEV\PROGRAMM\B0000150\ScWTS\DVCCSAWTSSetEntryNTE.exe (DATEV eG)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ScreenManager Pro for LCD] C:\Programme\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe (EIZO NANAO CORPORATION)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SiPaHost] F:\DATEV\PROGRAMM\B0000398\SiPaHost.exe (DATEV eG)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [Datev.Arbeitsplatz.Scheduler.exe] F:\DATEV\PROGRAMM\K0005000\Datev.Arbeitsplatz.Scheduler.exe (DATEV eG)
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [DFÜ-Sammler] F:\DATEV\PROGRAMM\RZKOMM\ccsrv2.exe ()
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [GGAopsUxiAA.exe] C:\ProgramData\GGAopsUxiAA.exe File not found
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [KeePass Password Safe] C:\Program Files\KeePass Password Safe\KeePass.exe (Dominik Reichl)
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe File not found
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002..\Run: [Datev.Arbeitsplatz.Scheduler.exe] F:\DATEV\PROGRAMM\K0005000\Datev.Arbeitsplatz.Scheduler.exe (DATEV eG)
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002..\Run: [DFÜ-Sammler] F:\DATEV\PROGRAMM\RZKOMM\ccsrv2.exe ()
O4 - Startup: D:\Benutzer\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found
O4 - Startup: D:\Benutzer\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CD-MENU.LNK =  File not found
O4 - Startup: D:\Benutzer\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VIWAS - USB Scanner.url ()
O4 - Startup: D:\Benutzer\Didi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found
O4 - Startup: D:\Benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DATEV Arbeitsplatz.lnk = F:\DATEV\PROGRAMM\K0005000\Arbeitsplatz.exe (DATEV eG)
O4 - Startup: D:\Benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O4 - Startup: D:\Benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O4 - Startup: D:\Benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .IPC - C:\Programme\Mozilla Firefox\plugins\npideapl.dll (LINK & LINK Software)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: bio-discount-markt.de ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.com ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.com ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.de ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.de ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.de ([www] http is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.de ([www] https is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.de ([www.wissensvermittlung] * in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datevnet.de ([*.services] http is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datevnet.de ([*.services] https is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datevstadt.de ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datevstadt.de ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: handelsblatt.com ([www] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: ing-diba.de ([www] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: jonglieren-lernen.de ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: kaufdown.de ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: lswb.de ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: lufthansa.com ([newsletter] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: premium-content-center.de ([www.vhb] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: staatsoper.de ([secure] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: sueddeutsche.de ([kaufdown] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: sueddeutsche.de ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: sued-west.com ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: vkb.de ([cms] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: wirtschaftspresse.biz ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: adac.de ([www] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.at ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.at ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.com ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.com ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.de ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.de ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.de ([www] http is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.de ([www] https is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datevnet.de ([*.services] http is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datevnet.de ([*.services] https is out of zone range -  5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datevstadt.de ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datevstadt.de ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: dell.com ([support.euro] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: deutschepost.de ([stampitweb] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: localhost ([]http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: localhost ([]https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: t-online.de ([email] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: top20free.de ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Ranges: LocalHost ([http] in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D50606D-CA42-4B5F-A889-FD51BCAB22AA}: DhcpNameServer = 192.168.123.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Benutzer\Public\Pictures\Sample Pictures\Tornado2.jpg
O24 - Desktop BackupWallPaper: D:\Benutzer\Public\Pictures\Sample Pictures\Tornado2.jpg
O30 - LSA: Authentication Packages - (relog_ap) -C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk - C:\Programme\Audible\Bin\AudibleDownloadHelper.exe - (Audible, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hardcopy.LNK - C:\Programme\Hardcopy\hardcopy.exe - (sw4you, Siegfried Weckmann)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe - (Logitech, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.1 HD Edition.lnk - C:\Programme\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe - (Panasonic Corporation)
MsConfig - StartUpFolder: D:^Benutzer^Chef^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: DLPSP - hkey= - key= - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KeePass Password Safe - hkey= - key= - C:\Program Files\KeePass Password Safe\KeePass.exe (Dominik Reichl)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: phonostarTimer - hkey= - key= - C:\Programme\phonostar-Player\phonostarTimer.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: STAMPIT-Tray - hkey= - key= - C:\Programme\STAMPIT\Binary\STRAY.EXE (Deutsche Post AG)
MsConfig - StartUpReg: UnlockerAssistant - hkey= - key= - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 0
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: McAfeeEngineService - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0F1D198F-E5EA-4542-930E-2FB2B099F3F3} - LanaConfigTool_3383
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ADD9AEE8-B916-4CD6-A04B-9386DF90D594} - msiexec /fus {ADD9AEE8-B916-4CD6-A04B-9386DF90D594} /quiet
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - tsccvid.dll File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.12 16:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.02.11 19:42:31 | 000,000,000 | ---D | C] -- D:\Benutzer\Chef\AppData\Roaming\Malwarebytes
[2012.02.11 19:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.11 19:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.11 19:42:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.11 19:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.11 18:59:01 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012.02.11 18:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012.02.11 17:11:08 | 000,000,000 | ---D | C] -- C:\Quarantäne
[2012.02.01 18:52:32 | 000,091,896 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2012.02.01 18:52:32 | 000,087,656 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2012.02.01 18:52:32 | 000,076,024 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2012.02.01 18:52:32 | 000,043,192 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2012.02.01 18:52:31 | 000,475,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2012.02.01 18:52:31 | 000,159,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2012.02.01 18:52:31 | 000,064,208 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfetdik.sys
[2012.02.01 18:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.02.01 18:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.02.01 18:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2012.02.01 14:07:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.13 15:51:54 | 000,003,680 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.13 15:51:54 | 000,003,680 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.13 15:41:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.13 10:32:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.02.13 10:23:01 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7B350D1C-3775-4BB6-855B-FA96CDF39FC4}.job
[2012.02.13 07:58:03 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.13 07:51:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.12 09:28:13 | 000,000,000 | ---- | M] () -- D:\Benutzer\Chef\defogger_reenable
[2012.02.11 18:59:01 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012.02.11 18:40:44 | 000,475,704 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2012.02.11 18:40:44 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2012.02.11 18:40:44 | 000,087,656 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2012.02.09 17:24:20 | 001,009,612 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.09 17:24:20 | 000,911,982 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.09 17:24:20 | 000,278,674 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.09 17:24:20 | 000,219,280 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.02 19:58:34 | 000,000,705 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.02.01 19:03:30 | 000,000,021 | ---- | M] () -- C:\Windows\DvInesKurusOleServer003.INI
[2012.02.01 11:03:37 | 000,000,694 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DATEV-Hinweis Mitteilungsdienst.lnk
[2012.02.01 10:39:00 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\DATEV Arbeitsplatz pro V.2.03.lnk
[2012.02.01 10:30:51 | 000,000,862 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office SR V.5.02 Initialisierung.lnk
[2012.02.01 10:17:34 | 000,000,849 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk
[2012.02.01 09:22:10 | 000,000,828 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DFÜ-Manager.lnk
[2012.02.01 09:00:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\WPACLTASK_107450-38-2011-Prüfungsautomatisierung Lansche_Prüfungsautomatisierung_Lansche.job
[2012.02.01 09:00:00 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\WPACLTASK_107450-38-2011-Prüfungsautomatisierung Lansche_Prüfungsautomatisierung_FIBU.job
[2012.02.01 08:34:11 | 000,000,102 | ---- | M] () -- C:\Windows\Startup.INI
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.12 11:35:43 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office SR V.5.02 Initialisierung.lnk
[2012.02.12 11:35:43 | 000,000,849 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk
[2012.02.12 11:35:43 | 000,000,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DFÜ-Manager.lnk
[2012.02.12 11:35:43 | 000,000,719 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lizenz-Manager Server.lnk
[2012.02.12 11:35:43 | 000,000,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RZ-Druckertreiber V.2.3.lnk
[2012.02.12 09:28:13 | 000,000,000 | ---- | C] () -- D:\Benutzer\Chef\defogger_reenable
[2012.02.01 10:39:00 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\DATEV Arbeitsplatz pro V.2.03.lnk
[2012.02.01 08:22:33 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.10.19 15:23:20 | 002,897,408 | ---- | C] () -- C:\Program Files\EPortoInstaller2010_v2.1.msi
[2011.10.19 15:23:20 | 000,436,736 | ---- | C] () -- C:\Program Files\setup.exe
[2011.07.01 12:55:07 | 000,000,130 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.04.19 13:37:11 | 000,000,093 | ---- | C] () -- D:\Benutzer\Chef\AppData\Roaming\BEVI.CFG
[2010.12.17 08:38:47 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.09.22 16:48:26 | 000,032,352 | ---- | C] () -- C:\Windows\System32\JNILibrary.dll
[2010.09.22 16:48:06 | 000,114,272 | ---- | C] () -- C:\Windows\System32\INetCert.dll
[2010.07.26 11:12:23 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.07.26 11:12:23 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.07.26 11:12:23 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.07.26 11:12:23 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.07.26 11:12:23 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.07.26 11:12:23 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.07.26 11:12:23 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.07.26 11:12:23 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.07.26 11:12:23 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.07.26 11:12:23 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.07.26 11:12:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.07.26 11:12:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.07.26 11:12:23 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.07.26 11:12:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.07.26 11:12:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.07.26 11:12:23 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.07.26 11:12:23 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.07.26 11:12:23 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010.07.26 11:12:23 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.04.16 07:40:49 | 000,000,118 | ---- | C] () -- C:\Windows\gmbhr.ini
[2010.04.16 07:40:39 | 000,015,840 | ---- | C] () -- C:\Windows\System32\Machnm1.exe
[2009.12.03 08:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.10.21 07:45:09 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.10.21 07:44:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.21 07:44:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.30 11:05:48 | 000,290,816 | ---- | C] () -- C:\Windows\System32\nsldap32v60.dll
[2009.05.26 09:31:09 | 000,014,680 | ---- | C] () -- C:\Windows\System32\skypdfmonpro.dll
[2009.05.26 09:31:09 | 000,012,632 | ---- | C] () -- C:\Windows\System32\skypdfmonuipro.dll
[2009.05.25 21:00:46 | 000,000,021 | ---- | C] () -- C:\Windows\KurusDeinstall.INI
[2009.05.21 10:33:06 | 000,000,012 | ---- | C] () -- C:\Windows\Ulead32.ini
[2009.05.17 12:27:18 | 000,000,164 | ---- | C] () -- C:\Windows\DEINSTAL.INI
[2009.05.17 12:05:44 | 000,000,000 | ---- | C] () -- C:\Windows\netop.ini
[2009.05.17 09:28:58 | 000,000,095 | ---- | C] () -- D:\Benutzer\Chef\AppData\Local\fusioncache.dat
[2009.05.17 08:57:01 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI
[2009.05.17 08:54:29 | 000,000,101 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI
[2009.05.17 08:54:28 | 000,000,101 | ---- | C] () -- C:\Windows\dvinesinstart001.INI
[2009.05.17 08:52:06 | 000,000,102 | ---- | C] () -- C:\Windows\Startup.INI
[2009.01.02 13:52:17 | 000,008,192 | ---- | C] () -- D:\Benutzer\Chef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.28 15:03:13 | 000,000,705 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.12.20 12:47:34 | 004,244,744 | ---- | C] () -- C:\Windows\System32\qtp-mt334.dll
[2008.12.20 12:47:34 | 000,247,560 | ---- | C] () -- C:\Windows\System32\prgiso.dll
[2008.11.30 14:19:21 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2008.11.30 12:58:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.30 17:00:22 | 000,048,640 | ---- | C] () -- C:\Windows\System32\nsldapssl32v60.dll
[2008.10.30 16:59:24 | 000,025,088 | ---- | C] () -- C:\Windows\System32\nsldappr32v60.dll
[2008.09.26 17:40:50 | 000,024,376 | ---- | C] () -- C:\Windows\System32\TALDM32A.dll
[2008.09.26 17:40:50 | 000,022,832 | ---- | C] () -- C:\Windows\System32\TALDM32.DLL
[2008.09.26 17:40:48 | 000,052,536 | ---- | C] () -- C:\Windows\System32\TAL12832.DLL
[2008.09.13 13:53:35 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2008.07.09 16:23:08 | 000,255,288 | ---- | C] () -- C:\Windows\System32\SBSPAIN3.DLL
[2008.07.09 16:22:28 | 000,075,576 | ---- | C] () -- C:\Windows\System32\ENCODE32.DLL
[2007.01.15 08:19:16 | 000,016,473 | ---- | C] () -- C:\Windows\System32\SELF32.INI
[2006.11.02 16:42:41 | 001,009,612 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:42:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:42:41 | 000,278,674 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:42:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:43 | 000,342,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,911,982 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,219,280 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.08.16 12:48:16 | 000,036,864 | ---- | C] () -- C:\Windows\System32\OrdMen.dll
[2005.08.16 12:48:14 | 000,081,920 | ---- | C] () -- C:\Windows\System32\SOFFICK2.dll
[2005.08.16 12:47:52 | 000,045,056 | ---- | C] () -- C:\Windows\System32\SBSPAIN2.DLL
[2005.08.16 12:47:52 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SBSPAINT.DLL
[2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2003.09.24 11:42:12 | 000,000,093 | ---- | C] () -- C:\Windows\tm.ini
[2003.09.24 10:42:00 | 000,000,093 | ---- | C] () -- C:\Windows\System32\tm.ini
[2001.05.07 14:51:42 | 000,001,091 | ---- | C] () -- C:\Windows\PCDBAudit.ini
[1999.08.26 14:50:36 | 000,020,480 | ---- | C] () -- C:\Windows\System32\ddma32.dll
[1999.01.19 14:18:30 | 000,110,080 | ---- | C] () -- C:\Windows\System32\LFPNG60N.DLL
[1999.01.19 14:18:30 | 000,046,080 | ---- | C] () -- C:\Windows\System32\LFTIF60N.DLL
[1999.01.19 14:18:30 | 000,043,008 | ---- | C] () -- C:\Windows\System32\LTFIL60N.DLL
[1999.01.19 14:18:30 | 000,020,480 | ---- | C] () -- C:\Windows\System32\LFPSD60N.DLL
[1999.01.19 14:18:30 | 000,019,968 | ---- | C] () -- C:\Windows\System32\LFTGA60N.DLL
[1999.01.19 14:18:30 | 000,019,456 | ---- | C] () -- C:\Windows\System32\LFWPG60N.DLL
[1999.01.19 14:18:30 | 000,019,456 | ---- | C] () -- C:\Windows\System32\LFWMF60N.DLL
[1999.01.19 14:18:28 | 000,176,128 | ---- | C] () -- C:\Windows\System32\LFFAX60N.DLL
[1999.01.19 14:18:28 | 000,141,824 | ---- | C] () -- C:\Windows\System32\LFCMP60N.DLL
[1999.01.19 14:18:28 | 000,023,552 | ---- | C] () -- C:\Windows\System32\LFPCX60N.DLL
[1999.01.19 14:18:28 | 000,022,528 | ---- | C] () -- C:\Windows\System32\LFPCT60N.DLL
[1999.01.19 14:18:28 | 000,022,528 | ---- | C] () -- C:\Windows\System32\LFEPS60N.DLL
[1999.01.19 14:18:28 | 000,022,016 | ---- | C] () -- C:\Windows\System32\LFBMP60N.DLL
[1999.01.19 14:18:28 | 000,018,432 | ---- | C] () -- C:\Windows\System32\LFMSP60N.DLL
[1999.01.19 14:18:28 | 000,017,920 | ---- | C] () -- C:\Windows\System32\LFMAC60N.DLL
[1998.05.07 13:10:16 | 000,069,632 | ---- | C] () -- C:\Windows\System32\ODMA32.DLL
[1995.05.19 10:13:00 | 000,005,440 | ---- | C] () -- C:\Windows\System32\WINDVS16.DLL
[1995.02.14 23:11:00 | 000,017,920 | ---- | C] () -- C:\Windows\System32\IMPLODE.DLL
 
========== LOP Check ==========
 
[2009.05.25 22:00:57 | 000,000,000 | ---D | M] -- D:\Benutzer\Administrator\AppData\Roaming\TuneUp Software
[2011.07.21 14:19:41 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\DATEV
[2010.05.13 13:14:32 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\DMS
[2009.02.01 13:50:16 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\KeePass
[2009.06.24 07:56:49 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\MGS
[2009.02.08 14:01:44 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Notepad++
[2009.10.21 07:36:38 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\phonostar GmbH
[2009.11.20 10:17:38 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\phonostar-Player
[2008.12.20 12:54:12 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\T-Online
[2008.12.29 16:14:42 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\TuneUp Software
[2009.11.03 15:28:27 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\Analyzer
[2011.07.08 08:03:19 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\Avery
[2012.02.07 09:02:16 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\BelegCache
[2010.05.13 18:04:58 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\DATEV
[2011.08.12 10:15:25 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\DatevScan
[2010.05.13 19:28:30 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\DMS
[2011.08.05 09:43:15 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\DokOrg
[2012.02.13 07:59:23 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\Dropbox
[2011.01.02 13:55:49 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\Free Download Manager
[2010.11.07 22:00:11 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\GeoSetter
[2009.02.01 22:41:38 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\KeePass
[2010.05.14 07:19:44 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\linkundlink
[2011.03.24 08:21:19 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\MGS
[2009.10.06 19:26:50 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\Mp3tag
[2009.12.15 15:08:17 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\Notepad++
[2009.10.21 14:53:36 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\phonostar GmbH
[2009.11.19 07:38:45 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\phonostar-Player
[2008.12.20 12:14:40 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\T-Online
[2009.05.21 19:29:57 | 000,000,000 | ---D | M] -- D:\Benutzer\XXX\AppData\Roaming\Ulead Systems
[2012.02.12 22:29:13 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.02.13 10:23:01 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7B350D1C-3775-4BB6-855B-FA96CDF39FC4}.job
[2012.02.01 09:00:00 | 000,000,942 | ---- | M] () -- C:\Windows\Tasks\WPACLTASK_107450-38-2011-Prüfungsautomatisierung Lansche_Prüfungsautomatisierung_FIBU.job
[2012.02.01 09:00:00 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\WPACLTASK_107450-38-2011-Prüfungsautomatisierung Lansche_Prüfungsautomatisierung_Lansche.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.12.25 18:07:00 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Adobe
[2009.05.22 16:09:45 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Ahead
[2009.09.13 12:26:18 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Apple Computer
[2011.07.21 14:19:41 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\DATEV
[2010.10.06 20:17:09 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\DivX
[2010.05.13 13:14:32 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\DMS
[2008.12.31 12:36:21 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Google
[2009.05.18 19:35:41 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Help
[2008.12.20 12:32:22 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Identities
[2010.07.26 11:12:22 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\InstallShield
[2009.02.01 13:50:16 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\KeePass
[2009.05.22 09:15:59 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Logitech
[2008.12.23 13:51:17 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Macromedia
[2012.02.11 19:42:31 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Malwarebytes
[2011.07.01 12:53:27 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\McAfee
[2009.06.24 07:56:49 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\MGS
[2011.03.24 15:16:46 | 000,000,000 | --SD | M] -- D:\Benutzer\Chef\AppData\Roaming\Microsoft
[2009.02.01 13:57:41 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Mozilla
[2009.02.08 14:01:44 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Notepad++
[2009.10.21 07:36:38 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\phonostar GmbH
[2009.11.20 10:17:38 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\phonostar-Player
[2008.12.20 12:54:12 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\T-Online
[2008.12.29 16:14:42 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\TuneUp Software
 
< %APPDATA%\*.exe /s >
[2008.12.25 17:36:29 | 000,025,214 | R--- | M] () -- D:\Benutzer\Chef\AppData\Roaming\Microsoft\Installer\{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}\_52312b2a.exe
[2011.07.27 16:32:14 | 012,727,952 | ---- | M] (                                                            ) -- D:\Benutzer\Chef\AppData\Roaming\phonostar GmbH\phonostar-Player\update.exe
[1 D:\Benutzer\Chef\AppData\Roaming\phonostar GmbH\phonostar-Player\*.tmp files -> D:\Benutzer\Chef\AppData\Roaming\phonostar GmbH\phonostar-Player\*.tmp -> ]
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.11.27 22:02:08 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.11.27 22:02:08 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.11.27 22:02:08 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2010.03.05 10:25:58 | 000,043,520 | ---- | M] (Panasonic Corporation) MD5=5DC962B15A2057814728D2BDE118BE07 -- C:\Program Files\Panasonic\PHOTOfunSTUDIO 5.1 HD\Core\EventLog\EventLog.dll
[2010.03.05 10:25:58 | 000,043,520 | ---- | M] (Panasonic Corporation) MD5=5DC962B15A2057814728D2BDE118BE07 -- C:\Program Files\Panasonic\PHOTOfunSTUDIO 5.1 HD\Core\Spec\AVCHD\BDCore\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.11.27 21:49:57 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.11.27 21:49:57 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >
Gruß
Angela

cosinus 13.02.2012 21:56
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
O2 - BHO: (no name) - {557F4852-8868-44dd-B5E9-9890AC4B1FD5} - No CLSID value found.
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found.
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [GGAopsUxiAA.exe] C:\ProgramData\GGAopsUxiAA.exe File not found
O4 - Startup: D:\Benutzer\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found
O4 - Startup: D:\Benutzer\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CD-MENU.LNK =  File not found
O4 - Startup: D:\Benutzer\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VIWAS - USB Scanner.url ()
O4 - Startup: D:\Benutzer\Didi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Angela_64 14.02.2012 09:03
Guten Morgen!

Beim ersten Durchlauf hat sich OTL aufgehängt. Log vom zweiten Durchlauf nach Neustart:

Code:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{557F4852-8868-44dd-B5E9-9890AC4B1FD5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{557F4852-8868-44dd-B5E9-9890AC4B1FD5}\ not found.
Registry value HKEY_USERS\S-1-5-21-3145037949-670496425-2720176754-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3145037949-670496425-2720176754-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40C3CC16-7269-4B32-9531-17F2950FB06F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3145037949-670496425-2720176754-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-3145037949-670496425-2720176754-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-3145037949-670496425-2720176754-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3145037949-670496425-2720176754-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched not found.
Registry value HKEY_USERS\S-1-5-21-3145037949-670496425-2720176754-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GGAopsUxiAA.exe not found.
File move failed. D:\Benutzer\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk scheduled to be moved on reboot.
File move failed. D:\Benutzer\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CD-MENU.LNK scheduled to be moved on reboot.
File D:\Benutzer\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VIWAS - USB Scanner.url not found.
File move failed. D:\Benutzer\Didi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk scheduled to be moved on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Chef
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Didi
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: XXX
->Temp folder emptied: 33109 bytes
->Temporary Internet Files folder emptied: 38253 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 19164516 bytes
->Flash cache emptied: 456 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8522130 bytes
RecycleBin emptied: 19421769 bytes
 
Total Files Cleaned = 45,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 02142012_084549

Files\Folders moved on Reboot...
File\Folder D:\Benutzer\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk not found!
File\Folder D:\Benutzer\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CD-MENU.LNK not found!
File\Folder D:\Benutzer\Didi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk not found!
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Gruß
Angela

cosinus 14.02.2012 10:59
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Angela_64 14.02.2012 11:57
ComboFix ist problemlos durchgelaufen und - oh Wunder - meine schöne Schnellstartleiste und das Startmenü waren wieder wie vorher. Leider haben sich keine Anwendungen aufrufen lassen und ich habe einen Neustart durchgeführt. Jetzt ist die Schnellstartleiste und das Startmenü wieder weg :-(

ComboFix.txt:

Code:
ComboFix 12-02-13.01 - Chef 14.02.2012  11:28:05.1.4 - x86
Microsoft® Windows Vista™ Business  6.0.6002.2.1252.49.1031.18.3327.1780 [GMT 1:00]
ausgeführt von:: d:\benutzer\XXX\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
d:\benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
d:\benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
d:\benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-14 bis 2012-02-14  ))))))))))))))))))))))))))))))
.
.
2012-02-14 10:35 . 2012-02-14 10:35        --------        d-----w-        d:\benutzer\Chef\AppData\Local\temp
2012-02-12 15:36 . 2012-02-12 15:36        --------        d-----w-        c:\program files\ESET
2012-02-11 20:50 . 2012-02-11 20:50        --------        d-----w-        d:\benutzer\XXX\AppData\Roaming\Malwarebytes
2012-02-11 18:42 . 2012-02-11 18:42        --------        d-----w-        d:\benutzer\Chef\AppData\Roaming\Malwarebytes
2012-02-11 18:42 . 2012-02-11 18:42        --------        d-----w-        c:\programdata\Malwarebytes
2012-02-11 18:42 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-02-11 18:42 . 2012-02-11 18:42        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-02-11 17:59 . 2012-02-11 17:59        14664        ----a-w-        c:\windows\stinger.sys
2012-02-11 17:40 . 2012-02-11 18:14        --------        d-----w-        c:\program files\stinger
2012-02-11 16:11 . 2012-02-13 17:54        --------        d-----w-        C:\Quarantäne
2012-02-01 17:52 . 2010-08-25 19:07        23864        ----a-w-        c:\program files\Mozilla Firefox\components\Scriptff.dll
2012-02-01 17:52 . 2012-02-11 17:40        87656        ----a-w-        c:\windows\system32\drivers\mferkdet.sys
2012-02-01 17:52 . 2010-08-25 19:07        91896        ----a-w-        c:\windows\system32\drivers\mfeavfk.sys
2012-02-01 17:52 . 2010-08-25 19:07        76024        ----a-w-        c:\windows\system32\drivers\mfeapfk.sys
2012-02-01 17:52 . 2010-08-25 19:07        43192        ----a-w-        c:\windows\system32\drivers\mfebopk.sys
2012-02-01 17:52 . 2012-02-11 17:40        475704        ----a-w-        c:\windows\system32\drivers\mfehidk.sys
2012-02-01 17:52 . 2012-02-11 17:40        159608        ----a-w-        c:\windows\system32\mfevtps.exe
2012-02-01 17:52 . 2010-08-25 19:07        64208        ----a-w-        c:\windows\system32\drivers\mfetdik.sys
2012-02-01 17:51 . 2012-02-01 17:52        --------        d-----w-        c:\programdata\McAfee
2012-02-01 17:51 . 2012-02-01 17:52        --------        d-----w-        c:\program files\McAfee
2012-01-31 06:22 . 2011-11-17 06:48        440192        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-01-31 06:22 . 2011-11-16 16:23        278528        ----a-w-        c:\windows\system32\schannel.dll
2012-01-31 06:22 . 2011-11-16 16:21        1259008        ----a-w-        c:\windows\system32\lsasrv.dll
2012-01-31 06:22 . 2011-11-16 16:23        377344        ----a-w-        c:\windows\system32\winhttp.dll
2012-01-31 06:22 . 2011-11-16 16:23        72704        ----a-w-        c:\windows\system32\secur32.dll
2012-01-31 06:22 . 2011-11-16 14:12        9728        ----a-w-        c:\windows\system32\lsass.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-01 09:38 . 2011-05-15 15:34        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-28 09:19 . 2011-11-28 09:19        467968        ------w-        c:\windows\system32\rsct_ot.ocx
2011-11-25 15:59 . 2012-01-11 12:37        376320        ----a-w-        c:\windows\system32\winsrv.dll
2011-11-23 13:37 . 2011-12-15 07:13        2043904        ----a-w-        c:\windows\system32\win32k.sys
2011-11-18 20:23 . 2012-01-11 12:37        1205064        ----a-w-        c:\windows\system32\ntdll.dll
2011-11-18 17:47 . 2012-01-11 12:37        66560        ----a-w-        c:\windows\system32\packager.dll
2011-04-21 14:33 . 2011-10-19 14:23        2897408        ----a-w-        c:\program files\EPortoInstaller2010_v2.1.msi
2011-04-21 14:33 . 2011-10-19 14:23        436736        ----a-w-        c:\program files\setup.exe
2012-01-29 16:12 . 2011-03-25 12:57        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
2010-08-25 19:07 . 2012-02-01 17:52        23864        ----a-w-        c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EF6B546-25FB-455B-801F-FDB3B3D39F9E}]
2011-06-01 08:05        611936        ------w-        f:\datev\PROGRAMM\B0000397\DtvIePwdSafe.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"DFÜ-Sammler"="f:\datev\PROGRAMM\RZKOMM\ccsrv2.exe" [2011-11-04 143360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-06 39408]
"Datev.Arbeitsplatz.Scheduler.exe"="f:\datev\PROGRAMM\K0005000\Datev.Arbeitsplatz.Scheduler.exe" [2011-09-19 34816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-21 2622296]
"ScreenManager Pro for LCD"="c:\program files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe" [2007-04-20 10913320]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-19 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-19 13531680]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-21 911168]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-10-27 365560]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"adm_tray.exe"="c:\program files\Acronis\DriveMonitor\adm_tray.exe" [2010-06-04 533808]
"Dell MFP Color Laser Printer 3115cn Launcher"="c:\program files\Dell Printers\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe" [2006-12-23 635800]
"SiPaHost"="f:\datev\PROGRAMM\B0000398\SiPaHost.exe" [2011-05-09 595552]
"DVCCSAWTSSetEntryNTE"="f:\datev\PROGRAMM\B0000150\ScWTS\DVCCSAWTSSetEntryNTE.exe" [2011-06-28 549472]
"DATEV_SCardMan"="f:\datev\PROGRAMM\B0000347\ScMgmt\ScardManager.exe" [2010-09-22 368736]
"DATEV Update-Monitor"="f:\datev\PROGRAMM\Install\DvInesASDMon.exe" [2011-07-25 269920]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-08-25 124224]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
.
d:\benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DATEV Arbeitsplatz.lnk - f:\datev\PROGRAMM\K0005000\Arbeitsplatz.exe [2011-9-19 505856]
Dropbox.lnk - d:\benutzer\Chef\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
Netzmanager.lnk - c:\program files\Netzmanager\netzmanager.exe [2010-3-22 1540096]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Basisschnittstelle Office SR V.5.02 Initialisierung.lnk - f:\datev\PROGRAMM\BSOffice\service\OfficeDiag.exe [2011-11-2 38496]
DATEV-Hinweis Mitteilungsdienst.lnk - f:\datev\PROGRAMM\A0000007\DHNC.exe [2009-5-27 45056]
DFÜ-Manager.lnk - f:\datev\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe [2011-11-4 356412]
Lizenz-Manager Server.lnk - f:\datev\PROGRAMM\Sws\LiMaServer.exe [2010-11-26 378976]
RZ-Druckertreiber V.2.3.lnk - f:\datev\SYSTEM\rzpjwtch.exe [2008-6-18 36448]
SkyUserDevmode-Update.lnk - f:\datev\PROGRAMM\B0001401\UpdateDevmode.exe [2011-7-29 27744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hardcopy.LNK]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
backup=c:\windows\pss\Hardcopy.LNK.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.1 HD Edition.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.1 HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 5.1 HD Edition.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\D:^Benutzer^Chef^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk]
path=d:\benutzer\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37        843712        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51        37296        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 06:51        59240        ----a-w-        c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 22:25        59240        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 10:13        152872        ----a-w-        c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLPSP]
2006-12-07 15:52        340888        ----a-w-        c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 16:22        421736        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass Password Safe]
2009-12-04 11:44        773120        ----a-w-        c:\program files\KeePass Password Safe\KeePass.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 07:27        570664        ----a-w-        c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phonostarTimer]
2011-12-23 14:28        41472        ----a-w-        c:\program files\phonostar-Player\phonostarTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STAMPIT-Tray]
2008-07-09 15:22        83248        ----a-w-        c:\program files\STAMPIT\Binary\STRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15        15872        ----a-w-        c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-25 08:06]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 20:58]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 20:58]
.
2012-02-14 c:\windows\Tasks\User_Feed_Synchronization-{7B350D1C-3775-4BB6-855B-FA96CDF39FC4}.job
- c:\windows\system32\msfeedssync.exe [2011-12-15 04:44]
.
2012-02-01 c:\windows\Tasks\WPACLTASK_107450-38-2011-Prüfungsautomatisierung Lansche_Prüfungsautomatisierung_FIBU.job
- f:\datev\PROGRAMM\WPACL\WPACLTask.exe [2011-12-21 08:58]
.
2012-02-01 c:\windows\Tasks\WPACLTASK_107450-38-2011-Prüfungsautomatisierung Lansche_Prüfungsautomatisierung_Lansche.job
- f:\datev\PROGRAMM\WPACL\WPACLTask.exe [2011-12-21 08:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.datev.de/
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: adac.de\www
Trusted Zone: dell.com\support.euro
Trusted Zone: deutschepost.de\stampitweb
Trusted Zone: localhost
Trusted Zone: t-online.de\email
Trusted Zone: top20free.de\www
TCP: DhcpNameServer = 192.168.123.1
FF - ProfilePath - d:\benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM_ActiveSetup-{ADD9AEE8-B916-4CD6-A04B-9386DF90D594} - msiexec
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-14 11:35
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msftesql$DATEV_CL_DE01]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\msftesql.exe\" -s:MSSQL.4 -f:DATEV_CL_DE01"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msftesql$DATEV_SV_DE01]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:DATEV_SV_DE01"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(856)
c:\windows\system32\relog_ap.dll
.
Zeit der Fertigstellung: 2012-02-14  11:38:30
ComboFix-quarantined-files.txt  2012-02-14 10:38
.
Vor Suchlauf: 16 Verzeichnis(se), 84.418.355.200 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 84.008.583.168 Bytes frei
.
- - End Of File - - F6C1F522DDD905C1932D3EE64CE0A208
Gruß
Angela

cosinus 14.02.2012 13:24
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Angela_64 14.02.2012 18:17
Also hier nun die logs im Anhang.

aswMBR habe ich zweimal laufen lassen, ist leider jedesmal abgestürzt.

Gruß
Angela

cosinus 14.02.2012 20:13
Die Logs bitte in CODE-Tags posten!!

Angela_64 14.02.2012 20:25
Sorry aber da bekomme ich leider eine Fehlermeldung, dass es zuviele Zeichen sind :-(

Gruß
Angela

Angela_64 14.02.2012 20:34
Neuer Versuch

OSAM

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:00:34 on 14.02.2012

OS: Windows Vista Business Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 10.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"WPACLTASK_107450-38-2011-Prüfungsautomatisierung Lansche_Prüfungsautomatisierung_FIBU.job" - "DATEV eG" - F:\DATEV\PROGRAMM\WPACL\WPACLTask.exe
"WPACLTASK_107450-38-2011-Prüfungsautomatisierung Lansche_Prüfungsautomatisierung_Lansche.job" - "DATEV eG" - F:\DATEV\PROGRAMM\WPACL\WPACLTask.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\Windows\System32\DRIVERS\snapman.sys
"Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\Windows\System32\DRIVERS\timntr.sys
"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\Windows\System32\DRIVERS\tifsfilt.sys
"Acronis Try&Decide and Restore Points filter" (tdrpman) - "Acronis" - C:\Windows\System32\DRIVERS\tdrpman.sys
"Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\Windows\System32\Drivers\usbaapl.sys
"catchme" (catchme) - ? - D:\Benutzer\Chef\AppData\Local\Temp\catchme.sys  (File not found)
"dsltestSp5 NDIS Protocol Driver" (dsltestSp5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\System32\Drivers\dsltestSp5.sys
"hotcore3" (hotcore3) - "Paragon Software Group" - C:\Windows\System32\drivers\hotcore3.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"McAfee Inc. mfeapfk" (mfeapfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfeapfk.sys
"McAfee Inc. mfeavfk" (mfeavfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfeavfk.sys
"McAfee Inc. mfebopk" (mfebopk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfebopk.sys
"McAfee Inc. mfehidk" (mfehidk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfehidk.sys
"McAfee Inc. mferkdet" (mferkdet) - "McAfee, Inc." - C:\Windows\System32\drivers\mferkdet.sys
"McAfee Inc. mfetdik" (mfetdik) - "McAfee, Inc." - C:\Windows\System32\drivers\mfetdik.sys
"Motorola USB Modem Driver for MPT" (usbsermpt) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\usbsermpt.sys
"SC_Serv3D" (SC_Serv3D) - "Datev eG" - C:\Windows\system32\drivers\d3_kafm.sys
"T-Online Dialerschutz VoIP Service" (SipIMNDI) - ? - C:\Windows\System32\DRIVERS\SipIMNDI.sys  (File not found)
"uxddqpod" (uxddqpod) - ? - D:\Benutzer\Chef\AppData\Local\Temp\uxddqpod.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\kbcplext.dll
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\mcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{ED8B52AD-6EBA-4FF3-9986-4BF976173E24} "TiffMerge.Handler" - "DATEV e.G." - F:\DATEV\PROGRAMM\BEVI\TiffMerge.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\Windows\System32\uxtuneup.dll
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
DATEV Dokumenentenschutz shell extension "{006FA56D-E213-4bd7-A9D5-635C17CACBF6}" - ? -  (File not found | COM-object registry key not found)
GERVA shell ext "{942C058F-DE1C-40f7-A845-E79AA8F4C1DD}" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension )-----
"Location" - "LINK & LINK Software" - C:\Program Files\Mozilla Firefox\Plugins\npideapl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{6EF6B546-25FB-455B-801F-FDB3B3D39F9E} "DtvIePwdSafeBHO Class" - "DATEV eG" - F:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
{AF8CD625-E04A-4A8F-A90A-0C74846C2E30} "SCardBHOEvent Class" - "DATEV eG" - F:\DATEV\SYSTEM\DVCCSAScardBHO002.dll
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} "scriptproxy" - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Authentication packages" - "Acronis" - C:\Windows\system32\relog_ap.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - D:\Benutzer\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Basisschnittstelle Office SR V.5.02 Initialisierung.lnk" - "DATEV eG" - F:\DATEV\PROGRAMM\BSOffice\service\OfficeDiag.exe  (Shortcut exists | File exists)
"DATEV-Hinweis Mitteilungsdienst.lnk" - ? - F:\DATEV\PROGRAMM\A0000007\DHNC.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"DFÜ-Manager.lnk" - "DATEV eG" - F:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe  (Shortcut exists | File exists)
"Lizenz-Manager Server.lnk" - "DATEV eG" - F:\DATEV\PROGRAMM\Sws\LiMaServer.exe  (Shortcut exists | File exists)
"RZ-Druckertreiber V.2.3.lnk" - "DATEV eG" - F:\DATEV\SYSTEM\rzpjwtch.exe  (Shortcut exists | File exists)
"SkyUserDevmode-Update.lnk" - "DATEV eG" - F:\DATEV\PROGRAMM\B0001401\UpdateDevmode.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Datev.Arbeitsplatz.Scheduler.exe" - "DATEV eG" - F:\DATEV\PROGRAMM\K0005000\Datev.Arbeitsplatz.Scheduler.exe
"DFÜ-Sammler" - ? - F:\DATEV\PROGRAMM\RZKOMM\ccsrv2.exe /SammlerEin /Delay 30  (File found, but it contains no detailed information)
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acronis Scheduler2 Service" - "Acronis" - "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
"AcronisTimounterMonitor" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
"adm_tray.exe" - "Acronis" - C:\Program Files\Acronis\DriveMonitor\adm_tray.exe
"DATEV Update-Monitor" - "DATEV eG" - "F:\DATEV\PROGRAMM\Install\DvInesASDMon.exe"
"DATEV_SCardMan" - "DATEV eG" - F:\DATEV\PROGRAMM\B0000347\ScMgmt\ScardManager.exe
"Dell MFP Color Laser Printer 3115cn Launcher" - "Dell Inc." - "C:\Program Files\Dell Printers\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe"  /s
"DVCCSAWTSSetEntryNTE" - "DATEV eG" - F:\DATEV\PROGRAMM\B0000150\ScWTS\DVCCSAWTSSetEntryNTE.exe
"McAfeeUpdaterUI" - "McAfee, Inc." - "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
"ScreenManager Pro for LCD" - "EIZO NANAO CORPORATION" - C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
"ShStatEXE" - "McAfee, Inc." - "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
"SiPaHost" - "DATEV eG" - F:\DATEV\PROGRAMM\B0000398\SiPaHost.exe F:\DATEV\KONFIG\B0000398
"TrueImageMonitor.exe" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"SkyPDF_Pro Port Monitor" - ? - C:\Windows\system32\skypdfmonpro.dll  (File found, but it contains no detailed information)
"Status Monitor Language Monitor for Dell MFP Laser 3115cn" - "Dell Inc." - C:\Windows\system32\DLXBAZIL.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software GmbH" - C:\Windows\System32\TuneUpDefragService.exe
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software GmbH" - C:\Windows\System32\uxtuneup.dll
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
"Acronis Try And Decide Service" (TryAndDecideService) - ? - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe  (File found, but it contains no detailed information)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"B's Recorder GOLD Library General Service" (bgsvcgen) - "B.H.A Corporation" - C:\Windows\System32\bgsvcgen.exe
"DATEV Connection Service" (Datev.Database.Conserve) - "DATEV eG" - F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
"DATEV DFL Infrastruktur-Dienst" (Datev.Framework.RemoteServices) - "DATEV eG" - F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
"DATEV DFL-Service-Manager" (Datev.Framework.RemoteServiceModel.EnablerService) - "DATEV eG" - F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
"DATEV DFÜ-Erweiterung-Zugriffssteuerung" (DVDFUEavmnwapi) - ? - "F:\DATEV\PROGRAMM\B0000303\EXTRANET\DVDFUEavmnwapi.exe"  (File not found)
"DATEV DFÜ-System Dienst" (Dcmanag) - "DATEV eG" - F:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe
"DATEV Druckservice" (DatevPrintService) - "DATEV eG" - F:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE
"DATEV Logon Service" (DATEV Logon Service) - "DATEV e.G." - F:\DATEV\PROGRAMM\B0001364\DtvScSer.exe
"DATEV Messaging-Service" (Datev.Framework.RemoteServices.Messaging.CentralMessagingService) - "DATEV eG" - F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
"DATEV SmartCard Service" (SCardService) - "DATEV eG" - F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardService.exe
"DATEV Update-Service" (DATEV Update-Service) - "DATEV eG" - F:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe
"DATEV ViwasClientService" (DATEV ViwasClientService) - "DATEV eG" - F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe
"DVckService" (DVckService) - "DATEV eG" - F:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
"McAfee Engine Service" (McAfeeEngineService) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
"McAfee Framework-Dienst" (McAfeeFramework) - "McAfee, Inc." - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
"McAfee McShield" (McShield) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
"McAfee Task Manager" (McTaskManager) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
"McAfee Validation Trust Protection Service" (mfevtp) - "McAfee, Inc." - C:\Windows\system32\mfevtps.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Netzmanager Infrastruktur Informationssystem Dienst" (Netzmanager Service) - "Deutsche Telekom AG" - C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"Sicherheitspaket-Dienst" (Sicherheitspaket-Dienst) - "Datev eG" - F:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe
"SQL Server (DATEV_CL_DE01)" (MSSQL$DATEV_CL_DE01) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe
"SQL Server (DATEV_SV_DE01)" (MSSQL$DATEV_SV_DE01) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server-Volltextsuche (DATEV_CL_DE01)" (msftesql$DATEV_CL_DE01) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\msftesql.exe
"SQL Server-Volltextsuche (DATEV_SV_DE01)" (msftesql$DATEV_SV_DE01) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Angela_64 14.02.2012 20:36
GMER geht beim besten Willen nicht.

"Der Text, den Sie eingegeben haben, besteht aus 216319 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 100000 Zeichen.
Logs bitte als Archiv an den Beitrag anhängen!"

Gruß
Angela

cosinus 14.02.2012 21:51
Dann bitte gleich(!) einen Hinweis posten wenn die Dinger im Anhang sind wegen der zu vielen Zeichen

cosinus 14.02.2012 21:52
Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Angela_64 15.02.2012 07:50
Guten Morgen,

hier das log

Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Business Edition
Windows Information:                Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:        FUJITSU SIEMENS
BIOS Manufacturer:                American Megatrends Inc.
System Manufacturer:                FUJITSU SIEMENS
System Product Name:                MS-7379VP
Logical Drives Mask:                0x0000807c

Kernel Drivers (total 169):
  0x8343B000 \SystemRoot\system32\ntoskrnl.exe
  0x83408000 \SystemRoot\system32\hal.dll
  0x8400A000 \SystemRoot\system32\kdcom.dll
  0x84011000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x84081000 \SystemRoot\system32\PSHED.dll
  0x84092000 \SystemRoot\system32\BOOTVID.dll
  0x8409A000 \SystemRoot\system32\CLFS.SYS
  0x840DB000 \SystemRoot\system32\CI.dll
  0x841BB000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x84237000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x84244000 \SystemRoot\system32\drivers\acpi.sys
  0x8428A000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x84293000 \SystemRoot\system32\drivers\msisadrv.sys
  0x8429B000 \SystemRoot\system32\drivers\pci.sys
  0x842C2000 \SystemRoot\System32\drivers\partmgr.sys
  0x842D1000 \SystemRoot\system32\drivers\volmgr.sys
  0x842E0000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8432A000 \SystemRoot\system32\drivers\intelide.sys
  0x84331000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x8433F000 \SystemRoot\system32\drivers\hotcore3.sys
  0x84344000 \SystemRoot\System32\drivers\mountmgr.sys
  0x84354000 \SystemRoot\system32\drivers\atapi.sys
  0x8435C000 \SystemRoot\system32\drivers\ataport.SYS
  0x8437A000 \SystemRoot\system32\drivers\fltmgr.sys
  0x843AC000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8C00D000 \SystemRoot\system32\drivers\mfehidk.sys
  0x8C07F000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8C0F1000 \SystemRoot\system32\drivers\ndis.sys
  0x8C1FC000 \SystemRoot\system32\drivers\msrpc.sys
  0x8C227000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8C262000 \SystemRoot\System32\drivers\tcpip.sys
  0x8C34C000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8C367000 \SystemRoot\system32\drivers\mfetdik.sys
  0x8C375000 \SystemRoot\system32\drivers\TDI.SYS
  0x8C380000 \SystemRoot\system32\DRIVERS\timntr.sys
  0x8C40D000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8C51D000 \SystemRoot\system32\drivers\volsnap.sys
  0x8C556000 \SystemRoot\system32\DRIVERS\tdrpman.sys
  0x8C5AF000 \SystemRoot\System32\Drivers\spldr.sys
  0x8C5B7000 \SystemRoot\system32\DRIVERS\snapman.sys
  0x8C5D6000 \SystemRoot\System32\Drivers\mup.sys
  0x8C5E5000 \SystemRoot\System32\drivers\ecache.sys
  0x8C60C000 \SystemRoot\system32\drivers\disk.sys
  0x8C61D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8C63E000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8C667000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8C672000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8C67B000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x91007000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x91720000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x917C0000 \SystemRoot\System32\drivers\watchdog.sys
  0x8C68A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x917CC000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x917DC000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x8C717000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
  0x917EA000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8C759000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8C797000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8C7A6000 \SystemRoot\system32\DRIVERS\serial.sys
  0x917F5000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x8C7C0000 \SystemRoot\system32\DRIVERS\parport.sys
  0x8C7D8000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x91000000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x843BC000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x91C0F000 \SystemRoot\system32\DRIVERS\storport.sys
  0x91C50000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x91C67000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x91C72000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x91C95000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x91CA4000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x91CB8000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x91CCD000 \SystemRoot\system32\DRIVERS\loop.sys
  0x91CD4000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0x91D5D000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x91D6D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x91D78000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x91D83000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x91D85000 \SystemRoot\system32\DRIVERS\ks.sys
  0x91DAF000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x91DB9000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x91DC6000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x91DFB000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x92001000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x92202000 \SystemRoot\system32\drivers\portcls.sys
  0x9222F000 \SystemRoot\system32\drivers\drmk.sys
  0x92254000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x9225D000 \SystemRoot\System32\Drivers\Null.SYS
  0x92264000 \SystemRoot\System32\Drivers\Beep.SYS
  0x92274000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x9227B000 \SystemRoot\System32\drivers\vga.sys
  0x92287000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x922A8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x922B0000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x922B8000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x922C3000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x922D1000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x922DA000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x922F0000 \SystemRoot\system32\DRIVERS\smb.sys
  0x92304000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x92336000 \SystemRoot\system32\drivers\afd.sys
  0x9237E000 \SystemRoot\system32\drivers\ws2ifsl.sys
  0x92387000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x9239D000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x923AB000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x923BE000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x91E0C000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x91E16000 \SystemRoot\system32\drivers\csc.sys
  0x91E71000 \SystemRoot\System32\Drivers\dfsc.sys
  0x91E88000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x91E95000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x9226B000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x91EA0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x923FA000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x91EB7000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x91EC0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x91ED0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x923FC000 \SystemRoot\system32\DRIVERS\aksusb.sys
  0x91ED9000 \SystemRoot\system32\DRIVERS\AKSCLASS.SYS
  0x91EDC000 \SystemRoot\system32\DRIVERS\akshasp.sys
  0x91F17000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x91F2C000 \SystemRoot\system32\drivers\KOBCCID.sys
  0x91F41000 \SystemRoot\system32\drivers\SMCLIB.SYS
  0x91F4C000 \SystemRoot\system32\drivers\KOBCCEX.sys
  0xA0880000 \SystemRoot\System32\win32k.sys
  0x91F52000 \SystemRoot\System32\drivers\Dxapi.sys
  0x91F5C000 \SystemRoot\system32\DRIVERS\usbscan.sys
  0x91F69000 \SystemRoot\system32\DRIVERS\usbprint.sys
  0x91F73000 \SystemRoot\System32\Drivers\LEqdUsb.Sys
  0x91F7C000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x92000000 \SystemRoot\System32\Drivers\LHidEqd.Sys
  0x91F84000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
  0x91F8C000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
  0x91F94000 \SystemRoot\system32\DRIVERS\monitor.sys
  0xA0AA0000 \SystemRoot\System32\TSDDD.dll
  0xA0AC0000 \SystemRoot\System32\cdd.dll
  0x91FA3000 \SystemRoot\system32\drivers\luafv.sys
  0x91FBE000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
  0xA4C0B000 \SystemRoot\system32\drivers\spsys.sys
  0xA4CBB000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0xA4CCB000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA4CDE000 \SystemRoot\System32\Drivers\fastfat.SYS
  0xA4D06000 \SystemRoot\system32\drivers\HTTP.sys
  0xA4D73000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA4D90000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA4DA9000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA4DBE000 \SystemRoot\system32\drivers\mrxdav.sys
  0xA4DDF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA4DFE000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA4E37000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA4E4F000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA4E77000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA4EC6000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0xA4ECF000 \SystemRoot\system32\DRIVERS\parvdm.sys
  0xA4ED6000 \SystemRoot\system32\drivers\aksfridge.sys
  0xA4F2F000 \SystemRoot\system32\drivers\hardlock.sys
  0xAB80A000 \SystemRoot\system32\drivers\peauth.sys
  0xAB8E8000 \??\C:\Windows\system32\drivers\d3_kafm.sys
  0xAB8FD000 \??\C:\Windows\system32\drivers\kblscryp.sys
  0xAB911000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xAB91B000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xAB927000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xAB93C000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0xAB94E000 \SystemRoot\system32\drivers\mfebopk.sys
  0xAB957000 \SystemRoot\system32\drivers\mfeavfk.sys
  0xAB96C000 \SystemRoot\system32\drivers\tdtcp.sys
  0xAB977000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
  0xAB983000 \SystemRoot\System32\Drivers\RDPWD.SYS
  0xAB9B6000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x76EE0000 \Windows\System32\ntdll.dll

Processes (total 118):
      0 System Idle Process
      4 System
    640 C:\Windows\System32\smss.exe
    752 csrss.exe
    800 C:\Windows\System32\wininit.exe
    812 csrss.exe
    844 C:\Windows\System32\services.exe
    856 C:\Windows\System32\lsass.exe
    868 C:\Windows\System32\lsm.exe
    1020 C:\Windows\System32\svchost.exe
    1076 C:\Windows\System32\winlogon.exe
    1096 C:\Windows\System32\nvvsvc.exe
    1128 C:\Windows\System32\svchost.exe
    1188 C:\Windows\System32\svchost.exe
    1216 C:\Windows\System32\svchost.exe
    1228 C:\Windows\System32\svchost.exe
    1312 C:\Windows\System32\audiodg.exe
    1340 C:\Windows\System32\svchost.exe
    1380 C:\Windows\System32\SLsvc.exe
    1440 C:\Windows\System32\svchost.exe
    1560 C:\Windows\System32\svchost.exe
    1740 C:\Windows\System32\spoolsv.exe
    1800 C:\Windows\System32\svchost.exe
    484 C:\Windows\System32\rundll32.exe
    1372 C:\Windows\System32\taskeng.exe
    2056 C:\Windows\System32\taskeng.exe
    2072 F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.UserSession.exe
    2348 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    2420 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    2440 C:\Windows\System32\bgsvcgen.exe
    2500 F:\DATEV\PROGRAMM\B0001364\DtvScSer.exe
    2520 F:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe
    2540 F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe
    2592 F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
    2620 F:\DATEV\PROGRAMM\B0001442\PSNTServ.exe
    2644 F:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe
    2744 F:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe
    2880 C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
    2904 C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    2968 C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    3032 C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
    3048 C:\Windows\System32\mfevtps.exe
    3064 C:\Program Files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\msftesql.exe
    3096 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
    3120 naPrdMgr.exe
    3132 C:\Program Files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe
    3156 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    3176 C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
    3280 C:\Windows\System32\IoctlSvc.exe
    3328 C:\Windows\System32\svchost.exe
    3432 C:\Windows\System32\dwm.exe
    3444 F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardService.exe
    3548 C:\Windows\explorer.exe
    3676 C:\Windows\System32\conime.exe
    3752 F:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe
    4044 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    4064 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    4084 C:\Windows\System32\svchost.exe
    1776 C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
    1820 C:\Windows\System32\svchost.exe
    2160 C:\Windows\System32\SearchIndexer.exe
    1456 C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    3484 mfeann.exe
    2028 WUDFHost.exe
    4264 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    4280 C:\Windows\RtHDVCpl.exe
    4288 C:\Windows\System32\rundll32.exe
    4332 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    4396 C:\Program Files\Acronis\DriveMonitor\adm_tray.exe
    4468 C:\Program Files\Windows Media Player\wmpnscfg.exe
    4568 F:\DATEV\PROGRAMM\B0000398\SiPaHost.exe
    4920 F:\DATEV\PROGRAMM\B0000150\ScWTS\DVCCSAWTSSetEntryNTE.exe
    4928 F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardManager.exe
    4940 F:\DATEV\PROGRAMM\Install\DvInesASDMon.Exe
    4948 C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    4956 C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    5000 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    5008 C:\Program Files\Windows Sidebar\sidebar.exe
    5016 C:\Program Files\KeePass Password Safe\KeePass.exe
    5112 F:\DATEV\PROGRAMM\K0005000\Datev.Arbeitsplatz.Scheduler.exe
    5160 F:\DATEV\PROGRAMM\A0000007\DHNC.exe
    5168 F:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe
    5176 F:\DATEV\PROGRAMM\Sws\LiMaServer.exe
    5396 WmiPrvSE.exe
    5752 F:\DATEV\SYSTEM\RzpjWtch.exe
    5780 D:\Benutzer\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe
    5792 C:\Program Files\Netzmanager\netzmanager.exe
    5804 C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    4132 C:\Program Files\McAfee\Common Framework\McTray.exe
    4236 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5656 C:\Program Files\Windows Sidebar\sidebar.exe
    5644 F:\DATEV\PROGRAMM\Sws\LiMaService.exe
    5928 unsecapp.exe
    5232

Gruß
Angela

cosinus 15.02.2012 12:46
Log ist leider nicht vollständig :(

Angela_64 15.02.2012 14:22
Also neuer Versuch:

Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Business Edition
Windows Information:                Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:        FUJITSU SIEMENS
BIOS Manufacturer:                American Megatrends Inc.
System Manufacturer:                FUJITSU SIEMENS
System Product Name:                MS-7379VP
Logical Drives Mask:                0x0000807c

Kernel Drivers (total 169):
  0x83436000 \SystemRoot\system32\ntoskrnl.exe
  0x83403000 \SystemRoot\system32\hal.dll
  0x8400B000 \SystemRoot\system32\kdcom.dll
  0x84012000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x84082000 \SystemRoot\system32\PSHED.dll
  0x84093000 \SystemRoot\system32\BOOTVID.dll
  0x8409B000 \SystemRoot\system32\CLFS.SYS
  0x840DC000 \SystemRoot\system32\CI.dll
  0x841BC000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x84238000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x84245000 \SystemRoot\system32\drivers\acpi.sys
  0x8428B000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x84294000 \SystemRoot\system32\drivers\msisadrv.sys
  0x8429C000 \SystemRoot\system32\drivers\pci.sys
  0x842C3000 \SystemRoot\System32\drivers\partmgr.sys
  0x842D2000 \SystemRoot\system32\drivers\volmgr.sys
  0x842E1000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8432B000 \SystemRoot\system32\drivers\intelide.sys
  0x84332000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x84340000 \SystemRoot\system32\drivers\hotcore3.sys
  0x84345000 \SystemRoot\System32\drivers\mountmgr.sys
  0x84355000 \SystemRoot\system32\drivers\atapi.sys
  0x8435D000 \SystemRoot\system32\drivers\ataport.SYS
  0x8437B000 \SystemRoot\system32\drivers\fltmgr.sys
  0x843AD000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8C006000 \SystemRoot\system32\drivers\mfehidk.sys
  0x8C078000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8C0EA000 \SystemRoot\system32\drivers\ndis.sys
  0x8C1F5000 \SystemRoot\system32\drivers\msrpc.sys
  0x8C220000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8C25B000 \SystemRoot\System32\drivers\tcpip.sys
  0x8C345000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8C360000 \SystemRoot\system32\drivers\mfetdik.sys
  0x8C36E000 \SystemRoot\system32\drivers\TDI.SYS
  0x8C379000 \SystemRoot\system32\DRIVERS\timntr.sys
  0x8C40E000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8C51E000 \SystemRoot\system32\drivers\volsnap.sys
  0x8C557000 \SystemRoot\system32\DRIVERS\tdrpman.sys
  0x8C5B0000 \SystemRoot\System32\Drivers\spldr.sys
  0x8C5B8000 \SystemRoot\system32\DRIVERS\snapman.sys
  0x8C5D7000 \SystemRoot\System32\Drivers\mup.sys
  0x8C5E6000 \SystemRoot\System32\drivers\ecache.sys
  0x8C60D000 \SystemRoot\system32\drivers\disk.sys
  0x8C61E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8C63F000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8C668000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8C673000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8C67C000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x91001000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x9171A000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x917BA000 \SystemRoot\System32\drivers\watchdog.sys
  0x8C68B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x917C6000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x917D6000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x8C718000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
  0x917E4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8C75A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x917EF000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8C798000 \SystemRoot\system32\DRIVERS\serial.sys
  0x8C7B2000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x8C7BC000 \SystemRoot\system32\DRIVERS\parport.sys
  0x8C7D4000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8C7EC000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x843BD000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x91C0A000 \SystemRoot\system32\DRIVERS\storport.sys
  0x91C4B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x91C62000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x91C6D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x91C90000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x91C9F000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x91CB3000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x91CC8000 \SystemRoot\system32\DRIVERS\loop.sys
  0x91CCF000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0x91D58000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x91D68000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x91D73000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x91D7E000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x91D80000 \SystemRoot\system32\DRIVERS\ks.sys
  0x91DAA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x91DB4000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x91DC1000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x91DF6000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x92002000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x92203000 \SystemRoot\system32\drivers\portcls.sys
  0x92230000 \SystemRoot\system32\drivers\drmk.sys
  0x92255000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x9225E000 \SystemRoot\System32\Drivers\Null.SYS
  0x92265000 \SystemRoot\System32\Drivers\Beep.SYS
  0x92275000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x9227C000 \SystemRoot\System32\drivers\vga.sys
  0x92288000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x922A9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x922B1000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x922B9000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x922C4000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x922D2000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x922DB000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x922F1000 \SystemRoot\system32\DRIVERS\smb.sys
  0x92305000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x92337000 \SystemRoot\system32\drivers\afd.sys
  0x9237F000 \SystemRoot\system32\drivers\ws2ifsl.sys
  0x92388000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x9239E000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x923AC000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x923BF000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x91E07000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x91E11000 \SystemRoot\system32\drivers\csc.sys
  0x91E6C000 \SystemRoot\System32\Drivers\dfsc.sys
  0x91E83000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x91E90000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x9226C000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x91E9B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x923FB000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x91EB2000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x91EBB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x91ECB000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x91ED4000 \SystemRoot\system32\DRIVERS\aksusb.sys
  0x923FD000 \SystemRoot\system32\DRIVERS\AKSCLASS.SYS
  0x91ED8000 \SystemRoot\system32\DRIVERS\akshasp.sys
  0x91F13000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x91F28000 \SystemRoot\system32\drivers\KOBCCID.sys
  0x91F3D000 \SystemRoot\system32\drivers\SMCLIB.SYS
  0x91F48000 \SystemRoot\system32\drivers\KOBCCEX.sys
  0x81890000 \SystemRoot\System32\win32k.sys
  0x91F4E000 \SystemRoot\System32\drivers\Dxapi.sys
  0x91F58000 \SystemRoot\system32\DRIVERS\usbscan.sys
  0x91F65000 \SystemRoot\system32\DRIVERS\usbprint.sys
  0x91F6F000 \SystemRoot\System32\Drivers\LEqdUsb.Sys
  0x91F78000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x92000000 \SystemRoot\System32\Drivers\LHidEqd.Sys
  0x91F80000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
  0x91F88000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
  0x91F90000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x81AB0000 \SystemRoot\System32\TSDDD.dll
  0x81AD0000 \SystemRoot\System32\cdd.dll
  0x91F9F000 \SystemRoot\system32\drivers\luafv.sys
  0x91FBA000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
  0xA580B000 \SystemRoot\system32\drivers\spsys.sys
  0xA58BB000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0xA58CB000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA58DE000 \SystemRoot\System32\Drivers\fastfat.SYS
  0xA5906000 \SystemRoot\system32\drivers\HTTP.sys
  0xA5973000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA5990000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA59A9000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA59BE000 \SystemRoot\system32\drivers\mrxdav.sys
  0xA59DF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA59FE000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA5A37000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA5A4F000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA5A77000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA5AC6000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0xA5ACF000 \SystemRoot\system32\DRIVERS\parvdm.sys
  0xA5AD6000 \SystemRoot\system32\drivers\aksfridge.sys
  0xA5B2F000 \SystemRoot\system32\drivers\hardlock.sys
  0xAD80C000 \SystemRoot\system32\drivers\peauth.sys
  0xAD8EA000 \??\C:\Windows\system32\drivers\d3_kafm.sys
  0xAD8FF000 \??\C:\Windows\system32\drivers\kblscryp.sys
  0xAD913000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xAD91D000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xAD929000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xAD93E000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0xAD950000 \SystemRoot\system32\drivers\mfebopk.sys
  0xAD959000 \SystemRoot\system32\drivers\mfeavfk.sys
  0xAD96E000 \SystemRoot\system32\drivers\tdtcp.sys
  0xAD979000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
  0xAD985000 \SystemRoot\System32\Drivers\RDPWD.SYS
  0xAD9B8000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x76EB0000 \Windows\System32\ntdll.dll

Processes (total 133):
      0 System Idle Process
      4 System
    640 C:\Windows\System32\smss.exe
    756 csrss.exe
    804 C:\Windows\System32\wininit.exe
    816 csrss.exe
    848 C:\Windows\System32\services.exe
    860 C:\Windows\System32\lsass.exe
    872 C:\Windows\System32\lsm.exe
    1024 C:\Windows\System32\svchost.exe
    1056 C:\Windows\System32\winlogon.exe
    1104 C:\Windows\System32\nvvsvc.exe
    1132 C:\Windows\System32\svchost.exe
    1196 C:\Windows\System32\svchost.exe
    1228 C:\Windows\System32\svchost.exe
    1240 C:\Windows\System32\svchost.exe
    1320 C:\Windows\System32\audiodg.exe
    1344 C:\Windows\System32\svchost.exe
    1384 C:\Windows\System32\SLsvc.exe
    1444 C:\Windows\System32\svchost.exe
    1552 C:\Windows\System32\svchost.exe
    1740 C:\Windows\System32\spoolsv.exe
    1792 C:\Windows\System32\svchost.exe
    484 C:\Windows\System32\rundll32.exe
    1964 C:\Windows\System32\taskeng.exe
    1468 C:\Windows\System32\taskeng.exe
    2056 F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.UserSession.exe
    2316 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    2388 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    2408 C:\Windows\System32\bgsvcgen.exe
    2464 F:\DATEV\PROGRAMM\B0001364\DtvScSer.exe
    2484 F:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe
    2508 F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe
    2564 F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
    2592 F:\DATEV\PROGRAMM\B0001442\PSNTServ.exe
    2620 F:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe
    2712 F:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe
    2840 C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
    2860 C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    2940 C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    3004 C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
    3020 C:\Windows\System32\mfevtps.exe
    3036 C:\Program Files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\msftesql.exe
    3072 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
    3096 naPrdMgr.exe
    3108 C:\Program Files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe
    3132 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    3152 C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
    3224 C:\Windows\System32\IoctlSvc.exe
    3256 C:\Windows\System32\svchost.exe
    3328 F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardService.exe
    3480 F:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe
    3628 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    3652 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    3676 C:\Windows\System32\svchost.exe
    3740 C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
    3876 C:\Windows\System32\svchost.exe
    3916 C:\Windows\System32\SearchIndexer.exe
    3992 C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    4080 WUDFHost.exe
    1632 mfeann.exe
    236 C:\Windows\System32\dwm.exe
    1844 C:\Windows\explorer.exe
    2336 WmiPrvSE.exe
    4132 C:\Windows\System32\conime.exe
    4476 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    4484 C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
    4504 C:\Windows\RtHDVCpl.exe
    4520 C:\Windows\System32\rundll32.exe
    4556 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    4596 C:\Program Files\Acronis\DriveMonitor\adm_tray.exe
    4700 C:\Program Files\Windows Media Player\wmpnscfg.exe
    4808 F:\DATEV\PROGRAMM\B0000398\SiPaHost.exe
    4836 F:\DATEV\PROGRAMM\B0000150\ScWTS\DVCCSAWTSSetEntryNTE.exe
    4864 F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardManager.exe
    4876 F:\DATEV\PROGRAMM\Install\DvInesASDMon.Exe
    4884 C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    4892 C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    4900 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    4908 C:\Program Files\Windows Sidebar\sidebar.exe
    4916 C:\Program Files\KeePass Password Safe\KeePass.exe
    4944 F:\DATEV\PROGRAMM\K0005000\Datev.Arbeitsplatz.Scheduler.exe
    5032 F:\DATEV\PROGRAMM\A0000007\DHNC.exe
    5040 F:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe
    5072 F:\DATEV\PROGRAMM\Sws\LiMaServer.exe
    5572 F:\DATEV\SYSTEM\RzpjWtch.exe
    5596 F:\DATEV\PROGRAMM\K0005000\Arbeitsplatz.exe
    5608 D:\Benutzer\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe
    5624 C:\Program Files\Netzmanager\netzmanager.exe
    5636 C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    5976 C:\Program Files\McAfee\Common Framework\McTray.exe
    6092 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2708 unsecapp.exe
    3956 WmiPrvSE.exe
    5308 F:\DATEV\PROGRAMM\Sws\LiMaService.exe
    5028 C:\Program Files\Windows Sidebar\sidebar.exe
    5736 F:\DATEV\PROGRAMM\DFUEISDN\SSLClt\sslclt.exe
    2324 F:\DATEV\PROGRAMM\B0000299\AS\as.exe
    6088 F:\DATEV\PROGRAMM\B0000299\AS\as.exe
    5680 ccsrv3.exe
    4976 SCmIdentityScanner.exe
    2296 C:\Windows\System32\svchost.exe
    6508 F:\DATEV\SYSTEM\Nuko\NKWLOGIN.exe
    6552 F:\DATEV\PROGRAMM\K0005003\Datev.Sdd.DataServer.exe
    6152 F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
    6948 DvSwsNK.exe
    4148 F:\DATEV\PROGRAMM\Check\DkDataSvr.exe
    3540 F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
    6496 F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
    6708 F:\DATEV\PROGRAMM\K0008006\Datev.EO.Synchronization.Daemon.Launcher.exe
    5320 C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    7128 F:\DATEV\PROGRAMM\K0005064\Datev.Bop.Base.Sso.ServiceHost.exe
    7464 F:\DATEV\PROGRAMM\K0005032\Datev.Bop.Base.Cso.Service.Mediator.exe
    1484 F:\DATEV\PROGRAMM\K0005032\Datev.Bop.Base.Cso.UI.Host.exe
    7132 F:\DATEV\PROGRAMM\K0005064\Datev.Bop.Sso.ServiceHost.exe
    2724 Irw.exe
    8460 F:\DATEV\PROGRAMM\K0005002\Datev.Sdd.Ui.EditHost.StartupService.exe
    6912 Irw.exe
    8916 F:\DATEV\SYSTEM\DVREWEDZSMSTR030A.exe
    7468 Datev.Irw.OleDb.ServiceProvider.exe
    7404 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
  11476 DsMain.exe
    6408 DsMain.exe
  10740 DsMain.exe
  14072 WPWIN800.EXE
  12204 WPWIN800.EXE
  13828 C:\Windows\System32\SearchProtocolHost.exe
    5448 C:\Program Files\Mozilla Firefox\firefox.exe
    3356 C:\Program Files\Mozilla Firefox\plugin-container.exe
    7344 F:\DATEV\PROGRAMM\K0005000\Datev.Arbeitsplatz.LeistungenServer.Server.exe
  12628 C:\Windows\System32\SearchFilterHost.exe
  14020 C:\Windows\System32\SearchProtocolHost.exe
    7388 D:\Benutzer\XXX\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001d`dcb35200  (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000051`426e7c00  (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000075`24865e00  (NTFS)

PhysicalDrive0 Model Number: WDCWD1002FAEX-00Z3A0, Rev: 05.01D05

      Size  Device Name          MBR Status
  --------------------------------------------
    931 GB  \\.\PhysicalDrive0  Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
Gruß
Angela

cosinus 15.02.2012 15:44
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Angela_64 16.02.2012 08:09
Guten Morgen,

hier einmal Log Malwarebytes:

Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.15.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Chef :: CALLAS [Administrator]

15.02.2012 22:39:15
mbam-log-2012-02-15 (22-39-15).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 547969
Laufzeit: 2 Stunde(n), 53 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Und einmal log SuperAntiSpyware:


Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 02/15/2012 at 09:28 PM

Application Version : 5.0.1144

Core Rules Database Version : 8244
Trace Rules Database Version: 6056

Scan type      : Complete Scan
Total Scan Time : 02:10:48

Operating System Information
Windows Vista Business 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned      : 1011
Memory threats detected  : 0
Registry items scanned    : 47745
Registry threats detected : 0
File items scanned        : 149453
File threats detected    : 23

Adware.Tracking Cookie
        D:\BENUTZER\XXX\AppData\Roaming\Microsoft\Windows\Cookies\1TAPRXX3.txt [ Cookie:XXX@doubleclick.net/ ]
        D:\BENUTZER\XXX\Cookies\1TAPRXX3.txt [ Cookie:XXX@doubleclick.net/ ]
        .doubleclick.net [ D:\BENUTZER\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCWQV1RC.DEFAULT\COOKIES.SQLITE ]
        .msnportal.112.2o7.net [ D:\BENUTZER\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCWQV1RC.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ D:\BENUTZER\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCWQV1RC.DEFAULT\COOKIES.SQLITE ]
        .guj.122.2o7.net [ D:\BENUTZER\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCWQV1RC.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ D:\BENUTZER\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCWQV1RC.DEFAULT\COOKIES.SQLITE ]
        .countomat.com [ D:\BENUTZER\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCWQV1RC.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ D:\BENUTZER\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCWQV1RC.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ D:\BENUTZER\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCWQV1RC.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ D:\BENUTZER\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCWQV1RC.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Cryptor[Egun]
        ZIP ARCHIVE( F:\WINDVSW1\DATEV\DATEN\INSTMAN\DEPOT\T0000020\000201106\GRP_4.ZIP )/TBINST2.EXE
        F:\WINDVSW1\DATEV\DATEN\INSTMAN\DEPOT\T0000020\000201106\GRP_4.ZIP
        ZIP ARCHIVE( F:\WINDVSW1\DATEV\DATEN\INSTMAN\DEPOT\T0000020\000211863\GRP_4.ZIP )/TBINST2.EXE
        F:\WINDVSW1\DATEV\DATEN\INSTMAN\DEPOT\T0000020\000211863\GRP_4.ZIP
        ZIP ARCHIVE( F:\WINDVSW1\DATEV\DATEN\INSTMAN\DEPOT\T0000023\000136596\GRP_3.ZIP )/TBINST.EXE
        F:\WINDVSW1\DATEV\DATEN\INSTMAN\DEPOT\T0000023\000136596\GRP_3.ZIP
        ZIP ARCHIVE( F:\WINDVSW1\DATEV\DATEN\INSTMAN\DEPOT\T0000025\000183205\GRP_3.ZIP )/TBINST.EXE
        F:\WINDVSW1\DATEV\DATEN\INSTMAN\DEPOT\T0000025\000183205\GRP_3.ZIP
        ZIP ARCHIVE( F:\WINDVSW1\DATEV\DATEN\INSTMAN\DEPOT\T0000077\000012470\GRP_4.ZIP )/TBINST2.EXE
        F:\WINDVSW1\DATEV\DATEN\INSTMAN\DEPOT\T0000077\000012470\GRP_4.ZIP
        ZIP ARCHIVE( F:\WINDVSW1\DATEV\DATEN\INSTMAN\DEPOT\T0000090\000097290\GRP_4.ZIP )/TBINST2.EXE
        F:\WINDVSW1\DATEV\DATEN\INSTMAN\DEPOT\T0000090\000097290\GRP_4.ZIP
Nachdem der gefundene "Trojan.Agent/Gen-Cryptor" aus einer absolut vertrauenswürdigen Quelle stammt, gehe ich davon aus, dass es sich hier um einen Fehlalarm handelt.

Gruß
Angela

cosinus 16.02.2012 13:46
Ja ist ein Fehlalarm.

Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Angela_64 16.02.2012 13:56
Für mich schaut alles o.k. aus. :daumenhoc
Schnellstartleiste und den anderen Kram stelle ich manuell wieder ein.

Kann ich die - gefühlten - 3.791 neu installierten Programme und Logs wieder deinstallieren oder muss/soll ich irgendwas behalten?

Gruß
Angela

cosinus 16.02.2012 14:10
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Angela_64 16.02.2012 16:02
Mach ich dann alles heute abend.

Vielen Dank für die Hilfe!!!

Gruß
Angela


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:51 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131