Trojaner-Board - 100€ ukash paysafe Trojaner eingefangen

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - 100€ ukash paysafe Trojaner eingefangen (https://www.trojaner-board.de/115561-100-ukash-paysafe-trojaner-eingefangen.html)

100€ ukash paysafe Trojaner eingefangen

Hallo,
auch ich habe mir einen Trojaner eingefangen. Ich soll 100€ Ukash Code eingeben, dann wird ein Update von Windows installiert und der Trojaner entfernt. So ähnlich auf jeden Fall. Über den abgesicherten Modus habe ich Malwarebytes schon mal durchlaufen lassen und alles gefundene gelöscht.
Hier mal der Report:

Code:

Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.05.22.01
 

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)

Internet Explorer 9.0.8112.16421

Schulte-Klein :: SCHULTEKLEIN [Administrator]
 

Schutz: Deaktiviert
 

22.05.2012 08:34:00

mbam-log-2012-05-22 (08-34-00).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 321003

Laufzeit: 33 Minute(n), 29 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|98A9E20A (Trojan.Agent.RNSGen) -> Daten: C:\Users\Schulte-Klein\AppData\Roaming\Cnlfvc\3EE9224F98A9E20A7105.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 4

C:\Users\Schulte-Klein\AppData\Local\Temp\ajnylwivfl.pre (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Schulte-Klein\AppData\Local\Temp\imnltrjayn.pre (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Schulte-Klein\AppData\Local\Temp\ksyqldrnbp.pre (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Schulte-Klein\AppData\Local\Temp\tpmhylkjuf.pre (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Kann mir jemand helfen?
Was sollte ich als nächstes tun?
Vielen vielen Dank im Voraus!

LG,
Kiki

So, nachdem ich alles gefundene gelöscht hatte und den PC neu gestartet habe (sollte ich) kam ich wieder normal ins System rein, brauchte den abgesicherten Modus nicht mehr. Bisher hab ich keine Dateien oder Bilder gefunden, die verschlüsselt wurden.

In vielen anderen Posts war von OTL die Rede, auch das hab ich mal durchlaufen lassen.
Auch hier mal die Reporte:
OTL Editor:
OTL Logfile:

Code:

OTL logfile created on: 22.05.2012 10:51:09 - Run 1

OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\Schulte-Klein\Desktop

 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,97 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 40,37% Memory free

3,93 Gb Paging File | 2,53 Gb Available in Paging File | 64,31% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 1397,17 Gb Total Space | 1373,18 Gb Free Space | 98,28% Space Free | Partition Type: NTFS

Drive E: | 931,51 Gb Total Space | 728,56 Gb Free Space | 78,21% Space Free | Partition Type: NTFS

 

Computer Name: SCHULTEKLEIN | User Name: Schulte-Klein | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Schulte-Klein\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)

PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)

PRC - C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

PRC - C:\Programme\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)

PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)

PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFAE.EXE (SEIKO EPSON CORPORATION)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()

MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)

SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe (SiSoftware)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (MpKsld8f9329d) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{562DE093-3092-474D-810F-FEF768BE6D1C}\MpKsld8f9329d.sys (Microsoft Corporation)

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)

DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)

DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)

DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)

DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP2\WNt500x86\sandra.sys (SiSoftware)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=OIE9MSE

IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=OIE9MSE

IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F1 B3 EF BF BD 91 CC 01  [binary data]

IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE454

IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.16 17:38:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.11 18:55:17 | 000,000,000 | ---D | M]

 

[2011.10.23 22:25:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schulte-Klein\AppData\Roaming\mozilla\Extensions

[2012.05.04 14:51:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schulte-Klein\AppData\Roaming\mozilla\Firefox\Profiles\218l6qfc.default\extensions

[2011.12.19 20:35:36 | 000,000,933 | ---- | M] () -- C:\Users\Schulte-Klein\AppData\Roaming\Mozilla\Firefox\Profiles\218l6qfc.default\searchplugins\11-suche.xml

[2011.12.19 20:35:37 | 000,002,419 | ---- | M] () -- C:\Users\Schulte-Klein\AppData\Roaming\Mozilla\Firefox\Profiles\218l6qfc.default\searchplugins\englische-ergebnisse.xml

[2011.12.19 20:35:36 | 000,010,525 | ---- | M] () -- C:\Users\Schulte-Klein\AppData\Roaming\Mozilla\Firefox\Profiles\218l6qfc.default\searchplugins\gmx-suche.xml

[2011.12.19 20:35:37 | 000,002,457 | ---- | M] () -- C:\Users\Schulte-Klein\AppData\Roaming\Mozilla\Firefox\Profiles\218l6qfc.default\searchplugins\lastminute.xml

[2011.12.19 20:35:36 | 000,005,508 | ---- | M] () -- C:\Users\Schulte-Klein\AppData\Roaming\Mozilla\Firefox\Profiles\218l6qfc.default\searchplugins\webde-suche.xml

[2012.04.17 10:01:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.04.17 10:01:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

[2012.03.03 16:26:59 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\SCHULTE-KLEIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\218L6QFC.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI

[2012.04.17 18:37:08 | 000,576,958 | ---- | M] () (No name found) -- C:\USERS\SCHULTE-KLEIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\218L6QFC.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI

[2012.04.16 17:38:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2009.09.12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll

[2009.09.12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll

[2009.09.12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll

[2009.09.12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll

[2012.04.17 10:01:00 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2009.09.12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll

[2009.09.12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

[2012.04.12 14:34:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.04.12 14:34:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.04.12 14:34:45 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.04.12 14:34:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.04.12 14:34:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.04.12 14:34:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)

O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000..\Run: [EPSON S21 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFAE.EXE (SEIKO EPSON CORPORATION)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Schulte-Klein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F0BDD75-EC95-4CCD-B7F6-0437E3992EDB}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{370D42C9-1849-4E93-A7B6-8F1D6DA5C308}: DhcpNameServer = 192.168.178.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010.05.06 04:54:56 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]

O32 - AutoRun File - [2002.10.16 19:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\{45a4cf4d-ff25-11e0-a54d-00040efab484}\Shell - "" = AutoRun

O33 - MountPoints2\{45a4cf4d-ff25-11e0-a54d-00040efab484}\Shell\AutoRun\command - "" = F:\pushinst.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\pushinst.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.05.22 10:09:03 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Schulte-Klein\Desktop\OTL.exe

[2012.05.22 09:34:24 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2012.05.22 08:32:05 | 000,000,000 | ---D | C] -- C:\Users\Schulte-Klein\AppData\Roaming\Malwarebytes

[2012.05.22 08:31:59 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.05.22 08:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.05.22 08:31:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.05.22 08:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.05.16 21:56:54 | 000,000,000 | ---D | C] -- C:\Users\Schulte-Klein\AppData\Roaming\Cnlfvc

[2012.05.16 21:52:04 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2012.05.16 21:52:04 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2012.05.16 21:52:03 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2012.05.16 21:52:00 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2012.05.04 14:49:42 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.05.22 10:40:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.05.22 10:27:34 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.05.22 10:09:15 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Schulte-Klein\Desktop\OTL.exe

[2012.05.22 09:37:54 | 000,021,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.05.22 09:37:54 | 000,021,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.05.22 09:34:24 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2012.05.22 09:30:56 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.05.22 09:30:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.05.22 09:30:40 | 1582,686,208 | -HS- | M] () -- C:\hiberfil.sys

[2012.05.22 08:32:00 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.05.18 17:59:26 | 000,292,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.05.16 22:22:18 | 000,698,232 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.05.16 22:22:18 | 000,653,550 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.05.16 22:22:18 | 000,148,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.05.16 22:22:18 | 000,121,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.05.05 18:27:09 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012.05.05 18:27:09 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012.05.03 15:45:55 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.05.22 08:32:00 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.05.04 14:49:44 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.05.03 15:45:53 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012.04.19 11:35:36 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2012.04.19 11:35:36 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI

[2012.04.19 11:32:47 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat

[2012.03.03 16:06:54 | 011,304,960 | ---- | C] () -- C:\Users\Schulte-Klein\AppData\Roaming\Sandra.mdb

[2011.10.13 12:59:42 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin

[2011.10.13 12:59:40 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin

[2011.10.13 12:59:40 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin

[2011.10.13 12:31:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

[2011.10.13 12:30:24 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

[2011.04.12 03:30:05 | 000,698,232 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2011.04.12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2011.04.12 03:30:05 | 000,148,428 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2011.04.12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2010.10.22 02:00:00 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
 

< End of report >

--- --- ---

Extras-Editor:
OTL Logfile:

Code:

OTL Extras logfile created on: 22.05.2012 10:51:09 - Run 1

OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\Schulte-Klein\Desktop

 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,97 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 40,37% Memory free

3,93 Gb Paging File | 2,53 Gb Available in Paging File | 64,31% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 1397,17 Gb Total Space | 1373,18 Gb Free Space | 98,28% Space Free | Partition Type: NTFS

Drive E: | 931,51 Gb Total Space | 728,56 Gb Free Space | 78,21% Space Free | Partition Type: NTFS

 

Computer Name: SCHULTEKLEIN | User Name: Schulte-Klein | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-3090701242-3661903118-1919355671-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0A100FF8-EE5D-42DF-B313-EA1DC1586971}" = rport=139 | protocol=6 | dir=out | app=system | 

"{2F189912-A2AB-4096-B071-1F8A061D8985}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{4B0E4AD2-5112-4F65-91B6-EBB6A230E77C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{5BFEB45F-1DDE-41F0-AD48-405969930064}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{5DA32F5E-56D8-41A0-94EE-D0C388DEBC23}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{6022DFCA-55CE-4529-B5A8-79290865FFE3}" = lport=138 | protocol=17 | dir=in | app=system | 

"{60E40E81-6969-4606-BE52-1817E76AF200}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{7851969F-2800-421A-AD20-39E053405A6E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{8196655A-EEB6-47BA-A167-D263AEE367FA}" = lport=137 | protocol=17 | dir=in | app=system | 

"{90BBF965-0A55-4962-8E0F-B8D5D3854F6E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{98D2259F-B593-4673-BECA-BD4FF1ABFA44}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{9C4E792F-5145-4B7B-8DED-16B8B0F2D650}" = rport=138 | protocol=17 | dir=out | app=system | 

"{A8A189C9-1D48-49C9-8F5C-4A7A94D4458C}" = rport=445 | protocol=6 | dir=out | app=system | 

"{B15BD32B-091D-412B-A751-35168D08CFE1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{C95C69FC-5D0A-4684-AA6B-FD81EDDC5F55}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{D3695D38-1640-4FF7-8962-69E159E08B75}" = rport=137 | protocol=17 | dir=out | app=system | 

"{D3D59037-E4F0-42EC-B957-BF890193AAE0}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp2\rpcagentsrv.exe | 

"{D710385E-043C-4E80-AF22-339EC76EE010}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{D91CDDC6-EBE6-437F-B09C-E02EAC5A154A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{DCBF1A43-4546-40D6-B567-2D0B2C62CD25}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp2\wnt500x86\rpcsandrasrv.exe | 

"{F0CA973B-0E28-4901-AC46-908B1B1E6973}" = lport=445 | protocol=6 | dir=in | app=system | 

"{FE19EB2E-F0AF-4BA7-8280-F18AA23EF109}" = lport=139 | protocol=6 | dir=in | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01CD1D63-66D5-4EE5-A62B-E8177CEF8ED0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{398A3A89-A139-49AB-BA67-6DFB3F52D252}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{3C2BCA99-4A17-41EC-A3A2-3E696A929BE1}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 

"{62B0575E-F383-4A0C-9BC1-0A3696D01825}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{79B77ADD-256C-44BD-9C03-D99EF0D78381}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 

"{83F55033-BF0C-4974-A2C7-31303F7E238B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{9B124C8C-530E-42FD-8DC1-57026096DA0A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{D1C0A667-027B-4B93-A98E-26179DBE5B04}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{EE2057DB-F330-4239-A17C-AF2A684C6D1A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{FDA56006-2740-4E90-805C-55D9E3CD5062}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix Online Plug-in (Web)

"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client

"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3

"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite DCP-165C

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack

"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix Online Plug-in (USB)

"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix Online Plug-in (HDX)

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch

"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2012.SP2

"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix Online Plug-in (DV)

"{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"AVMWLANCLI" = AVM FRITZ!WLAN

"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web

"EPSON S21 Series" = Druckerdeinstallation für EPSON S21 Series

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 18.05.2012 12:46:31 | Computer Name = SchulteKlein | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 18.05.2012 12:46:32 | Computer Name = SchulteKlein | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 22.05.2012 02:30:19 | Computer Name = SchulteKlein | Source = WinMgmt | ID = 10

Description = 

 

Error - 22.05.2012 03:30:59 | Computer Name = SchulteKlein | Source = SideBySide | ID = 16842787

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Citrix\ICA

 Client\MFC80.DLL". Fehler in Manifest- oder Richtliniendatei "C:\Program Files\Citrix\ICA

 Client\Microsoft.VC80.MFCLOC.MANIFEST" in Zeile  5.  Die im Manifest gefundene Komponenten-ID

 stimmt nicht mit der ID der angeforderten Komponente überein.  Verweis: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".

Definition:

 Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".

Verwenden

 Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

 

Error - 22.05.2012 03:31:10 | Computer Name = SchulteKlein | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 22.05.2012 03:31:13 | Computer Name = SchulteKlein | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 22.05.2012 03:32:27 | Computer Name = SchulteKlein | Source = WinMgmt | ID = 10

Description = 

 

Error - 22.05.2012 03:34:25 | Computer Name = SchulteKlein | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 22.05.2012 03:59:21 | Computer Name = SchulteKlein | Source = Windows Backup | ID = 4104

Description = 

 

Error - 22.05.2012 04:33:02 | Computer Name = SchulteKlein | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

[ System Events ]

Error - 22.05.2012 02:29:08 | Computer Name = SchulteKlein | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"

 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 22.05.2012 02:29:08 | Computer Name = SchulteKlein | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 22.05.2012 02:29:08 | Computer Name = SchulteKlein | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 22.05.2012 02:29:08 | Computer Name = SchulteKlein | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 22.05.2012 02:29:08 | Computer Name = SchulteKlein | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 22.05.2012 02:29:08 | Computer Name = SchulteKlein | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 22.05.2012 02:29:10 | Computer Name = SchulteKlein | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 22.05.2012 02:29:10 | Computer Name = SchulteKlein | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 22.05.2012 02:38:43 | Computer Name = SchulteKlein | Source = DCOM | ID = 10005

Description = 

 

Error - 22.05.2012 02:38:43 | Computer Name = SchulteKlein | Source = Microsoft Antimalware | ID = 2001

Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
 

        Neue

 Signaturversion:      Vorherige Signaturversion: 1.127.224.0     Aktualisierungsquelle: %%859
 

        Aktualisierungsphase:

 %%852     Quellpfad: Default URL     Signaturtyp: %%800     Aktualisierungstyp: %%803     Benutzer:

 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.8403.0     Fehlercode:

 0x8007043c     Fehlerbeschreibung: Der Dienst kann nicht im abgesicherten Modus gestartet

 werden. 

 

 

< End of report >

--- --- ---

Was sollte ich weiter tun?
Wer kann mir helfen?

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hallo Arne,
vielen Dank für deine Hilfe.

Eset ist nun endlich durchgelaufen, hier der Log:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=10d4a4ed6433644cb694b870f2324a97

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-05-23 08:12:08

# local_time=2012-05-23 10:12:08 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 18024414 89388491 0 0

# compatibility_mode=8192 67108863 100 0 170 170 0 0

# scanned=117615

# found=2

# cleaned=0

# scan_time=3427

C:\Users\Schulte-Klein\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\5c1899f4-165b8a96        Java/Agent.EI trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Schulte-Klein\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\271470fa-4d03e308        Java/Agent.EI trojan (unable to clean)        00000000000000000000000000000000        I

Und nun?
LG,
Kiki

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus wieder uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Der normale Modus funktioniert ohne Probleme.
Im Startmenü ist alles vorhanden, so wie es sein sollte.

LG,
Kiki

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

So, durchgelaufen.
Hier das neue OTL Log

OTL Logfile:

Code:

OTL logfile created on: 23.05.2012 11:54:41 - Run 2

OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\Schulte-Klein\Desktop

 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,97 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 59,54% Memory free

3,93 Gb Paging File | 3,05 Gb Available in Paging File | 77,65% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 1397,17 Gb Total Space | 1372,87 Gb Free Space | 98,26% Space Free | Partition Type: NTFS

Drive E: | 931,51 Gb Total Space | 728,56 Gb Free Space | 78,21% Space Free | Partition Type: NTFS

 

Computer Name: SCHULTEKLEIN | User Name: Schulte-Klein | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Schulte-Klein\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)

PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)

PRC - C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

PRC - C:\Programme\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)

PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)

SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe (SiSoftware)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)

DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)

DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)

DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)

DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP2\WNt500x86\sandra.sys (SiSoftware)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=OIE9MSE

IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=OIE9MSE

IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F1 B3 EF BF BD 91 CC 01  [binary data]

IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE454

IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.23 07:31:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.11 18:55:17 | 000,000,000 | ---D | M]

 

[2011.10.23 22:25:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schulte-Klein\AppData\Roaming\mozilla\Extensions

[2012.05.04 14:51:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schulte-Klein\AppData\Roaming\mozilla\Firefox\Profiles\218l6qfc.default\extensions

[2011.12.19 20:35:36 | 000,000,933 | ---- | M] () -- C:\Users\Schulte-Klein\AppData\Roaming\Mozilla\Firefox\Profiles\218l6qfc.default\searchplugins\11-suche.xml

[2011.12.19 20:35:37 | 000,002,419 | ---- | M] () -- C:\Users\Schulte-Klein\AppData\Roaming\Mozilla\Firefox\Profiles\218l6qfc.default\searchplugins\englische-ergebnisse.xml

[2011.12.19 20:35:36 | 000,010,525 | ---- | M] () -- C:\Users\Schulte-Klein\AppData\Roaming\Mozilla\Firefox\Profiles\218l6qfc.default\searchplugins\gmx-suche.xml

[2011.12.19 20:35:37 | 000,002,457 | ---- | M] () -- C:\Users\Schulte-Klein\AppData\Roaming\Mozilla\Firefox\Profiles\218l6qfc.default\searchplugins\lastminute.xml

[2011.12.19 20:35:36 | 000,005,508 | ---- | M] () -- C:\Users\Schulte-Klein\AppData\Roaming\Mozilla\Firefox\Profiles\218l6qfc.default\searchplugins\webde-suche.xml

[2012.05.23 07:31:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.03.03 16:26:59 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\SCHULTE-KLEIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\218L6QFC.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI

[2012.04.17 18:37:08 | 000,576,958 | ---- | M] () (No name found) -- C:\USERS\SCHULTE-KLEIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\218L6QFC.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI

[2012.05.23 07:31:24 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2009.09.12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll

[2009.09.12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll

[2009.09.12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll

[2009.09.12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll

[2012.04.17 10:01:00 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2009.09.12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll

[2009.09.12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

[2012.04.12 14:34:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.04.12 14:34:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.04.12 14:34:45 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.04.12 14:34:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.04.12 14:34:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.04.12 14:34:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)

O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000..\Run: [EPSON S21 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFAE.EXE (SEIKO EPSON CORPORATION)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Schulte-Klein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F0BDD75-EC95-4CCD-B7F6-0437E3992EDB}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{370D42C9-1849-4E93-A7B6-8F1D6DA5C308}: DhcpNameServer = 192.168.178.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010.05.06 04:54:56 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]

O32 - AutoRun File - [2002.10.16 19:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\{45a4cf4d-ff25-11e0-a54d-00040efab484}\Shell - "" = AutoRun

O33 - MountPoints2\{45a4cf4d-ff25-11e0-a54d-00040efab484}\Shell\AutoRun\command - "" = F:\pushinst.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\pushinst.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 

ActiveX: >{7054aa8b-4843-4885-9807-411c9938d8a6} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.05.23 09:12:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.05.23 07:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2012.05.23 07:31:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012.05.23 07:28:55 | 000,000,000 | -HSD | C] -- C:\found.000

[2012.05.22 11:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012.05.22 11:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012.05.22 10:09:03 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Schulte-Klein\Desktop\OTL.exe

[2012.05.22 08:32:05 | 000,000,000 | ---D | C] -- C:\Users\Schulte-Klein\AppData\Roaming\Malwarebytes

[2012.05.22 08:31:59 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.05.22 08:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.05.22 08:31:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.05.22 08:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.05.16 21:56:54 | 000,000,000 | ---D | C] -- C:\Users\Schulte-Klein\AppData\Roaming\Cnlfvc

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.05.23 11:40:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.05.23 11:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.05.23 07:37:47 | 000,021,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.05.23 07:37:47 | 000,021,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.05.23 07:30:54 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.05.23 07:30:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.05.23 07:30:35 | 1582,686,208 | -HS- | M] () -- C:\hiberfil.sys

[2012.05.22 11:25:10 | 000,103,390 | ---- | M] () -- C:\Users\Schulte-Klein\Documents\cc_20120522_112453.reg

[2012.05.22 11:11:03 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.05.22 10:09:15 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Schulte-Klein\Desktop\OTL.exe

[2012.05.22 08:32:00 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.05.18 17:59:26 | 000,292,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.05.16 22:22:18 | 000,698,232 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.05.16 22:22:18 | 000,653,550 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.05.16 22:22:18 | 000,148,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.05.16 22:22:18 | 000,121,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.05.03 15:45:55 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.05.22 11:24:59 | 000,103,390 | ---- | C] () -- C:\Users\Schulte-Klein\Documents\cc_20120522_112453.reg

[2012.05.22 11:11:03 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.05.22 08:32:00 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.05.04 14:49:44 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.05.03 15:45:53 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012.04.19 11:35:36 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2012.04.19 11:35:36 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI

[2012.04.19 11:32:47 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat

[2012.03.03 16:06:54 | 011,304,960 | ---- | C] () -- C:\Users\Schulte-Klein\AppData\Roaming\Sandra.mdb

[2011.10.13 12:59:42 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin

[2011.10.13 12:59:40 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin

[2011.10.13 12:59:40 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin

[2011.10.13 12:31:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

[2011.10.13 12:30:24 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

[2011.04.12 03:30:05 | 000,698,232 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2011.04.12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2011.04.12 03:30:05 | 000,148,428 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2011.04.12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2010.10.22 02:00:00 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin

 
 ========== LOP Check ==========

 

[2012.05.18 18:46:40 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\Cnlfvc

[2011.10.28 19:32:32 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\ICAClient

[2011.10.27 19:16:57 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\OpenOffice.org

[2012.01.22 15:22:33 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.10.28 16:07:18 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\Adobe

[2012.04.20 15:21:48 | 000,000,000 | R--D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\Brother

[2012.05.18 18:46:40 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\Cnlfvc

[2011.10.28 15:45:44 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\Google

[2011.10.28 19:32:32 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\ICAClient

[2011.10.23 21:32:21 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\Identities

[2012.04.19 11:31:32 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\InstallShield

[2011.10.23 22:14:21 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\Macromedia

[2012.05.22 08:32:05 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\Malwarebytes

[2011.04.12 03:39:07 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\Media Center Programs

[2012.03.03 16:11:40 | 000,000,000 | --SD | M] -- C:\Users\Schulte-Klein\AppData\Roaming\Microsoft

[2011.10.23 22:25:29 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\Mozilla

[2011.10.27 19:16:57 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\OpenOffice.org

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys

[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll

[2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys

[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll

[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll

[2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010.05.06 04:54:56 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]

O32 - AutoRun File - [2002.10.16 19:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\{45a4cf4d-ff25-11e0-a54d-00040efab484}\Shell - "" = AutoRun

O33 - MountPoints2\{45a4cf4d-ff25-11e0-a54d-00040efab484}\Shell\AutoRun\command - "" = F:\pushinst.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\pushinst.exe

[2012.05.23 07:28:55 | 000,000,000 | -HSD | C] -- C:\found.000

[2012.05.16 21:56:54 | 000,000,000 | ---D | C] -- C:\Users\Schulte-Klein\AppData\Roaming\Cnlfvc

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Guten Morgen Arne,
das OTL-Fix ist fertig, hier der Logfile:

Code:

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

File  not found.

E:\autorun.inf moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45a4cf4d-ff25-11e0-a54d-00040efab484}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45a4cf4d-ff25-11e0-a54d-00040efab484}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45a4cf4d-ff25-11e0-a54d-00040efab484}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45a4cf4d-ff25-11e0-a54d-00040efab484}\ not found.

File F:\pushinst.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.

File F:\pushinst.exe not found.

C:\found.000 folder moved successfully.

C:\Users\Schulte-Klein\AppData\Roaming\Cnlfvc folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: Schulte-Klein

->Temp folder emptied: 3073 bytes

->Temporary Internet Files folder emptied: 4103737 bytes

->Java cache emptied: 383462 bytes

->FireFox cache emptied: 56380240 bytes

->Flash cache emptied: 487 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 5100 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 58,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Public

 

User: Schulte-Klein

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.43.1 log created on 05242012_080155
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Hallo Arne,
vielen Dank für deine weitere Hilfe!

Hier der Report:

Code:

08:08:16.0943 2828        TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30

08:08:17.0114 2828        ============================================================

08:08:17.0114 2828        Current date / time: 2012/05/25 08:08:17.0114

08:08:17.0114 2828        SystemInfo:

08:08:17.0114 2828        

08:08:17.0114 2828        OS Version: 6.1.7601 ServicePack: 1.0

08:08:17.0114 2828        Product type: Workstation

08:08:17.0114 2828        ComputerName: SCHULTEKLEIN

08:08:17.0114 2828        UserName: Schulte-Klein

08:08:17.0114 2828        Windows directory: C:\Windows

08:08:17.0114 2828        System windows directory: C:\Windows

08:08:17.0114 2828        Processor architecture: Intel x86

08:08:17.0114 2828        Number of processors: 2

08:08:17.0114 2828        Page size: 0x1000

08:08:17.0114 2828        Boot type: Normal boot

08:08:17.0114 2828        ============================================================

08:08:18.0331 2828        Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2F509, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050

08:08:18.0503 2828        Drive \Device\Harddisk2\DR2 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

08:08:18.0503 2828        ============================================================

08:08:18.0503 2828        \Device\Harddisk0\DR0:

08:08:18.0503 2828        MBR partitions:

08:08:18.0503 2828        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

08:08:18.0503 2828        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAEA54800

08:08:18.0503 2828        \Device\Harddisk2\DR2:

08:08:18.0503 2828        MBR partitions:

08:08:18.0503 2828        \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000

08:08:18.0503 2828        ============================================================

08:08:18.0549 2828        C: <-> \Device\Harddisk0\DR0\Partition1

08:08:18.0581 2828        E: <-> \Device\Harddisk2\DR2\Partition0

08:08:18.0581 2828        ============================================================

08:08:18.0581 2828        Initialize success

08:08:18.0581 2828        ============================================================

08:08:50.0062 1032        ============================================================

08:08:50.0062 1032        Scan started

08:08:50.0062 1032        Mode: Manual; SigCheck; TDLFS; 

08:08:50.0062 1032        ============================================================

08:08:50.0342 1032        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

08:08:50.0405 1032        1394ohci - ok

08:08:50.0436 1032        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

08:08:50.0452 1032        ACPI - ok

08:08:50.0467 1032        AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

08:08:50.0514 1032        AcpiPmi - ok

08:08:50.0654 1032        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

08:08:50.0654 1032        AdobeARMservice - ok

08:08:50.0748 1032        AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

08:08:50.0764 1032        AdobeFlashPlayerUpdateSvc - ok

08:08:50.0795 1032        adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys

08:08:50.0810 1032        adp94xx - ok

08:08:50.0826 1032        adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys

08:08:50.0842 1032        adpahci - ok

08:08:50.0857 1032        adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys

08:08:50.0873 1032        adpu320 - ok

08:08:50.0920 1032        AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll

08:08:50.0998 1032        AeLookupSvc - ok

08:08:51.0029 1032        AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

08:08:51.0076 1032        AFD - ok

08:08:51.0076 1032        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

08:08:51.0091 1032        agp440 - ok

08:08:51.0122 1032        aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys

08:08:51.0138 1032        aic78xx - ok

08:08:51.0154 1032        ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe

08:08:51.0200 1032        ALG - ok

08:08:51.0216 1032        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

08:08:51.0232 1032        aliide - ok

08:08:51.0247 1032        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

08:08:51.0263 1032        amdagp - ok

08:08:51.0263 1032        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

08:08:51.0278 1032        amdide - ok

08:08:51.0294 1032        AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys

08:08:51.0325 1032        AmdK8 - ok

08:08:51.0341 1032        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys

08:08:51.0356 1032        AmdPPM - ok

08:08:51.0388 1032        amdsata         (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys

08:08:51.0403 1032        amdsata - ok

08:08:51.0419 1032        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys

08:08:51.0434 1032        amdsbs - ok

08:08:51.0434 1032        amdxata         (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys

08:08:51.0450 1032        amdxata - ok

08:08:51.0466 1032        AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

08:08:51.0497 1032        AppID - ok

08:08:51.0528 1032        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll

08:08:51.0544 1032        AppIDSvc - ok

08:08:51.0559 1032        Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll

08:08:51.0590 1032        Appinfo - ok

08:08:51.0980 1032        AppMgmt         (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll

08:08:52.0012 1032        AppMgmt - ok

08:08:52.0027 1032        arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys

08:08:52.0027 1032        arc - ok

08:08:52.0043 1032        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys

08:08:52.0058 1032        arcsas - ok

08:08:52.0199 1032        aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

08:08:52.0214 1032        aspnet_state - ok

08:08:52.0246 1032        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

08:08:52.0308 1032        AsyncMac - ok

08:08:52.0324 1032        atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

08:08:52.0324 1032        atapi - ok

08:08:52.0370 1032        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

08:08:52.0402 1032        AudioEndpointBuilder - ok

08:08:52.0417 1032        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

08:08:52.0433 1032        Audiosrv - ok

08:08:52.0526 1032        AVM WLAN Connection Service (c6f4c466b654c1be98af31418bb5ac30) C:\Program Files\avmwlanstick\WlanNetService.exe

08:08:52.0636 1032        AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning

08:08:52.0636 1032        AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)

08:08:52.0651 1032        avmeject        (263cf9d248fd5e020a1333ed4f7eaa88) C:\Windows\system32\drivers\avmeject.sys

08:08:52.0682 1032        avmeject ( UnsignedFile.Multi.Generic ) - warning

08:08:52.0682 1032        avmeject - detected UnsignedFile.Multi.Generic (1)

08:08:52.0698 1032        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll

08:08:52.0760 1032        AxInstSV - ok

08:08:52.0792 1032        b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys

08:08:52.0823 1032        b06bdrv - ok

08:08:52.0854 1032        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

08:08:52.0870 1032        b57nd60x - ok

08:08:52.0901 1032        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll

08:08:52.0948 1032        BDESVC - ok

08:08:52.0963 1032        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

08:08:52.0994 1032        Beep - ok

08:08:53.0026 1032        BFE             (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll

08:08:53.0057 1032        BFE - ok

08:08:53.0104 1032        BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll

08:08:53.0135 1032        BITS - ok

08:08:53.0150 1032        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

08:08:53.0166 1032        blbdrive - ok

08:08:53.0197 1032        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

08:08:53.0228 1032        bowser - ok

08:08:53.0244 1032        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys

08:08:53.0275 1032        BrFiltLo - ok

08:08:53.0275 1032        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys

08:08:53.0306 1032        BrFiltUp - ok

08:08:53.0322 1032        Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll

08:08:53.0353 1032        Browser - ok

08:08:53.0369 1032        Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

08:08:53.0416 1032        Brserid - ok

08:08:53.0431 1032        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

08:08:53.0447 1032        BrSerWdm - ok

08:08:53.0462 1032        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

08:08:53.0478 1032        BrUsbMdm - ok

08:08:53.0494 1032        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

08:08:53.0509 1032        BrUsbSer - ok

08:08:53.0525 1032        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys

08:08:53.0540 1032        BTHMODEM - ok

08:08:53.0572 1032        bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll

08:08:53.0587 1032        bthserv - ok

08:08:53.0618 1032        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

08:08:53.0650 1032        cdfs - ok

08:08:53.0681 1032        cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys

08:08:53.0696 1032        cdrom - ok

08:08:53.0712 1032        CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

08:08:53.0743 1032        CertPropSvc - ok

08:08:53.0743 1032        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys

08:08:53.0759 1032        circlass - ok

08:08:53.0790 1032        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

08:08:53.0806 1032        CLFS - ok

08:08:53.0884 1032        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:08:53.0884 1032        clr_optimization_v2.0.50727_32 - ok

08:08:53.0993 1032        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

08:08:53.0993 1032        clr_optimization_v4.0.30319_32 - ok

08:08:54.0008 1032        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys

08:08:54.0024 1032        CmBatt - ok

08:08:54.0024 1032        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

08:08:54.0040 1032        cmdide - ok

08:08:54.0086 1032        CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys

08:08:54.0102 1032        CNG - ok

08:08:54.0118 1032        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys

08:08:54.0133 1032        Compbatt - ok

08:08:54.0164 1032        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys

08:08:54.0196 1032        CompositeBus - ok

08:08:54.0196 1032        COMSysApp - ok

08:08:54.0211 1032        crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys

08:08:54.0227 1032        crcdisk - ok

08:08:54.0242 1032        CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll

08:08:54.0274 1032        CryptSvc - ok

08:08:54.0305 1032        CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

08:08:54.0320 1032        CSC - ok

08:08:54.0352 1032        CscService      (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll

08:08:54.0383 1032        CscService - ok

08:08:54.0414 1032        ctxusbm         (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys

08:08:54.0445 1032        ctxusbm - ok

08:08:54.0476 1032        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

08:08:54.0508 1032        DcomLaunch - ok

08:08:54.0523 1032        defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll

08:08:54.0554 1032        defragsvc - ok

08:08:54.0586 1032        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

08:08:54.0617 1032        DfsC - ok

08:08:54.0632 1032        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll

08:08:54.0679 1032        Dhcp - ok

08:08:54.0757 1032        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

08:08:54.0788 1032        discache - ok

08:08:54.0820 1032        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys

08:08:54.0835 1032        Disk - ok

08:08:54.0851 1032        dmvsc           (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys

08:08:54.0866 1032        dmvsc - ok

08:08:54.0898 1032        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll

08:08:54.0913 1032        Dnscache - ok

08:08:54.0929 1032        dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll

08:08:54.0960 1032        dot3svc - ok

08:08:54.0976 1032        DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll

08:08:55.0022 1032        DPS - ok

08:08:55.0054 1032        drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

08:08:55.0069 1032        drmkaud - ok

08:08:55.0100 1032        DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

08:08:55.0116 1032        DXGKrnl - ok

08:08:55.0132 1032        EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll

08:08:55.0163 1032        EapHost - ok

08:08:55.0272 1032        ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys

08:08:55.0350 1032        ebdrv - ok

08:08:55.0444 1032        EFS             (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe

08:08:55.0475 1032        EFS - ok

08:08:55.0537 1032        ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe

08:08:55.0568 1032        ehRecvr - ok

08:08:55.0584 1032        ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe

08:08:55.0600 1032        ehSched - ok

08:08:55.0646 1032        elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys

08:08:55.0662 1032        elxstor - ok

08:08:55.0678 1032        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

08:08:55.0693 1032        ErrDev - ok

08:08:55.0740 1032        EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll

08:08:55.0771 1032        EventSystem - ok

08:08:55.0802 1032        exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

08:08:55.0818 1032        exfat - ok

08:08:55.0834 1032        fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

08:08:55.0849 1032        fastfat - ok

08:08:55.0880 1032        Fax             (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe

08:08:55.0927 1032        Fax - ok

08:08:55.0943 1032        fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

08:08:55.0943 1032        fdc - ok

08:08:55.0958 1032        fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll

08:08:55.0974 1032        fdPHost - ok

08:08:55.0990 1032        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll

08:08:56.0021 1032        FDResPub - ok

08:08:56.0177 1032        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

08:08:56.0192 1032        FileInfo - ok

08:08:56.0192 1032        Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

08:08:56.0224 1032        Filetrace - ok

08:08:56.0239 1032        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys

08:08:56.0270 1032        flpydisk - ok

08:08:56.0302 1032        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

08:08:56.0302 1032        FltMgr - ok

08:08:56.0333 1032        FontCache       (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll

08:08:56.0380 1032        FontCache - ok

08:08:56.0442 1032        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

08:08:56.0458 1032        FontCache3.0.0.0 - ok

08:08:56.0598 1032        FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

08:08:56.0614 1032        FsDepends - ok

08:08:56.0692 1032        Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys

08:08:56.0707 1032        Fs_Rec - ok

08:08:56.0785 1032        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

08:08:56.0801 1032        fvevol - ok

08:08:57.0472 1032        FWLANUSB        (ff12fa487265da2ac7de4be53f72ff1a) C:\Windows\system32\DRIVERS\fwlanusb.sys

08:08:57.0518 1032        FWLANUSB - ok

08:08:57.0518 1032        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys

08:08:57.0534 1032        gagp30kx - ok

08:08:57.0565 1032        gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll

08:08:57.0612 1032        gpsvc - ok

08:08:57.0690 1032        gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

08:08:57.0706 1032        gupdate - ok

08:08:57.0706 1032        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

08:08:57.0721 1032        gupdatem - ok

08:08:57.0737 1032        gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

08:08:57.0737 1032        gusvc - ok

08:08:57.0752 1032        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

08:08:57.0784 1032        hcw85cir - ok

08:08:57.0799 1032        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

08:08:57.0830 1032        HdAudAddService - ok

08:08:57.0846 1032        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys

08:08:57.0862 1032        HDAudBus - ok

08:08:57.0877 1032        HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys

08:08:57.0893 1032        HidBatt - ok

08:08:57.0908 1032        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys

08:08:57.0940 1032        HidBth - ok

08:08:57.0971 1032        HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys

08:08:57.0986 1032        HidIr - ok

08:08:58.0002 1032        hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll

08:08:58.0049 1032        hidserv - ok

08:08:58.0049 1032        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys

08:08:58.0064 1032        HidUsb - ok

08:08:58.0096 1032        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll

08:08:58.0127 1032        hkmsvc - ok

08:08:58.0142 1032        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll

08:08:58.0174 1032        HomeGroupListener - ok

08:08:58.0205 1032        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll

08:08:58.0220 1032        HomeGroupProvider - ok

08:08:58.0236 1032        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

08:08:58.0252 1032        HpSAMD - ok

08:08:58.0267 1032        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

08:08:58.0298 1032        HTTP - ok

08:08:58.0314 1032        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

08:08:58.0330 1032        hwpolicy - ok

08:08:58.0345 1032        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

08:08:58.0361 1032        i8042prt - ok

08:08:58.0392 1032        iaStorV         (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys

08:08:58.0408 1032        iaStorV - ok

08:08:58.0517 1032        idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

08:08:58.0532 1032        idsvc - ok

08:08:58.0813 1032        igfx            (aa1636107c0c05a881bfbce41142c70f) C:\Windows\system32\DRIVERS\igdkmd32.sys

08:08:59.0032 1032        igfx - ok

08:08:59.0125 1032        iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys

08:08:59.0141 1032        iirsp - ok

08:08:59.0172 1032        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll

08:08:59.0219 1032        IKEEXT - ok

08:08:59.0234 1032        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

08:08:59.0250 1032        intelide - ok

08:08:59.0266 1032        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

08:08:59.0266 1032        intelppm - ok

08:08:59.0281 1032        IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll

08:08:59.0312 1032        IPBusEnum - ok

08:08:59.0328 1032        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:08:59.0359 1032        IpFilterDriver - ok

08:08:59.0390 1032        iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll

08:08:59.0422 1032        iphlpsvc - ok

08:08:59.0437 1032        IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

08:08:59.0453 1032        IPMIDRV - ok

08:08:59.0468 1032        IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

08:08:59.0500 1032        IPNAT - ok

08:08:59.0515 1032        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

08:08:59.0531 1032        IRENUM - ok

08:08:59.0546 1032        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

08:08:59.0562 1032        isapnp - ok

08:08:59.0578 1032        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

08:08:59.0593 1032        iScsiPrt - ok

08:08:59.0609 1032        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

08:08:59.0624 1032        kbdclass - ok

08:08:59.0640 1032        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

08:08:59.0656 1032        kbdhid - ok

08:08:59.0702 1032        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

08:08:59.0702 1032        KeyIso - ok

08:08:59.0718 1032        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys

08:08:59.0718 1032        KSecDD - ok

08:08:59.0749 1032        KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys

08:08:59.0765 1032        KSecPkg - ok

08:08:59.0796 1032        KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll

08:08:59.0827 1032        KtmRm - ok

08:08:59.0874 1032        L1C             (b86270cc948ead6481ac487d65ddb462) C:\Windows\system32\DRIVERS\L1C62x86.sys

08:08:59.0890 1032        L1C - ok

08:08:59.0921 1032        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll

08:08:59.0952 1032        LanmanServer - ok

08:08:59.0983 1032        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll

08:09:00.0014 1032        LanmanWorkstation - ok

08:09:00.0046 1032        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

08:09:00.0077 1032        lltdio - ok

08:09:00.0092 1032        lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll

08:09:00.0124 1032        lltdsvc - ok

08:09:00.0124 1032        lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll

08:09:00.0170 1032        lmhosts - ok

08:09:00.0202 1032        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys

08:09:00.0217 1032        LSI_FC - ok

08:09:00.0217 1032        LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys

08:09:00.0233 1032        LSI_SAS - ok

08:09:00.0264 1032        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys

08:09:00.0264 1032        LSI_SAS2 - ok

08:09:00.0280 1032        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys

08:09:00.0295 1032        LSI_SCSI - ok

08:09:00.0311 1032        luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

08:09:00.0326 1032        luafv - ok

08:09:00.0373 1032        MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys

08:09:00.0373 1032        MBAMProtector - ok

08:09:00.0467 1032        MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

08:09:00.0482 1032        MBAMService - ok

08:09:00.0498 1032        Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll

08:09:00.0514 1032        Mcx2Svc - ok

08:09:00.0529 1032        megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys

08:09:00.0545 1032        megasas - ok

08:09:00.0560 1032        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys

08:09:00.0576 1032        MegaSR - ok

08:09:00.0607 1032        MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

08:09:00.0638 1032        MMCSS - ok

08:09:00.0654 1032        Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

08:09:00.0685 1032        Modem - ok

08:09:00.0701 1032        monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

08:09:00.0732 1032        monitor - ok

08:09:00.0732 1032        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

08:09:00.0748 1032        mouclass - ok

08:09:00.0779 1032        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\drivers\mouhid.sys

08:09:00.0794 1032        mouhid - ok

08:09:00.0826 1032        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

08:09:00.0826 1032        mountmgr - ok

08:09:00.0888 1032        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

08:09:00.0888 1032        MozillaMaintenance - ok

08:09:00.0950 1032        MpFilter        (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys

08:09:00.0966 1032        MpFilter - ok

08:09:00.0982 1032        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

08:09:00.0997 1032        mpio - ok

08:09:01.0091 1032        MpKsl22a8baf3   (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DA253904-9037-4343-823B-F041A9CA08F6}\MpKsl22a8baf3.sys

08:09:01.0091 1032        MpKsl22a8baf3 - ok

08:09:01.0106 1032        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

08:09:01.0138 1032        mpsdrv - ok

08:09:01.0262 1032        MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll

08:09:01.0309 1032        MpsSvc - ok

08:09:01.0325 1032        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

08:09:01.0356 1032        MRxDAV - ok

08:09:01.0387 1032        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

08:09:01.0418 1032        mrxsmb - ok

08:09:01.0434 1032        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:09:01.0465 1032        mrxsmb10 - ok

08:09:01.0465 1032        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:09:01.0496 1032        mrxsmb20 - ok

08:09:01.0512 1032        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

08:09:01.0528 1032        msahci - ok

08:09:01.0543 1032        msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

08:09:01.0559 1032        msdsm - ok

08:09:01.0574 1032        MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe

08:09:01.0590 1032        MSDTC - ok

08:09:01.0621 1032        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

08:09:01.0652 1032        Msfs - ok

08:09:01.0652 1032        mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

08:09:01.0684 1032        mshidkmdf - ok

08:09:01.0699 1032        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

08:09:01.0715 1032        msisadrv - ok

08:09:01.0730 1032        MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll

08:09:01.0762 1032        MSiSCSI - ok

08:09:01.0762 1032        msiserver - ok

08:09:01.0793 1032        MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

08:09:01.0824 1032        MSKSSRV - ok

08:09:01.0886 1032        MsMpSvc         (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe

08:09:01.0902 1032        MsMpSvc - ok

08:09:01.0918 1032        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

08:09:01.0949 1032        MSPCLOCK - ok

08:09:01.0949 1032        MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

08:09:01.0980 1032        MSPQM - ok

08:09:01.0996 1032        MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

08:09:02.0011 1032        MsRPC - ok

08:09:02.0027 1032        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

08:09:02.0042 1032        mssmbios - ok

08:09:02.0074 1032        MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

08:09:02.0089 1032        MSTEE - ok

08:09:02.0105 1032        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys

08:09:02.0136 1032        MTConfig - ok

08:09:02.0136 1032        Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

08:09:02.0152 1032        Mup - ok

08:09:02.0167 1032        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll

08:09:02.0198 1032        napagent - ok

08:09:02.0230 1032        NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

08:09:02.0261 1032        NativeWifiP - ok

08:09:02.0292 1032        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

08:09:02.0308 1032        NDIS - ok

08:09:02.0323 1032        NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

08:09:02.0354 1032        NdisCap - ok

08:09:02.0386 1032        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

08:09:02.0417 1032        NdisTapi - ok

08:09:02.0542 1032        Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

08:09:02.0557 1032        Ndisuio - ok

08:09:02.0854 1032        NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

08:09:02.0900 1032        NdisWan - ok

08:09:02.0900 1032        NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

08:09:02.0932 1032        NDProxy - ok

08:09:02.0932 1032        NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

08:09:02.0963 1032        NetBIOS - ok

08:09:02.0978 1032        NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

08:09:03.0010 1032        NetBT - ok

08:09:03.0056 1032        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

08:09:03.0056 1032        Netlogon - ok

08:09:03.0088 1032        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll

08:09:03.0119 1032        Netman - ok

08:09:03.0244 1032        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

08:09:03.0259 1032        NetMsmqActivator - ok

08:09:03.0259 1032        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

08:09:03.0275 1032        NetPipeActivator - ok

08:09:03.0290 1032        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll

08:09:03.0322 1032        netprofm - ok

08:09:03.0322 1032        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

08:09:03.0337 1032        NetTcpActivator - ok

08:09:03.0337 1032        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

08:09:03.0353 1032        NetTcpPortSharing - ok

08:09:03.0368 1032        nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys

08:09:03.0384 1032        nfrd960 - ok

08:09:03.0446 1032        NisDrv          (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

08:09:03.0462 1032        NisDrv - ok

08:09:03.0524 1032        NisSrv          (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe

08:09:03.0540 1032        NisSrv - ok

08:09:03.0571 1032        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll

08:09:03.0602 1032        NlaSvc - ok

08:09:03.0602 1032        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

08:09:03.0634 1032        Npfs - ok

08:09:03.0649 1032        nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll

08:09:03.0680 1032        nsi - ok

08:09:03.0680 1032        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

08:09:03.0696 1032        nsiproxy - ok

08:09:03.0743 1032        Ntfs            (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys

08:09:03.0790 1032        Ntfs - ok

08:09:03.0805 1032        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

08:09:03.0836 1032        Null - ok

08:09:03.0852 1032        nvraid          (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys

08:09:03.0868 1032        nvraid - ok

08:09:03.0883 1032        nvstor          (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys

08:09:03.0883 1032        nvstor - ok

08:09:03.0899 1032        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

08:09:03.0914 1032        nv_agp - ok

08:09:03.0930 1032        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

08:09:03.0946 1032        ohci1394 - ok

08:09:03.0961 1032        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

08:09:03.0992 1032        p2pimsvc - ok

08:09:04.0024 1032        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll

08:09:04.0039 1032        p2psvc - ok

08:09:04.0242 1032        Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

08:09:04.0258 1032        Parport - ok

08:09:04.0304 1032        partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys

08:09:04.0320 1032        partmgr - ok

08:09:04.0320 1032        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

08:09:04.0336 1032        Parvdm - ok

08:09:04.0351 1032        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll

08:09:04.0367 1032        PcaSvc - ok

08:09:04.0382 1032        pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

08:09:04.0398 1032        pci - ok

08:09:04.0414 1032        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

08:09:04.0429 1032        pciide - ok

08:09:04.0429 1032        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys

08:09:04.0445 1032        pcmcia - ok

08:09:04.0460 1032        pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

08:09:04.0476 1032        pcw - ok

08:09:04.0507 1032        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

08:09:04.0554 1032        PEAUTH - ok

08:09:04.0601 1032        PeerDistSvc     (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll

08:09:04.0632 1032        PeerDistSvc - ok

08:09:04.0710 1032        pla             (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll

08:09:04.0772 1032        pla - ok

08:09:04.0866 1032        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll

08:09:04.0897 1032        PlugPlay - ok

08:09:04.0897 1032        PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll

08:09:04.0928 1032        PNRPAutoReg - ok

08:09:04.0944 1032        PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

08:09:04.0960 1032        PNRPsvc - ok

08:09:05.0006 1032        PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll

08:09:05.0038 1032        PolicyAgent - ok

08:09:05.0053 1032        Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll

08:09:05.0100 1032        Power - ok

08:09:05.0147 1032        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

08:09:05.0178 1032        PptpMiniport - ok

08:09:05.0194 1032        Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys

08:09:05.0209 1032        Processor - ok

08:09:05.0240 1032        ProfSvc         (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll

08:09:05.0272 1032        ProfSvc - ok

08:09:05.0318 1032        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

08:09:05.0318 1032        ProtectedStorage - ok

08:09:05.0334 1032        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

08:09:05.0365 1032        Psched - ok

08:09:05.0412 1032        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys

08:09:05.0459 1032        ql2300 - ok

08:09:05.0521 1032        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys

08:09:05.0537 1032        ql40xx - ok

08:09:05.0552 1032        QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll

08:09:05.0568 1032        QWAVE - ok

08:09:05.0584 1032        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

08:09:05.0599 1032        QWAVEdrv - ok

08:09:05.0615 1032        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

08:09:05.0646 1032        RasAcd - ok

08:09:05.0693 1032        RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

08:09:05.0708 1032        RasAgileVpn - ok

08:09:05.0724 1032        RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll

08:09:05.0755 1032        RasAuto - ok

08:09:05.0771 1032        Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

08:09:05.0818 1032        Rasl2tp - ok

08:09:05.0849 1032        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll

08:09:05.0880 1032        RasMan - ok

08:09:05.0911 1032        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

08:09:05.0942 1032        RasPppoe - ok

08:09:05.0958 1032        RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

08:09:05.0989 1032        RasSstp - ok

08:09:06.0005 1032        rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

08:09:06.0052 1032        rdbss - ok

08:09:06.0052 1032        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

08:09:06.0067 1032        rdpbus - ok

08:09:06.0083 1032        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

08:09:06.0098 1032        RDPCDD - ok

08:09:06.0130 1032        RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

08:09:06.0161 1032        RDPDR - ok

08:09:06.0161 1032        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

08:09:06.0192 1032        RDPENCDD - ok

08:09:06.0192 1032        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

08:09:06.0239 1032        RDPREFMP - ok

08:09:06.0286 1032        RDPWD           (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys

08:09:06.0301 1032        RDPWD - ok

08:09:06.0317 1032        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

08:09:06.0332 1032        rdyboost - ok

08:09:06.0348 1032        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll

08:09:06.0379 1032        RemoteAccess - ok

08:09:06.0395 1032        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll

08:09:06.0457 1032        RemoteRegistry - ok

08:09:06.0473 1032        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll

08:09:06.0504 1032        RpcEptMapper - ok

08:09:06.0520 1032        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe

08:09:06.0535 1032        RpcLocator - ok

08:09:06.0566 1032        RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

08:09:06.0598 1032        RpcSs - ok

08:09:06.0598 1032        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

08:09:06.0629 1032        rspndr - ok

08:09:06.0644 1032        s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

08:09:06.0676 1032        s3cap - ok

08:09:06.0722 1032        SamSs           (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

08:09:06.0722 1032        SamSs - ok

08:09:06.0941 1032        SANDRA          (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\WNt500x86\Sandra.sys

08:09:07.0003 1032        SANDRA - ok

08:09:07.0034 1032        SandraAgentSrv  (28d22b00901ee48bb98899abad5da11e) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe

08:09:07.0112 1032        SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning

08:09:07.0112 1032        SandraAgentSrv - detected UnsignedFile.Multi.Generic (1)

08:09:07.0144 1032        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

08:09:07.0159 1032        sbp2port - ok

08:09:07.0175 1032        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll

08:09:07.0206 1032        SCardSvr - ok

08:09:07.0300 1032        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

08:09:07.0346 1032        scfilter - ok

08:09:07.0378 1032        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll

08:09:07.0424 1032        Schedule - ok

08:09:07.0456 1032        SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

08:09:07.0471 1032        SCPolicySvc - ok

08:09:07.0487 1032        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll

08:09:07.0580 1032        SDRSVC - ok

08:09:07.0612 1032        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

08:09:07.0643 1032        secdrv - ok

08:09:07.0643 1032        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll

08:09:07.0690 1032        seclogon - ok

08:09:07.0721 1032        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll

08:09:07.0752 1032        SENS - ok

08:09:07.0768 1032        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll

08:09:07.0799 1032        SensrSvc - ok

08:09:07.0814 1032        Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

08:09:07.0830 1032        Serenum - ok

08:09:07.0846 1032        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

08:09:07.0861 1032        Serial - ok

08:09:07.0877 1032        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys

08:09:07.0892 1032        sermouse - ok

08:09:07.0924 1032        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll

08:09:07.0939 1032        SessionEnv - ok

08:09:07.0955 1032        sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

08:09:07.0986 1032        sffdisk - ok

08:09:08.0017 1032        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

08:09:08.0033 1032        sffp_mmc - ok

08:09:08.0048 1032        sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

08:09:08.0064 1032        sffp_sd - ok

08:09:08.0080 1032        sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys

08:09:08.0095 1032        sfloppy - ok

08:09:08.0126 1032        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll

08:09:08.0158 1032        SharedAccess - ok

08:09:08.0173 1032        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll

08:09:08.0220 1032        ShellHWDetection - ok

08:09:08.0236 1032        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

08:09:08.0251 1032        sisagp - ok

08:09:08.0267 1032        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys

08:09:08.0267 1032        SiSRaid2 - ok

08:09:08.0282 1032        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys

08:09:08.0298 1032        SiSRaid4 - ok

08:09:08.0329 1032        Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

08:09:08.0360 1032        Smb - ok

08:09:08.0392 1032        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe

08:09:08.0392 1032        SNMPTRAP - ok

08:09:08.0407 1032        spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

08:09:08.0423 1032        spldr - ok

08:09:08.0454 1032        Spooler         (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe

08:09:08.0485 1032        Spooler - ok

08:09:08.0563 1032        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe

08:09:08.0641 1032        sppsvc - ok

08:09:08.0704 1032        sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll

08:09:08.0735 1032        sppuinotify - ok

08:09:08.0766 1032        srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

08:09:08.0797 1032        srv - ok

08:09:08.0828 1032        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

08:09:08.0844 1032        srv2 - ok

08:09:08.0875 1032        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

08:09:08.0891 1032        srvnet - ok

08:09:08.0922 1032        SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll

08:09:08.0953 1032        SSDPSRV - ok

08:09:08.0969 1032        SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll

08:09:09.0000 1032        SstpSvc - ok

08:09:09.0031 1032        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys

08:09:09.0031 1032        stexstor - ok

08:09:09.0078 1032        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll

08:09:09.0094 1032        StiSvc - ok

08:09:09.0109 1032        storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

08:09:09.0125 1032        storflt - ok

08:09:09.0140 1032        StorSvc         (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll

08:09:09.0156 1032        StorSvc - ok

08:09:09.0187 1032        storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

08:09:09.0203 1032        storvsc - ok

08:09:09.0218 1032        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

08:09:09.0218 1032        swenum - ok

08:09:09.0250 1032        swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll

08:09:09.0281 1032        swprv - ok

08:09:09.0328 1032        SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll

08:09:09.0374 1032        SysMain - ok

08:09:09.0406 1032        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll

08:09:09.0421 1032        TabletInputService - ok

08:09:09.0437 1032        TapiSrv         (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll

08:09:09.0484 1032        TapiSrv - ok

08:09:09.0499 1032        TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll

08:09:09.0546 1032        TBS - ok

08:09:09.0655 1032        Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys

08:09:09.0702 1032        Tcpip - ok

08:09:09.0718 1032        TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys

08:09:09.0749 1032        TCPIP6 - ok

08:09:09.0780 1032        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

08:09:09.0796 1032        tcpipreg - ok

08:09:09.0811 1032        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

08:09:09.0827 1032        TDPIPE - ok

08:09:09.0874 1032        TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys

08:09:09.0889 1032        TDTCP - ok

08:09:09.0905 1032        tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

08:09:09.0936 1032        tdx - ok

08:09:10.0061 1032        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys

08:09:10.0076 1032        TermDD - ok

08:09:10.0108 1032        TermService     (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll

08:09:10.0139 1032        TermService - ok

08:09:10.0170 1032        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll

08:09:10.0186 1032        Themes - ok

08:09:10.0201 1032        THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

08:09:10.0232 1032        THREADORDER - ok

08:09:10.0264 1032        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll

08:09:10.0295 1032        TrkWks - ok

08:09:10.0841 1032        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe

08:09:10.0872 1032        TrustedInstaller - ok

08:09:10.0888 1032        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

08:09:10.0919 1032        tssecsrv - ok

08:09:10.0934 1032        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

08:09:10.0950 1032        TsUsbFlt - ok

08:09:10.0966 1032        TsUsbGD         (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys

08:09:10.0981 1032        TsUsbGD - ok

08:09:10.0997 1032        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

08:09:11.0028 1032        tunnel - ok

08:09:11.0044 1032        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys

08:09:11.0059 1032        uagp35 - ok

08:09:11.0075 1032        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

08:09:11.0106 1032        udfs - ok

08:09:11.0137 1032        UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe

08:09:11.0153 1032        UI0Detect - ok

08:09:11.0168 1032        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

08:09:11.0184 1032        uliagpkx - ok

08:09:11.0200 1032        umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys

08:09:11.0215 1032        umbus - ok

08:09:11.0215 1032        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys

08:09:11.0231 1032        UmPass - ok

08:09:11.0262 1032        UmRdpService    (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll

08:09:11.0278 1032        UmRdpService - ok

08:09:11.0309 1032        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll

08:09:11.0340 1032        upnphost - ok

08:09:11.0356 1032        usbccgp         (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys

08:09:11.0371 1032        usbccgp - ok

08:09:11.0387 1032        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

08:09:11.0402 1032        usbcir - ok

08:09:11.0418 1032        usbehci         (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\DRIVERS\usbehci.sys

08:09:11.0434 1032        usbehci - ok

08:09:11.0465 1032        usbhub          (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\DRIVERS\usbhub.sys

08:09:11.0480 1032        usbhub - ok

08:09:11.0496 1032        usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys

08:09:11.0512 1032        usbohci - ok

08:09:11.0527 1032        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

08:09:11.0543 1032        usbprint - ok

08:09:11.0558 1032        usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

08:09:11.0574 1032        usbscan - ok

08:09:11.0590 1032        USBSTOR         (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

08:09:11.0605 1032        USBSTOR - ok

08:09:11.0621 1032        usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

08:09:11.0636 1032        usbuhci - ok

08:09:11.0652 1032        UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll

08:09:11.0683 1032        UxSms - ok

08:09:11.0730 1032        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

08:09:11.0730 1032        VaultSvc - ok

08:09:11.0761 1032        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

08:09:11.0761 1032        vdrvroot - ok

08:09:11.0792 1032        vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe

08:09:11.0839 1032        vds - ok

08:09:11.0839 1032        vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

08:09:11.0870 1032        vga - ok

08:09:11.0933 1032        VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

08:09:11.0964 1032        VgaSave - ok

08:09:11.0980 1032        vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

08:09:11.0980 1032        vhdmp - ok

08:09:12.0026 1032        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

08:09:12.0042 1032        viaagp - ok

08:09:12.0073 1032        ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys

08:09:12.0089 1032        ViaC7 - ok

08:09:12.0104 1032        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

08:09:12.0120 1032        viaide - ok

08:09:12.0136 1032        vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

08:09:12.0151 1032        vmbus - ok

08:09:12.0167 1032        VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

08:09:12.0198 1032        VMBusHID - ok

08:09:12.0214 1032        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

08:09:12.0214 1032        volmgr - ok

08:09:12.0245 1032        volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

08:09:12.0260 1032        volmgrx - ok

08:09:12.0276 1032        volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

08:09:12.0292 1032        volsnap - ok

08:09:12.0323 1032        vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys

08:09:12.0323 1032        vsmraid - ok

08:09:12.0370 1032        VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe

08:09:12.0416 1032        VSS - ok

08:09:12.0432 1032        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

08:09:12.0448 1032        vwifibus - ok

08:09:12.0463 1032        W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll

08:09:12.0494 1032        W32Time - ok

08:09:12.0510 1032        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys

08:09:12.0541 1032        WacomPen - ok

08:09:12.0557 1032        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

08:09:12.0588 1032        WANARP - ok

08:09:12.0604 1032        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

08:09:12.0619 1032        Wanarpv6 - ok

08:09:12.0682 1032        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe

08:09:12.0744 1032        wbengine - ok

08:09:12.0775 1032        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll

08:09:12.0806 1032        WbioSrvc - ok

08:09:12.0822 1032        wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll

08:09:12.0853 1032        wcncsvc - ok

08:09:12.0869 1032        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll

08:09:12.0900 1032        WcsPlugInService - ok

08:09:12.0916 1032        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys

08:09:12.0931 1032        Wd - ok

08:09:12.0962 1032        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

08:09:12.0978 1032        Wdf01000 - ok

08:09:12.0978 1032        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

08:09:13.0025 1032        WdiServiceHost - ok

08:09:13.0025 1032        WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

08:09:13.0040 1032        WdiSystemHost - ok

08:09:13.0072 1032        WebClient       (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll

08:09:13.0087 1032        WebClient - ok

08:09:13.0134 1032        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll

08:09:13.0165 1032        Wecsvc - ok

08:09:13.0196 1032        wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll

08:09:13.0212 1032        wercplsupport - ok

08:09:13.0243 1032        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll

08:09:13.0259 1032        WerSvc - ok

08:09:13.0274 1032        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

08:09:13.0306 1032        WfpLwf - ok

08:09:13.0321 1032        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

08:09:13.0337 1032        WIMMount - ok

08:09:13.0430 1032        WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll

08:09:13.0477 1032        WinDefend - ok

08:09:13.0493 1032        WinHttpAutoProxySvc - ok

08:09:13.0540 1032        Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll

08:09:13.0555 1032        Winmgmt - ok

08:09:13.0618 1032        WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll

08:09:13.0680 1032        WinRM - ok

08:09:13.0742 1032        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

08:09:13.0758 1032        WinUsb - ok

08:09:13.0805 1032        Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll

08:09:13.0836 1032        Wlansvc - ok

08:09:13.0852 1032        WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

08:09:13.0852 1032        WmiAcpi - ok

08:09:13.0883 1032        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe

08:09:13.0898 1032        wmiApSrv - ok

08:09:13.0992 1032        WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe

08:09:14.0023 1032        WMPNetworkSvc - ok

08:09:14.0054 1032        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll

08:09:14.0070 1032        WPCSvc - ok

08:09:14.0086 1032        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll

08:09:14.0101 1032        WPDBusEnum - ok

08:09:14.0148 1032        ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

08:09:14.0164 1032        ws2ifsl - ok

08:09:14.0179 1032        wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll

08:09:14.0195 1032        wscsvc - ok

08:09:14.0210 1032        WSearch - ok

08:09:14.0288 1032        wuauserv        (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll

08:09:14.0351 1032        wuauserv - ok

08:09:14.0444 1032        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

08:09:14.0460 1032        WudfPf - ok

08:09:14.0507 1032        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

08:09:14.0522 1032        WUDFRd - ok

08:09:14.0554 1032        wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll

08:09:14.0585 1032        wudfsvc - ok

08:09:14.0600 1032        WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll

08:09:14.0632 1032        WwanSvc - ok

08:09:14.0647 1032        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

08:09:14.0881 1032        \Device\Harddisk0\DR0 - ok

08:09:14.0897 1032        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2

08:09:14.0990 1032        \Device\Harddisk2\DR2 - ok

08:09:15.0006 1032        Boot (0x1200)   (290e8e188dc36f8044880ceb645fa6ef) \Device\Harddisk0\DR0\Partition0

08:09:15.0006 1032        \Device\Harddisk0\DR0\Partition0 - ok

08:09:15.0022 1032        Boot (0x1200)   (707f8509dfaf872a707e531751838637) \Device\Harddisk0\DR0\Partition1

08:09:15.0022 1032        \Device\Harddisk0\DR0\Partition1 - ok

08:09:15.0022 1032        Boot (0x1200)   (186f6d6ffecfec69a4ca3d001c1e12e7) \Device\Harddisk2\DR2\Partition0

08:09:15.0037 1032        \Device\Harddisk2\DR2\Partition0 - ok

08:09:15.0037 1032        ============================================================

08:09:15.0037 1032        Scan finished

08:09:15.0037 1032        ============================================================

08:09:15.0053 3776        Detected object count: 3

08:09:15.0053 3776        Actual detected object count: 3

08:32:09.0635 3776        AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user

08:32:09.0635 3776        AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

08:32:09.0635 3776        avmeject ( UnsignedFile.Multi.Generic ) - skipped by user

08:32:09.0635 3776        avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip 

08:32:09.0635 3776        SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user

08:32:09.0635 3776        SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

So, ComboFix hab ich auch durchlaufen lassen.
Ich hoffe, ich habe nichts weiter kaputt gemacht. Obwohl ich der Meinung war, dass ich mein Antivirenprogramm ausgeschaltet hatte (MsMpEng.exe und msseces.exe hatte ich im TaskManager beendet) sagte ComboFix mir, das Programm sei noch aktiv. Nochmal im TaskManager nachgeschaut lief MsMpEng.exe wieder, hab ich das wieder beendet, sagte ComboFix mir, das Programm läuft immernoch. Daraufhin hab ich es deinstalliert.

Hier nun der log von ComboFix:

[Code]
Combofix Logfile:

Code:

ComboFix 12-05-25.02 - Schulte-Klein 25.05.2012  12:59:04.1.2 - x86

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2012.1276 [GMT 2:00]

ausgeführt von:: c:\users\Schulte-Klein\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-04-25 bis 2012-05-25  ))))))))))))))))))))))))))))))

.

.

2012-05-25 11:02 . 2012-05-25 11:02        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-05-24 06:01 . 2012-05-24 06:01        --------        d-----w-        C:\_OTL

2012-05-23 07:12 . 2012-05-23 07:12        --------        d-----w-        c:\program files\ESET

2012-05-23 05:31 . 2012-05-23 05:31        --------        d-----w-        c:\program files\Mozilla Maintenance Service

2012-05-23 05:31 . 2012-05-23 05:31        157352        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

2012-05-23 05:31 . 2012-05-23 05:31        129976        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice.exe

2012-05-22 09:11 . 2012-05-22 09:11        --------        d-----w-        c:\program files\CCleaner

2012-05-22 06:32 . 2012-05-22 06:32        --------        d-----w-        c:\users\Schulte-Klein\AppData\Roaming\Malwarebytes

2012-05-22 06:31 . 2012-05-22 06:32        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-05-22 06:31 . 2012-05-22 06:31        --------        d-----w-        c:\programdata\Malwarebytes

2012-05-22 06:31 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-05-16 19:52 . 2012-03-31 04:29        936960        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-16 19:52 . 2012-03-30 10:23        1291632        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2012-05-16 19:52 . 2012-03-31 04:30        1221632        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL

2012-05-16 19:52 . 2012-03-31 04:29        989184        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll

2012-05-16 19:52 . 2012-03-31 04:29        969216        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll

2012-05-16 19:52 . 2012-03-31 04:39        3968368        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2012-05-16 19:52 . 2012-03-31 04:39        3913072        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-05-16 19:52 . 2012-03-31 02:36        2343424        ----a-w-        c:\windows\system32\win32k.sys

2012-05-16 19:52 . 2012-03-17 07:27        56176        ----a-w-        c:\windows\system32\drivers\partmgr.sys

2012-05-16 19:52 . 2012-03-03 05:31        1077248        ----a-w-        c:\windows\system32\DWrite.dll

2012-05-04 12:49 . 2012-05-05 16:27        419488        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-05 16:27 . 2011-10-23 20:14        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-17 08:00 . 2011-10-24 14:28        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2012-03-01 05:46 . 2012-04-13 12:24        19824        ----a-w-        c:\windows\system32\drivers\fs_rec.sys

2012-03-01 05:37 . 2012-04-13 12:24        172544        ----a-w-        c:\windows\system32\wintrust.dll

2012-03-01 05:33 . 2012-04-13 12:24        159232        ----a-w-        c:\windows\system32\imagehlp.dll

2012-03-01 05:29 . 2012-04-13 12:24        5120        ----a-w-        c:\windows\system32\wmi.dll

2012-02-28 01:18 . 2012-04-13 12:27        1799168        ----a-w-        c:\windows\system32\jscript9.dll

2012-02-28 01:11 . 2012-04-13 12:27        1427456        ----a-w-        c:\windows\system32\inetcpl.cpl

2012-02-28 01:11 . 2012-04-13 12:27        1127424        ----a-w-        c:\windows\system32\wininet.dll

2012-02-28 01:03 . 2012-04-13 12:27        2382848        ----a-w-        c:\windows\system32\mshtml.tlb

2009-09-12 21:05 . 2009-09-12 21:05        124240        ----a-w-        c:\program files\mozilla firefox\plugins\CCMSDK.dll

2009-09-12 21:06 . 2009-09-12 21:06        13136        ----a-w-        c:\program files\mozilla firefox\plugins\cgpcfg.dll

2009-09-12 21:06 . 2009-09-12 21:06        70488        ----a-w-        c:\program files\mozilla firefox\plugins\CgpCore.dll

2009-09-12 21:06 . 2009-09-12 21:06        91480        ----a-w-        c:\program files\mozilla firefox\plugins\confmgr.dll

2009-09-12 21:06 . 2009-09-12 21:06        22360        ----a-w-        c:\program files\mozilla firefox\plugins\ctxlogging.dll

2009-09-12 21:07 . 2009-09-12 21:07        255312        ----a-w-        c:\program files\mozilla firefox\plugins\ctxmui.dll

2009-09-12 21:06 . 2009-09-12 21:06        31064        ----a-w-        c:\program files\mozilla firefox\plugins\icafile.dll

2009-09-12 21:06 . 2009-09-12 21:06        40280        ----a-w-        c:\program files\mozilla firefox\plugins\icalogon.dll

2009-08-14 11:33 . 2009-08-14 11:33        652640        ----a-w-        c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2009-09-12 21:06 . 2009-09-12 21:06        23896        ----a-w-        c:\program files\mozilla firefox\plugins\TcpPServ.dll

2012-05-23 05:31 . 2011-10-23 20:24        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-23 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2010-10-22 2105344]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 171288]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 172824]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Schulte-Klein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-23 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 4352]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2010-10-22 265088]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-23 136176]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-23 129976]

R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe [2009-02-03 95896]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]

S1 MpKsl0d17bea9;MpKsl0d17bea9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA253904-9037-4343-823B-F041A9CA08F6}\MpKsl0d17bea9.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-04-21 68208]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - MPKSL0D17BEA9

.

Inhalt des "geplante Tasks" Ordners

.

2012-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 16:27]

.

2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-23 20:13]

.

2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-23 20:13]

.

.

------- Zusätzlicher Suchlauf -------

.

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Schulte-Klein\AppData\Roaming\Mozilla\Firefox\Profiles\218l6qfc.default\

FF - prefs.js: browser.startup.homepage - www.google.de

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-05-25  13:03:59

ComboFix-quarantined-files.txt  2012-05-25 11:03

.

Vor Suchlauf: 7 Verzeichnis(se), 1.476.598.386.688 Bytes frei

Nach Suchlauf: 11 Verzeichnis(se), 1.476.498.235.392 Bytes frei

.

- - End Of File - - DD3E16372F752BD8D356B01790DE0B1E

--- --- ---
Combofix Logfile:

Code:

ComboFix 12-05-25.02 - Schulte-Klein 25.05.2012  12:59:04.1.2 - x86

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2012.1276 [GMT 2:00]

ausgeführt von:: c:\users\Schulte-Klein\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-04-25 bis 2012-05-25  ))))))))))))))))))))))))))))))

.

.

2012-05-25 11:02 . 2012-05-25 11:02        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-05-24 06:01 . 2012-05-24 06:01        --------        d-----w-        C:\_OTL

2012-05-23 07:12 . 2012-05-23 07:12        --------        d-----w-        c:\program files\ESET

2012-05-23 05:31 . 2012-05-23 05:31        --------        d-----w-        c:\program files\Mozilla Maintenance Service

2012-05-23 05:31 . 2012-05-23 05:31        157352        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

2012-05-23 05:31 . 2012-05-23 05:31        129976        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice.exe

2012-05-22 09:11 . 2012-05-22 09:11        --------        d-----w-        c:\program files\CCleaner

2012-05-22 06:32 . 2012-05-22 06:32        --------        d-----w-        c:\users\Schulte-Klein\AppData\Roaming\Malwarebytes

2012-05-22 06:31 . 2012-05-22 06:32        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-05-22 06:31 . 2012-05-22 06:31        --------        d-----w-        c:\programdata\Malwarebytes

2012-05-22 06:31 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-05-16 19:52 . 2012-03-31 04:29        936960        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-16 19:52 . 2012-03-30 10:23        1291632        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2012-05-16 19:52 . 2012-03-31 04:30        1221632        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL

2012-05-16 19:52 . 2012-03-31 04:29        989184        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll

2012-05-16 19:52 . 2012-03-31 04:29        969216        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll

2012-05-16 19:52 . 2012-03-31 04:39        3968368        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2012-05-16 19:52 . 2012-03-31 04:39        3913072        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-05-16 19:52 . 2012-03-31 02:36        2343424        ----a-w-        c:\windows\system32\win32k.sys

2012-05-16 19:52 . 2012-03-17 07:27        56176        ----a-w-        c:\windows\system32\drivers\partmgr.sys

2012-05-16 19:52 . 2012-03-03 05:31        1077248        ----a-w-        c:\windows\system32\DWrite.dll

2012-05-04 12:49 . 2012-05-05 16:27        419488        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-05 16:27 . 2011-10-23 20:14        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-17 08:00 . 2011-10-24 14:28        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2012-03-01 05:46 . 2012-04-13 12:24        19824        ----a-w-        c:\windows\system32\drivers\fs_rec.sys

2012-03-01 05:37 . 2012-04-13 12:24        172544        ----a-w-        c:\windows\system32\wintrust.dll

2012-03-01 05:33 . 2012-04-13 12:24        159232        ----a-w-        c:\windows\system32\imagehlp.dll

2012-03-01 05:29 . 2012-04-13 12:24        5120        ----a-w-        c:\windows\system32\wmi.dll

2012-02-28 01:18 . 2012-04-13 12:27        1799168        ----a-w-        c:\windows\system32\jscript9.dll

2012-02-28 01:11 . 2012-04-13 12:27        1427456        ----a-w-        c:\windows\system32\inetcpl.cpl

2012-02-28 01:11 . 2012-04-13 12:27        1127424        ----a-w-        c:\windows\system32\wininet.dll

2012-02-28 01:03 . 2012-04-13 12:27        2382848        ----a-w-        c:\windows\system32\mshtml.tlb

2009-09-12 21:05 . 2009-09-12 21:05        124240        ----a-w-        c:\program files\mozilla firefox\plugins\CCMSDK.dll

2009-09-12 21:06 . 2009-09-12 21:06        13136        ----a-w-        c:\program files\mozilla firefox\plugins\cgpcfg.dll

2009-09-12 21:06 . 2009-09-12 21:06        70488        ----a-w-        c:\program files\mozilla firefox\plugins\CgpCore.dll

2009-09-12 21:06 . 2009-09-12 21:06        91480        ----a-w-        c:\program files\mozilla firefox\plugins\confmgr.dll

2009-09-12 21:06 . 2009-09-12 21:06        22360        ----a-w-        c:\program files\mozilla firefox\plugins\ctxlogging.dll

2009-09-12 21:07 . 2009-09-12 21:07        255312        ----a-w-        c:\program files\mozilla firefox\plugins\ctxmui.dll

2009-09-12 21:06 . 2009-09-12 21:06        31064        ----a-w-        c:\program files\mozilla firefox\plugins\icafile.dll

2009-09-12 21:06 . 2009-09-12 21:06        40280        ----a-w-        c:\program files\mozilla firefox\plugins\icalogon.dll

2009-08-14 11:33 . 2009-08-14 11:33        652640        ----a-w-        c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2009-09-12 21:06 . 2009-09-12 21:06        23896        ----a-w-        c:\program files\mozilla firefox\plugins\TcpPServ.dll

2012-05-23 05:31 . 2011-10-23 20:24        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-23 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2010-10-22 2105344]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 171288]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 172824]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Schulte-Klein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-23 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 4352]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2010-10-22 265088]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-23 136176]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-23 129976]

R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe [2009-02-03 95896]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]

S1 MpKsl0d17bea9;MpKsl0d17bea9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA253904-9037-4343-823B-F041A9CA08F6}\MpKsl0d17bea9.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-04-21 68208]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - MPKSL0D17BEA9

.

Inhalt des "geplante Tasks" Ordners

.

2012-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 16:27]

.

2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-23 20:13]

.

2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-23 20:13]

.

.

------- Zusätzlicher Suchlauf -------

.

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Schulte-Klein\AppData\Roaming\Mozilla\Firefox\Profiles\218l6qfc.default\

FF - prefs.js: browser.startup.homepage - www.google.de

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-05-25  13:03:59

ComboFix-quarantined-files.txt  2012-05-25 11:03

.

Vor Suchlauf: 7 Verzeichnis(se), 1.476.598.386.688 Bytes frei

Nach Suchlauf: 11 Verzeichnis(se), 1.476.498.235.392 Bytes frei

.

- - End Of File - - DD3E16372F752BD8D356B01790DE0B1E

--- --- ---

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

So, fertig.
GMER wollte nicht.

Hier die logs von OSAM und aswMBR

OSAM

Code:

OSAM Logfile:
 

        Code:


        
Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 14:54:13 on 25.05.2012
 

OS: Windows 7  Service Pack 1 (Build 7601), 32-bit

Default Browser: Mozilla Corporation Firefox 12.0
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys

"catchme" (catchme) - ? - C:\Users\SCHULT~1\AppData\Local\Temp\catchme.sys  (File not found)

"Citrix USB Monitor Driver" (ctxusbm) - "Citrix Systems, Inc." - C:\Windows\System32\DRIVERS\ctxusbm.sys

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

"MpKsl0d17bea9" (MpKsl0d17bea9) - ? - c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DA253904-9037-4343-823B-F041A9CA08F6}\MpKsl0d17bea9.sys  (File not found)

"pgddyaod" (pgddyaod) - ? - C:\Users\SCHULT~1\AppData\Local\Temp\pgddyaod.sys  (Hidden registry entry, rootkit activity | File not found)

"SANDRA" (SANDRA) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\WNt500x86\Sandra.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll

{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll

{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll

{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Schulte-Klein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"AVMWlanClient" - "AVM Berlin" - C:\Program Files\avmwlanstick\wlangui.exe

"BrMfcWnd" - "Brother Industries, Ltd." - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

"ConnectionCenter" - "Citrix Systems, Inc." - "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup

"ControlCenter3" - "Brother Industries, Ltd." - C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"EPSON S21 Series 32MonitorBE" - "SEIKO EPSON CORPORATION" - C:\Windows\system32\E_FLBFAE.DLL
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

"AVM WLAN Connection Service" (AVM WLAN Connection Service) - "AVM Berlin" - C:\Program Files\avmwlanstick\WlanNetService.exe

"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

"SiSoftware Deployment Agent Service" (SandraAgentSrv) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe
 

===[ Logfile end ]=========================================[ Logfile end ]===

 
--- --- ---
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

und aswMBR

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-05-25 14:55:58

-----------------------------

14:55:58.616    OS Version: Windows 6.1.7601 Service Pack 1

14:55:58.616    Number of processors: 2 586 0x170A

14:55:58.617    ComputerName: SCHULTEKLEIN  UserName: 

14:56:02.156    Initialize success

14:58:06.414    AVAST engine defs: 12052500

15:00:01.484    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

15:00:01.489    Disk 0 Vendor: ST1500DL003-9VT16L CC32 Size: 1430799MB BusType: 3

15:00:01.508    Disk 0 MBR read successfully

15:00:01.513    Disk 0 MBR scan

15:00:01.521    Disk 0 Windows 7 default MBR code

15:00:01.535    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048

15:00:01.555    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS      1430697 MB offset 206848

15:00:01.566    Disk 0 scanning sectors +2930274304

15:00:01.643    Disk 0 scanning C:\Windows\system32\drivers

15:00:10.521    Service scanning

15:00:25.073    Modules scanning

15:00:29.940    Disk 0 trace - called modules:

15:00:29.951    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 

15:00:29.956    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x855ee030]

15:00:29.960    3 CLASSPNP.SYS[889cd59e] -> nt!IofCallDriver -> [0x84871918]

15:00:29.964    5 ACPI.sys[884b23d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85146030]

15:00:42.314    AVAST engine scan C:\Windows

15:00:47.721    AVAST engine scan C:\Windows\system32

15:03:11.554    AVAST engine scan C:\Windows\system32\drivers

15:03:25.849    AVAST engine scan C:\Users\Schulte-Klein

15:04:01.631    AVAST engine scan C:\ProgramData

15:04:12.400    Scan finished successfully

15:08:32.816    Disk 0 MBR has been saved successfully to "C:\Users\Schulte-Klein\Desktop\MBR.dat"

15:08:32.820    The log file has been saved successfully to "C:\Users\Schulte-Klein\Desktop\aswMBR.txt"