Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   isecurity.exe beim surfen eingefangen...wie werde ich das Ding sauber los! (https://www.trojaner-board.de/110968-isecurity-exe-beim-surfen-eingefangen-ding-sauber-los.html)

Dodger 05.03.2012 21:02
isecurity.exe beim surfen eingefangen...wie werde ich das Ding sauber los!
 
Hallo zusammen,

Mein letzter offizieller Besuch ist einige Zeit her und ich habe Beiträge hier immer wieder verfolgt.
Nun habe ich mir beim normalen Surfen auch diese "isecurity.exe" eingefangen und würde den auch gern wieder los werden.

Ein Klick (bewusst oder unbewusst) auf einer bei Google im Ergebnis angeführten Suchseite, die ich dann aufgerufen habe, scheint dieses Ding bei mir ausgelöst zu haben. Aber durch welche offene Tür ist das Ding eingetreten (Java?, Adobe?)? Sogar der aktuelle F-PROT, der auf dem System läuft, hat nichts bemerkt.

Zuerst hat sich der Windows Defender gemeldet und ich dachte auch erst, dass dieses Programm von MS kommt. Anhand der gefundenen angeblich infizierten Dateien wurde mir dann aber klar, dass das nicht stimmen konnte.

Da mir der Defender eine bestimmte Datei im temp-Verzeichnis angezeigt hat, habe ich folgende Schritte bisher selbst unternommen:
  • Finden der Datei im Verzeichnis C:\Users\<Nutzer>\AppData\Local\Temp
  • Entfernen der gefundenen aktuellen *.tmp-Dateien mit vergleichbarem Timestamp (Datei ungefähr folgende Maske: #<[0-9]+><irgendwas>.tmp
  • Starten des Systems im abgesicherten Modus, da dieses Ding alle Services abgeschossen hat (selbst MS-Defenderaufruf in der Sys-Steuerung, msconfig.exe und cmd.exe)
  • Aufruf des CCLeaner zum Bereinigen des Systems (Dateien und Reg aufräumen)
  • Inzwischen habe ich auch den Start dieses Services (isecurity.exe) im abgesicherten Modus deaktiviert
  • Ausführen der ersten Schritte für ein Posting hier...

Bevor ich jetzt selbst weiter daran herumfummel und die Sache u.U. noch schlimmer mache, begebe ich mich besser vertrauensvoll in Eure Obhut.

Im Anhang die von Euch benötigten Logs - Gmer habe ich nicht ausgeführt, da es sich um ein 64er-Sytem handelt.

Merkwürdig fand ich nur, dass "defogger" so ziemlich keine Laufzeit in Anspruch nahm und sofort fertig war. Daher poste ich das Log besser gleich mit.

Danke Euch und viele Grüße,
Dodger

Dodger 06.03.2012 10:55
kurze Ergänzung und Frage:

Die Systemwiederherstellung habe ich ebenfalls nicht bemüht, um die Sache nicht noch zu erschweren und irgendwelchen Mist damit in die historischen Dateien zu schleusen.

Frage:
Sollte ich die Systemwiederherstellung jetzt erstmal ausschalten, damit nicht die bisherigen Wiederherstellungspunkte überspielt werden?

Danke Euch und Gruß,
Dodger

cosinus 08.03.2012 13:08
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Dodger 08.03.2012 19:07
Hallo Cosinus,

Danke für Deine Antwort.

Malwarebytes hatte ich nicht mehr auf dem Rechner und demzufolge auch keine alten Logfiles.
Den Fullscan stoße ich jetzt an und arbeite Deine Anleitung weiter ab.
Soll ich tatsächlich alle Funde direkt mit Malwarebytes entfernen?

Gestern Abend hatte ich bereits einen (nur) Scan nach der Anleitung mit OTL durchgeführt, da ich dachte, das kommt als nächster Schritt.
Die Logfiles füge ich unten schonmal an, vielleicht wäre das ein erster Hinweis für Dich.

Dann bis später,
Dodger

Dodger 08.03.2012 20:23
Hallo Cosinus,

Fullscan ist durch, Neustart durchgeführt, hier ist das Log dazu:
(den Onlinescanner bemühe ich gleich auch):
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.08.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
<Nutzer> :: <Computername> [Administrator]

08.03.2012 19:11:57
mbam-log-2012-03-08 (19-11-57).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 382570
Laufzeit: 39 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\<Nutzer>\AppData\Local\Temp\6134.tmp (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\<Nutzer>\AppData\Local\Temp\fsa55098.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\<Nutzer>\AppData\Local\Temp\jag247368.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\<Nutzer>\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\3663da33-3efd9ecf (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\<Nutzer>\AppData\Roaming\isecurity.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Danke Dir und Gruß,
Dodger

Dodger 08.03.2012 22:00
Hallo Cosinus,

Und hier noch das ESET-Logfile:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8663c9723b70cc4892761dbef6ea00f1
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-08 07:36:15
# local_time=2012-03-08 08:36:15 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3328 16777215 100 0 19977772 19977772 0 0
# compatibility_mode=5893 16776573 100 94 171126 82865071 0 0
# compatibility_mode=8192 67108863 100 0 3729 3729 0 0
# scanned=8461
# found=5
# cleaned=0
# scan_time=154
C:\Documents and Settings\<Nutzer>\Anwendungsdaten\servdvd\codecwin.exe        a variant of Win32/Obfuscated.NEO trojan (unable to clean)        00000000000000000000000000000000        I
C:\Documents and Settings\<Nutzer>\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\5062998-330bc689        a variant of Java/Agent.DM trojan (unable to clean)        00000000000000000000000000000000        I
C:\Documents and Settings\<Nutzer>\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\5062998-59a1d06e        a variant of Java/Agent.DM trojan (unable to clean)        00000000000000000000000000000000        I
C:\Documents and Settings\<Nutzer>\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\48b8d245-3385cf1b        multiple threats (unable to clean)        00000000000000000000000000000000        I
C:\Documents and Settings\<Nutzer>\AppData\Roaming\servdvd\codecwin.exe        a variant of Win32/Obfuscated.NEO trojan (unable to clean)        00000000000000000000000000000000        I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8663c9723b70cc4892761dbef6ea00f1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-08 08:44:42
# local_time=2012-03-08 09:44:42 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3328 16777215 100 0 19978030 19978030 0 0
# compatibility_mode=5893 16776573 100 94 171384 82865329 0 0
# compatibility_mode=8192 67108863 100 0 3987 3987 0 0
# scanned=195180
# found=16
# cleaned=0
# scan_time=4003
C:\Documents and Settings\<Nutzer>\Anwendungsdaten\servdvd\codecwin.exe        a variant of Win32/Obfuscated.NEO trojan (unable to clean)        00000000000000000000000000000000        I
C:\Documents and Settings\<Nutzer>\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\5062998-330bc689        a variant of Java/Agent.DM trojan (unable to clean)        00000000000000000000000000000000        I
C:\Documents and Settings\<Nutzer>\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\5062998-59a1d06e        a variant of Java/Agent.DM trojan (unable to clean)        00000000000000000000000000000000        I
C:\Documents and Settings\<Nutzer>\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\48b8d245-3385cf1b        multiple threats (unable to clean)        00000000000000000000000000000000        I
C:\Documents and Settings\<Nutzer>\AppData\Roaming\servdvd\codecwin.exe        a variant of Win32/Obfuscated.NEO trojan (unable to clean)        00000000000000000000000000000000        I
C:\Dokumente und Einstellungen\<Nutzer>\Anwendungsdaten\servdvd\codecwin.exe        a variant of Win32/Obfuscated.NEO trojan (unable to clean)        00000000000000000000000000000000        I
C:\Dokumente und Einstellungen\<Nutzer>\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\5062998-330bc689        a variant of Java/Agent.DM trojan (unable to clean)        00000000000000000000000000000000        I
C:\Dokumente und Einstellungen\<Nutzer>\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\5062998-59a1d06e        a variant of Java/Agent.DM trojan (unable to clean)        00000000000000000000000000000000        I
C:\Dokumente und Einstellungen\<Nutzer>\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\48b8d245-3385cf1b        multiple threats (unable to clean)        00000000000000000000000000000000        I
C:\Dokumente und Einstellungen\<Nutzer>\AppData\Roaming\servdvd\codecwin.exe        a variant of Win32/Obfuscated.NEO trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\<Nutzer>\Anwendungsdaten\servdvd\codecwin.exe        a variant of Win32/Obfuscated.NEO trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\<Nutzer>\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\5062998-330bc689        a variant of Java/Agent.DM trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\<Nutzer>\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\5062998-59a1d06e        a variant of Java/Agent.DM trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\<Nutzer>\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\48b8d245-3385cf1b        multiple threats (unable to clean)        00000000000000000000000000000000        I
C:\Users\<Nutzer>\AppData\Roaming\servdvd\codecwin.exe        a variant of Win32/Obfuscated.NEO trojan (unable to clean)        00000000000000000000000000000000        I
D:\Privat_und_Soft\software_dowloads\NEUE_SoftWare\Free3GPVideoConverter55.exe        Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I
Das scheinen aber nicht alles wirkliche Funde zu sein, oder?

Danke Dir und Gruß,
Dodger

cosinus 08.03.2012 22:51
Zitat:
C:\Dokumente und Einstellungen\<Nutzer>\AppData\Roaming\servdvd\codecwin.exe
Was soll das sein?

Dodger 08.03.2012 23:16
Hi Cosinus,

Gute Frage...Die gleiche Frage habe ich mir selbst schon gerade gestellt, als ich das log gesehen habe, weil ich die Datei bzw. Anwendung dazu nicht zuordnen kann.
Mir fällt auch nix zum Ordnernamen "\servdvd" ein.

Der Ordner hat ein Erstellungsdatum vom "Dienstag, ‎13. ‎Dezember ‎2011, ‏‎01:42:01"
Die Datei (ist nur eine drin) hat folgende Daten:
Erstellt: ‎Dienstag, ‎13. ‎Dezember ‎2011, ‏‎01:42:01
Geändert: Dienstag, ‎13. ‎Dezember ‎2011, ‏‎01:42:03
letzter Zugriff: ‎Dienstag, ‎13. ‎Dezember ‎2011, ‏‎01:42:01

Nun war das auch nicht gerade letzte Woche und daher stehe ich auch auf dem Schlauch.
Merkwürdiges Ding, oder?
Kann das von einem Spiel oder einer Anwendung (Photo, Audio??) sein oder sollten wir die irgendwo weiter checken lassen???

Gruß,
Dodger

cosinus 08.03.2012 23:20
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Dodger 09.03.2012 06:55
Hallo cosinus,

Den Dienst habe ich jetzt auch deaktiviert.
Der ist mir bisher nie aufgefallen.

Bin heute den ganzen Tag unterwegs und kann erst heute am Abend weiter machen.

Hier das Log:

OTL Logfile:
Code:
OTL logfile created on: 08.03.2012 23:26:50 - Run 2
OTL by OldTimer - Version 3.2.35.1    Folder = C:\Users\<Nutzer>\Desktop\durchgeführt\OTL
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,73 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 74,32% Memory free
15,47 Gb Paging File | 13,51 Gb Available in Paging File | 87,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 155,26 Gb Total Space | 86,12 Gb Free Space | 55,47% Space Free | Partition Type: NTFS
Drive D: | 132,41 Gb Total Space | 41,72 Gb Free Space | 31,51% Space Free | Partition Type: NTFS
 
Computer Name: NB-FIMA1 | User Name: FiMa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\<Nutzer>\Desktop\durchgeführt\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe (FRISK Software International)
PRC - C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
PRC - C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe (FRISK Software International)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (FPAVServer) -- C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe (FRISK Software International)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (Lexware_Datenbank_Plus) -- C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.)
SRV - (ATService) -- C:\Programme\Fingerprint Sensor\ATService.exe (AuthenTec, Inc.)
SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (NAUpdate) @C:\Program Files (x86) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (e1kexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (FPAV_RTP) -- C:\Windows\SysNative\drivers\FPAV_RTP.sys (FRISK Software International)
DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {24C2DC2C-DB91-43F6-8D92-D62BA56BBCDB}
IE:64bit: - HKLM\..\SearchScopes\{24C2DC2C-DB91-43F6-8D92-D62BA56BBCDB}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9B9922F9-1053-412A-8DA6-3150650CE298}
IE - HKLM\..\SearchScopes\{9B9922F9-1053-412A-8DA6-3150650CE298}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3849405011-1110534619-3663369221-1142\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKU\S-1-5-21-3849405011-1110534619-3663369221-1142\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3849405011-1110534619-3663369221-1142\..\SearchScopes,DefaultScope = {9B9922F9-1053-412A-8DA6-3150650CE298}
IE - HKU\S-1-5-21-3849405011-1110534619-3663369221-1142\..\SearchScopes\{4EC1F31C-29C7-42AA-969D-9528FF684544}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-3849405011-1110534619-3663369221-1142\..\SearchScopes\{5A70D27F-DD48-43D2-A2D5-CE22D6643CF9}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-3849405011-1110534619-3663369221-1142\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 2
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}:
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}:
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.20 23:15:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.09.07 18:39:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.08.02 19:19:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\<Nutzer>\AppData\Roaming\mozilla\Extensions
[2011.09.13 23:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.10.20 23:15:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.20 23:15:42 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.20 23:15:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.20 23:15:42 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.20 23:15:42 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.20 23:15:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.20 23:15:42 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (TFPUPWDBankBHO Class) - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Programme\Toshiba\TFPU\x86\TFPUPWDBankBHO.dll (TODO: <Company name>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe (TOSHIBA)
O4:64bit: - HKLM..\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe (TOSHIBA)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [F-PROT Antivirus Tray application] C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe (FRISK Software International)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3849405011-1110534619-3663369221-1142..\Run: [Depuser] C:\Users\<Nutzer>\AppData\Roaming\servdvd\codecwin.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = <Domainname>
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94E3DA8E-76AC-4F8B-B0CC-395D708733A5}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{df54e609-bd4e-11e0-a3f5-fd381b010e96}\Shell - "" = AutoRun
O33 - MountPoints2\{df54e609-bd4e-11e0-a3f5-fd381b010e96}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{df54e609-bd4e-11e0-a3f5-fd381b010e96}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^Users^<Nutzer>^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe - (Leader Technologies/Logitech)
MsConfig:64bit - StartUpFolder: C:^Users^<Nutzer>^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe - (TOSHIBA Europe)
MsConfig:64bit - StartUpReg: 00TCrdMain - hkey= - key= - C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: HSON - hkey= - key= - C:\Programme\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: Internet Security - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ITSecMng - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
MsConfig:64bit - StartUpReg: LexwareInfoService - hkey= - key= - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
MsConfig:64bit - StartUpReg: Messenger (Yahoo!) - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: NBAgent - hkey= - key= - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
MsConfig:64bit - StartUpReg: SmartFaceVWatcher - hkey= - key= - C:\Programme\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TNRotate - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TNROTATE\TNROTATE.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: Toshiba Registration - hkey= - key= - C:\Programme\Toshiba\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
MsConfig:64bit - StartUpReg: Toshiba TEMPRO - hkey= - key= - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
MsConfig:64bit - StartUpReg: TosNC - hkey= - key= - C:\Programme\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TosReelTimeMonitor - hkey= - key= - C:\Programme\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TosVolRegulator - hkey= - key= - C:\Programme\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TUSBSleepChargeSrv - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
MsConfig:64bit - StartUpReg: TWebCamera - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
MsConfig:64bit - StartUpReg: VMware hqtray - hkey= - key= - C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: FPAVServer - C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe (FRISK Software International)
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: FPAVServer - C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe (FRISK Software International)
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX:64bit: >{D6650514-E1E0-46B1-9512-63063248A6CF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Yahoo! Messenger
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.08 22:05:31 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2012.03.08 20:31:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.08 18:49:58 | 000,000,000 | ---D | C] -- C:\Users\<Nutzer>\Desktop\durchgeführt
[2012.03.08 18:47:24 | 000,000,000 | ---D | C] -- C:\Users\<Nutzer>\AppData\Roaming\Malwarebytes
[2012.03.08 18:47:16 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.08 18:47:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.08 18:47:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.08 18:47:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.05 19:56:59 | 000,000,000 | ---D | C] -- C:\Users\<Nutzer>\Desktop\tmp_Desktop
[2012.03.05 04:36:40 | 000,000,000 | ---D | C] -- C:\Users\<Nutzer>\AppData\Local\Apps
[2012.03.03 12:42:04 | 000,000,000 | ---D | C] -- C:\Users\<Nutzer>\AppData\Local\Logitech
[2012.03.03 12:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012.03.03 12:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.08 20:24:01 | 000,017,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.08 20:24:01 | 000,017,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.08 20:21:22 | 001,507,948 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.08 20:21:22 | 000,657,478 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.08 20:21:22 | 000,619,030 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.08 20:21:22 | 000,131,620 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.08 20:21:22 | 000,107,936 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.08 20:16:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.08 20:16:49 | 1933,905,919 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.05 19:58:25 | 000,000,000 | ---- | M] () -- C:\Users\<Nutzer>\defogger_reenable
[2012.03.02 22:04:18 | 000,002,018 | -H-- | M] () -- C:\Users\<Nutzer>\Documents\Default.rdp
[2012.02.14 20:23:57 | 000,310,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.05 19:58:25 | 000,000,000 | ---- | C] () -- C:\Users\<Nutzer>\defogger_reenable
[2012.01.31 21:53:03 | 000,004,608 | ---- | C] () -- C:\Users\<Nutzer>\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.24 23:07:16 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011.08.02 20:41:21 | 000,000,153 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.21 16:11:31 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.21 13:52:05 | 000,051,076 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.05.11 20:20:22 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2010.10.21 13:19:42 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2010.10.21 13:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll
[2010.10.21 13:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll
[2010.10.21 13:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll
[2010.07.28 20:08:46 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.07.28 20:08:44 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.07.28 20:08:42 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
 
========== LOP Check ==========
 
[2011.08.03 21:42:39 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\DAEMON Tools Lite
[2011.08.03 21:54:23 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\Helios
[2011.08.02 22:00:01 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\IrfanView
[2011.08.03 19:55:19 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\JAM Software
[2011.09.12 01:51:55 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\Leadertech
[2011.08.02 20:48:44 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\Lexware
[2011.08.01 21:35:53 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\Opera
[2012.03.08 23:04:39 | 000,000,000 | R--D | M] -- C:\Users\<Nutzer>\AppData\Roaming\servdvd
[2011.08.01 19:25:19 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\TFPU
[2011.08.02 19:19:31 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\Thunderbird
[2012.01.31 21:55:22 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\Toshiba
[2011.12.05 01:58:06 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\Ubisoft
[2011.07.21 14:16:24 | 000,000,000 | ---D | M] -- C:\Users\systemchef\AppData\Roaming\TFPU
[2011.07.21 15:35:35 | 000,000,000 | ---D | M] -- C:\Users\systemchef\AppData\Roaming\Toshiba
[2011.07.21 17:35:29 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\TFPU
[2011.07.21 17:35:31 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Toshiba
[2011.07.21 17:34:38 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\WinBatch
[2012.02.27 19:45:09 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.08.02 21:09:42 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\Adobe
[2011.08.03 21:42:39 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\DAEMON Tools Lite
[2011.08.03 21:54:23 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\Helios
[2011.07.29 08:49:10 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\Identities
[2011.12.05 01:33:29 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\InstallShield
[2011.08.02 22:00:01 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\IrfanView
[2011.08.03 19:55:19 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\JAM Software
[2011.09.12 01:51:55 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\Leadertech
[2011.08.02 20:48:44 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\Lexware
[2012.03.03 12:35:42 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\Logishrd
[2011.09.12 01:52:02 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\Logitech
[2010.11.18 01:21:17 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\Macromedia
[2012.03.08 18:47:24 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\Media Center Programs
[2012.02.09 20:53:08 | 000,000,000 | --SD | M] -- C:\Users\<Nutzer>\AppData\Roaming\Microsoft
[2011.09.13 23:36:48 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\Mozilla
[2011.07.29 08:49:40 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\Nero
[2011.08.01 21:35:53 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\Opera
[2012.03.08 23:04:39 | 000,000,000 | R--D | M] -- C:\Users\<Nutzer>\AppData\Roaming\servdvd
[2011.08.01 19:25:19 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\TFPU
[2011.08.02 19:19:31 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\Thunderbird
[2012.01.31 21:55:22 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\Toshiba
[2011.12.05 01:58:06 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\Ubisoft
[2011.08.12 04:21:00 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer>\AppData\Roaming\Winamp
 
< %APPDATA%\*.exe /s >
[2010.09.20 16:39:48 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\<Nutzer>\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.02.09 20:01:11 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\<Nutzer>\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2011.12.13 01:42:03 | 000,076,288 | ---- | M] () -- C:\Users\<Nutzer>\AppData\Roaming\servdvd\codecwin.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.01.15 11:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.01.15 11:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_5d42c6448888c5bd\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
--- --- ---

cosinus 09.03.2012 09:37
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {24C2DC2C-DB91-43F6-8D92-D62BA56BBCDB}
IE:64bit: - HKLM\..\SearchScopes\{24C2DC2C-DB91-43F6-8D92-D62BA56BBCDB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9B9922F9-1053-412A-8DA6-3150650CE298}
IE - HKLM\..\SearchScopes\{9B9922F9-1053-412A-8DA6-3150650CE298}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-3849405011-1110534619-3663369221-1142..\Run: [Depuser] C:\Users\<Nutzer>\AppData\Roaming\servdvd\codecwin.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3849405011-1110534619-3663369221-1142..\Run: [Depuser] C:\Users\<Nutzer>\AppData\Roaming\servdvd\codecwin.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{df54e609-bd4e-11e0-a3f5-fd381b010e96}\Shell - "" = AutoRun
O33 - MountPoints2\{df54e609-bd4e-11e0-a3f5-fd381b010e96}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{df54e609-bd4e-11e0-a3f5-fd381b010e96}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
:Files
C:\Users\<Nutzer>\AppData\Roaming\servdvd
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Dodger 09.03.2012 21:50
Hi Cosinus,

den Fix habe ich durchgeführt, Neustart war erforderlich.
So, wie ich in dem Fix mitbekommen habe, wurde der automatische CD-Rom-Start dekativiert. Gab es da sonst noch Besonderheiten, die mir im weiteren Betrieb auffallen könnten, oder auf die ich nach diesem Fix nun im Besonderen achten sollte?

Die Files vom Laufwerk F: konnten nicht angetastet werden, da das das temporäre Laufwerk in der Domäne war, welches aber bereits seit einem 3/4-Jahr nicht mehr angeschlossen wurde und wahrscheinlich auch nicht wird. (Daher habe ich da keinen Zugriff)

hier das Log - den Nutzernamen habe ich wieder unkenntlich gemacht:
Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{24C2DC2C-DB91-43F6-8D92-D62BA56BBCDB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24C2DC2C-DB91-43F6-8D92-D62BA56BBCDB}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9B9922F9-1053-412A-8DA6-3150650CE298}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B9922F9-1053-412A-8DA6-3150650CE298}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3849405011-1110534619-3663369221-1142\Software\Microsoft\Windows\CurrentVersion\Run\\Depuser not found.
C:\Users\<Nutzer>\AppData\Roaming\servdvd\codecwin.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3849405011-1110534619-3663369221-1142\Software\Microsoft\Windows\CurrentVersion\Run\\Depuser not found.
File C:\Users\<Nutzer>\AppData\Roaming\servdvd\codecwin.exe not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df54e609-bd4e-11e0-a3f5-fd381b010e96}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df54e609-bd4e-11e0-a3f5-fd381b010e96}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df54e609-bd4e-11e0-a3f5-fd381b010e96}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df54e609-bd4e-11e0-a3f5-fd381b010e96}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df54e609-bd4e-11e0-a3f5-fd381b010e96}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df54e609-bd4e-11e0-a3f5-fd381b010e96}\ not found.
File F:\Directx\dxsetup.exe not found.
========== FILES ==========
C:\Users\<Nutzer>\AppData\Roaming\servdvd folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: <Nutzer>
->Temp folder emptied: 15313041 bytes
->Temporary Internet Files folder emptied: 6165885 bytes
->Java cache emptied: 339655 bytes
->FireFox cache emptied: 38339753 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 57008 bytes
 
User: Public
 
User: <systemadmin>
->Temp folder emptied: 62126298 bytes
->Temporary Internet Files folder emptied: 980663 bytes
->Flash cache emptied: 56504 bytes
 
User: Test
->Temp folder emptied: 6850268 bytes
->Temporary Internet Files folder emptied: 120771099 bytes
->Flash cache emptied: 56504 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 304874 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 240,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.35.1 log created on 03092012_212427

Files\Folders moved on Reboot...
C:\Users\<Nutzer>\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
Danke Dir auf jeden Fall bis hier schonmal sehr. :dankeschoen:
Kann ich jetzt nebenher schon wieder einige Sachen nutzen? (Mails,xls Bearbeiten,Word-Dokumente,...)

Wir sind ja sicher noch nicht durch, schätze ich...

Viele Grüße,
Dodger

cosinus 10.03.2012 16:29
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Dodger 10.03.2012 17:48
Hallo Cosinus,

keine Funde, Log unten angefügt.
Mir sind keine Programme im Startmenü aufgefallen, die nicht sichtbar wären oder Desktopverknüpfungen, die nicht funktionieren würden.

Auch wenn die Frage jetzt blöd sein sollte:
Was genau meinst Du mit dem Zugriff auf eigene Dateien?
Den Standardordner nutze ich meist eh nicht (Daten speicher ich ungern auf der Systempartition).
Daher ist mir der Zugriffsunterschied jetzt nicht direkt bewusst.

Über den Pfad "C:\Dokumente und Einstellungen" komme ich im Moment nicht rein.
Aber da habe ich auch bisher nie an den Zugriffsrechten gebastelt und weiß daher nicht, ob das normal von Win 7 so gesetzt worden ist.

Oder meinst Du eher Zugriff über den Pfad "C:\Users\<Nutzer>\Eigene Dateien" - da habe ich normalen Zugriff und konnte kein Problem feststellen
Auch über die Win 7 Bibliotheken komme ich dort an die eigenen Dateien.

hier das Log von tdss-killer:
Code:
17:19:47.0429 2140        TDSS rootkit removing tool 2.7.19.0 Mar  5 2012 11:23:39
17:19:47.0620 2140        ============================================================
17:19:47.0620 2140        Current date / time: 2012/03/10 17:19:47.0620
17:19:47.0620 2140        SystemInfo:
17:19:47.0620 2140       
17:19:47.0620 2140        OS Version: 6.1.7601 ServicePack: 1.0
17:19:47.0620 2140        Product type: Workstation
17:19:47.0620 2140        ComputerName: <Computername>
17:19:47.0620 2140        UserName: <Nutzer>
17:19:47.0620 2140        Windows directory: C:\Windows
17:19:47.0620 2140        System windows directory: C:\Windows
17:19:47.0620 2140        Running under WOW64
17:19:47.0620 2140        Processor architecture: Intel x64
17:19:47.0620 2140        Number of processors: 4
17:19:47.0620 2140        Page size: 0x1000
17:19:47.0620 2140        Boot type: Normal boot
17:19:47.0620 2140        ============================================================
17:19:48.0425 2140        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:19:48.0431 2140        \Device\Harddisk0\DR0:
17:19:48.0431 2140        MBR used
17:19:48.0431 2140        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE960, BlocksNum 0x13687AA0
17:19:48.0450 2140        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13977000, BlocksNum 0x108D2000
17:19:48.0521 2140        Initialize success
17:19:48.0521 2140        ============================================================
17:21:26.0368 3288        ============================================================
17:21:26.0368 3288        Scan started
17:21:26.0368 3288        Mode: Manual; SigCheck; TDLFS;
17:21:26.0368 3288        ============================================================
17:21:26.0850 3288        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:21:26.0967 3288        1394ohci - ok
17:21:26.0999 3288        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:21:27.0017 3288        ACPI - ok
17:21:27.0033 3288        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:21:27.0110 3288        AcpiPmi - ok
17:21:27.0188 3288        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:21:27.0224 3288        adp94xx - ok
17:21:27.0249 3288        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:21:27.0269 3288        adpahci - ok
17:21:27.0294 3288        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:21:27.0309 3288        adpu320 - ok
17:21:27.0438 3288        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:21:27.0501 3288        AFD - ok
17:21:27.0619 3288        AgereSoftModem  (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
17:21:27.0706 3288        AgereSoftModem - ok
17:21:27.0740 3288        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:21:27.0753 3288        agp440 - ok
17:21:27.0820 3288        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:21:27.0838 3288        aliide - ok
17:21:27.0861 3288        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:21:27.0875 3288        amdide - ok
17:21:27.0906 3288        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:21:27.0967 3288        AmdK8 - ok
17:21:28.0009 3288        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:21:28.0042 3288        AmdPPM - ok
17:21:28.0117 3288        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:21:28.0139 3288        amdsata - ok
17:21:28.0169 3288        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:21:28.0191 3288        amdsbs - ok
17:21:28.0207 3288        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:21:28.0216 3288        amdxata - ok
17:21:28.0266 3288        ApfiltrService  (9fd4e8b6ca36b2593a1e253a41d2dfa3) C:\Windows\system32\DRIVERS\Apfiltr.sys
17:21:28.0310 3288        ApfiltrService - ok
17:21:28.0336 3288        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:21:28.0481 3288        AppID - ok
17:21:28.0545 3288        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:21:28.0565 3288        arc - ok
17:21:28.0590 3288        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:21:28.0603 3288        arcsas - ok
17:21:28.0625 3288        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:21:28.0773 3288        AsyncMac - ok
17:21:28.0855 3288        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:21:28.0876 3288        atapi - ok
17:21:28.0951 3288        athr            (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys
17:21:29.0027 3288        athr - ok
17:21:29.0147 3288        ATSwpWDF        (474ee95924d3fda71d834a3847136f11) C:\Windows\system32\Drivers\ATSwpWDF.sys
17:21:29.0186 3288        ATSwpWDF - ok
17:21:29.0233 3288        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:21:29.0297 3288        b06bdrv - ok
17:21:29.0384 3288        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:21:29.0435 3288        b57nd60a - ok
17:21:29.0496 3288        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:21:29.0562 3288        Beep - ok
17:21:29.0655 3288        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:21:29.0693 3288        blbdrive - ok
17:21:29.0717 3288        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:21:29.0761 3288        bowser - ok
17:21:29.0772 3288        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:21:29.0841 3288        BrFiltLo - ok
17:21:29.0938 3288        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:21:29.0970 3288        BrFiltUp - ok
17:21:30.0001 3288        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:21:30.0033 3288        Brserid - ok
17:21:30.0057 3288        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:21:30.0085 3288        BrSerWdm - ok
17:21:30.0106 3288        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:21:30.0134 3288        BrUsbMdm - ok
17:21:30.0221 3288        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:21:30.0257 3288        BrUsbSer - ok
17:21:30.0284 3288        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:21:30.0326 3288        BTHMODEM - ok
17:21:30.0365 3288        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:21:30.0407 3288        cdfs - ok
17:21:30.0449 3288        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:21:30.0480 3288        cdrom - ok
17:21:30.0584 3288        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:21:30.0620 3288        circlass - ok
17:21:30.0670 3288        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:21:30.0683 3288        CLFS - ok
17:21:30.0727 3288        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:21:30.0748 3288        CmBatt - ok
17:21:30.0826 3288        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:21:30.0845 3288        cmdide - ok
17:21:30.0877 3288        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:21:30.0903 3288        CNG - ok
17:21:30.0983 3288        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:21:30.0993 3288        Compbatt - ok
17:21:31.0013 3288        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:21:31.0039 3288        CompositeBus - ok
17:21:31.0067 3288        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:21:31.0076 3288        crcdisk - ok
17:21:31.0130 3288        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:21:31.0183 3288        CSC - ok
17:21:31.0282 3288        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:21:31.0357 3288        DfsC - ok
17:21:31.0410 3288        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:21:31.0459 3288        discache - ok
17:21:31.0485 3288        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:21:31.0494 3288        Disk - ok
17:21:31.0517 3288        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:21:31.0543 3288        drmkaud - ok
17:21:31.0649 3288        dtsoftbus01    (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:21:31.0675 3288        dtsoftbus01 - ok
17:21:31.0740 3288        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:21:31.0776 3288        DXGKrnl - ok
17:21:31.0878 3288        e1kexpress      (324fcd2dd8a4229ddef3cc954ff12fa5) C:\Windows\system32\DRIVERS\e1k62x64.sys
17:21:31.0909 3288        e1kexpress - ok
17:21:32.0029 3288        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:21:32.0119 3288        ebdrv - ok
17:21:32.0184 3288        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:21:32.0204 3288        elxstor - ok
17:21:32.0255 3288        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:21:32.0295 3288        ErrDev - ok
17:21:32.0345 3288        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:21:32.0407 3288        exfat - ok
17:21:32.0479 3288        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:21:32.0537 3288        fastfat - ok
17:21:32.0582 3288        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:21:32.0626 3288        fdc - ok
17:21:32.0680 3288        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:21:32.0694 3288        FileInfo - ok
17:21:32.0708 3288        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:21:32.0746 3288        Filetrace - ok
17:21:32.0760 3288        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:21:32.0787 3288        flpydisk - ok
17:21:32.0850 3288        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:21:32.0879 3288        FltMgr - ok
17:21:32.0969 3288        FPAV_RTP        (bc5c7c3d4834554491a941781e28495c) C:\Windows\system32\DRIVERS\FPAV_RTP.sys
17:21:33.0006 3288        FPAV_RTP - ok
17:21:33.0046 3288        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:21:33.0055 3288        FsDepends - ok
17:21:33.0076 3288        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:21:33.0085 3288        Fs_Rec - ok
17:21:33.0137 3288        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:21:33.0153 3288        fvevol - ok
17:21:33.0176 3288        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:21:33.0187 3288        gagp30kx - ok
17:21:33.0234 3288        hcmon          (d5fa01185a7d5a65724fd87b34e53f5b) C:\windows\system32\drivers\hcmon.sys
17:21:33.0242 3288        hcmon - ok
17:21:33.0298 3288        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:21:33.0322 3288        hcw85cir - ok
17:21:33.0378 3288        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:21:33.0421 3288        HdAudAddService - ok
17:21:33.0446 3288        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:21:33.0494 3288        HDAudBus - ok
17:21:33.0531 3288        HECIx64        (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
17:21:33.0546 3288        HECIx64 - ok
17:21:33.0590 3288        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:21:33.0625 3288        HidBatt - ok
17:21:33.0652 3288        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:21:33.0702 3288        HidBth - ok
17:21:33.0737 3288        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:21:33.0769 3288        HidIr - ok
17:21:33.0807 3288        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:21:33.0837 3288        HidUsb - ok
17:21:33.0895 3288        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:21:33.0917 3288        HpSAMD - ok
17:21:33.0976 3288        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:21:34.0062 3288        HTTP - ok
17:21:34.0147 3288        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:21:34.0166 3288        hwpolicy - ok
17:21:34.0194 3288        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:21:34.0217 3288        i8042prt - ok
17:21:34.0258 3288        iaStor          (85977cd13fc16069ce0af7943a811775) C:\Windows\system32\DRIVERS\iaStor.sys
17:21:34.0288 3288        iaStor - ok
17:21:34.0391 3288        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:21:34.0423 3288        iaStorV - ok
17:21:34.0647 3288        igfx            (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:21:34.0991 3288        igfx - ok
17:21:35.0072 3288        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:21:35.0094 3288        iirsp - ok
17:21:35.0128 3288        Impcd          (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys
17:21:35.0173 3288        Impcd - ok
17:21:35.0257 3288        IntcAzAudAddService (aab8cd9cf65daadfdfcece067650af13) C:\Windows\system32\drivers\RTKVHD64.sys
17:21:35.0315 3288        IntcAzAudAddService - ok
17:21:35.0405 3288        IntcDAud        (da24c1f66ee1b5a92e045376d7a44b58) C:\Windows\system32\DRIVERS\IntcDAud.sys
17:21:35.0453 3288        IntcDAud - ok
17:21:35.0480 3288        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:21:35.0495 3288        intelide - ok
17:21:35.0522 3288        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:21:35.0550 3288        intelppm - ok
17:21:35.0589 3288        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:21:35.0650 3288        IpFilterDriver - ok
17:21:35.0731 3288        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:21:35.0767 3288        IPMIDRV - ok
17:21:35.0792 3288        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:21:35.0854 3288        IPNAT - ok
17:21:35.0878 3288        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:21:35.0967 3288        IRENUM - ok
17:21:36.0042 3288        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:21:36.0061 3288        isapnp - ok
17:21:36.0089 3288        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:21:36.0107 3288        iScsiPrt - ok
17:21:36.0132 3288        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:21:36.0142 3288        kbdclass - ok
17:21:36.0169 3288        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:21:36.0193 3288        kbdhid - ok
17:21:36.0231 3288        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:21:36.0251 3288        KSecDD - ok
17:21:36.0326 3288        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:21:36.0347 3288        KSecPkg - ok
17:21:36.0390 3288        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:21:36.0475 3288        ksthunk - ok
17:21:36.0527 3288        LGBusEnum      (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
17:21:36.0534 3288        LGBusEnum - ok
17:21:36.0621 3288        LGSHidFilt      (1af3a5a9bc310c88f2efcebd08d381ab) C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
17:21:36.0634 3288        LGSHidFilt - ok
17:21:36.0666 3288        LGVirHid        (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
17:21:36.0676 3288        LGVirHid - ok
17:21:36.0707 3288        LHidFilt        (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:21:36.0718 3288        LHidFilt - ok
17:21:36.0758 3288        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:21:36.0832 3288        lltdio - ok
17:21:36.0870 3288        LMouFilt        (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:21:36.0878 3288        LMouFilt - ok
17:21:36.0950 3288        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:21:36.0975 3288        LSI_FC - ok
17:21:36.0991 3288        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:21:37.0004 3288        LSI_SAS - ok
17:21:37.0022 3288        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:21:37.0033 3288        LSI_SAS2 - ok
17:21:37.0056 3288        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:21:37.0075 3288        LSI_SCSI - ok
17:21:37.0097 3288        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:21:37.0150 3288        luafv - ok
17:21:37.0211 3288        LUsbFilt        (29c733e1de824670dc9315cfc9bdbcd3) C:\Windows\system32\Drivers\LUsbFilt.Sys
17:21:37.0225 3288        LUsbFilt - ok
17:21:37.0295 3288        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:21:37.0315 3288        megasas - ok
17:21:37.0334 3288        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:21:37.0354 3288        MegaSR - ok
17:21:37.0377 3288        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:21:37.0426 3288        Modem - ok
17:21:37.0457 3288        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:21:37.0489 3288        monitor - ok
17:21:37.0522 3288        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:21:37.0533 3288        mouclass - ok
17:21:37.0551 3288        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:21:37.0576 3288        mouhid - ok
17:21:37.0649 3288        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:21:37.0671 3288        mountmgr - ok
17:21:37.0700 3288        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:21:37.0714 3288        mpio - ok
17:21:37.0746 3288        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:21:37.0804 3288        mpsdrv - ok
17:21:37.0839 3288        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:21:37.0916 3288        MRxDAV - ok
17:21:37.0997 3288        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:21:38.0049 3288        mrxsmb - ok
17:21:38.0095 3288        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:21:38.0134 3288        mrxsmb10 - ok
17:21:38.0159 3288        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:21:38.0178 3288        mrxsmb20 - ok
17:21:38.0208 3288        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:21:38.0218 3288        msahci - ok
17:21:38.0271 3288        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:21:38.0296 3288        msdsm - ok
17:21:38.0334 3288        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:21:38.0378 3288        Msfs - ok
17:21:38.0393 3288        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:21:38.0444 3288        mshidkmdf - ok
17:21:38.0475 3288        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:21:38.0483 3288        msisadrv - ok
17:21:38.0499 3288        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:21:38.0550 3288        MSKSSRV - ok
17:21:38.0558 3288        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:21:38.0605 3288        MSPCLOCK - ok
17:21:38.0626 3288        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:21:38.0684 3288        MSPQM - ok
17:21:38.0764 3288        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:21:38.0797 3288        MsRPC - ok
17:21:38.0836 3288        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:21:38.0857 3288        mssmbios - ok
17:21:38.0881 3288        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:21:38.0940 3288        MSTEE - ok
17:21:38.0956 3288        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:21:38.0978 3288        MTConfig - ok
17:21:39.0051 3288        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:21:39.0075 3288        Mup - ok
17:21:39.0123 3288        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:21:39.0164 3288        NativeWifiP - ok
17:21:39.0219 3288        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:21:39.0245 3288        NDIS - ok
17:21:39.0322 3288        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:21:39.0400 3288        NdisCap - ok
17:21:39.0429 3288        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:21:39.0483 3288        NdisTapi - ok
17:21:39.0523 3288        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:21:39.0596 3288        Ndisuio - ok
17:21:39.0620 3288        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:21:39.0668 3288        NdisWan - ok
17:21:39.0750 3288        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:21:39.0817 3288        NDProxy - ok
17:21:39.0878 3288        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:21:39.0945 3288        NetBIOS - ok
17:21:39.0996 3288        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:21:40.0063 3288        NetBT - ok
17:21:40.0131 3288        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:21:40.0143 3288        nfrd960 - ok
17:21:40.0160 3288        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:21:40.0225 3288        Npfs - ok
17:21:40.0286 3288        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:21:40.0358 3288        nsiproxy - ok
17:21:40.0422 3288        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:21:40.0490 3288        Ntfs - ok
17:21:40.0549 3288        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:21:40.0626 3288        Null - ok
17:21:40.0665 3288        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:21:40.0675 3288        nvraid - ok
17:21:40.0688 3288        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:21:40.0701 3288        nvstor - ok
17:21:40.0728 3288        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:21:40.0739 3288        nv_agp - ok
17:21:40.0771 3288        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:21:40.0800 3288        ohci1394 - ok
17:21:40.0891 3288        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:21:40.0916 3288        Parport - ok
17:21:40.0953 3288        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:21:40.0975 3288        partmgr - ok
17:21:40.0992 3288        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:21:41.0007 3288        pci - ok
17:21:41.0024 3288        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:21:41.0034 3288        pciide - ok
17:21:41.0056 3288        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:21:41.0072 3288        pcmcia - ok
17:21:41.0094 3288        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:21:41.0114 3288        pcw - ok
17:21:41.0143 3288        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:21:41.0207 3288        PEAUTH - ok
17:21:41.0316 3288        PGEffect        (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys
17:21:41.0330 3288        PGEffect - ok
17:21:41.0389 3288        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:21:41.0429 3288        PptpMiniport - ok
17:21:41.0461 3288        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:21:41.0485 3288        Processor - ok
17:21:41.0545 3288        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:21:41.0619 3288        Psched - ok
17:21:41.0744 3288        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:21:41.0801 3288        ql2300 - ok
17:21:41.0895 3288        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:21:41.0917 3288        ql40xx - ok
17:21:41.0939 3288        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:21:41.0976 3288        QWAVEdrv - ok
17:21:42.0000 3288        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:21:42.0055 3288        RasAcd - ok
17:21:42.0088 3288        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:21:42.0138 3288        RasAgileVpn - ok
17:21:42.0163 3288        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:21:42.0215 3288        Rasl2tp - ok
17:21:42.0297 3288        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:21:42.0371 3288        RasPppoe - ok
17:21:42.0390 3288        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:21:42.0443 3288        RasSstp - ok
17:21:42.0492 3288        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:21:42.0566 3288        rdbss - ok
17:21:42.0610 3288        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:21:42.0639 3288        rdpbus - ok
17:21:42.0724 3288        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:21:42.0814 3288        RDPCDD - ok
17:21:42.0851 3288        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:21:42.0897 3288        RDPDR - ok
17:21:42.0927 3288        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:21:42.0989 3288        RDPENCDD - ok
17:21:43.0021 3288        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:21:43.0063 3288        RDPREFMP - ok
17:21:43.0153 3288        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
17:21:43.0216 3288        RDPWD - ok
17:21:43.0247 3288        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:21:43.0260 3288        rdyboost - ok
17:21:43.0294 3288        rimspci        (e20b1907fc72a3664ece21e3c20fc63d) C:\Windows\system32\DRIVERS\rimspe64.sys
17:21:43.0337 3288        rimspci - ok
17:21:43.0381 3288        risdpcie        (ca90e31ea48eccd289d0e22d3164fea7) C:\Windows\system32\DRIVERS\risdpe64.sys
17:21:43.0409 3288        risdpcie - ok
17:21:43.0471 3288        rixdpcie        (78dc3bdd48ac2f36208a244ca2e263bd) C:\Windows\system32\DRIVERS\rixdpe64.sys
17:21:43.0509 3288        rixdpcie - ok
17:21:43.0558 3288        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:21:43.0625 3288        rspndr - ok
17:21:43.0663 3288        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:21:43.0710 3288        s3cap - ok
17:21:43.0784 3288        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:21:43.0806 3288        sbp2port - ok
17:21:43.0840 3288        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:21:43.0895 3288        scfilter - ok
17:21:43.0922 3288        sdbus          (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
17:21:43.0955 3288        sdbus - ok
17:21:44.0003 3288        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:21:44.0071 3288        secdrv - ok
17:21:44.0142 3288        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:21:44.0178 3288        Serenum - ok
17:21:44.0194 3288        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:21:44.0222 3288        Serial - ok
17:21:44.0259 3288        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:21:44.0293 3288        sermouse - ok
17:21:44.0353 3288        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:21:44.0376 3288        sffdisk - ok
17:21:44.0447 3288        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:21:44.0477 3288        sffp_mmc - ok
17:21:44.0499 3288        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:21:44.0526 3288        sffp_sd - ok
17:21:44.0554 3288        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:21:44.0582 3288        sfloppy - ok
17:21:44.0625 3288        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:21:44.0635 3288        SiSRaid2 - ok
17:21:44.0699 3288        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:21:44.0725 3288        SiSRaid4 - ok
17:21:44.0745 3288        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:21:44.0797 3288        Smb - ok
17:21:44.0830 3288        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:21:44.0839 3288        spldr - ok
17:21:44.0877 3288        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:21:44.0922 3288        srv - ok
17:21:44.0999 3288        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:21:45.0041 3288        srv2 - ok
17:21:45.0053 3288        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:21:45.0074 3288        srvnet - ok
17:21:45.0124 3288        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:21:45.0143 3288        stexstor - ok
17:21:45.0178 3288        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:21:45.0187 3288        storflt - ok
17:21:45.0208 3288        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:21:45.0216 3288        storvsc - ok
17:21:45.0282 3288        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:21:45.0300 3288        swenum - ok
17:21:45.0379 3288        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:21:45.0433 3288        Tcpip - ok
17:21:45.0460 3288        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:21:45.0497 3288        TCPIP6 - ok
17:21:45.0585 3288        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:21:45.0653 3288        tcpipreg - ok
17:21:45.0698 3288        tdcmdpst        (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
17:21:45.0710 3288        tdcmdpst - ok
17:21:45.0730 3288        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:21:45.0813 3288        TDPIPE - ok
17:21:45.0833 3288        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:21:45.0885 3288        TDTCP - ok
17:21:45.0975 3288        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:21:46.0041 3288        tdx - ok
17:21:46.0070 3288        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:21:46.0081 3288        TermDD - ok
17:21:46.0107 3288        Thpdrv          (c013f6acaa9761f571bd28dada7c157d) C:\Windows\system32\DRIVERS\thpdrv.sys
17:21:46.0114 3288        Thpdrv - ok
17:21:46.0127 3288        Thpevm          (b4e609047434ed948af7bdef2fa66e38) C:\Windows\system32\DRIVERS\Thpevm.SYS
17:21:46.0134 3288        Thpevm - ok
17:21:46.0173 3288        Tosrfcom - ok
17:21:46.0209 3288        tosrfec        (11699d47b3491d86249c168496d55c92) C:\Windows\system32\DRIVERS\tosrfec.sys
17:21:46.0215 3288        tosrfec - ok
17:21:46.0306 3288        tos_sps64      (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\Windows\system32\DRIVERS\tos_sps64.sys
17:21:46.0333 3288        tos_sps64 - ok
17:21:46.0388 3288        TPM            (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
17:21:46.0412 3288        TPM - ok
17:21:46.0488 3288        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:21:46.0556 3288        tssecsrv - ok
17:21:46.0609 3288        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:21:46.0640 3288        TsUsbFlt - ok
17:21:46.0672 3288        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:21:46.0742 3288        tunnel - ok
17:21:46.0810 3288        TVALZ          (effce6e033ebdd0f3c0f14a413558f65) C:\Windows\system32\DRIVERS\TVALZ.SYS
17:21:46.0823 3288        TVALZ - ok
17:21:46.0863 3288        TVALZFL        (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys
17:21:46.0872 3288        TVALZFL - ok
17:21:46.0902 3288        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:21:46.0916 3288        uagp35 - ok
17:21:46.0961 3288        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:21:47.0026 3288        udfs - ok
17:21:47.0119 3288        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:21:47.0142 3288        uliagpkx - ok
17:21:47.0197 3288        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:21:47.0243 3288        umbus - ok
17:21:47.0278 3288        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:21:47.0305 3288        UmPass - ok
17:21:47.0406 3288        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:21:47.0465 3288        usbccgp - ok
17:21:47.0506 3288        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:21:47.0553 3288        usbcir - ok
17:21:47.0583 3288        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
17:21:47.0620 3288        usbehci - ok
17:21:47.0648 3288        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:21:47.0678 3288        usbhub - ok
17:21:47.0761 3288        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:21:47.0793 3288        usbohci - ok
17:21:47.0834 3288        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:21:47.0870 3288        usbprint - ok
17:21:47.0901 3288        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:21:47.0955 3288        USBSTOR - ok
17:21:47.0982 3288        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:21:48.0013 3288        usbuhci - ok
17:21:48.0088 3288        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
17:21:48.0120 3288        usbvideo - ok
17:21:48.0160 3288        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:21:48.0171 3288        vdrvroot - ok
17:21:48.0197 3288        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:21:48.0237 3288        vga - ok
17:21:48.0259 3288        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:21:48.0304 3288        VgaSave - ok
17:21:48.0321 3288        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:21:48.0333 3288        vhdmp - ok
17:21:48.0347 3288        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:21:48.0355 3288        viaide - ok
17:21:48.0437 3288        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:21:48.0463 3288        vmbus - ok
17:21:48.0488 3288        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:21:48.0519 3288        VMBusHID - ok
17:21:48.0556 3288        vmci            (4c8a14dbd410b510a88f77cb645f2c2a) C:\windows\system32\drivers\vmci.sys
17:21:48.0566 3288        vmci - ok
17:21:48.0584 3288        vmkbd          (ffc30caeeb2fc5fee8568cff74edeaed) C:\windows\system32\drivers\VMkbd.sys
17:21:48.0593 3288        vmkbd - ok
17:21:48.0606 3288        VMnetAdapter    (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
17:21:48.0613 3288        VMnetAdapter - ok
17:21:48.0630 3288        VMnetBridge    (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
17:21:48.0636 3288        VMnetBridge - ok
17:21:48.0701 3288        VMnetuserif    (d0b809f6a9fb437c2b880c3ca8c10780) C:\windows\system32\drivers\vmnetuserif.sys
17:21:48.0713 3288        VMnetuserif - ok
17:21:48.0742 3288        vmx86          (541a6d6536710fd0602ec3aa24a81756) C:\windows\system32\drivers\vmx86.sys
17:21:48.0752 3288        vmx86 - ok
17:21:48.0781 3288        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:21:48.0796 3288        volmgr - ok
17:21:48.0840 3288        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:21:48.0868 3288        volmgrx - ok
17:21:48.0888 3288        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:21:48.0902 3288        volsnap - ok
17:21:48.0933 3288        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:21:48.0947 3288        vsmraid - ok
17:21:49.0021 3288        vstor2-ws60    (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
17:21:49.0033 3288        vstor2-ws60 - ok
17:21:49.0108 3288        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:21:49.0150 3288        vwifibus - ok
17:21:49.0185 3288        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:21:49.0228 3288        vwififlt - ok
17:21:49.0254 3288        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:21:49.0282 3288        WacomPen - ok
17:21:49.0311 3288        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:21:49.0369 3288        WANARP - ok
17:21:49.0373 3288        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:21:49.0409 3288        Wanarpv6 - ok
17:21:49.0498 3288        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:21:49.0512 3288        Wd - ok
17:21:49.0542 3288        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:21:49.0578 3288        Wdf01000 - ok
17:21:49.0692 3288        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:21:49.0753 3288        WfpLwf - ok
17:21:49.0769 3288        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:21:49.0777 3288        WIMMount - ok
17:21:49.0820 3288        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\drivers\WinUSB.sys
17:21:49.0846 3288        WinUsb - ok
17:21:49.0869 3288        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:21:49.0882 3288        WmiAcpi - ok
17:21:49.0905 3288        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:21:49.0957 3288        ws2ifsl - ok
17:21:50.0055 3288        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:21:50.0140 3288        WudfPf - ok
17:21:50.0165 3288        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:21:50.0255 3288        WUDFRd - ok
17:21:50.0293 3288        MBR (0x1B8)    (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
17:21:50.0467 3288        \Device\Harddisk0\DR0 - ok
17:21:50.0472 3288        Boot (0x1200)  (28391e678804f264d18f5adf066b05ec) \Device\Harddisk0\DR0\Partition0
17:21:50.0474 3288        \Device\Harddisk0\DR0\Partition0 - ok
17:21:50.0495 3288        Boot (0x1200)  (fac9ee8cf49b9a28a3f2813958531c1d) \Device\Harddisk0\DR0\Partition1
17:21:50.0497 3288        \Device\Harddisk0\DR0\Partition1 - ok
17:21:50.0498 3288        ============================================================
17:21:50.0498 3288        Scan finished
17:21:50.0498 3288        ============================================================
17:21:50.0514 0992        Detected object count: 0
17:21:50.0514 0992        Actual detected object count: 0
Danke Dir und Gruß,
Dodger

cosinus 12.03.2012 13:04
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:42 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129