Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Avira meldet 4 Funde, was nun? (https://www.trojaner-board.de/114089-avira-meldet-4-funde.html)

FW313 25.04.2012 19:03

Avira meldet 4 Funde, was nun?
 
Hallo Community :),

da ich in einem anderen Forum nur begrenzt Hilfe bekommen habe, versuche ich es auf Empfehlung mal bei euch.

Vor einigen Tagen meldete mein Avira-Scan 4 Funde, von denen ein Teil in Quarantäne verschoben wurde.
Auf Rat habe ich dann noch Malwarbytes laufen lassen, den Log werde zusammen mit dem von Avira im Anschluss posten.
Ich hoffe ihr könnt mir weiterhelfen, in diesem Bereich bin ich ein ziemlicher Grünschnabel.

Avira Log:

Code:

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 21. April 2012 19:42

Es wird nach 3668575 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ***

Versionsinformationen:
BUILD.DAT : 12.0.0.898 41963 Bytes 31.01.2012 13:51:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 15.02.2012 14:41:19
AVSCAN.DLL : 12.1.0.18 65744 Bytes 15.02.2012 14:41:18
LUKE.DLL : 12.1.0.19 68304 Bytes 15.02.2012 14:41:20
AVSCPLR.DLL : 12.1.0.22 100048 Bytes 15.02.2012 14:41:22
AVREG.DLL : 12.1.0.36 229128 Bytes 05.04.2012 20:51:41
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 20:31:06
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 18:01:12
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 20:53:23
VBASE005.VDF : 7.11.26.45 2048 Bytes 28.03.2012 20:53:23
VBASE006.VDF : 7.11.26.46 2048 Bytes 28.03.2012 20:53:23
VBASE007.VDF : 7.11.26.47 2048 Bytes 28.03.2012 20:53:23
VBASE008.VDF : 7.11.26.48 2048 Bytes 28.03.2012 20:53:23
VBASE009.VDF : 7.11.26.49 2048 Bytes 28.03.2012 20:53:23
VBASE010.VDF : 7.11.26.50 2048 Bytes 28.03.2012 20:53:23
VBASE011.VDF : 7.11.26.51 2048 Bytes 28.03.2012 20:53:25
VBASE012.VDF : 7.11.26.52 2048 Bytes 28.03.2012 20:53:25
VBASE013.VDF : 7.11.26.53 2048 Bytes 28.03.2012 20:53:25
VBASE014.VDF : 7.11.26.107 221696 Bytes 30.03.2012 20:51:28
VBASE015.VDF : 7.11.26.179 224768 Bytes 02.04.2012 20:51:31
VBASE016.VDF : 7.11.26.241 142336 Bytes 04.04.2012 20:51:44
VBASE017.VDF : 7.11.27.41 247808 Bytes 08.04.2012 01:36:06
VBASE018.VDF : 7.11.27.107 161280 Bytes 12.04.2012 11:11:54
VBASE019.VDF : 7.11.27.159 148992 Bytes 13.04.2012 11:59:20
VBASE020.VDF : 7.11.27.201 207360 Bytes 17.04.2012 16:55:04
VBASE021.VDF : 7.11.28.3 237568 Bytes 19.04.2012 16:58:48
VBASE022.VDF : 7.11.28.49 193536 Bytes 20.04.2012 16:55:05
VBASE023.VDF : 7.11.28.50 2048 Bytes 20.04.2012 16:55:05
VBASE024.VDF : 7.11.28.51 2048 Bytes 20.04.2012 16:55:05
VBASE025.VDF : 7.11.28.52 2048 Bytes 20.04.2012 16:55:05
VBASE026.VDF : 7.11.28.53 2048 Bytes 20.04.2012 16:55:06
VBASE027.VDF : 7.11.28.54 2048 Bytes 20.04.2012 16:55:06
VBASE028.VDF : 7.11.28.55 2048 Bytes 20.04.2012 16:55:06
VBASE029.VDF : 7.11.28.56 2048 Bytes 20.04.2012 16:55:07
VBASE030.VDF : 7.11.28.57 2048 Bytes 20.04.2012 16:55:07
VBASE031.VDF : 7.11.28.70 6656 Bytes 20.04.2012 17:41:09
Engineversion : 8.2.10.52
AEVDF.DLL : 8.1.2.2 106868 Bytes 25.10.2011 20:32:49
AESCRIPT.DLL : 8.1.4.17 446842 Bytes 19.04.2012 16:59:03
AESCN.DLL : 8.1.8.2 131444 Bytes 28.01.2012 01:16:32
AESBX.DLL : 8.2.5.5 606579 Bytes 12.03.2012 20:32:35
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.2.16.9 807287 Bytes 30.03.2012 20:51:56
AEOFFICE.DLL : 8.1.2.27 201082 Bytes 04.04.2012 20:52:43
AEHEUR.DLL : 8.1.4.19 4673910 Bytes 19.04.2012 16:59:02
AEHELP.DLL : 8.1.19.1 254327 Bytes 02.04.2012 20:51:33
AEGEN.DLL : 8.1.5.27 422261 Bytes 19.04.2012 16:58:50
AEEXP.DLL : 8.1.0.29 82293 Bytes 13.04.2012 12:00:13
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01
AECORE.DLL : 8.1.25.6 201078 Bytes 16.03.2012 15:58:37
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 11.10.2011 12:59:41
AVPREF.DLL : 12.1.0.17 51920 Bytes 11.10.2011 12:59:38
AVREP.DLL : 12.1.0.17 179408 Bytes 11.10.2011 12:59:38
AVARKT.DLL : 12.1.0.23 209360 Bytes 15.02.2012 14:41:17
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11.10.2011 12:59:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 11.10.2011 12:59:51
AVSMTP.DLL : 12.1.0.17 62928 Bytes 11.10.2011 12:59:39
NETNT.DLL : 12.1.0.17 17104 Bytes 11.10.2011 12:59:47
RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 11.10.2011 13:00:00
RCTEXT.DLL : 12.1.0.16 98512 Bytes 11.10.2011 13:00:00

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Samstag, 21. April 2012 19:42

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD3
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD4
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD5
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'sdclt.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'SteamService.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'RaUI.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'Steam.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'RocketDock.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'MouseEditor.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'PicasaMediaDetector.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'BrMfcmon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'brccMCtl.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'BrMfcWnd.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'pptd40nt.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'mobsync.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleDesktop.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'EnergySettings.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSASCui.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '129' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'TestHandler.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'NBService.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '153' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1206' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <SYSTEM>
C:\Users\***\AppData\Local\Temp\jar_cache6688363 890391519748.tmp
[0] Archivtyp: ZIP
--> a/Msgs.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2008-5353.CR
--> a/Test.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507
C:\Users\***\AppData\Local\Temp\jar_cache7340165 431841951358.tmp
[0] Archivtyp: ZIP
--> a/Msgs.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2008-5353.CR
--> a/Test.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507
Beginne mit der Suche in 'D:\' <DATA>

Beginne mit der Desinfektion:
C:\Users\***\AppData\Local\Temp\jar_cache7340165 431841951358.tmp
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '562ba0f0.qua' verschoben!
C:\Users\***\AppData\Local\Temp\jar_cache6688363 890391519748.tmp
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ebc8f57.qua' verschoben!


Ende des Suchlaufs: Samstag, 21. April 2012 21:45
Benötigte Zeit: 2:02:51 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

33805 Verzeichnisse wurden überprüft
900342 Dateien wurden geprüft
4 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
900338 Dateien ohne Befall
8461 Archive wurden durchsucht
0 Warnungen
2 Hinweise
879282 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden

Hier noch der Log von MBAM:

Code:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.21.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [Administrator]

22.04.2012 01:58:15
mbam-log-2012-04-22 (03-32-26).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 525791
Laufzeit: 1 Stunde(n), 33 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 9
C:\Users\***\Documents\RCT3\Download\Caederus Drehkreuz Set 2.2\bobleponge.exe (Adware.Onlinegames) -> Keine Aktion durchgeführt.
C:\Users\***\Documents\RCT3\Download\Caederus Drehkreuz Set 2.2\stuk71_Hangar51.exe (Adware.Onlinegames) -> Keine Aktion durchgeführt.
C:\Users\***\Documents\ICQ\599059319\ReceivedFiles \386808809 Steffen\bf.exe (Spyware.Zeus) -> Keine Aktion durchgeführt.
C:\Program Files\lame_enc.dll (Spyware.OnlineGames) -> Keine Aktion durchgeführt.
C:\Program Files\no23xwrapper.dll (Spyware.OnlineGames) -> Keine Aktion durchgeführt.
C:\Program Files\ogg.dll (Spyware.OnlineGames) -> Keine Aktion durchgeführt.
C:\Program Files\vorbis.dll (Spyware.OnlineGames) -> Keine Aktion durchgeführt.
C:\Program Files\vorbisenc.dll (Spyware.OnlineGames) -> Keine Aktion durchgeführt.
C:\Program Files\vorbisfile.dll (Spyware.OnlineGames) -> Keine Aktion durchgeführt.

(Ende)


cosinus 25.04.2012 20:56

Zitat:

C:\Users\***\Documents\ICQ\599059319\ReceivedFiles \386808809 Steffen\bf.exe (Spyware.Zeus)
Was genau soll das für eine Datei sein? bf.exe?

FW313 25.04.2012 21:03

Das weiß ich auch nicht genau, die muss ich schon seit Jahren drauf haben.
Kann mich aber nicht erinnern sie jemals ausgeführt zu haben.
Ich hab sie bereits bei Virustotal prüfen lassen, das Ergebnis war 4/42.
Auf Anweisung aus dem anderen Forum hab ich die Datei (mit Verdacht auf Fehlalarm) beim Avira Support hochgeladen.
Das Ergebnis bekomm ich die Tage.

Wie sieht es mit den anderen Programmen aus?

cosinus 26.04.2012 09:21

POste bitte den Link der Auswertung oder poste die Prüfsummen der Datei (md5/sha1)

FW313 26.04.2012 10:56

Link zur Auswertung:

https://www.virustotal.com/file/d73973fb16d2c92360171a31b885585759de3b56b9472a90c98e7f519d8a43cf/analysis/

SHA256: d73973fb16d2c92360171a31b885585759de3b56b9472a90c98e7f519d8a43cf

cosinus 26.04.2012 15:55

Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


FW313 27.04.2012 16:10

Werde ich heute abend machen aber vorher noch eine Frage.
Ich habe eine externe Festplatte, mit einem Backup auf der wahrscheinlich nicht alle der von MBAM gefunden Programme drauf sind.
Kann ich diese FP jetzt ohne Bedenken an den infizierten PC anschließen ohne, dass sie auch noch befallen wird?

LG

cosinus 27.04.2012 18:39

Vorher die Automatische Wiedergabe deaktivieren:

Windows XP: Zur Vereinfachung hab ich mal die noautoplay.reg hochgeladen. Lad das auf dem Desktop herunter, führ die Datei aus und bestätige mit ja. Nach einem Neustart des Rechners ist die automatische Wiedergabe (von Datenträgern) auf allen Laufwerken deaktiviert, d.h. keine CD, kein Stick oder sonstwas startet nach dem Einstecken mehr automatisch.

Windows Vista/7: In der Systemsteuerung unter automatische Wiedergabe von CDs und anderen Medien alles deaktivieren. => siehe auch Einstellungen für automatische Wiedergabe ändern

FW313 27.04.2012 19:55

Bis hierhin alles klar, nur noch eine Sache.
Soll ich die Internetverbindung beim Scan abschalten (da ja Guard und Firewall deaktiviert sind) oder ist das nicht gefährlich solange ich nicht surfe.
Darf ich nur diesen Thread (wegen der Anleitung) offen behalten oder soll ich Firefox komplett schließen?

cosinus 27.04.2012 19:58

Die Windows-Firewall kann anbleiben, Virenscanner ausschalten!
Dann gibt es keinen Grund die Internetverbindung zu trennen - wenn du an einem Router hängst ist das eh egal

FW313 27.04.2012 20:01

Und Firefox? Soll ich ihn nun (als Admin) öffnen oder geschlossen lassen?
Diesen Punkt versteh ich nicht ganz.
Falls er offen sein soll, einfach auf der Startseite bleiben, in diesem Fall google?

cosinus 28.04.2012 13:01

Firefox ist ein Browser! Natürlich musst du den per Rechtsklick als Admin starten, wenn du da ESET mit aufrufen willst!

FW313 28.04.2012 14:48

Nicht mitgedacht, sorry.
Eset scannt noch, Log folgt in Kürze :)

Hier ist der Log von ESET, er hat 3 Trojaner gefunden, allerding sind es immer die selben.
Einer befindet sich auf dem PC und die anderen auf den Backupfiles der externen Festplatte(K).

Code:

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=12
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=dd6e0121f49c5b4da80c480360568995
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-27 06:52:04
# local_time=2012-04-27 08:52:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 16940891 16940891 0 0
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 814 173085361 0 0
# compatibility_mode=8192 67108863 100 0 937 937 0 0
# scanned=799
# found=0
# cleaned=0
# scan_time=91
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=dd6e0121f49c5b4da80c480360568995
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-28 06:47:27
# local_time=2012-04-28 08:47:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 17009433 17009433 0 0
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 65286 173153903 0 0
# compatibility_mode=8192 67108863 100 0 69479 69479 0 0
# scanned=333904
# found=3
# cleaned=0
# scan_time=17672
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\48447943-2e6f2ae9        Java/TrojanDownloader.OpenStream.NAC trojan (unable to clean)        00000000000000000000000000000000        I
K:\***-PC\Backup Set 2011-08-29 164031\Backup Files 2011-08-29 164031\Backup files 122.zip        Java/TrojanDownloader.OpenStream.NAC trojan (unable to clean)        00000000000000000000000000000000        I
K:\***-PC\Backup Set 2011-08-29 164031\Backup Files 2012-04-15 005200\Backup files 12.zip        Java/TrojanDownloader.OpenStream.NAC trojan (unable to clean)        00000000000000000000000000000000        I


cosinus 30.04.2012 09:42

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

FW313 30.04.2012 09:45

Alles läuft wie gewohnt, Ordner hab ich noch nicht bemerkt.

cosinus 30.04.2012 12:25

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT


FW313 30.04.2012 13:39

Ist erledigt.

OTL Logfile:
Code:

OTL logfile created on: 30.04.2012 14:05:15 - Run 2
OTL by OldTimer - Version 3.2.40.0    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 58,32% Memory free
6,70 Gb Paging File | 5,13 Gb Available in Paging File | 76,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 308,88 Gb Total Space | 70,16 Gb Free Space | 22,71% Space Free | Partition Type: NTFS
Drive D: | 613,85 Gb Total Space | 609,31 Gb Free Space | 99,26% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.22 00:14:57 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.04.21 12:24:08 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Programme\Common Files\Steam\SteamService.exe
PRC - [2012.04.10 17:27:41 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Programme\Steam\Steam.exe
PRC - [2012.02.29 22:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.02.29 22:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.02.29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.12.23 11:00:12 | 003,344,384 | ---- | M] () -- C:\Programme\MOUSE Editor\MouseEditor.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.09.19 11:44:20 | 000,113,664 | ---- | M] (Fujitsu Siemens Computers GmbH) -- C:\Programme\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe
PRC - [2008.08.21 03:18:00 | 000,443,968 | ---- | M] (Google Inc.) -- C:\Programme\Picasa2\PicasaMediaDetector.exe
PRC - [2008.04.25 15:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) -- C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.09.04 15:14:04 | 000,974,848 | ---- | M] (Hama GmbH & Co KG) -- C:\Programme\Hama\Common\RaUI.exe
PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe
PRC - [2007.03.02 17:48:00 | 000,098,304 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.21 12:24:04 | 020,297,512 | ---- | M] () -- C:\Programme\Steam\bin\libcef.dll
MOD - [2012.04.21 12:23:51 | 000,907,048 | ---- | M] () -- C:\Programme\Steam\bin\chromehtml.dll
MOD - [2012.04.21 12:23:51 | 000,190,776 | ---- | M] () -- C:\Programme\Steam\bin\avformat-53.dll
MOD - [2012.04.21 12:23:51 | 000,123,192 | ---- | M] () -- C:\Programme\Steam\bin\avutil-51.dll
MOD - [2012.04.21 12:23:50 | 001,099,576 | ---- | M] () -- C:\Programme\Steam\bin\avcodec-53.dll
MOD - [2012.04.12 21:39:57 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll
MOD - [2012.04.12 21:39:48 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll
MOD - [2012.02.17 17:11:45 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll
MOD - [2012.02.16 18:14:08 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011.10.13 22:07:12 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2010.12.23 11:00:12 | 003,344,384 | ---- | M] () -- C:\Programme\MOUSE Editor\MouseEditor.exe
MOD - [2010.12.02 14:01:18 | 000,994,304 | ---- | M] () -- C:\Programme\MOUSE Editor\Data\MouseEditor\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll
MOD - [2010.12.02 11:56:52 | 000,815,104 | ---- | M] () -- C:\Programme\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll
MOD - [2010.11.24 03:11:21 | 002,535,936 | ---- | M] () -- C:\Programme\MOUSE Editor\Data\MouseEditor\Forms\ScreenCapture\ScreenCapture.dll
MOD - [2010.11.01 14:16:00 | 000,062,976 | ---- | M] () -- C:\Programme\MOUSE Editor\dll\DLL_AnalyzeGesturesInOne.dll
MOD - [2010.10.11 04:13:52 | 000,087,040 | ---- | M] () -- C:\Programme\MOUSE Editor\dll\DLL_MouseDeviceManager.dll
MOD - [2010.09.20 08:19:01 | 000,062,976 | ---- | M] () -- C:\Programme\MOUSE Editor\dll\DLL_AnalyzeGesturesInRight.dll
MOD - [2010.09.20 08:18:57 | 000,085,504 | ---- | M] () -- C:\Programme\MOUSE Editor\dll\DLL_ZoomControl.dll
MOD - [2010.09.20 08:18:54 | 000,054,272 | ---- | M] () -- C:\Programme\MOUSE Editor\dll\DLL_ScrollbarControl.dll
MOD - [2010.09.20 08:18:50 | 000,117,760 | ---- | M] () -- C:\Programme\MOUSE Editor\dll\DLL_Wheel4D.dll
MOD - [2010.08.23 04:22:39 | 000,034,816 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll
MOD - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe
MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.04.27 20:42:35 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.21 12:24:08 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.04.13 21:46:39 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.03.01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008.04.25 15:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.03.01 01:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.02.22 04:15:14 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2012.02.15 16:41:21 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.11.30 18:26:44 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2008.11.30 18:26:43 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008.07.22 10:21:08 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008.07.08 03:32:52 | 001,050,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008.05.27 13:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008.04.03 14:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2008.03.07 14:46:32 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.08.15 22:49:48 | 000,552,448 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.03.13 10:27:00 | 000,047,648 | ---- | M] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CESG502.sys -- (PVUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/webhp?rls=ig
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/webhp?rls=ig
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1980743469-3674975028-2304663644-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1980743469-3674975028-2304663644-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1980743469-3674975028-2304663644-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1980743469-3674975028-2304663644-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1980743469-3674975028-2304663644-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1980743469-3674975028-2304663644-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1980743469-3674975028-2304663644-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1980743469-3674975028-2304663644-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1980743469-3674975028-2304663644-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de
IE - HKU\S-1-5-21-1980743469-3674975028-2304663644-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=gb3_Xcsv4gbku0cIIJy60Gzb99E?q={searchTerms}
IE - HKU\S-1-5-21-1980743469-3674975028-2304663644-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.30
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.06.24 22:01:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.27 20:42:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.11 23:06:37 | 000,000,000 | ---D | M]
 
[2009.09.02 14:02:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.04.21 21:21:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m4chw5b8.default\extensions
[2012.04.01 22:55:36 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m4chw5b8.default\extensions\battlefieldplay4free@ea.com
[2011.03.12 13:46:47 | 000,000,000 | ---D | M] (Personas) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m4chw5b8.default\extensions\personas@christopher.beard
[2011.11.03 13:40:25 | 000,000,933 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\searchplugins\11-suche.xml
[2011.11.03 13:40:25 | 000,002,419 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\searchplugins\englische-ergebnisse.xml
[2011.11.03 13:40:25 | 000,010,525 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\searchplugins\gmx-suche.xml
[2011.03.11 21:29:56 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\searchplugins\icqplugin-1.xml
[2010.07.23 10:23:44 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\searchplugins\icqplugin-10.xml
[2010.07.24 15:22:23 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\searchplugins\icqplugin-11.xml
[2010.08.23 11:45:40 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\searchplugins\icqplugin-12.xml
[2010.09.17 12:50:50 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\searchplugins\icqplugin-13.xml
[2010.10.21 19:43:07 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\searchplugins\icqplugin-14.xml
[2010.10.30 00:09:47 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\searchplugins\icqplugin-15.xml
[2010.12.11 00:14:29 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\searchplugins\icqplugin-16.xml
[2011.03.03 14:03:56 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\searchplugins\icqplugin-17.xml
[2011.03.05 12:57:17 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\searchplugins\icqplugin-18.xml
[2011.03.24 20:34:37 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\searchplugins\icqplugin-19.xml
[2009.11.03 01:58:19 | 000,000,961 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\searchplugins\icqplugin-2.xml
[2009.11.15 10:45:58 | 000,000,961 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\searchplugins\icqplugin-3.xml
[2010.01.06 19:05:55 | 000,000,961 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\searchplugins\icqplugin-4.xml
[2010.01.30 22:25:07 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\searchplugins\icqplugin-5.xml
[2010.03.26 21:24:39 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\searchplugins\icqplugin-6.xml
[2010.04.02 18:54:20 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\searchplugins\icqplugin-7.xml
[2010.05.24 01:02:57 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\searchplugins\icqplugin-8.xml
[2010.06.29 23:08:21 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\searchplugins\icqplugin-9.xml
[2009.09.15 17:55:18 | 000,000,961 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\searchplugins\icqplugin.xml
[2011.11.03 13:40:25 | 000,002,457 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\searchplugins\lastminute.xml
[2011.04.07 19:12:52 | 000,005,549 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\searchplugins\webde-suche.xml
[2011.12.30 13:29:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.08.17 03:01:17 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M4CHW5B8.DEFAULT\EXTENSIONS\{20CC25E2-48C9-45E1-9A1F-1CCC1882B81B}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M4CHW5B8.DEFAULT\EXTENSIONS\{578E7CAA-210F-4967-A0D3-88FE5B59A39F}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M4CHW5B8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M4CHW5B8.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M4CHW5B8.DEFAULT\EXTENSIONS\{D49175B3-3FD8-43B8-B28E-DA5D47F3C398}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M4CHW5B8.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M4CHW5B8.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M4CHW5B8.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI
[2009.06.27 22:12:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.04.27 20:42:35 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.08.17 23:13:32 | 001,275,856 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv501.dll
[2011.09.30 18:30:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.30 18:30:15 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.30 18:30:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.30 18:30:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.30 18:30:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.30 18:30:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Flatcast Viewer Plugin 5.0.356 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NpFv501.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: HideMyAss Proxifier = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\akficmgoadaflmeeiapifgdbkalhacif\0.6_0\
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-1980743469-3674975028-2304663644-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1980743469-3674975028-2304663644-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EnergySettings] C:\Programme\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe (Fujitsu Siemens Computers GmbH)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe File not found
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe File not found
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1980743469-3674975028-2304663644-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-1980743469-3674975028-2304663644-1000..\Run: [OscarEditor] C:\Program Files\MOUSE Editor\MouseEditor.exe ()
O4 - HKU\S-1-5-21-1980743469-3674975028-2304663644-1000..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-21-1980743469-3674975028-2304663644-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-1980743469-3674975028-2304663644-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1980743469-3674975028-2304663644-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk =  File not found
O7 - HKU\S-1-5-21-1980743469-3674975028-2304663644-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1980743469-3674975028-2304663644-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1980743469-3674975028-2304663644-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} hxxp://80.237.209.20/objects/NpFv501.dll (Flatcast Viewer 5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61119530-AA6A-4060-B75B-696801F37432}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A54F7D6E-F1C3-44BC-918E-3C1856CF6B09}: NameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{16924bff-c20e-11dd-8638-002185c1d801}\Shell - "" = AutoRun
O33 - MountPoints2\{16924bff-c20e-11dd-8638-002185c1d801}\Shell\AutoRun\command - "" = K:\setup.exe
O33 - MountPoints2\{16924c09-c20e-11dd-8638-002185c1d801}\Shell - "" = AutoRun
O33 - MountPoints2\{16924c09-c20e-11dd-8638-002185c1d801}\Shell\AutoRun\command - "" = K:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.28 15:50:24 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.04.27 20:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.04.27 20:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.27 20:34:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.04.25 13:40:44 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\tdsskiller(1)
[2012.04.25 13:38:18 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\tdsskiller
[2012.04.22 00:42:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.04.22 00:42:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.22 00:42:42 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.22 00:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.22 00:35:14 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.61.0.1400.exe
[2012.04.22 00:14:53 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.04.22 00:13:42 | 003,645,656 | ---- | C] (Piriform Ltd) -- C:\Users\***\Desktop\ccsetup317.exe
[2012.04.16 21:34:03 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\TooManyItems2012_04_13_1.2.5(1)
[2012.04.15 23:01:26 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Beatles Best of
[2012.04.15 17:38:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.minecraft
[2012.04.13 14:24:20 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\1967-1970 (Disc 2)
[2012.04.13 14:24:18 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\1967-1970 (Disc 1)
[2012.04.13 14:24:16 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\1962-1966 (Disc 2)
[2012.04.13 14:24:15 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\1962-1966 (Disc 1)
[2012.04.11 17:52:45 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Minecraft
[2012.04.10 20:41:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\2K Games
[2012.04.10 17:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.04.10 17:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.30 14:06:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.30 13:59:08 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.30 13:59:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.30 13:59:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.30 13:59:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.30 13:58:56 | 3488,747,520 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.28 20:46:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.28 20:13:03 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1980743469-3674975028-2304663644-1000Core.job
[2012.04.28 20:13:02 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1980743469-3674975028-2304663644-1000UA.job
[2012.04.28 15:50:46 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.04.27 21:04:35 | 000,000,829 | ---- | M] () -- C:\Users\***\AppData\Local\RT2870_{A54F7D6E-F1C3-44BC-918E-3C1856CF6B09}_sta
[2012.04.27 20:59:13 | 000,001,616 | ---- | M] () -- C:\Users\***\AppData\Local\RT2870_{A54F7D6E-F1C3-44BC-918E-3C1856CF6B09}_prof
[2012.04.25 13:53:53 | 000,074,638 | ---- | M] () -- C:\Users\***\Desktop\TDSSKILLER.jpg
[2012.04.25 13:53:53 | 000,000,846 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2012.04.25 13:39:52 | 002,054,861 | ---- | M] () -- C:\Users\***\Desktop\tdsskiller(1).zip
[2012.04.25 13:36:37 | 002,054,550 | ---- | M] () -- C:\Users\***\Desktop\tdsskiller.zip
[2012.04.22 00:42:45 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.22 00:36:06 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.61.0.1400.exe
[2012.04.22 00:16:04 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.22 00:15:44 | 002,911,828 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.22 00:15:44 | 001,290,782 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.22 00:15:44 | 000,855,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.22 00:15:44 | 000,770,248 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.22 00:14:57 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.04.22 00:14:08 | 003,645,656 | ---- | M] (Piriform Ltd) -- C:\Users\***\Desktop\ccsetup317.exe
[2012.04.16 22:55:39 | 001,799,207 | ---- | M] () -- C:\Users\***\Desktop\HyperGTS_1.01_GERMAN.rar
[2012.04.16 21:29:31 | 000,051,131 | ---- | M] () -- C:\Users\***\Desktop\TooManyItems2012_04_13_1.2.5(1).zip
[2012.04.16 21:09:58 | 000,000,132 | ---- | M] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.04.16 19:07:26 | 006,793,229 | ---- | M] () -- C:\Users\***\Desktop\Hello, Goodbye.mp3
[2012.04.16 19:07:26 | 004,663,309 | ---- | M] () -- C:\Users\***\Desktop\Penny Lane.mp3
[2012.04.16 19:06:04 | 000,004,610 | -HS- | M] () -- C:\Users\***\Desktop\Folder.jpg
[2012.04.16 19:06:04 | 000,004,610 | -HS- | M] () -- C:\Users\***\Desktop\AlbumArt_{BD5986B1-3666-481B-829F-268C027B8396}_Large.jpg
[2012.04.16 19:05:33 | 000,001,491 | -HS- | M] () -- C:\Users\***\Desktop\AlbumArtSmall.jpg
[2012.04.16 19:05:33 | 000,001,491 | -HS- | M] () -- C:\Users\***\Desktop\AlbumArt_{BD5986B1-3666-481B-829F-268C027B8396}_Small.jpg
[2012.04.15 18:18:00 | 001,488,305 | ---- | M] () -- C:\Users\***\Desktop\mcpatcher-2.3.5_01.exe
[2012.04.15 18:05:27 | 000,037,894 | ---- | M] () -- C:\Users\***\Desktop\600px-Biohazard.svg.png
[2012.04.14 12:16:18 | 000,002,048 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk
[2012.04.10 17:26:49 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.04.08 15:29:45 | 000,002,631 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk
[2012.04.05 19:14:53 | 000,001,456 | ---- | M] () -- C:\Users\***\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.03 03:52:59 | 000,184,832 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.25 13:53:53 | 000,074,638 | ---- | C] () -- C:\Users\***\Desktop\TDSSKILLER.jpg
[2012.04.25 13:53:53 | 000,000,846 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2012.04.25 13:39:38 | 002,054,861 | ---- | C] () -- C:\Users\***\Desktop\tdsskiller(1).zip
[2012.04.25 13:36:19 | 002,054,550 | ---- | C] () -- C:\Users\***\Desktop\tdsskiller.zip
[2012.04.22 00:42:45 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.22 00:16:04 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.16 22:55:30 | 001,799,207 | ---- | C] () -- C:\Users\***\Desktop\HyperGTS_1.01_GERMAN.rar
[2012.04.16 21:29:30 | 000,051,131 | ---- | C] () -- C:\Users\***\Desktop\TooManyItems2012_04_13_1.2.5(1).zip
[2012.04.16 19:06:24 | 000,004,610 | -HS- | C] () -- C:\Users\***\Desktop\AlbumArt_{BD5986B1-3666-481B-829F-268C027B8396}_Large.jpg
[2012.04.16 19:06:24 | 000,001,491 | -HS- | C] () -- C:\Users\***\Desktop\AlbumArt_{BD5986B1-3666-481B-829F-268C027B8396}_Small.jpg
[2012.04.15 23:33:01 | 004,663,309 | ---- | C] () -- C:\Users\***\Desktop\Penny Lane.mp3
[2012.04.15 23:32:49 | 006,793,229 | ---- | C] () -- C:\Users\***\Desktop\Hello, Goodbye.mp3
[2012.04.15 18:17:41 | 001,488,305 | ---- | C] () -- C:\Users\***\Desktop\mcpatcher-2.3.5_01.exe
[2012.04.15 18:05:26 | 000,037,894 | ---- | C] () -- C:\Users\***\Desktop\600px-Biohazard.svg.png
[2012.04.10 17:26:49 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.04.05 12:43:17 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.10.08 23:34:33 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.06.29 20:31:12 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2011.04.16 13:42:17 | 000,138,056 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2011.04.01 15:32:27 | 000,000,829 | ---- | C] () -- C:\Users\***\AppData\Local\RT2870_{A54F7D6E-F1C3-44BC-918E-3C1856CF6B09}_sta
[2011.04.01 15:32:03 | 000,001,616 | ---- | C] () -- C:\Users\***\AppData\Local\RT2870_{A54F7D6E-F1C3-44BC-918E-3C1856CF6B09}_prof
[2011.02.07 22:12:37 | 000,000,164 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
[2010.08.16 12:39:30 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010.08.06 23:43:37 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.08.06 20:09:24 | 000,001,456 | ---- | C] () -- C:\Users\***\AppData\Local\Adobe Für Web speichern 12.0 Prefs
 
========== LOP Check ==========
 
[2012.04.16 21:43:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2012.02.22 20:17:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.Nitrous
[2012.01.15 19:03:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.spoutcraft
[2008.12.02 19:23:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ace
[2011.08.11 04:03:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\aicon
[2009.05.01 13:32:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2010.04.11 15:24:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft
[2009.01.09 16:48:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Atari
[2008.12.27 19:31:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blender Foundation
[2010.08.17 03:21:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.08.09 05:32:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2011.02.07 22:09:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Degener
[2009.10.22 18:52:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EA
[2010.06.26 23:36:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FireShot
[2012.04.25 13:53:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.04.05 22:34:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2009.01.09 16:46:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2008.11.29 15:43:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011.05.05 22:17:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2008.12.02 21:46:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDisc
[2011.05.09 13:55:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers
[2011.06.29 20:36:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2009.01.05 00:41:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony Setup
[2008.12.08 16:31:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SPORE
[2008.12.03 20:23:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SPORE Creature Creator
[2010.06.12 02:08:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.06.24 22:04:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2011.10.29 13:46:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tropico 3
[2012.02.22 04:16:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2012.03.24 21:54:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2008.12.04 16:18:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone
[2011.07.17 21:25:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\wargaming.net
[2011.06.29 20:48:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WEB.DE
[2012.04.28 20:57:00 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.04.16 21:43:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2012.02.22 20:17:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.Nitrous
[2012.01.15 19:03:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.spoutcraft
[2008.12.02 19:23:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ace
[2011.01.04 03:47:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2010.06.12 02:08:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe Mini Bridge CS5
[2011.08.11 04:03:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\aicon
[2009.05.01 13:32:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2010.04.11 15:24:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft
[2009.01.09 16:48:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Atari
[2011.10.14 19:03:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2009.07.10 22:32:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVS4YOU
[2008.12.27 19:31:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blender Foundation
[2009.12.23 14:20:24 | 000,000,000 | R--D | M] -- C:\Users\***\AppData\Roaming\Brother
[2010.08.17 03:21:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.08.09 05:32:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2011.02.07 22:09:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Degener
[2011.12.31 01:58:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2009.10.22 18:52:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EA
[2010.06.26 23:36:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FireShot
[2008.12.12 12:55:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Google
[2012.04.25 13:53:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.04.05 22:34:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2008.11.29 15:23:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2009.02.11 22:00:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2009.01.09 16:46:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2008.11.29 18:09:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2008.11.29 15:43:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.04.22 00:42:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011.08.17 19:34:36 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2009.09.02 14:02:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2009.03.13 17:57:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nero
[2012.02.22 19:35:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NVIDIA
[2011.05.05 22:17:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2008.12.02 21:46:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDisc
[2011.05.09 13:55:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers
[2008.11.29 15:41:41 | 000,000,000 | RH-D | M] -- C:\Users\***\AppData\Roaming\SecuROM
[2011.06.29 20:36:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2009.01.05 00:41:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony Setup
[2008.12.08 16:31:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SPORE
[2008.12.03 20:23:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SPORE Creature Creator
[2010.06.12 02:08:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.06.24 22:04:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2011.10.29 13:46:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tropico 3
[2012.02.22 04:16:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2012.03.24 21:54:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2012.04.16 21:27:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2008.12.04 16:18:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone
[2011.07.17 21:25:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\wargaming.net
[2011.06.29 20:48:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WEB.DE
[2011.06.15 01:49:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2009.09.29 20:29:08 | 000,006,144 | ---- | M] (Electronic Arts Canada) -- C:\Users\***\AppData\Roaming\EA\EASW\GameFace\DetectOpenGLConsole.exe
[2009.09.29 20:29:08 | 000,005,120 | ---- | M] (Electronic Arts Canada) -- C:\Users\***\AppData\Roaming\EA\EASW\GameFace\DownloadSourcePhotoConsole.exe
[2009.10.22 18:52:49 | 000,030,208 | ---- | M] (Electronic Arts Canada) -- C:\Users\***\AppData\Roaming\EA\EASW\GameFace\FileDownloadConsole.exe
[2009.10.08 10:30:41 | 000,013,312 | ---- | M] (Electronic Arts Canada) -- C:\Users\***\AppData\Roaming\EA\EASW\GameFace\PhotoFaceConsole.exe
[2009.09.29 20:29:04 | 000,009,216 | ---- | M] (Electronic Arts Canada) -- C:\Users\***\AppData\Roaming\EA\EASW\GameFace\UploadPhotofitConsole.exe
[2011.05.21 20:18:10 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.07.07 16:53:58 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.09.23 14:07:18 | 001,005,512 | ---- | M] (EA Digital Illusions CE AB) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\extensions\battlefieldplay4free@ea.com\plugins\BP4FUpdater.exe
[2009.01.05 00:59:59 | 027,288,880 | ---- | M] (Apple Inc.) -- C:\Users\***\AppData\Roaming\Sony Setup\A189E68E-2253-4C3B-86B7-D77E36F13C55\QuickTimeInstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2008.05.27 13:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Windows\System32\drivers\ahcix86s.sys
[2008.05.27 13:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_c617648e\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.09.30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
[2007.09.30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_41af7b1f\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.11.11 02:56:40 | 013,115,392 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.11.11 02:56:33 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.11.11 02:56:41 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008.11.11 02:56:49 | 017,633,280 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008.11.11 02:56:51 | 006,705,152 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >

--- --- ---

[/code]

cosinus 30.04.2012 17:19

Zitat:

[2012.04.25 13:39:52 | 002,054,861 | ---- | M] () -- C:\Users\***\Desktop\tdsskiller(1).zip
[2012.04.25 13:36:37 | 002,054,550 | ---- | M] () -- C:\Users\***\Desktop\tdsskiller.zip
Was hast du schon mit dem TDSS-Killer gemacht? Das Tool ist KEIN Spielzeug und man darf nicht einfach pauschal jeden bemängelten Eintrag damit löschen!
Wo ist das Log dazu?

FW313 30.04.2012 20:08

Das wurde mir in dem anderen Forum gesagt, die Löschfunktion habe ich natürlich deaktiviert aber das Programm hat ohnehin nichts gefunden.

Hier ist der Log:

Code:

13:40:52.0342 4268        TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
13:40:52.0541 4268        ============================================================
13:40:52.0541 4268        Current date / time: 2012/04/25 13:40:52.0541
13:40:52.0541 4268        SystemInfo:
13:40:52.0541 4268       
13:40:52.0541 4268        OS Version: 6.0.6002 ServicePack: 2.0
13:40:52.0541 4268        Product type: Workstation
13:40:52.0541 4268        ComputerName: ***-PC
13:40:52.0541 4268        UserName: ***
13:40:52.0541 4268        Windows directory: C:\Windows
13:40:52.0541 4268        System windows directory: C:\Windows
13:40:52.0541 4268        Processor architecture: Intel x86
13:40:52.0541 4268        Number of processors: 4
13:40:52.0541 4268        Page size: 0x1000
13:40:52.0541 4268        Boot type: Normal boot
13:40:52.0541 4268        ============================================================
13:40:53.0934 4268        Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:40:53.0951 4268        ============================================================
13:40:53.0951 4268        \Device\Harddisk0\DR0:
13:40:53.0951 4268        MBR partitions:
13:40:53.0951 4268        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1194800, BlocksNum 0x269C1000
13:40:53.0951 4268        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27B55800, BlocksNum 0x4CBB0DB0
13:40:53.0951 4268        ============================================================
13:40:54.0001 4268        C: <-> \Device\Harddisk0\DR0\Partition0
13:40:54.0034 4268        D: <-> \Device\Harddisk0\DR0\Partition1
13:40:54.0034 4268        ============================================================
13:40:54.0034 4268        Initialize success
13:40:54.0034 4268        ============================================================
13:41:14.0660 2716        ============================================================
13:41:14.0660 2716        Scan started
13:41:14.0660 2716        Mode: Manual;
13:41:14.0660 2716        ============================================================
13:41:15.0062 2716        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:41:15.0064 2716        ACPI - ok
13:41:15.0123 2716        AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:41:15.0126 2716        AdobeFlashPlayerUpdateSvc - ok
13:41:15.0164 2716        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
13:41:15.0168 2716        adp94xx - ok
13:41:15.0198 2716        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
13:41:15.0201 2716        adpahci - ok
13:41:15.0236 2716        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
13:41:15.0237 2716        adpu160m - ok
13:41:15.0263 2716        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
13:41:15.0264 2716        adpu320 - ok
13:41:15.0294 2716        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
13:41:15.0295 2716        AeLookupSvc - ok
13:41:15.0333 2716        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:41:15.0335 2716        AFD - ok
13:41:15.0377 2716        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
13:41:15.0377 2716        agp440 - ok
13:41:15.0422 2716        ahcix86s        (fbe4016f9ef3ab3db547e40a936b6cd9) C:\Windows\system32\drivers\ahcix86s.sys
13:41:15.0423 2716        ahcix86s - ok
13:41:15.0455 2716        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:41:15.0457 2716        aic78xx - ok
13:41:15.0498 2716        ALG            (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
13:41:15.0499 2716        ALG - ok
13:41:15.0515 2716        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
13:41:15.0516 2716        aliide - ok
13:41:15.0529 2716        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
13:41:15.0530 2716        amdagp - ok
13:41:15.0546 2716        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
13:41:15.0546 2716        amdide - ok
13:41:15.0564 2716        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
13:41:15.0565 2716        AmdK7 - ok
13:41:15.0592 2716        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
13:41:15.0593 2716        AmdK8 - ok
13:41:15.0861 2716        AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:41:15.0862 2716        AntiVirSchedulerService - ok
13:41:15.0910 2716        AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:41:15.0911 2716        AntiVirService - ok
13:41:15.0944 2716        Appinfo        (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
13:41:15.0945 2716        Appinfo - ok
13:41:15.0971 2716        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
13:41:15.0972 2716        arc - ok
13:41:16.0003 2716        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
13:41:16.0003 2716        arcsas - ok
13:41:16.0040 2716        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:41:16.0041 2716        AsyncMac - ok
13:41:16.0068 2716        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:41:16.0068 2716        atapi - ok
13:41:16.0104 2716        atksgt          (72bc628af75c4c3250f2a3bac260265a) C:\Windows\system32\DRIVERS\atksgt.sys
13:41:16.0115 2716        atksgt - ok
13:41:16.0195 2716        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:41:16.0198 2716        AudioEndpointBuilder - ok
13:41:16.0204 2716        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:41:16.0208 2716        Audiosrv - ok
13:41:16.0239 2716        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
13:41:16.0246 2716        avgntflt - ok
13:41:16.0276 2716        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
13:41:16.0284 2716        avipbb - ok
13:41:16.0303 2716        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
13:41:16.0310 2716        avkmgr - ok
13:41:16.0327 2716        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:41:16.0328 2716        Beep - ok
13:41:16.0395 2716        BFE            (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
13:41:16.0398 2716        BFE - ok
13:41:16.0464 2716        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
13:41:16.0476 2716        BITS - ok
13:41:16.0493 2716        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
13:41:16.0494 2716        blbdrive - ok
13:41:16.0542 2716        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:41:16.0543 2716        bowser - ok
13:41:16.0578 2716        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:41:16.0579 2716        BrFiltLo - ok
13:41:16.0592 2716        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:41:16.0593 2716        BrFiltUp - ok
13:41:16.0615 2716        Browser        (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
13:41:16.0616 2716        Browser - ok
13:41:16.0635 2716        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:41:16.0636 2716        Brserid - ok
13:41:16.0658 2716        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:41:16.0659 2716        BrSerWdm - ok
13:41:16.0685 2716        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:41:16.0686 2716        BrUsbMdm - ok
13:41:16.0699 2716        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:41:16.0700 2716        BrUsbSer - ok
13:41:16.0724 2716        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:41:16.0725 2716        BTHMODEM - ok
13:41:16.0763 2716        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:41:16.0768 2716        cdfs - ok
13:41:16.0791 2716        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:41:16.0792 2716        cdrom - ok
13:41:16.0839 2716        CertPropSvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:41:16.0845 2716        CertPropSvc - ok
13:41:16.0870 2716        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
13:41:16.0871 2716        circlass - ok
13:41:17.0214 2716        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:41:17.0223 2716        CLFS - ok
13:41:17.0489 2716        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:41:17.0496 2716        clr_optimization_v2.0.50727_32 - ok
13:41:17.0562 2716        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:41:17.0563 2716        clr_optimization_v4.0.30319_32 - ok
13:41:17.0584 2716        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
13:41:17.0585 2716        cmdide - ok
13:41:17.0600 2716        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
13:41:17.0601 2716        Compbatt - ok
13:41:17.0604 2716        COMSysApp - ok
13:41:17.0632 2716        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
13:41:17.0637 2716        crcdisk - ok
13:41:17.0661 2716        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
13:41:17.0662 2716        Crusoe - ok
13:41:17.0703 2716        CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
13:41:17.0705 2716        CryptSvc - ok
13:41:17.0757 2716        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:41:17.0766 2716        DcomLaunch - ok
13:41:17.0792 2716        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:41:17.0794 2716        DfsC - ok
13:41:17.0920 2716        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
13:41:17.0971 2716        DFSR - ok
13:41:18.0071 2716        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
13:41:18.0073 2716        Dhcp - ok
13:41:18.0120 2716        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:41:18.0121 2716        disk - ok
13:41:18.0163 2716        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
13:41:18.0165 2716        Dnscache - ok
13:41:18.0204 2716        dot3svc        (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
13:41:18.0207 2716        dot3svc - ok
13:41:18.0248 2716        DPS            (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
13:41:18.0250 2716        DPS - ok
13:41:18.0273 2716        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:41:18.0274 2716        drmkaud - ok
13:41:18.0315 2716        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:41:18.0323 2716        DXGKrnl - ok
13:41:18.0363 2716        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:41:18.0364 2716        E1G60 - ok
13:41:18.0386 2716        EapHost        (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
13:41:18.0388 2716        EapHost - ok
13:41:18.0420 2716        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:41:18.0422 2716        Ecache - ok
13:41:18.0485 2716        ehRecvr        (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
13:41:18.0487 2716        ehRecvr - ok
13:41:18.0503 2716        ehSched        (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
13:41:18.0505 2716        ehSched - ok
13:41:18.0518 2716        ehstart        (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
13:41:18.0519 2716        ehstart - ok
13:41:18.0550 2716        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
13:41:18.0553 2716        elxstor - ok
13:41:18.0604 2716        EMDMgmt        (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
13:41:18.0610 2716        EMDMgmt - ok
13:41:18.0630 2716        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
13:41:18.0631 2716        ErrDev - ok
13:41:18.0660 2716        EventSystem    (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
13:41:18.0664 2716        EventSystem - ok
13:41:18.0702 2716        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:41:18.0703 2716        exfat - ok
13:41:18.0742 2716        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:41:18.0744 2716        fastfat - ok
13:41:18.0768 2716        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
13:41:18.0768 2716        fdc - ok
13:41:18.0773 2716        fdPHost        (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
13:41:18.0774 2716        fdPHost - ok
13:41:18.0783 2716        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
13:41:18.0785 2716        FDResPub - ok
13:41:18.0806 2716        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:41:18.0807 2716        FileInfo - ok
13:41:18.0835 2716        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:41:18.0836 2716        Filetrace - ok
13:41:19.0038 2716        FirebirdServerMAGIXInstance (167d24a045499ebef438f231976158df) C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
13:41:19.0058 2716        FirebirdServerMAGIXInstance - ok
13:41:19.0144 2716        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:41:19.0145 2716        flpydisk - ok
13:41:19.0182 2716        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:41:19.0184 2716        FltMgr - ok
13:41:19.0257 2716        FontCache      (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
13:41:19.0266 2716        FontCache - ok
13:41:19.0491 2716        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:41:19.0496 2716        FontCache3.0.0.0 - ok
13:41:19.0528 2716        Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
13:41:19.0531 2716        Fs_Rec - ok
13:41:19.0553 2716        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
13:41:19.0554 2716        gagp30kx - ok
13:41:19.0641 2716        GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
13:41:19.0642 2716        GoogleDesktopManager-051210-111108 - ok
13:41:19.0688 2716        gpsvc          (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
13:41:19.0697 2716        gpsvc - ok
13:41:19.0769 2716        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:41:19.0770 2716        gupdate - ok
13:41:19.0781 2716        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:41:19.0782 2716        gupdatem - ok
13:41:19.0810 2716        gusvc          (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:41:19.0812 2716        gusvc - ok
13:41:19.0865 2716        HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
13:41:19.0867 2716        HdAudAddService - ok
13:41:19.0926 2716        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:41:19.0932 2716        HDAudBus - ok
13:41:19.0950 2716        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:41:19.0950 2716        HidBth - ok
13:41:19.0975 2716        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:41:19.0976 2716        HidIr - ok
13:41:19.0996 2716        hidserv        (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
13:41:19.0997 2716        hidserv - ok
13:41:20.0019 2716        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:41:20.0020 2716        HidUsb - ok
13:41:20.0042 2716        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
13:41:20.0050 2716        hkmsvc - ok
13:41:20.0077 2716        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
13:41:20.0077 2716        HpCISSs - ok
13:41:20.0126 2716        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:41:20.0129 2716        HTTP - ok
13:41:20.0159 2716        hwdatacard      (4e370a583e78b614918c8f2cd5b733ef) C:\Windows\system32\DRIVERS\ewusbmdm.sys
13:41:20.0161 2716        hwdatacard - ok
13:41:20.0186 2716        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
13:41:20.0187 2716        i2omp - ok
13:41:20.0223 2716        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:41:20.0224 2716        i8042prt - ok
13:41:20.0271 2716        iaStor          (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys
13:41:20.0273 2716        iaStor - ok
13:41:20.0295 2716        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
13:41:20.0297 2716        iaStorV - ok
13:41:20.0387 2716        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:41:20.0397 2716        IDriverT - ok
13:41:20.0505 2716        idsvc          (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:41:20.0536 2716        idsvc - ok
13:41:20.0577 2716        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:41:20.0577 2716        iirsp - ok
13:41:20.0629 2716        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
13:41:20.0635 2716        IKEEXT - ok
13:41:20.0803 2716        IntcAzAudAddService (516e2292f266c2f30089b5479c355858) C:\Windows\system32\drivers\RTKVHDA.sys
13:41:20.0890 2716        IntcAzAudAddService - ok
13:41:20.0972 2716        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
13:41:20.0972 2716        intelide - ok
13:41:20.0996 2716        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:41:20.0997 2716        intelppm - ok
13:41:21.0032 2716        IPBusEnum      (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
13:41:21.0034 2716        IPBusEnum - ok
13:41:21.0053 2716        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:41:21.0054 2716        IpFilterDriver - ok
13:41:21.0089 2716        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
13:41:21.0092 2716        iphlpsvc - ok
13:41:21.0101 2716        IpInIp - ok
13:41:21.0133 2716        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
13:41:21.0133 2716        IPMIDRV - ok
13:41:21.0163 2716        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:41:21.0165 2716        IPNAT - ok
13:41:21.0176 2716        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:41:21.0176 2716        IRENUM - ok
13:41:21.0197 2716        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
13:41:21.0198 2716        isapnp - ok
13:41:21.0232 2716        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:41:21.0233 2716        iScsiPrt - ok
13:41:21.0257 2716        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:41:21.0258 2716        iteatapi - ok
13:41:21.0304 2716        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:41:21.0305 2716        iteraid - ok
13:41:21.0347 2716        JRAID          (c36f3a1a4e8416ef43f30deab7701730) C:\Windows\system32\drivers\jraid.sys
13:41:21.0348 2716        JRAID - ok
13:41:21.0374 2716        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:41:21.0380 2716        kbdclass - ok
13:41:21.0399 2716        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:41:21.0400 2716        kbdhid - ok
13:41:21.0415 2716        KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:41:21.0417 2716        KeyIso - ok
13:41:21.0443 2716        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
13:41:21.0447 2716        KSecDD - ok
13:41:21.0475 2716        KtmRm          (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
13:41:21.0480 2716        KtmRm - ok
13:41:21.0506 2716        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
13:41:21.0510 2716        LanmanServer - ok
13:41:21.0533 2716        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
13:41:21.0537 2716        LanmanWorkstation - ok
13:41:21.0589 2716        lirsgt          (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys
13:41:21.0594 2716        lirsgt - ok
13:41:21.0608 2716        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:41:21.0609 2716        lltdio - ok
13:41:21.0642 2716        lltdsvc        (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
13:41:21.0645 2716        lltdsvc - ok
13:41:21.0674 2716        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
13:41:21.0676 2716        lmhosts - ok
13:41:21.0706 2716        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
13:41:21.0707 2716        LSI_FC - ok
13:41:21.0735 2716        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
13:41:21.0736 2716        LSI_SAS - ok
13:41:21.0760 2716        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
13:41:21.0761 2716        LSI_SCSI - ok
13:41:21.0798 2716        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:41:21.0799 2716        luafv - ok
13:41:21.0821 2716        Mcx2Svc        (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
13:41:21.0823 2716        Mcx2Svc - ok
13:41:21.0863 2716        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
13:41:21.0863 2716        megasas - ok
13:41:21.0899 2716        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
13:41:21.0902 2716        MegaSR - ok
13:41:21.0926 2716        MMCSS          (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:41:21.0928 2716        MMCSS - ok
13:41:21.0948 2716        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:41:21.0952 2716        Modem - ok
13:41:21.0980 2716        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:41:21.0981 2716        monitor - ok
13:41:21.0989 2716        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:41:21.0996 2716        mouclass - ok
13:41:22.0010 2716        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:41:22.0011 2716        mouhid - ok
13:41:22.0020 2716        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:41:22.0022 2716        MountMgr - ok
13:41:22.0058 2716        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
13:41:22.0059 2716        mpio - ok
13:41:22.0083 2716        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:41:22.0084 2716        mpsdrv - ok
13:41:22.0123 2716        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
13:41:22.0128 2716        MpsSvc - ok
13:41:22.0149 2716        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:41:22.0150 2716        Mraid35x - ok
13:41:22.0173 2716        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:41:22.0175 2716        MRxDAV - ok
13:41:22.0194 2716        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:41:22.0195 2716        mrxsmb - ok
13:41:22.0223 2716        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:41:22.0225 2716        mrxsmb10 - ok
13:41:22.0243 2716        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:41:22.0244 2716        mrxsmb20 - ok
13:41:22.0268 2716        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
13:41:22.0268 2716        msahci - ok
13:41:22.0296 2716        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
13:41:22.0297 2716        msdsm - ok
13:41:22.0321 2716        MSDTC          (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
13:41:22.0324 2716        MSDTC - ok
13:41:22.0356 2716        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:41:22.0360 2716        Msfs - ok
13:41:22.0385 2716        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:41:22.0390 2716        msisadrv - ok
13:41:22.0421 2716        MSiSCSI        (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
13:41:22.0423 2716        MSiSCSI - ok
13:41:22.0427 2716        msiserver - ok
13:41:22.0454 2716        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:41:22.0455 2716        MSKSSRV - ok
13:41:22.0488 2716        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:41:22.0489 2716        MSPCLOCK - ok
13:41:22.0494 2716        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:41:22.0496 2716        MSPQM - ok
13:41:22.0521 2716        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:41:22.0522 2716        MsRPC - ok
13:41:22.0544 2716        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:41:22.0545 2716        mssmbios - ok
13:41:22.0569 2716        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:41:22.0570 2716        MSTEE - ok
13:41:22.0578 2716        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:41:22.0580 2716        Mup - ok
13:41:22.0628 2716        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
13:41:22.0635 2716        napagent - ok
13:41:22.0668 2716        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:41:22.0670 2716        NativeWifiP - ok
13:41:22.0738 2716        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:41:22.0744 2716        NDIS - ok
13:41:22.0756 2716        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:41:22.0757 2716        NdisTapi - ok
13:41:22.0768 2716        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:41:22.0768 2716        Ndisuio - ok
13:41:22.0778 2716        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:41:22.0779 2716        NdisWan - ok
13:41:22.0788 2716        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:41:22.0795 2716        NDProxy - ok
13:41:23.0117 2716        Nero BackItUp Scheduler 3 (a0101e836d2a39682e134c47b1565256) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
13:41:23.0132 2716        Nero BackItUp Scheduler 3 - ok
13:41:23.0137 2716        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:41:23.0138 2716        NetBIOS - ok
13:41:23.0167 2716        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:41:23.0168 2716        netbt - ok
13:41:23.0204 2716        Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:41:23.0206 2716        Netlogon - ok
13:41:23.0257 2716        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
13:41:23.0261 2716        Netman - ok
13:41:23.0290 2716        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
13:41:23.0294 2716        netprofm - ok
13:41:23.0350 2716        netr28u        (6f8480809d14f0594b4b1df07385da33) C:\Windows\system32\DRIVERS\netr28u.sys
13:41:23.0364 2716        netr28u - ok
13:41:23.0426 2716        NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:41:23.0435 2716        NetTcpPortSharing - ok
13:41:23.0455 2716        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:41:23.0456 2716        nfrd960 - ok
13:41:23.0473 2716        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
13:41:23.0476 2716        NlaSvc - ok
13:41:23.0574 2716        NMIndexingService (9cf3e134eb0490d60fe68631a7d666a0) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
13:41:23.0629 2716        NMIndexingService - ok
13:41:23.0655 2716        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:41:23.0661 2716        Npfs - ok
13:41:23.0673 2716        nsi            (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
13:41:23.0676 2716        nsi - ok
13:41:23.0684 2716        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:41:23.0685 2716        nsiproxy - ok
13:41:23.0755 2716        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:41:23.0782 2716        Ntfs - ok
13:41:23.0795 2716        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:41:23.0795 2716        ntrigdigi - ok
13:41:23.0816 2716        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:41:23.0819 2716        Null - ok
13:41:23.0918 2716        NVENETFD        (adb84b1e6b837c45443aa25abe9e7012) C:\Windows\system32\DRIVERS\nvmfdx32.sys
13:41:23.0938 2716        NVENETFD - ok
13:41:24.0391 2716        nvlddmkm        (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:41:24.0745 2716        nvlddmkm - ok
13:41:24.0846 2716        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
13:41:24.0847 2716        nvraid - ok
13:41:24.0875 2716        nvsmu          (736054614ab962d4ec01ef4abce115f1) C:\Windows\system32\DRIVERS\nvsmu.sys
13:41:24.0876 2716        nvsmu - ok
13:41:24.0901 2716        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
13:41:24.0902 2716        nvstor - ok
13:41:24.0962 2716        nvsvc          (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe
13:41:24.0971 2716        nvsvc - ok
13:41:25.0226 2716        nvUpdatusService (c78581c14699c46fe0f0817416383134) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:41:25.0259 2716        nvUpdatusService - ok
13:41:25.0513 2716        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
13:41:25.0514 2716        nv_agp - ok
13:41:25.0518 2716        NwlnkFlt - ok
13:41:25.0525 2716        NwlnkFwd - ok
13:41:25.0845 2716        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:41:25.0849 2716        odserv - ok
13:41:25.0885 2716        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
13:41:25.0886 2716        ohci1394 - ok
13:41:25.0932 2716        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:41:25.0933 2716        ose - ok
13:41:25.0982 2716        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:41:25.0992 2716        p2pimsvc - ok
13:41:26.0002 2716        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:41:26.0008 2716        p2psvc - ok
13:41:26.0032 2716        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:41:26.0033 2716        Parport - ok
13:41:26.0071 2716        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
13:41:26.0073 2716        partmgr - ok
13:41:26.0089 2716        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:41:26.0089 2716        Parvdm - ok
13:41:26.0125 2716        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
13:41:26.0128 2716        PcaSvc - ok
13:41:26.0140 2716        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:41:26.0141 2716        pci - ok
13:41:26.0160 2716        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
13:41:26.0166 2716        pciide - ok
13:41:26.0197 2716        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:41:26.0198 2716        pcmcia - ok
13:41:26.0271 2716        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:41:26.0282 2716        PEAUTH - ok
13:41:26.0371 2716        pla            (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
13:41:26.0403 2716        pla - ok
13:41:26.0499 2716        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
13:41:26.0503 2716        PlugPlay - ok
13:41:26.0548 2716        PNRPAutoReg    (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:41:26.0554 2716        PNRPAutoReg - ok
13:41:26.0565 2716        PNRPsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:41:26.0571 2716        PNRPsvc - ok
13:41:26.0609 2716        PolicyAgent    (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
13:41:26.0613 2716        PolicyAgent - ok
13:41:26.0647 2716        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:41:26.0648 2716        PptpMiniport - ok
13:41:26.0668 2716        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
13:41:26.0668 2716        Processor - ok
13:41:26.0699 2716        ProfSvc        (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
13:41:26.0703 2716        ProfSvc - ok
13:41:26.0727 2716        ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:41:26.0728 2716        ProtectedStorage - ok
13:41:26.0742 2716        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:41:26.0743 2716        PSched - ok
13:41:26.0783 2716        PVUSB          (72289d214b581981a860b0f9fb61e9c8) C:\Windows\system32\DRIVERS\CESG502.sys
13:41:26.0783 2716        PVUSB - ok
13:41:26.0807 2716        PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
13:41:26.0808 2716        PxHelp20 - ok
13:41:26.0901 2716        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
13:41:26.0922 2716        ql2300 - ok
13:41:26.0950 2716        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:41:26.0951 2716        ql40xx - ok
13:41:26.0980 2716        QWAVE          (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
13:41:26.0984 2716        QWAVE - ok
13:41:26.0991 2716        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:41:26.0997 2716        QWAVEdrv - ok
13:41:27.0009 2716        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:41:27.0010 2716        RasAcd - ok
13:41:27.0033 2716        RasAuto        (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
13:41:27.0036 2716        RasAuto - ok
13:41:27.0049 2716        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:41:27.0050 2716        Rasl2tp - ok
13:41:27.0082 2716        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
13:41:27.0086 2716        RasMan - ok
13:41:27.0109 2716        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:41:27.0110 2716        RasPppoe - ok
13:41:27.0122 2716        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:41:27.0123 2716        RasSstp - ok
13:41:27.0152 2716        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:41:27.0154 2716        rdbss - ok
13:41:27.0162 2716        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:41:27.0163 2716        RDPCDD - ok
13:41:27.0199 2716        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
13:41:27.0201 2716        rdpdr - ok
13:41:27.0208 2716        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:41:27.0209 2716        RDPENCDD - ok
13:41:27.0264 2716        RDPWD          (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
13:41:27.0266 2716        RDPWD - ok
13:41:27.0299 2716        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
13:41:27.0302 2716        RemoteAccess - ok
13:41:27.0329 2716        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
13:41:27.0332 2716        RemoteRegistry - ok
13:41:27.0348 2716        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
13:41:27.0350 2716        RpcLocator - ok
13:41:27.0380 2716        RpcSs          (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:41:27.0387 2716        RpcSs - ok
13:41:27.0401 2716        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:41:27.0402 2716        rspndr - ok
13:41:27.0423 2716        SamSs          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:41:27.0425 2716        SamSs - ok
13:41:27.0448 2716        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:41:27.0449 2716        sbp2port - ok
13:41:27.0488 2716        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
13:41:27.0491 2716        SCardSvr - ok
13:41:27.0537 2716        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
13:41:27.0544 2716        Schedule - ok
13:41:27.0573 2716        SCPolicySvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:41:27.0574 2716        SCPolicySvc - ok
13:41:27.0609 2716        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
13:41:27.0612 2716        SDRSVC - ok
13:41:27.0627 2716        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:41:27.0631 2716        secdrv - ok
13:41:27.0642 2716        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
13:41:27.0645 2716        seclogon - ok
13:41:27.0653 2716        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
13:41:27.0656 2716        SENS - ok
13:41:27.0668 2716        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:41:27.0669 2716        Serenum - ok
13:41:27.0686 2716        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:41:27.0687 2716        Serial - ok
13:41:27.0706 2716        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:41:27.0707 2716        sermouse - ok
13:41:27.0739 2716        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
13:41:27.0742 2716        SessionEnv - ok
13:41:27.0763 2716        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
13:41:27.0763 2716        sffdisk - ok
13:41:27.0777 2716        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
13:41:27.0778 2716        sffp_mmc - ok
13:41:27.0793 2716        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
13:41:27.0794 2716        sffp_sd - ok
13:41:27.0817 2716        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:41:27.0817 2716        sfloppy - ok
13:41:27.0860 2716        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
13:41:27.0864 2716        SharedAccess - ok
13:41:27.0907 2716        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
13:41:27.0910 2716        ShellHWDetection - ok
13:41:27.0928 2716        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
13:41:27.0929 2716        sisagp - ok
13:41:27.0949 2716        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
13:41:27.0950 2716        SiSRaid2 - ok
13:41:27.0970 2716        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
13:41:27.0971 2716        SiSRaid4 - ok
13:41:28.0134 2716        slsvc          (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
13:41:28.0188 2716        slsvc - ok
13:41:28.0276 2716        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
13:41:28.0281 2716        SLUINotify - ok
13:41:28.0314 2716        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:41:28.0315 2716        Smb - ok
13:41:28.0364 2716        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
13:41:28.0370 2716        SNMPTRAP - ok
13:41:28.0379 2716        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:41:28.0384 2716        spldr - ok
13:41:28.0404 2716        Spooler        (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
13:41:28.0409 2716        Spooler - ok
13:41:28.0451 2716        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:41:28.0454 2716        srv - ok
13:41:28.0473 2716        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:41:28.0474 2716        srv2 - ok
13:41:28.0483 2716        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:41:28.0484 2716        srvnet - ok
13:41:28.0503 2716        SSDPSRV        (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
13:41:28.0507 2716        SSDPSRV - ok
13:41:28.0534 2716        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
13:41:28.0538 2716        ssmdrv - ok
13:41:28.0562 2716        SstpSvc        (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
13:41:28.0565 2716        SstpSvc - ok
13:41:28.0602 2716        Steam Client Service - ok
13:41:28.0677 2716        Stereo Service  (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:41:28.0679 2716        Stereo Service - ok
13:41:28.0753 2716        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
13:41:28.0760 2716        stisvc - ok
13:41:28.0773 2716        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:41:28.0777 2716        swenum - ok
13:41:28.0861 2716        SwitchBoard    (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:41:28.0865 2716        SwitchBoard - ok
13:41:28.0900 2716        swprv          (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
13:41:28.0905 2716        swprv - ok
13:41:28.0933 2716        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:41:28.0934 2716        Symc8xx - ok
13:41:28.0960 2716        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:41:28.0961 2716        Sym_hi - ok
13:41:28.0980 2716        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:41:28.0980 2716        Sym_u3 - ok
13:41:29.0027 2716        SysMain        (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
13:41:29.0035 2716        SysMain - ok
13:41:29.0060 2716        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
13:41:29.0063 2716        TabletInputService - ok
13:41:29.0100 2716        TapiSrv        (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
13:41:29.0105 2716        TapiSrv - ok
13:41:29.0124 2716        TBS            (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
13:41:29.0127 2716        TBS - ok
13:41:29.0199 2716        Tcpip          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
13:41:29.0209 2716        Tcpip - ok
13:41:29.0220 2716        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
13:41:29.0227 2716        Tcpip6 - ok
13:41:29.0252 2716        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
13:41:29.0257 2716        tcpipreg - ok
13:41:29.0276 2716        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:41:29.0277 2716        TDPIPE - ok
13:41:29.0297 2716        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:41:29.0298 2716        TDTCP - ok
13:41:29.0324 2716        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:41:29.0325 2716        tdx - ok
13:41:29.0350 2716        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:41:29.0356 2716        TermDD - ok
13:41:29.0390 2716        TermService    (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
13:41:29.0396 2716        TermService - ok
13:41:29.0475 2716        TestHandler    (250b9120c7c103afdc0c6643f9691055) C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
13:41:29.0477 2716        TestHandler - ok
13:41:29.0518 2716        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
13:41:29.0522 2716        Themes - ok
13:41:29.0549 2716        THREADORDER    (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:41:29.0551 2716        THREADORDER - ok
13:41:29.0574 2716        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
13:41:29.0577 2716        TrkWks - ok
13:41:29.0608 2716        truecrypt      (746b8cf9cededdd865472544edf626da) C:\Windows\system32\drivers\truecrypt.sys
13:41:29.0618 2716        truecrypt - ok
13:41:29.0645 2716        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
13:41:29.0651 2716        TrustedInstaller - ok
13:41:29.0717 2716        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:41:29.0718 2716        tssecsrv - ok
13:41:29.0750 2716        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:41:29.0751 2716        tunmp - ok
13:41:29.0767 2716        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:41:29.0769 2716        tunnel - ok
13:41:29.0793 2716        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
13:41:29.0794 2716        uagp35 - ok
13:41:29.0821 2716        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:41:29.0824 2716        udfs - ok
13:41:29.0842 2716        UI0Detect      (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
13:41:29.0845 2716        UI0Detect - ok
13:41:29.0866 2716        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
13:41:29.0867 2716        uliagpkx - ok
13:41:29.0892 2716        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
13:41:29.0894 2716        uliahci - ok
13:41:29.0920 2716        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:41:29.0921 2716        UlSata - ok
13:41:29.0944 2716        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:41:29.0945 2716        ulsata2 - ok
13:41:29.0972 2716        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:41:29.0973 2716        umbus - ok
13:41:29.0999 2716        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
13:41:30.0004 2716        upnphost - ok
13:41:30.0095 2716        UPnPService    (7ce0fe34fd8fb7f52d1e503b0c1e4fa9) C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
13:41:30.0101 2716        UPnPService - ok
13:41:30.0148 2716        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
13:41:30.0149 2716        usbaudio - ok
13:41:30.0178 2716        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:41:30.0179 2716        usbccgp - ok
13:41:30.0200 2716        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:41:30.0200 2716        usbcir - ok
13:41:30.0228 2716        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:41:30.0229 2716        usbehci - ok
13:41:30.0247 2716        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:41:30.0249 2716        usbhub - ok
13:41:30.0258 2716        usbohci        (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
13:41:30.0259 2716        usbohci - ok
13:41:30.0284 2716        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:41:30.0285 2716        usbprint - ok
13:41:30.0332 2716        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:41:30.0333 2716        usbscan - ok
13:41:30.0362 2716        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:41:30.0362 2716        USBSTOR - ok
13:41:30.0380 2716        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:41:30.0382 2716        usbuhci - ok
13:41:30.0403 2716        UxSms          (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
13:41:30.0407 2716        UxSms - ok
13:41:30.0450 2716        vds            (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
13:41:30.0457 2716        vds - ok
13:41:30.0472 2716        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
13:41:30.0473 2716        vga - ok
13:41:30.0478 2716        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:41:30.0480 2716        VgaSave - ok
13:41:30.0509 2716        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
13:41:30.0510 2716        viaagp - ok
13:41:30.0530 2716        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
13:41:30.0531 2716        ViaC7 - ok
13:41:30.0559 2716        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
13:41:30.0559 2716        viaide - ok
13:41:30.0580 2716        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:41:30.0581 2716        volmgr - ok
13:41:30.0608 2716        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:41:30.0610 2716        volmgrx - ok
13:41:30.0649 2716        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:41:30.0651 2716        volsnap - ok
13:41:30.0675 2716        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
13:41:30.0676 2716        vsmraid - ok
13:41:30.0742 2716        VSS            (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
13:41:30.0753 2716        VSS - ok
13:41:30.0780 2716        W32Time        (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
13:41:30.0784 2716        W32Time - ok
13:41:30.0815 2716        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:41:30.0816 2716        WacomPen - ok
13:41:30.0832 2716        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:41:30.0833 2716        Wanarp - ok
13:41:30.0846 2716        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:41:30.0848 2716        Wanarpv6 - ok
13:41:30.0908 2716        wcncsvc        (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
13:41:30.0915 2716        wcncsvc - ok
13:41:30.0942 2716        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
13:41:30.0945 2716        WcsPlugInService - ok
13:41:30.0958 2716        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
13:41:30.0963 2716        Wd - ok
13:41:30.0985 2716        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:41:30.0991 2716        Wdf01000 - ok
13:41:31.0001 2716        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:41:31.0004 2716        WdiServiceHost - ok
13:41:31.0019 2716        WdiSystemHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:41:31.0023 2716        WdiSystemHost - ok
13:41:31.0045 2716        WebClient      (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
13:41:31.0049 2716        WebClient - ok
13:41:31.0078 2716        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
13:41:31.0082 2716        Wecsvc - ok
13:41:31.0095 2716        wercplsupport  (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
13:41:31.0098 2716        wercplsupport - ok
13:41:31.0111 2716        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
13:41:31.0121 2716        WerSvc - ok
13:41:31.0174 2716        WinDefend      (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
13:41:31.0176 2716        WinDefend - ok
13:41:31.0184 2716        WinHttpAutoProxySvc - ok
13:41:31.0240 2716        Winmgmt        (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
13:41:31.0242 2716        Winmgmt - ok
13:41:31.0325 2716        WinRM          (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
13:41:31.0344 2716        WinRM - ok
13:41:31.0404 2716        Wlansvc        (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
13:41:31.0414 2716        Wlansvc - ok
13:41:31.0537 2716        wlidsvc        (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:41:31.0576 2716        wlidsvc - ok
13:41:31.0640 2716        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:41:31.0640 2716        WmiAcpi - ok
13:41:31.0702 2716        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
13:41:31.0704 2716        wmiApSrv - ok
13:41:31.0776 2716        WMPNetworkSvc  (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:41:31.0783 2716        WMPNetworkSvc - ok
13:41:31.0808 2716        WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
13:41:31.0812 2716        WPCSvc - ok
13:41:31.0848 2716        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
13:41:31.0852 2716        WPDBusEnum - ok
13:41:31.0893 2716        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:41:31.0894 2716        WpdUsb - ok
13:41:32.0010 2716        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:41:32.0018 2716        WPFFontCache_v0400 - ok
13:41:32.0054 2716        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:41:32.0055 2716        ws2ifsl - ok
13:41:32.0085 2716        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
13:41:32.0088 2716        wscsvc - ok
13:41:32.0093 2716        WSearch - ok
13:41:32.0217 2716        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
13:41:32.0251 2716        wuauserv - ok
13:41:32.0324 2716        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:41:32.0325 2716        WUDFRd - ok
13:41:32.0360 2716        wudfsvc        (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
13:41:32.0363 2716        wudfsvc - ok
13:41:32.0381 2716        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:41:32.0458 2716        \Device\Harddisk0\DR0 - ok
13:41:32.0461 2716        Boot (0x1200)  (f4f9b226973f88bc72737850dc2f8a92) \Device\Harddisk0\DR0\Partition0
13:41:32.0463 2716        \Device\Harddisk0\DR0\Partition0 - ok
13:41:32.0486 2716        Boot (0x1200)  (92921f5562a488c63399b36733628529) \Device\Harddisk0\DR0\Partition1
13:41:32.0487 2716        \Device\Harddisk0\DR0\Partition1 - ok
13:41:32.0488 2716        ============================================================
13:41:32.0488 2716        Scan finished
13:41:32.0488 2716        ============================================================
13:41:32.0504 4208        Detected object count: 0
13:41:32.0504 4208        Actual detected object count: 0
13:43:31.0337 4508        Deinitialize success


cosinus 01.05.2012 14:42

Zitat:

Das wurde mir in dem anderen Forum gesagt,
Was heißt das? Du hast doch nicht etwas ein Crossposting gemacht oder doch?

FW313 01.05.2012 14:50

Ich habe im Startpost doch geschrieben, dass ich im anderen Forum nicht weiter gekommen bin und darum hier um Hilfe suche.
Ich habe noch nichts unternommen, außer die Scans mit Avira, MBAM, OTL und Tdsskiller.

cosinus 01.05.2012 16:25

Ach im Startposting, naja, ist ja auch schon eine Woche her. Wäre nett gewesen, wenn du mal den Link zum anderen Thread gepostet hättest

Zitat:

Zitat von FW313
da ich in einem anderen Forum nur begrenzt Hilfe bekommen habe,


FW313 01.05.2012 16:45

Zitat:

Zitat von cosinus (Beitrag 822613)
Ach im Startposting, naja, ist ja auch schon eine Woche her. Wäre nett gewesen, wenn du mal den Link zum anderen Thread gepostet hättest

Naja ich hab gedacht wenn ihr ein Problem damit hättet, würdet ihr es sofort sagen.
Der Grund, weshalb ich zu euch gekommen bin ist, dass ich dort innerhalb einer Woche nicht wirklich weiter gekommen bin.
Außerdem ist das hier ein Forum spezielle für Viren etc. und das andere war nur ein Unterforum.
Der Admin dort hat mich auch darauf aufmerksam gemacht, dass Crossposting nicht vorteilhaft ist aber ich hab es per PN mit ihm besprochen.
Wie gesagt, ich habe bis jetzt noch keine Schritte unternommen und ich werde auf jedenfall auf euren Rat hin handeln, euch funkt also ganz sicher niemand dazwischen.
hxxp://forum.chip.de/viren-trojaner-wuermer/hilfe-malware-fund-1629257.html
Wenn ihr wollt lasse ich den Thread auch schließen.

FW313 04.05.2012 16:16

Da nun schon 3 Tage seit der letzten Antwort vergangen sind, bitte ich nochmal freundlich um Hilfe.
Seit meinem Problem sind fast 2 Wochen vergangen und ich bin noch nicht weitergekommen :(
Ich würde mich wirklich sehr freuen, wenn ich meinen PC wieder verwenden könnte.

Danke

cosinus 04.05.2012 19:04

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

FW313 04.05.2012 19:39

Combofix Logfile:
Code:

ComboFix 12-05-04.03 - *** 04.05.2012  20:20:37.1.4 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3327.1654 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\system32\tmp319C.tmp
c:\windows\system32\tmp31CC.tmp
c:\windows\system32\tmpE4DC.tmp
c:\windows\system32\tmpE50B.tmp
D:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-04-04 bis 2012-05-04  ))))))))))))))))))))))))))))))
.
.
2072-04-03 11:13 . 2008-03-21 12:46        607296        ------w-        c:\program files\Microsoft Games\Age of Empires III\deformerdllyD.dll
2012-04-27 18:42 . 2012-04-27 18:42        --------        d-----w-        c:\program files\Mozilla Maintenance Service
2012-04-27 18:42 . 2012-04-27 18:42        157352        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-27 18:42 . 2012-04-27 18:42        129976        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-27 18:34 . 2012-04-27 18:34        --------        d-----w-        c:\program files\ESET
2012-04-21 22:42 . 2012-04-21 22:42        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2012-04-21 22:42 . 2012-04-21 22:42        --------        d-----w-        c:\programdata\Malwarebytes
2012-04-21 22:42 . 2012-04-21 22:42        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-04-21 22:42 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-04-15 15:38 . 2012-04-16 19:43        --------        d-----w-        c:\users\***\AppData\Roaming\.minecraft
2012-04-12 19:44 . 2012-03-06 06:39        3602816        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-04-12 19:44 . 2012-03-06 06:39        3550080        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-04-12 17:59 . 2012-03-01 11:01        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2012-04-10 18:41 . 2012-04-10 18:41        --------        d-----w-        c:\users\***\AppData\Local\2K Games
2012-04-10 18:41 . 2012-04-10 18:41        --------        d-----w-        c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-04-10 15:26 . 2012-05-04 18:07        --------        d-----w-        c:\program files\Steam
2012-04-05 10:43 . 2012-04-13 19:46        418464        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 19:46 . 2011-05-16 13:06        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-29 23:59 . 2012-03-15 18:12        7713088        ----a-w-        c:\windows\system32\nvwgf2um.dll
2012-02-29 23:59 . 2012-03-15 18:12        61248        ----a-w-        c:\windows\system32\OpenCL.dll
2012-02-29 23:59 . 2012-03-15 18:12        5892928        ----a-w-        c:\windows\system32\nvcuda.dll
2012-02-29 23:59 . 2012-03-15 18:12        2517312        ----a-w-        c:\windows\system32\nvcuvid.dll
2012-02-29 23:59 . 2012-03-15 18:12        2437440        ----a-w-        c:\windows\system32\nvcuvenc.dll
2012-02-29 23:59 . 2012-03-15 18:12        19444544        ----a-w-        c:\windows\system32\nvoglv32.dll
2012-02-29 23:59 . 2012-03-15 18:12        10819392        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2012-02-29 23:59 . 2012-03-15 18:12        17543488        ----a-w-        c:\windows\system32\nvcompiler.dll
2012-02-29 23:59 . 2012-02-22 02:05        881984        ----a-w-        c:\windows\system32\nvgenco32.dll
2012-02-29 23:59 . 2012-02-22 02:05        1000256        ----a-w-        c:\windows\system32\nvdispco32.dll
2012-02-29 23:59 . 2008-11-10 16:34        15009600        ----a-w-        c:\windows\system32\nvd3dum.dll
2012-02-29 23:59 . 2008-11-10 16:34        2301248        ----a-w-        c:\windows\system32\nvapi.dll
2012-02-29 20:56 . 2009-03-27 22:03        3881792        ----a-w-        c:\windows\system32\nvcpl.dll
2012-02-29 20:55 . 2008-11-10 16:34        2719040        ----a-w-        c:\windows\system32\nvsvc.dll
2012-02-29 20:53 . 2008-11-10 16:34        108352        ----a-w-        c:\windows\system32\nvmctray.dll
2012-02-29 20:53 . 2011-08-05 14:57        62272        ----a-w-        c:\windows\system32\nvshext.dll
2012-02-29 20:53 . 2008-11-10 16:34        645440        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-02-29 20:53 . 2009-03-27 22:03        2561344        ----a-w-        c:\windows\system32\nvsvcr.dll
2012-02-29 12:26 . 2012-02-29 12:26        416064        ----a-w-        c:\windows\system32\nvStreaming.exe
2012-02-23 08:18 . 2009-10-02 15:47        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-02-22 02:15 . 2012-02-22 02:15        231376        ----a-w-        c:\windows\system32\drivers\truecrypt.sys
2012-02-15 14:41 . 2011-10-14 17:02        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-02-14 15:45 . 2012-03-13 23:33        219648        ----a-w-        c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-13 23:33        160768        ----a-w-        c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-13 23:33        1172480        ----a-w-        c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-13 23:33        683008        ----a-w-        c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-13 23:33        1068544        ----a-w-        c:\windows\system32\DWrite.dll
2012-02-07 09:02 . 2012-02-07 09:02        1070352        ----a-w-        c:\windows\system32\MSCOMCTL.OCX
2009-05-26 07:26 . 2009-05-26 07:26        97336        ----a-w-        c:\program files\bass.dll
2009-05-26 07:26 . 2009-05-26 07:26        64000        ----a-w-        c:\program files\vorbisenc.dll
2009-05-26 07:26 . 2009-05-26 07:26        623616        ----a-w-        c:\program files\No23 Recorder.exe
2009-05-26 07:26 . 2009-05-26 07:26        29184        ----a-w-        c:\program files\no23xwrapper.dll
2009-05-26 07:26 . 2009-05-26 07:26        19456        ----a-w-        c:\program files\vorbisfile.dll
2009-05-26 07:26 . 2009-05-26 07:26        15872        ----a-w-        c:\program files\ogg.dll
2009-05-26 07:26 . 2009-05-26 07:26        155136        ----a-w-        c:\program files\lame_enc.dll
2009-05-26 07:26 . 2009-05-26 07:26        143872        ----a-w-        c:\program files\vorbis.dll
2009-05-26 07:26 . 2009-05-26 07:26        13872        ----a-w-        c:\program files\basscd.dll
2009-05-26 07:26 . 2009-05-26 07:26        102912        ----a-w-        c:\program files\CDRip.dll
2012-04-27 18:42 . 2011-04-01 16:34        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
2010-08-23 02:22 . 2009-11-14 23:11        119808        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 08:32        279944        ----a-w-        c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-12 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"OscarEditor"="c:\program files\MOUSE Editor\MouseEditor.exe" [2010-12-23 3344384]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Steam"="c:\program files\Steam\Steam.exe" [2012-04-10 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EnergySettings"="c:\program files\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe" [2008-09-19 113664]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-23 30192]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-02-24 10025576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Product Registration.lnk - c:\users\***\AppData\Local\Temp\is-78DGV.tmp\ATR1.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hama Wireless LAN Utility.lnk - c:\program files\Hama\Common\RaUI.exe [2011-4-1 974848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:46]
.
2012-03-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-29 04:40]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 12:49]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 12:49]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1980743469-3674975028-2304663644-1000Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-14 18:48]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1980743469-3674975028-2304663644-1000UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-14 18:48]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{A54F7D6E-F1C3-44BC-918E-3C1856CF6B09}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKU-Default-Run-fsc-reg - c:\fsc-reg\fscreg.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-04 20:30
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,15,19,31,f6,ab,a3,65,45,ae,6c,7a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,15,19,31,f6,ab,a3,65,45,ae,6c,7a,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-1980743469-3674975028-2304663644-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:80,93,14,0a,0b,03,1c,f3,a0,4f,67,e2,98,93,ff,00,d4,6a,ac,74,5e,e6,d5,
  02,b1,52,d7,4a,6a,97,04,62,95,86,f8,f9,89,43,5d,ec,f6,2d,b3,3e,9c,08,25,b3,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-1980743469-3674975028-2304663644-1000\Software\SecuROM\License information*]
"datasecu"=hex:75,ad,7d,4a,61,3d,0d,98,35,e2,91,11,1f,a6,c2,b4,9c,09,bb,1e,5e,
  4a,1d,46,42,0a,6d,8e,db,68,a2,4d,f0,ca,fc,79,4d,87,13,d1,e0,a0,f6,81,c1,08,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-05-04  20:34:59
ComboFix-quarantined-files.txt  2012-05-04 18:34
.
Vor Suchlauf: 21 Verzeichnis(se), 76.677.812.224 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 76.081.582.080 Bytes frei
.
- - End Of File - - B77DBD2DEE1E89CE0CEC00BED176BCC9

--- --- ---

Außerdem hab ich heute noch die Auswertung der bf.exe vom Avira-Lab bekommen:
hxxp://analysis.avira.com/samples/details.php?uniqueid=LONdK8ON1QAApcSbZAkkT3nWnAGTcZX5&incidentid=1127189

cosinus 04.05.2012 20:34

Zitat:

2072-04-03 11:13 . 2008-03-21 12:46 607296 ------w- c:\program files\Microsoft Games\Age of Empires III\deformerdllyD.dll
Ja was ist denn das für eine Datei aus der Zukunft vom 3. April 2072 :balla:
Von wem hast du das Spiel Age Of Empires 3

FW313 04.05.2012 20:48

Von niemandem, es gehört mir und ich hab es auch gekauft ;)

cosinus 04.05.2012 21:03

Bitte diese Datei bei Virustotal auswerten lassen und den Ergebnislink posten. Falls Du die Datei nicht siehst, musst Du sie evtl. vorher sichtbar machen.
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.

FW313 04.05.2012 21:15

https://www.virustotal.com/file/2b2c8f5dd18ace9f9be47bf80509b8357dd09434e034c926a4378e4cab1e7ee8/analysis/1336162485/

cosinus 04.05.2012 21:47

Ok, das Teil ist wohl ok, aber das hat mich doch schon nachdenklich gemacht als ich diesen Datumsstempel und die merkwürigen Googlesuchergebnisse zu diesem Dateinamen gesehen hab ;)

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:Folder
c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

FW313 04.05.2012 22:16

Die Datei wurde bereits zur Analyse hochgeladen, also haben sich bestimmt schon einige über das Datum gewundert ^^
Wie sieht es mit dieser bf.exe aus?

Combofix Logfile:
Code:

ComboFix 12-05-04.03 - *** 04.05.2012  23:01:41.2.4 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3327.1592 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-04-04 bis 2012-05-04  ))))))))))))))))))))))))))))))
.
.
2072-04-03 11:13 . 2008-03-21 12:46        607296        ------w-        c:\program files\Microsoft Games\Age of Empires III\deformerdllyD.dll
2012-05-04 21:09 . 2012-05-04 21:09        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-05-04 21:09 . 2012-05-04 21:09        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-05-04 18:12 . 2012-04-13 07:36        6734704        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D083F45-ABD0-4919-91FF-21E7CD936A24}\mpengine.dll
2012-04-27 18:42 . 2012-04-27 18:42        --------        d-----w-        c:\program files\Mozilla Maintenance Service
2012-04-27 18:42 . 2012-04-27 18:42        157352        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-27 18:42 . 2012-04-27 18:42        129976        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-27 18:34 . 2012-04-27 18:34        --------        d-----w-        c:\program files\ESET
2012-04-21 22:42 . 2012-04-21 22:42        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2012-04-21 22:42 . 2012-04-21 22:42        --------        d-----w-        c:\programdata\Malwarebytes
2012-04-21 22:42 . 2012-04-21 22:42        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-04-21 22:42 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-04-15 15:38 . 2012-04-16 19:43        --------        d-----w-        c:\users\***\AppData\Roaming\.minecraft
2012-04-12 19:44 . 2012-03-06 06:39        3602816        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-04-12 19:44 . 2012-03-06 06:39        3550080        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-04-12 17:59 . 2012-03-01 11:01        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2012-04-10 18:41 . 2012-04-10 18:41        --------        d-----w-        c:\users\***\AppData\Local\2K Games
2012-04-10 18:41 . 2012-04-10 18:41        --------        d-----w-        c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-04-10 15:26 . 2012-05-04 20:12        --------        d-----w-        c:\program files\Steam
2012-04-05 10:43 . 2012-04-13 19:46        418464        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 19:46 . 2011-05-16 13:06        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-29 23:59 . 2012-03-15 18:12        7713088        ----a-w-        c:\windows\system32\nvwgf2um.dll
2012-02-29 23:59 . 2012-03-15 18:12        61248        ----a-w-        c:\windows\system32\OpenCL.dll
2012-02-29 23:59 . 2012-03-15 18:12        5892928        ----a-w-        c:\windows\system32\nvcuda.dll
2012-02-29 23:59 . 2012-03-15 18:12        2517312        ----a-w-        c:\windows\system32\nvcuvid.dll
2012-02-29 23:59 . 2012-03-15 18:12        2437440        ----a-w-        c:\windows\system32\nvcuvenc.dll
2012-02-29 23:59 . 2012-03-15 18:12        19444544        ----a-w-        c:\windows\system32\nvoglv32.dll
2012-02-29 23:59 . 2012-03-15 18:12        10819392        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2012-02-29 23:59 . 2012-03-15 18:12        17543488        ----a-w-        c:\windows\system32\nvcompiler.dll
2012-02-29 23:59 . 2012-02-22 02:05        881984        ----a-w-        c:\windows\system32\nvgenco32.dll
2012-02-29 23:59 . 2012-02-22 02:05        1000256        ----a-w-        c:\windows\system32\nvdispco32.dll
2012-02-29 23:59 . 2008-11-10 16:34        15009600        ----a-w-        c:\windows\system32\nvd3dum.dll
2012-02-29 23:59 . 2008-11-10 16:34        2301248        ----a-w-        c:\windows\system32\nvapi.dll
2012-02-29 20:56 . 2009-03-27 22:03        3881792        ----a-w-        c:\windows\system32\nvcpl.dll
2012-02-29 20:55 . 2008-11-10 16:34        2719040        ----a-w-        c:\windows\system32\nvsvc.dll
2012-02-29 20:53 . 2008-11-10 16:34        108352        ----a-w-        c:\windows\system32\nvmctray.dll
2012-02-29 20:53 . 2011-08-05 14:57        62272        ----a-w-        c:\windows\system32\nvshext.dll
2012-02-29 20:53 . 2008-11-10 16:34        645440        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-02-29 20:53 . 2009-03-27 22:03        2561344        ----a-w-        c:\windows\system32\nvsvcr.dll
2012-02-29 12:26 . 2012-02-29 12:26        416064        ----a-w-        c:\windows\system32\nvStreaming.exe
2012-02-23 08:18 . 2009-10-02 15:47        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-02-22 02:15 . 2012-02-22 02:15        231376        ----a-w-        c:\windows\system32\drivers\truecrypt.sys
2012-02-15 14:41 . 2011-10-14 17:02        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-02-14 15:45 . 2012-03-13 23:33        219648        ----a-w-        c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-13 23:33        160768        ----a-w-        c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-13 23:33        1172480        ----a-w-        c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-13 23:33        683008        ----a-w-        c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-13 23:33        1068544        ----a-w-        c:\windows\system32\DWrite.dll
2012-02-07 09:02 . 2012-02-07 09:02        1070352        ----a-w-        c:\windows\system32\MSCOMCTL.OCX
2009-05-26 07:26 . 2009-05-26 07:26        97336        ----a-w-        c:\program files\bass.dll
2009-05-26 07:26 . 2009-05-26 07:26        64000        ----a-w-        c:\program files\vorbisenc.dll
2009-05-26 07:26 . 2009-05-26 07:26        623616        ----a-w-        c:\program files\No23 Recorder.exe
2009-05-26 07:26 . 2009-05-26 07:26        29184        ----a-w-        c:\program files\no23xwrapper.dll
2009-05-26 07:26 . 2009-05-26 07:26        19456        ----a-w-        c:\program files\vorbisfile.dll
2009-05-26 07:26 . 2009-05-26 07:26        15872        ----a-w-        c:\program files\ogg.dll
2009-05-26 07:26 . 2009-05-26 07:26        155136        ----a-w-        c:\program files\lame_enc.dll
2009-05-26 07:26 . 2009-05-26 07:26        143872        ----a-w-        c:\program files\vorbis.dll
2009-05-26 07:26 . 2009-05-26 07:26        13872        ----a-w-        c:\program files\basscd.dll
2009-05-26 07:26 . 2009-05-26 07:26        102912        ----a-w-        c:\program files\CDRip.dll
2012-04-27 18:42 . 2011-04-01 16:34        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
2010-08-23 02:22 . 2009-11-14 23:11        119808        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 08:32        279944        ----a-w-        c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-12 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"OscarEditor"="c:\program files\MOUSE Editor\MouseEditor.exe" [2010-12-23 3344384]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Steam"="c:\program files\Steam\Steam.exe" [2012-04-10 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EnergySettings"="c:\program files\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe" [2008-09-19 113664]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-23 30192]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-02-24 10025576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Product Registration.lnk - c:\users\***\AppData\Local\Temp\is-78DGV.tmp\ATR1.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hama Wireless LAN Utility.lnk - c:\program files\Hama\Common\RaUI.exe [2011-4-1 974848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:46]
.
2012-03-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-29 04:40]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 12:49]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 12:49]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1980743469-3674975028-2304663644-1000Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-14 18:48]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1980743469-3674975028-2304663644-1000UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-14 18:48]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{A54F7D6E-F1C3-44BC-918E-3C1856CF6B09}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m4chw5b8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-04 23:09
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,15,19,31,f6,ab,a3,65,45,ae,6c,7a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,15,19,31,f6,ab,a3,65,45,ae,6c,7a,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-1980743469-3674975028-2304663644-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:80,93,14,0a,0b,03,1c,f3,a0,4f,67,e2,98,93,ff,00,d4,6a,ac,74,5e,e6,d5,
  02,b1,52,d7,4a,6a,97,04,62,95,86,f8,f9,89,43,5d,ec,f6,2d,b3,3e,9c,08,25,b3,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-1980743469-3674975028-2304663644-1000\Software\SecuROM\License information*]
"datasecu"=hex:75,ad,7d,4a,61,3d,0d,98,35,e2,91,11,1f,a6,c2,b4,9c,09,bb,1e,5e,
  4a,1d,46,42,0a,6d,8e,db,68,a2,4d,f0,ca,fc,79,4d,87,13,d1,e0,a0,f6,81,c1,08,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-05-04  23:10:56
ComboFix-quarantined-files.txt  2012-05-04 21:10
ComboFix2.txt  2012-05-04 18:34
.
Vor Suchlauf: 24 Verzeichnis(se), 75.698.896.896 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 75.662.192.640 Bytes frei
.
- - End Of File - - 71DE10BA5DE497EF122B0E878F42FF9B

--- --- ---

cosinus 04.05.2012 22:24

Vergiss die bf.exe erstmal, wir kommen sonst wohl auch nicht weiter

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

FW313 05.05.2012 14:45

GMER Logfile:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-05-05 11:35:00
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EACS-07D6B0 rev.01.01A01
Running: thbpo7en.exe; Driver: C:\Users\***\AppData\Local\Temp\kwtdqpob.sys


---- System - GMER 1.0.15 ----

SSDT  8DE51DE6                                                                                                            ZwCreateSection
SSDT  8DE51DF0                                                                                                            ZwRequestWaitReplyPort
SSDT  8DE51DEB                                                                                                            ZwSetContextThread
SSDT  8DE51DF5                                                                                                            ZwSetSecurityObject
SSDT  8DE51DFA                                                                                                            ZwSystemDebugControl
SSDT  8DE51D87                                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text  ntoskrnl.exe!KeInsertQueue + 405                                                                                    824889FC 4 Bytes  [E6, 1D, E5, 8D] {OUT 0x1d, AL; IN EAX, 0x8d}
.text  ntoskrnl.exe!KeInsertQueue + 729                                                                                    82488D20 4 Bytes  [F0, 1D, E5, 8D]
.text  ntoskrnl.exe!KeInsertQueue + 75D                                                                                    82488D54 4 Bytes  [EB, 1D, E5, 8D] {JMP 0x1f; IN EAX, 0x8d}
.text  ntoskrnl.exe!KeInsertQueue + 7C1                                                                                    82488DB8 4 Bytes  [F5, 1D, E5, 8D]
.text  ntoskrnl.exe!KeInsertQueue + 809                                                                                    82488E00 4 Bytes  [FA, 1D, E5, 8D]
.text  ...                                                                                                               
.text  C:\Windows\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0xA21CA300, 0x3ACC8, 0xE8000020]
.text  C:\Windows\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0xA220D300, 0x1B7E, 0xE8000020]
?      C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                          Das System kann die angegebene Datei nicht finden. !
?      C:\Users\***\AppData\Local\Temp\catchme.sys                                                                      Das System kann die angegebene Datei nicht finden. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT    C:\Windows\Explorer.exe[1568] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown]                              [746E7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.exe[1568] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage]                                [7473A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.exe[1568] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI]                            [746EBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.exe[1568] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode]                      [746DF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.exe[1568] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup]                                [746E75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.exe[1568] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC]                            [746DE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.exe[1568] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM]                [74718395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.exe[1568] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream]                    [746EDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.exe[1568] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight]                            [746DFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.exe[1568] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth]                            [746DFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.exe[1568] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage]                              [746D71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.exe[1568] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM]                      [7476CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.exe[1568] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFile]                        [7470C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.exe[1568] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics]                            [746DD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.exe[1568] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree]                                      [746D6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.exe[1568] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc]                                    [746D687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.exe[1568] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode]                        [746E2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                 
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0xC8 0x28 0x51 0xAF ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                 
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x6A 0x9C 0xD6 0x61 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                 
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0xFF 0x7C 0x85 0xE0 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                 
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x86 0x8C 0x21 0x01 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                 
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xCD 0x44 0xCD 0xB9 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                 
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0xDF 0x20 0x58 0x62 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                 
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0xFB 0xA7 0x78 0xE6 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                 
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0x01 0x3A 0x48 0xFC ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                 
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0xF6 0x0F 0x4E 0x58 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                 
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0x3D 0xCE 0xEA 0x26 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                 
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0x2A 0xB7 0xCC 0xB5 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                 
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:47:41 on 05.05.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 12.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-1980743469-3674975028-2304663644-1000Core.job" - "Google Inc." - C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-1980743469-3674975028-2304663644-1000UA.job" - "Google Inc." - C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kwtdqpob" (kwtdqpob) - ? - C:\Users\***\AppData\Local\Temp\kwtdqpob.sys  (Hidden registry entry, rootkit activity | File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"RT2870 USB Wireless LAN Card Driver for Vista" (netr28u) - "Ralink Technology Corp." - C:\Windows\System32\DRIVERS\netr28u.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{6230EF55-8E71-4F40-861A-DBA282584FF5} "AVSVideoConverter Object" - "Online Media Technologies Ltd." - C:\PROGRA~1\AVS4YOU\AVSVID~1\AVSVID~1.DLL
{79BC0345-1015-11D2-A299-006008312725} "blue.shell" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Google" - ? -  (File not found | COM-object registry key not found)
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{E55FD215-A32E-43FE-A777-A7E8F165F557} "Flatcast Viewer 5.0" - "1 mal 1 Software GmbH" - C:\Windows\DOWNLO~1\NpFv501.dll / hxxp://80.237.209.20/objects/NpFv501.dll
{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.7.0_03" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0_03" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.3.1" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Ask Toolbar" - "Ask.com" - C:\Program Files\AskBarDis\bar\bin\askBar.dll
{0124123D-61B4-456f-AF86-78C53A0790C5} "G DATA WebFilter" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{201f27d4-3704-41d6-89c1-aa35e39143ed} "AskBar BHO" - "Ask.com" - C:\Program Files\AskBarDis\bar\bin\askBar.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "{AA58ED58-01DD-4d91-8333-CF10577473F7}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Product Registration.lnk" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk  (Shortcut exists | File not found)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Hama Wireless LAN Utility.lnk" - "Hama GmbH & Co KG" - C:\Program Files\Hama\Common\RaUI.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"OscarEditor" - ? - "C:\Program Files\MOUSE Editor\MouseEditor.exe" Minimum  (File found, but it contains no detailed information)
"Picasa Media Detector" - "Google Inc." - C:\Program Files\Picasa2\PicasaMediaDetector.exe
"RocketDock" - ? - "C:\Program Files\RocketDock\RocketDock.exe"  (File found, but it contains no detailed information)
"Steam" - "Valve Corporation" - "C:\Program Files\Steam\Steam.exe" -silent
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AdobeAAMUpdater-1.0" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"AdobeCS5ServiceManager" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BrMfcWnd" - "Brother Industries, Ltd." - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"ControlCenter3" - "Brother Industries, Ltd." - C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
"EnergySettings" - "Fujitsu Siemens Computers GmbH" - C:\Program Files\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe
"Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"Google EULA Launcher" - " " - c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
"IndexSearch" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
"NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
"PaperPort PTD" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
"PPort11reminder" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"SwitchBoard" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
"Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
"Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"UPnPService" (UPnPService) - "Magix AG" - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

aswMBR

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-05 11:50:02
-----------------------------
11:50:02.326    OS Version: Windows 6.0.6002 Service Pack 2
11:50:02.326    Number of processors: 4 586 0x1707
11:50:02.327    ComputerName: ***  UserName: ***
11:50:04.745    Initialize success
11:55:52.188    AVAST engine defs: 12050401
11:56:55.646    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:56:55.649    Disk 0 Vendor: WDC_WD10EACS-07D6B0 01.01A01 Size: 953869MB BusType: 3
11:56:56.085    Disk 0 MBR read successfully
11:56:56.088    Disk 0 MBR scan
11:56:56.110    Disk 0 Windows VISTA default MBR code
11:56:56.306    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        9000 MB offset 2048
11:56:56.439    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      316290 MB offset 18434048
11:56:56.567    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      628577 MB offset 666195968
11:56:56.825    Disk 0 scanning sectors +1953523120
11:56:57.908    Disk 0 scanning C:\Windows\system32\drivers
12:00:06.339    Service scanning
12:00:26.689    Modules scanning
12:03:59.013    Disk 0 trace - called modules:
12:03:59.146    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
12:03:59.151    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85bca798]
12:03:59.156    3 CLASSPNP.SYS[8b1b18b3] -> nt!IofCallDriver -> [0x85210918]
12:03:59.161    5 acpi.sys[8aa4c6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85220b98]
12:04:00.143    AVAST engine scan C:\Windows
12:08:58.873    AVAST engine scan C:\Windows\system32
12:49:46.982    AVAST engine scan C:\Windows\system32\drivers
12:51:16.996    AVAST engine scan C:\Users\***
15:03:30.684    AVAST engine scan C:\ProgramData
15:35:43.559    Scan finished successfully
15:40:46.387    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
15:40:46.392    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"


cosinus 06.05.2012 18:28

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

FW313 07.05.2012 15:19

MBAM hat "nur" die Funde aus dem ersten Log gefunden und SuperAntiSpyware noch Adware.
Soll ich den ganzen Kram jetzt entfernen?

MBAM:

Code:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.06.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [Administrator]

06.05.2012 19:40:28
mbam-log-2012-05-06 (21-12-46).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 530489
Laufzeit: 1 Stunde(n), 27 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 9
C:\Users\***\Documents\RCT3\Download\Caederus Drehkreuz Set 2.2\bobleponge.exe (Adware.Onlinegames) -> Keine Aktion durchgeführt.
C:\Users\***\Documents\RCT3\Download\Caederus Drehkreuz Set 2.2\stuk71_Hangar51.exe (Adware.Onlinegames) -> Keine Aktion durchgeführt.
C:\Users\***\Documents\ICQ\599059319\ReceivedFiles\386808809 Steffen\bf.exe (Spyware.Zeus) -> Keine Aktion durchgeführt.
C:\Program Files\lame_enc.dll (Spyware.OnlineGames) -> Keine Aktion durchgeführt.
C:\Program Files\no23xwrapper.dll (Spyware.OnlineGames) -> Keine Aktion durchgeführt.
C:\Program Files\ogg.dll (Spyware.OnlineGames) -> Keine Aktion durchgeführt.
C:\Program Files\vorbis.dll (Spyware.OnlineGames) -> Keine Aktion durchgeführt.
C:\Program Files\vorbisenc.dll (Spyware.OnlineGames) -> Keine Aktion durchgeführt.
C:\Program Files\vorbisfile.dll (Spyware.OnlineGames) -> Keine Aktion durchgeführt.

(Ende)

SUPERAntiSpyware:

Code:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/07/2012 at 04:13 PM

Application Version : 5.0.1148

Core Rules Database Version : 8560
Trace Rules Database Version: 6372

Scan type      : Complete Scan
Total Scan Time : 02:22:55

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 721
Memory threats detected  : 0
Registry items scanned    : 35644
Registry threats detected : 0
File items scanned        : 321045
File threats detected    : 10

Adware.Tracking Cookie
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\RXSUBTZS.txt [ /mediaplex.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\FM6AX3RZ.txt [ /fastclick.net ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\SBFTBILG.txt [ /smartadserver.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\3223PUHQ.txt [ /apmebf.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\TV2VWEHG.txt [ /atdmt.com ]
        C:\USERS\***\Cookies\RXSUBTZS.txt [ Cookie:***@mediaplex.com/ ]
        C:\USERS\***\Cookies\FM6AX3RZ.txt [ Cookie:***@fastclick.net/ ]
        C:\USERS\***\Cookies\SBFTBILG.txt [ Cookie:***@smartadserver.com/ ]
        C:\USERS\***\Cookies\3223PUHQ.txt [ Cookie:***@apmebf.com/ ]
        C:\USERS\***\Cookies\TV2VWEHG.txt [ Cookie:***@atdmt.com/ ]


cosinus 07.05.2012 15:34

Wieso hast du die Funde mit Malwarebytes immer noch nciht entfernt?

FW313 07.05.2012 15:53

Weil ich nach dem Posten der Logs nicht darauf hingewiesen wurde, darin steht ja, dass keine Aktion erfolgt ist.
Außerdem hab ich ja eine Datei bei Avira eingeschickt und ich dachte, das sei vielleicht noch bei anderen nötig ;)

Also weg damit?
Das Zeug von SuperASW auch?

cosinus 07.05.2012 18:57

Zitat:

Weil ich nach dem Posten der Logs nicht darauf hingewiesen wurde, darin steht ja, dass keine Aktion erfolgt ist.
In der Anleitung zu Malwarebytes steht, dass du jeden Fund entfernen sollst. Also auch bitte alles entfernen

Ansonsten wurden nur Cookies von SASW gefunden
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

FW313 07.05.2012 19:10

Vielen Dank für die Tipps zu den Cookies, ich werde mir dieses CookieCuller auf jeden Fall mal anschauen :)

Aus meiner Sicht war bis jetzt schon alles i.O., da ich keine direkte Auswirkung der Funde gemerkt habe.

Zitat:

Zitat von cosinus (Beitrag 826203)
In der Anleitung zu Malwarebytes steht, dass du jeden Fund entfernen sollst. Also auch bitte alles entfernen

Genau das ist das Problem, ich hatte den Log in den Startpost gepackt, er ist also nicht mit der Anleitung von euch entstanden.
Ich entferne jetzt die Funde von MBAM.

Zitat:

Code:

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=12
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=dd6e0121f49c5b4da80c480360568995
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-27 06:52:04
# local_time=2012-04-27 08:52:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 16940891 16940891 0 0
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 814 173085361 0 0
# compatibility_mode=8192 67108863 100 0 937 937 0 0
# scanned=799
# found=0
# cleaned=0
# scan_time=91
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=dd6e0121f49c5b4da80c480360568995
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-28 06:47:27
# local_time=2012-04-28 08:47:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 17009433 17009433 0 0
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 65286 173153903 0 0
# compatibility_mode=8192 67108863 100 0 69479 69479 0 0
# scanned=333904
# found=3
# cleaned=0
# scan_time=17672
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\48447943-2e6f2ae9        Java/TrojanDownloader.OpenStream.NAC trojan (unable to clean)        00000000000000000000000000000000        I
K:\***-PC\Backup Set 2011-08-29 164031\Backup Files 2011-08-29 164031\Backup files 122.zip        Java/TrojanDownloader.OpenStream.NAC trojan (unable to clean)        00000000000000000000000000000000        I
K:\***-PC\Backup Set 2011-08-29 164031\Backup Files 2012-04-15 005200\Backup files 12.zip        Java/TrojanDownloader.OpenStream.NAC trojan (unable to clean)        00000000000000000000000000000000        I


ESET hat ja lt. Log noch etwas gefunden, wie verfahre ich damit bzw. wurde das entfernt?

cosinus 07.05.2012 19:44

Den Java-Cache kann man durchaus manuell leeren, die Backup-Files kannst du ignorieren

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

FW313 07.05.2012 19:55

An dieser Stelle schonmal ein rießiges Dankeschön für die ausführliche Hilfe :)
Wirklich klasse, was ihr hier in eurer Freizeit vollbringt um zu helfen.

Drei Fragen hätte ich noch, bevor ich mein System mal etwas aufräume und update.

1. Ich würde meine externe Festplatte gerne komplett platt machen, so dass wirklich gar nichts mehr drauf ist (u.a. auch wegen der Funde).
Nachdem ich dann alles wieder in Ordnung gebracht habe, lade ich ein frisches Backup drauf.
Wie stell ich das am besten an?

2. Ich werde Avira deinstallieren und mir Avast zulegen, muss ich die Dateien in der Quarantäne vorher löschen oder was passiert damit?

3. Die Funde von Malwarbytes und SuperAntiSpyware befinden sich ebenfalls in Quarantäne. Soll ich die löschen oder dort drin lassen?

cosinus 07.05.2012 20:00

Zitat:

Wie stell ich das am besten an?
Schonmal was von Formatieren gehört?

Zitat:

muss ich die Dateien in der Quarantäne vorher löschen oder was passiert damit?
Eigentlich ist das egal, aber bei der Deinstallation sollte man alles entfernen können

Zitat:

Soll ich die löschen oder dort drin lassen?
Überleg doch mal was eine Quarantäne ist. Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.

FW313 07.05.2012 20:06

Zitat:

Zitat von cosinus (Beitrag 826276)
Schonmal was von Formatieren gehört?

Ja aber ich hab das noch nie gemacht.
Reicht es aus einfach mit Rechtsklick auf Formatieren zu klicken?

cosinus 07.05.2012 20:22

USB Festplatte formatieren - USB Festplatten

Sowas findet man auch ganz einfach mit Google :D


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:49 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131