Trojaner-Board - google rocketnews

hier das OTL-log

Code:

OTL logfile created on: 15.05.2012 23:23:39 - Run 1

OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\da_tschaemp2\Desktop

 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 74,95% Memory free

4,00 Gb Paging File | 3,18 Gb Available in Paging File | 79,56% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 50,00 Gb Total Space | 29,30 Gb Free Space | 58,59% Space Free | Partition Type: NTFS

Drive D: | 50,00 Gb Total Space | 48,16 Gb Free Space | 96,32% Space Free | Partition Type: NTFS

Drive E: | 150,00 Gb Total Space | 147,07 Gb Free Space | 98,05% Space Free | Partition Type: NTFS

Drive F: | 150,00 Gb Total Space | 149,91 Gb Free Space | 99,94% Space Free | Partition Type: NTFS

Drive G: | 65,76 Gb Total Space | 65,63 Gb Free Space | 99,80% Space Free | Partition Type: NTFS

 

Computer Name: DA_TSCHAEMP2-PC | User Name: da_tschaemp2 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.05.15 23:19:07 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\da_tschaemp2\Desktop\OTL.exe

PRC - [2012.05.08 17:30:11 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.05.08 17:30:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.05.08 17:30:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.08 17:30:11 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Avira\AntiVir Desktop\avshadow.exe

PRC - [2012.05.07 12:47:46 | 000,160,840 | ---- | M] (Geek Software GmbH) -- E:\PDF24\pdf24.exe

PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- E:\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.02.24 00:33:38 | 000,198,136 | ---- | M] (Nitro PDF Software) -- E:\NitroReader\NitroPDFReaderDriverService2.exe

PRC - [2012.02.23 12:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- E:\TeamViewer\TeamViewer_Service.exe

PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\da_tschaemp2\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010.10.08 07:18:42 | 000,726,288 | ---- | M] () -- E:\VPN\iked.exe

PRC - [2010.10.08 07:18:42 | 000,541,968 | ---- | M] () -- E:\VPN\ipsecd.exe

PRC - [2010.10.08 07:18:42 | 000,054,544 | ---- | M] () -- E:\VPN\dtpd.exe

PRC - [2010.05.18 08:46:01 | 001,989,120 | ---- | M] () -- C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe

PRC - [2009.03.06 00:57:56 | 000,227,352 | ---- | M] (SonicWALL, Inc.) -- E:\SonicWall\SWGVCSvc.exe

PRC - [2009.02.26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe

PRC - [2007.04.03 17:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- E:\Cisco\cvpnd.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.02.17 21:55:35 | 000,166,912 | ---- | M] () -- E:\WinRAR\RarExt.dll

MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010.05.18 08:46:01 | 001,989,120 | ---- | M] () -- C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe

MOD - [2009.11.19 14:10:25 | 001,384,520 | ---- | M] () -- C:\Windows\twain_32\Samsung\SCX3200\SSOle.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.05.08 17:30:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- E:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.05.08 17:30:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- E:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.04 19:11:22 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.02.24 00:33:38 | 000,198,136 | ---- | M] (Nitro PDF Software) [Auto | Running] -- E:\NitroReader\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)

SRV - [2012.02.23 12:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- E:\TeamViewer\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2010.10.08 07:18:42 | 000,726,288 | ---- | M] () [Auto | Running] -- E:\VPN\iked.exe -- (iked)

SRV - [2010.10.08 07:18:42 | 000,541,968 | ---- | M] () [Auto | Running] -- E:\VPN\ipsecd.exe -- (ipsecd)

SRV - [2010.10.08 07:18:42 | 000,054,544 | ---- | M] () [Auto | Running] -- E:\VPN\dtpd.exe -- (dtpd)

SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)

SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009.03.06 00:57:56 | 000,227,352 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- E:\SonicWall\SWGVCSvc.exe -- (SWGVCSvc)

SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

SRV - [2007.04.03 17:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- E:\Cisco\cvpnd.exe -- (CVPND)

SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)

DRV - [2012.05.08 17:30:11 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.05.08 17:30:11 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012.02.10 06:13:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2011.12.16 17:53:01 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)

DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010.09.02 09:18:48 | 000,017,920 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt)

DRV - [2010.09.02 09:18:48 | 000,013,824 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet)

DRV - [2010.06.25 19:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)

DRV - [2009.11.17 10:15:42 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.sys -- (SSPORT)

DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)

DRV - [2009.07.14 00:02:46 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)

DRV - [2009.03.06 00:58:12 | 000,087,064 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\SWIPsec.sys -- (SWIPsec)

DRV - [2009.03.04 19:03:32 | 000,021,016 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWVNIC.sys -- (SWVNIC)

DRV - [2008.11.16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)

DRV - [2007.04.03 17:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2007.01.18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2005.10.25 10:56:00 | 000,011,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\pvavsaud.sys -- (CXAVSAUD)

DRV - [2004.08.13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3519979055-2756968749-2926456787-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3519979055-2756968749-2926456787-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3519979055-2756968749-2926456787-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3519979055-2756968749-2926456787-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\java\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: E:\VLC\npvlc.dll (VideoLAN)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: E:\Firefox\components [2012.02.29 20:10:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: E:\Firefox\plugins

 

[2012.03.01 09:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\da_tschaemp2\AppData\Roaming\mozilla\Extensions

[2012.05.05 14:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\da_tschaemp2\AppData\Roaming\mozilla\Firefox\Profiles\uhkxh89i.default\extensions

 

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\java\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\java\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [3200 Scan2PC] C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe ()

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] E:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] E:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PDFPrint] E:\PDF24\pdf24.exe (Geek Software GmbH)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\da_tschaemp2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\da_tschaemp2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-3519979055-2756968749-2926456787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\da_tschaemp2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26348948-0901-4552-BD5B-FFA924C2F4AE}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C17C8B53-9781-4D18-BEE2-DBFAD179FA5E}: Domain = rz.fh-kempten.de

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C17C8B53-9781-4D18-BEE2-DBFAD179FA5E}: NameServer = 193.174.193.80

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpFolder: C:^Users^da_tschaemp2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Trillian.lnk - E:\Trillian\trillian.exe - (Cerulean Studios)

MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

MsConfig - StartUpReg: Spotify - hkey= - key= - C:\Users\da_tschaemp2\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)

MsConfig - State: "startup" - 2

MsConfig - State: "services" - 2

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.05.15 23:19:07 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\da_tschaemp2\Desktop\OTL.exe

[2012.05.14 21:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.05.14 21:52:31 | 002,322,184 | ---- | C] (ESET) -- C:\Users\da_tschaemp2\Desktop\esetsmartinstaller_enu.exe

[2012.05.14 20:37:23 | 000,000,000 | ---D | C] -- C:\Users\da_tschaemp2\AppData\Roaming\Malwarebytes

[2012.05.14 20:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.05.14 20:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.05.14 20:37:17 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.05.14 20:35:32 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\da_tschaemp2\Desktop\malwarebytes_antimalware_1.61.exe

[2012.05.13 17:45:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012.05.08 09:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24

[2012.04.18 12:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in

[2012.04.18 12:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.05.15 23:19:07 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\da_tschaemp2\Desktop\OTL.exe

[2012.05.15 23:14:43 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.05.15 23:14:43 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.05.15 23:11:46 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.05.15 23:11:46 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.05.15 23:11:46 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.05.15 23:11:46 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.05.15 23:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.05.15 23:07:22 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\Fgleovvng.job

[2012.05.15 23:07:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.05.15 23:07:12 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys

[2012.05.14 21:52:32 | 002,322,184 | ---- | M] (ESET) -- C:\Users\da_tschaemp2\Desktop\esetsmartinstaller_enu.exe

[2012.05.14 20:36:38 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\da_tschaemp2\Desktop\malwarebytes_antimalware_1.61.exe

[2012.05.13 23:01:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2012.05.13 20:14:18 | 000,403,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.05.13 18:59:11 | 000,151,552 | RHS- | M] () -- C:\Windows\System32\C_8573.dll

[2012.05.08 17:30:11 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012.05.08 17:30:11 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2012.05.02 19:16:21 | 000,317,329 | ---- | M] () -- C:\Users\da_tschaemp2\Desktop\Tischtennis_Ausschreibung_2012_CD.pdf

[2012.04.16 11:38:09 | 000,040,262 | ---- | M] () -- C:\Users\da_tschaemp2\Desktop\Sportprogramm_SS12_final.pdf

 
 ========== Files Created - No Company Name ==========

 

[2012.05.13 23:01:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2012.05.13 18:59:11 | 000,151,552 | RHS- | C] () -- C:\Windows\System32\C_8573.dll

[2012.05.13 18:59:11 | 000,000,318 | ---- | C] () -- C:\Windows\tasks\Fgleovvng.job

[2012.05.02 19:16:21 | 000,317,329 | ---- | C] () -- C:\Users\da_tschaemp2\Desktop\Tischtennis_Ausschreibung_2012_CD.pdf

[2012.04.16 11:38:08 | 000,040,262 | ---- | C] () -- C:\Users\da_tschaemp2\Desktop\Sportprogramm_SS12_final.pdf

[2012.03.04 11:40:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2012.03.02 12:23:51 | 000,482,408 | ---- | C] () -- C:\Windows\SSndii.exe

[2012.03.02 12:22:57 | 000,113,768 | ---- | C] () -- C:\Windows\Wiainst.exe

[2012.03.02 00:45:51 | 000,065,107 | ---- | C] () -- C:\Windows\War3Unin.dat

[2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe

[2011.04.14 03:40:42 | 000,024,064 | ---- | C] () -- C:\Windows\System32\ssb3ml3.dll

[2010.06.25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll

 
 ========== LOP Check ==========

 

[2012.02.29 20:09:38 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Downloaded Installations

[2012.05.15 23:07:42 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Dropbox

[2012.02.29 20:13:18 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\DVDVideoSoft

[2012.02.29 20:13:15 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.05.09 17:47:50 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Nitro PDF

[2012.02.29 19:27:49 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Opera

[2012.04.14 20:23:42 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Spotify

[2012.02.29 20:18:59 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Trillian

[2012.05.15 18:19:18 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\TV-Browser

[2012.05.15 23:07:22 | 000,000,318 | ---- | M] () -- C:\Windows\Tasks\Fgleovvng.job

[2012.04.25 19:39:13 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.02.29 20:16:01 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Adobe

[2012.03.01 20:56:33 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Apple Computer

[2012.03.01 01:26:08 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Avira

[2012.02.29 20:09:38 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Downloaded Installations

[2012.05.15 23:07:42 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Dropbox

[2012.02.29 20:13:18 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\DVDVideoSoft

[2012.02.29 20:13:15 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.02.29 18:08:43 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Identities

[2012.03.02 12:23:18 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\InstallShield

[2012.02.29 20:16:01 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Macromedia

[2012.05.14 20:37:23 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Malwarebytes

[2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Media Center Programs

[2012.04.02 17:51:08 | 000,000,000 | --SD | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Microsoft

[2012.03.01 09:38:07 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Mozilla

[2012.05.09 17:47:50 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Nitro PDF

[2012.02.29 19:27:49 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Opera

[2012.05.15 23:21:43 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Skype

[2012.03.17 15:09:52 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\SonicWALL

[2012.04.14 20:23:42 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Spotify

[2012.02.29 20:18:59 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Trillian

[2012.05.15 18:19:18 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\TV-Browser

[2012.05.04 19:51:37 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\vlc

[2012.03.01 11:00:06 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\da_tschaemp2\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2012.02.15 01:03:22 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\da_tschaemp2\AppData\Roaming\Dropbox\bin\Uninstall.exe

[2012.03.14 22:33:40 | 004,011,184 | ---- | M] (Spotify Ltd) -- C:\Users\da_tschaemp2\AppData\Roaming\Spotify\spotify.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys

[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys

[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys

[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys

[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys

[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys

[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys

[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys

[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys

[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll

[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2012.05.13 18:59:11 | 000,151,552 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\C_8573.dll

[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 

< End of report >

Hey,
sorry dass du solange auf eine Antwort warten musstest. Ich war das Wochenende unterwegs. Aber hier das Log:

Code:

16:38:57.0030 0776        TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57

16:38:57.0195 0776        ============================================================

16:38:57.0196 0776        Current date / time: 2012/05/20 16:38:57.0195

16:38:57.0196 0776        SystemInfo:

16:38:57.0196 0776        

16:38:57.0196 0776        OS Version: 6.1.7601 ServicePack: 1.0

16:38:57.0196 0776        Product type: Workstation

16:38:57.0196 0776        ComputerName: DA_TSCHAEMP2-PC

16:38:57.0196 0776        UserName: da_tschaemp2

16:38:57.0197 0776        Windows directory: C:\Windows

16:38:57.0197 0776        System windows directory: C:\Windows

16:38:57.0197 0776        Processor architecture: Intel x86

16:38:57.0197 0776        Number of processors: 2

16:38:57.0197 0776        Page size: 0x1000

16:38:57.0197 0776        Boot type: Normal boot

16:38:57.0197 0776        ============================================================

16:38:58.0658 0776        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x14B355, SectorsPerTrack: 0xC, TracksPerCylinder: 0x3C, Type 'K0', Flags 0x00000050

16:38:58.0660 0776        ============================================================

16:38:58.0660 0776        \Device\Harddisk0\DR0:

16:38:58.0660 0776        MBR partitions:

16:38:58.0660 0776        Initialize success

16:38:58.0660 0776        ============================================================

16:39:49.0843 2876        ============================================================

16:39:49.0843 2876        Scan started

16:39:49.0843 2876        Mode: Manual; SigCheck; TDLFS; 

16:39:49.0843 2876        ============================================================

16:39:50.0358 2876        1394ohci - ok

16:39:50.0374 2876        ACPI - ok

16:39:50.0389 2876        AcpiPmi - ok

16:39:50.0436 2876        AdobeFlashPlayerUpdateSvc - ok

16:39:50.0452 2876        adp94xx - ok

16:39:50.0452 2876        adpahci - ok

16:39:50.0452 2876        adpu320 - ok

16:39:50.0467 2876        AeLookupSvc - ok

16:39:50.0483 2876        AFD - ok

16:39:50.0483 2876        agp440 - ok

16:39:50.0498 2876        aic78xx - ok

16:39:50.0498 2876        ALG - ok

16:39:50.0514 2876        aliide - ok

16:39:50.0514 2876        amdagp - ok

16:39:50.0514 2876        amdide - ok

16:39:50.0530 2876        AmdK8 - ok

16:39:50.0530 2876        AmdPPM - ok

16:39:50.0530 2876        amdsata - ok

16:39:50.0545 2876        amdsbs - ok

16:39:50.0545 2876        amdxata - ok

16:39:50.0545 2876        AntiVirSchedulerService - ok

16:39:50.0561 2876        AntiVirService - ok

16:39:50.0561 2876        AppID - ok

16:39:50.0561 2876        AppIDSvc - ok

16:39:50.0576 2876        Appinfo - ok

16:39:50.0576 2876        Apple Mobile Device - ok

16:39:50.0576 2876        AppMgmt - ok

16:39:50.0592 2876        arc - ok

16:39:50.0592 2876        arcsas - ok

16:39:50.0608 2876        AsyncMac - ok

16:39:50.0608 2876        atapi - ok

16:39:50.0623 2876        AtcL001 - ok

16:39:50.0623 2876        AudioEndpointBuilder - ok

16:39:50.0623 2876        Audiosrv - ok

16:39:50.0639 2876        avgntflt - ok

16:39:50.0639 2876        avipbb - ok

16:39:50.0639 2876        avkmgr - ok

16:39:50.0654 2876        AxInstSV - ok

16:39:50.0654 2876        b06bdrv - ok

16:39:50.0654 2876        b57nd60x - ok

16:39:50.0670 2876        BDESVC - ok

16:39:50.0670 2876        Beep - ok

16:39:50.0686 2876        BFE - ok

16:39:50.0686 2876        BITS - ok

16:39:50.0686 2876        blbdrive - ok

16:39:50.0701 2876        Bonjour Service - ok

16:39:50.0701 2876        bowser - ok

16:39:50.0701 2876        BrFiltLo - ok

16:39:50.0717 2876        BrFiltUp - ok

16:39:50.0717 2876        Browser - ok

16:39:50.0717 2876        Brserid - ok

16:39:50.0732 2876        BrSerWdm - ok

16:39:50.0732 2876        BrUsbMdm - ok

16:39:50.0732 2876        BrUsbSer - ok

16:39:50.0748 2876        BTHMODEM - ok

16:39:50.0748 2876        bthserv - ok

16:39:50.0764 2876        cdfs - ok

16:39:50.0764 2876        cdrom - ok

16:39:50.0764 2876        CertPropSvc - ok

16:39:50.0779 2876        circlass - ok

16:39:50.0779 2876        CLFS - ok

16:39:50.0779 2876        clr_optimization_v2.0.50727_32 - ok

16:39:50.0795 2876        clr_optimization_v4.0.30319_32 - ok

16:39:50.0795 2876        CmBatt - ok

16:39:50.0810 2876        cmdide - ok

16:39:50.0810 2876        CNG - ok

16:39:50.0810 2876        Compbatt - ok

16:39:50.0826 2876        CompositeBus - ok

16:39:50.0826 2876        COMSysApp - ok

16:39:50.0826 2876        crcdisk - ok

16:39:50.0842 2876        CryptSvc - ok

16:39:50.0842 2876        CSC - ok

16:39:50.0842 2876        CscService - ok

16:39:50.0857 2876        CVirtA - ok

16:39:50.0873 2876        CVPND - ok

16:39:50.0873 2876        CVPNDRVA - ok

16:39:50.0888 2876        CXAVSAUD - ok

16:39:50.0888 2876        DcomLaunch - ok

16:39:50.0888 2876        defragsvc - ok

16:39:50.0904 2876        DfsC - ok

16:39:50.0920 2876        DgiVecp - ok

16:39:50.0920 2876        Dhcp - ok

16:39:50.0920 2876        discache - ok

16:39:50.0935 2876        Disk - ok

16:39:50.0935 2876        DNE - ok

16:39:50.0951 2876        Dnscache - ok

16:39:50.0951 2876        dot3svc - ok

16:39:50.0966 2876        DPS - ok

16:39:50.0966 2876        drmkaud - ok

16:39:50.0966 2876        dtpd - ok

16:39:50.0982 2876        DXGKrnl - ok

16:39:50.0982 2876        EapHost - ok

16:39:50.0982 2876        ebdrv - ok

16:39:50.0998 2876        EFS - ok

16:39:50.0998 2876        elxstor - ok

16:39:50.0998 2876        ErrDev - ok

16:39:51.0013 2876        EventSystem - ok

16:39:51.0013 2876        exfat - ok

16:39:51.0029 2876        fastfat - ok

16:39:51.0029 2876        Fax - ok

16:39:51.0029 2876        fdc - ok

16:39:51.0044 2876        fdPHost - ok

16:39:51.0044 2876        FDResPub - ok

16:39:51.0044 2876        FileInfo - ok

16:39:51.0060 2876        Filetrace - ok

16:39:51.0060 2876        flpydisk - ok

16:39:51.0060 2876        FltMgr - ok

16:39:51.0060 2876        FontCache - ok

16:39:51.0076 2876        FontCache3.0.0.0 - ok

16:39:51.0076 2876        FsDepends - ok

16:39:51.0076 2876        Fs_Rec - ok

16:39:51.0091 2876        fvevol - ok

16:39:51.0091 2876        gagp30kx - ok

16:39:51.0107 2876        GEARAspiWDM - ok

16:39:51.0107 2876        gpsvc - ok

16:39:51.0107 2876        hcw85cir - ok

16:39:51.0122 2876        HCW88TUNE - ok

16:39:51.0122 2876        hcw88vid - ok

16:39:51.0122 2876        HCW88XBAR - ok

16:39:51.0138 2876        HdAudAddService - ok

16:39:51.0138 2876        HDAudBus - ok

16:39:51.0138 2876        HidBatt - ok

16:39:51.0154 2876        HidBth - ok

16:39:51.0154 2876        HidIr - ok

16:39:51.0154 2876        hidserv - ok

16:39:51.0154 2876        HidUsb - ok

16:39:51.0169 2876        hkmsvc - ok

16:39:51.0169 2876        HomeGroupListener - ok

16:39:51.0169 2876        HomeGroupProvider - ok

16:39:51.0185 2876        HpSAMD - ok

16:39:51.0185 2876        HTTP - ok

16:39:51.0185 2876        hwpolicy - ok

16:39:51.0200 2876        i8042prt - ok

16:39:51.0200 2876        iaStorV - ok

16:39:51.0200 2876        idsvc - ok

16:39:51.0216 2876        iirsp - ok

16:39:51.0216 2876        iked - ok

16:39:51.0216 2876        IKEEXT - ok

16:39:51.0232 2876        intelide - ok

16:39:51.0247 2876        intelppm - ok

16:39:51.0247 2876        IPBusEnum - ok

16:39:51.0247 2876        IpFilterDriver - ok

16:39:51.0247 2876        iphlpsvc - ok

16:39:51.0263 2876        IPMIDRV - ok

16:39:51.0263 2876        IPNAT - ok

16:39:51.0263 2876        iPod Service - ok

16:39:51.0278 2876        ipsecd - ok

16:39:51.0278 2876        IRENUM - ok

16:39:51.0278 2876        isapnp - ok

16:39:51.0294 2876        iScsiPrt - ok

16:39:51.0294 2876        kbdclass - ok

16:39:51.0294 2876        kbdhid - ok

16:39:51.0310 2876        KeyIso - ok

16:39:51.0310 2876        KSecDD - ok

16:39:51.0310 2876        KSecPkg - ok

16:39:51.0325 2876        KtmRm - ok

16:39:51.0325 2876        LanmanServer - ok

16:39:51.0325 2876        LanmanWorkstation - ok

16:39:51.0341 2876        lltdio - ok

16:39:51.0341 2876        lltdsvc - ok

16:39:51.0356 2876        lmhosts - ok

16:39:51.0356 2876        LSI_FC - ok

16:39:51.0356 2876        LSI_SAS - ok

16:39:51.0372 2876        LSI_SAS2 - ok

16:39:51.0372 2876        LSI_SCSI - ok

16:39:51.0372 2876        luafv - ok

16:39:51.0388 2876        MBAMProtector - ok

16:39:51.0388 2876        MBAMService - ok

16:39:51.0403 2876        megasas - ok

16:39:51.0403 2876        MegaSR - ok

16:39:51.0403 2876        Microsoft Office Groove Audit Service - ok

16:39:51.0419 2876        MMCSS - ok

16:39:51.0419 2876        Modem - ok

16:39:51.0419 2876        monitor - ok

16:39:51.0434 2876        mouclass - ok

16:39:51.0434 2876        mouhid - ok

16:39:51.0434 2876        mountmgr - ok

16:39:51.0450 2876        mpio - ok

16:39:51.0450 2876        mpsdrv - ok

16:39:51.0450 2876        MpsSvc - ok

16:39:51.0466 2876        MRxDAV - ok

16:39:51.0466 2876        mrxsmb - ok

16:39:51.0466 2876        mrxsmb10 - ok

16:39:51.0481 2876        mrxsmb20 - ok

16:39:51.0481 2876        msahci - ok

16:39:51.0481 2876        msdsm - ok

16:39:51.0497 2876        MSDTC - ok

16:39:51.0497 2876        Msfs - ok

16:39:51.0512 2876        mshidkmdf - ok

16:39:51.0512 2876        msisadrv - ok

16:39:51.0512 2876        MSiSCSI - ok

16:39:51.0512 2876        msiserver - ok

16:39:51.0528 2876        MSKSSRV - ok

16:39:51.0528 2876        MSPCLOCK - ok

16:39:51.0528 2876        MSPQM - ok

16:39:51.0544 2876        MsRPC - ok

16:39:51.0544 2876        mssmbios - ok

16:39:51.0559 2876        MSTEE - ok

16:39:51.0559 2876        MTConfig - ok

16:39:51.0559 2876        MTsensor - ok

16:39:51.0575 2876        Mup - ok

16:39:51.0575 2876        napagent - ok

16:39:51.0575 2876        NativeWifiP - ok

16:39:51.0590 2876        NDIS - ok

16:39:51.0590 2876        NdisCap - ok

16:39:51.0590 2876        NdisTapi - ok

16:39:51.0606 2876        Ndisuio - ok

16:39:51.0606 2876        NdisWan - ok

16:39:51.0606 2876        NDProxy - ok

16:39:51.0606 2876        NetBIOS - ok

16:39:51.0622 2876        NetBT - ok

16:39:51.0622 2876        Netlogon - ok

16:39:51.0622 2876        Netman - ok

16:39:51.0637 2876        netprofm - ok

16:39:51.0637 2876        NetTcpPortSharing - ok

16:39:51.0637 2876        nfrd960 - ok

16:39:51.0653 2876        NitroReaderDriverReadSpool2 - ok

16:39:51.0668 2876        NlaSvc - ok

16:39:51.0668 2876        NPF - ok

16:39:51.0668 2876        Npfs - ok

16:39:51.0684 2876        nsi - ok

16:39:51.0684 2876        nsiproxy - ok

16:39:51.0684 2876        Ntfs - ok

16:39:51.0700 2876        Null - ok

16:39:51.0700 2876        nvlddmkm - ok

16:39:51.0700 2876        nvraid - ok

16:39:51.0715 2876        nvstor - ok

16:39:51.0715 2876        nvsvc - ok

16:39:51.0715 2876        nvUpdatusService - ok

16:39:51.0731 2876        nv_agp - ok

16:39:51.0731 2876        odserv - ok

16:39:51.0746 2876        ohci1394 - ok

16:39:51.0746 2876        ose - ok

16:39:51.0746 2876        p2pimsvc - ok

16:39:51.0762 2876        p2psvc - ok

16:39:51.0762 2876        Parport - ok

16:39:51.0762 2876        partmgr - ok

16:39:51.0778 2876        Parvdm - ok

16:39:51.0778 2876        PcaSvc - ok

16:39:51.0778 2876        pci - ok

16:39:51.0793 2876        pciide - ok

16:39:51.0793 2876        pcmcia - ok

16:39:51.0793 2876        pcw - ok

16:39:51.0809 2876        PEAUTH - ok

16:39:51.0809 2876        PeerDistSvc - ok

16:39:51.0824 2876        pla - ok

16:39:51.0824 2876        PlugPlay - ok

16:39:51.0840 2876        PNRPAutoReg - ok

16:39:51.0840 2876        PNRPsvc - ok

16:39:51.0840 2876        PolicyAgent - ok

16:39:51.0856 2876        Power - ok

16:39:51.0856 2876        PptpMiniport - ok

16:39:51.0856 2876        Processor - ok

16:39:51.0871 2876        ProfSvc - ok

16:39:51.0871 2876        ProtectedStorage - ok

16:39:51.0871 2876        Psched - ok

16:39:51.0887 2876        ql2300 - ok

16:39:51.0887 2876        ql40xx - ok

16:39:51.0887 2876        QWAVE - ok

16:39:51.0902 2876        QWAVEdrv - ok

16:39:51.0902 2876        RasAcd - ok

16:39:51.0902 2876        RasAgileVpn - ok

16:39:51.0918 2876        RasAuto - ok

16:39:51.0918 2876        Rasl2tp - ok

16:39:51.0918 2876        RasMan - ok

16:39:51.0934 2876        RasPppoe - ok

16:39:51.0934 2876        RasSstp - ok

16:39:51.0934 2876        rdbss - ok

16:39:51.0949 2876        rdpbus - ok

16:39:51.0949 2876        RDPCDD - ok

16:39:51.0949 2876        RDPDR - ok

16:39:51.0965 2876        RDPENCDD - ok

16:39:51.0965 2876        RDPREFMP - ok

16:39:51.0965 2876        RDPWD - ok

16:39:51.0980 2876        rdyboost - ok

16:39:51.0980 2876        RemoteAccess - ok

16:39:51.0980 2876        RemoteRegistry - ok

16:39:51.0996 2876        rpcapd - ok

16:39:51.0996 2876        RpcEptMapper - ok

16:39:51.0996 2876        RpcLocator - ok

16:39:52.0012 2876        RpcSs - ok

16:39:52.0012 2876        rspndr - ok

16:39:52.0012 2876        s3cap - ok

16:39:52.0027 2876        SamSs - ok

16:39:52.0027 2876        sbp2port - ok

16:39:52.0027 2876        SCardSvr - ok

16:39:52.0027 2876        scfilter - ok

16:39:52.0043 2876        Schedule - ok

16:39:52.0043 2876        SCPolicySvc - ok

16:39:52.0043 2876        SDRSVC - ok

16:39:52.0058 2876        secdrv - ok

16:39:52.0058 2876        seclogon - ok

16:39:52.0058 2876        SENS - ok

16:39:52.0074 2876        SensrSvc - ok

16:39:52.0074 2876        Serenum - ok

16:39:52.0074 2876        Serial - ok

16:39:52.0090 2876        sermouse - ok

16:39:52.0090 2876        SessionEnv - ok

16:39:52.0105 2876        sffdisk - ok

16:39:52.0105 2876        sffp_mmc - ok

16:39:52.0105 2876        sffp_sd - ok

16:39:52.0121 2876        sfloppy - ok

16:39:52.0121 2876        SharedAccess - ok

16:39:52.0121 2876        ShellHWDetection - ok

16:39:52.0136 2876        sisagp - ok

16:39:52.0136 2876        SiSRaid2 - ok

16:39:52.0136 2876        SiSRaid4 - ok

16:39:52.0152 2876        SkypeUpdate - ok

16:39:52.0152 2876        Smb - ok

16:39:52.0168 2876        SNMPTRAP - ok

16:39:52.0168 2876        spldr - ok

16:39:52.0168 2876        Spooler - ok

16:39:52.0183 2876        sppsvc - ok

16:39:52.0183 2876        sppuinotify - ok

16:39:52.0183 2876        srv - ok

16:39:52.0199 2876        srv2 - ok

16:39:52.0199 2876        srvnet - ok

16:39:52.0199 2876        SSDPSRV - ok

16:39:52.0214 2876        ssmdrv - ok

16:39:52.0214 2876        SSPORT - ok

16:39:52.0214 2876        SstpSvc - ok

16:39:52.0230 2876        Stereo Service - ok

16:39:52.0230 2876        stexstor - ok

16:39:52.0230 2876        StiSvc - ok

16:39:52.0246 2876        storflt - ok

16:39:52.0246 2876        StorSvc - ok

16:39:52.0246 2876        storvsc - ok

16:39:52.0261 2876        swenum - ok

16:39:52.0261 2876        SWGVCSvc - ok

16:39:52.0261 2876        SWIPsec - ok

16:39:52.0277 2876        swprv - ok

16:39:52.0277 2876        SWVNIC - ok

16:39:52.0277 2876        SysMain - ok

16:39:52.0292 2876        TabletInputService - ok

16:39:52.0292 2876        TapiSrv - ok

16:39:52.0292 2876        TBS - ok

16:39:52.0308 2876        Tcpip - ok

16:39:52.0308 2876        TCPIP6 - ok

16:39:52.0308 2876        tcpipreg - ok

16:39:52.0324 2876        TDPIPE - ok

16:39:52.0324 2876        TDTCP - ok

16:39:52.0324 2876        tdx - ok

16:39:52.0339 2876        TeamViewer7 - ok

16:39:52.0339 2876        teamviewervpn - ok

16:39:52.0339 2876        TermDD - ok

16:39:52.0355 2876        TermService - ok

16:39:52.0355 2876        Themes - ok

16:39:52.0355 2876        THREADORDER - ok

16:39:52.0370 2876        TrkWks - ok

16:39:52.0370 2876        TrustedInstaller - ok

16:39:52.0386 2876        tssecsrv - ok

16:39:52.0386 2876        TsUsbFlt - ok

16:39:52.0386 2876        tunnel - ok

16:39:52.0402 2876        uagp35 - ok

16:39:52.0402 2876        udfs - ok

16:39:52.0402 2876        UI0Detect - ok

16:39:52.0417 2876        uliagpkx - ok

16:39:52.0417 2876        umbus - ok

16:39:52.0417 2876        UmPass - ok

16:39:52.0433 2876        UmRdpService - ok

16:39:52.0433 2876        upnphost - ok

16:39:52.0433 2876        usbccgp - ok

16:39:52.0448 2876        usbcir - ok

16:39:52.0448 2876        usbehci - ok

16:39:52.0448 2876        usbhub - ok

16:39:52.0464 2876        usbohci - ok

16:39:52.0464 2876        usbprint - ok

16:39:52.0464 2876        usbscan - ok

16:39:52.0480 2876        USBSTOR - ok

16:39:52.0480 2876        usbuhci - ok

16:39:52.0480 2876        UxSms - ok

16:39:52.0480 2876        VaultSvc - ok

16:39:52.0495 2876        vdrvroot - ok

16:39:52.0495 2876        vds - ok

16:39:52.0495 2876        vflt - ok

16:39:52.0511 2876        vga - ok

16:39:52.0511 2876        VgaSave - ok

16:39:52.0511 2876        vhdmp - ok

16:39:52.0526 2876        viaagp - ok

16:39:52.0526 2876        ViaC7 - ok

16:39:52.0526 2876        viaide - ok

16:39:52.0542 2876        vmbus - ok

16:39:52.0542 2876        VMBusHID - ok

16:39:52.0542 2876        vnet - ok

16:39:52.0558 2876        volmgr - ok

16:39:52.0558 2876        volmgrx - ok

16:39:52.0558 2876        volsnap - ok

16:39:52.0573 2876        vsmraid - ok

16:39:52.0573 2876        VSS - ok

16:39:52.0573 2876        vwifibus - ok

16:39:52.0573 2876        W32Time - ok

16:39:52.0589 2876        WacomPen - ok

16:39:52.0589 2876        WANARP - ok

16:39:52.0604 2876        Wanarpv6 - ok

16:39:52.0604 2876        wbengine - ok

16:39:52.0604 2876        WbioSrvc - ok

16:39:52.0620 2876        wcncsvc - ok

16:39:52.0620 2876        WcsPlugInService - ok

16:39:52.0620 2876        Wd - ok

16:39:52.0636 2876        Wdf01000 - ok

16:39:52.0636 2876        WdiServiceHost - ok

16:39:52.0636 2876        WdiSystemHost - ok

16:39:52.0651 2876        WebClient - ok

16:39:52.0651 2876        Wecsvc - ok

16:39:52.0651 2876        wercplsupport - ok

16:39:52.0651 2876        WerSvc - ok

16:39:52.0667 2876        WfpLwf - ok

16:39:52.0667 2876        WIMMount - ok

16:39:52.0667 2876        WinDefend - ok

16:39:52.0682 2876        WinHttpAutoProxySvc - ok

16:39:52.0682 2876        Winmgmt - ok

16:39:52.0698 2876        WinRM - ok

16:39:52.0698 2876        WinUsb - ok

16:39:52.0714 2876        Wlansvc - ok

16:39:52.0714 2876        WmiAcpi - ok

16:39:52.0714 2876        wmiApSrv - ok

16:39:52.0729 2876        WPCSvc - ok

16:39:52.0729 2876        WPDBusEnum - ok

16:39:52.0729 2876        ws2ifsl - ok

16:39:52.0745 2876        wscsvc - ok

16:39:52.0745 2876        WSearch - ok

16:39:52.0745 2876        wuauserv - ok

16:39:52.0760 2876        WudfPf - ok

16:39:52.0760 2876        WUDFRd - ok

16:39:52.0776 2876        wudfsvc - ok

16:39:52.0776 2876        WwanSvc - ok

16:39:52.0792 2876        xnacc - ok

16:39:52.0792 2876        xusb21 - ok

16:39:52.0823 2876        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

16:39:53.0213 2876        \Device\Harddisk0\DR0 - ok

16:39:53.0213 2876        ============================================================

16:39:53.0213 2876        Scan finished

16:39:53.0213 2876        ============================================================

16:39:53.0244 0640        Detected object count: 0

16:39:53.0244 0640        Actual detected object count: 0