Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner TR/Atraps.gen2/TR, Crypt.ULPM.Gen, TR/Nedsym.G.400 und Rootkits (https://www.trojaner-board.de/119942-trojaner-tr-atraps-gen2-tr-crypt-ulpm-gen-tr-nedsym-g-400-rootkits.html)

cosinus 27.07.2012 23:44
Probier es mit dem Button Scan, nicht Quickscan

Riddle 28.07.2012 10:05
Habe den normalen Scan mit 180 Tagen bereits gemacht, s. Log in Post #15

cosinus 28.07.2012 23:07
Ja, aber das als CustomScan bitte noch probieren :)
Sry war etwas missverständlich von mir :o

Riddle 29.07.2012 16:32
Hier nun der CustomScan.

:OTL 180 Tage:
Code:
OTL logfile created on: 29.07.2012 16:18:13 - Run 5
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Dokumente und Einstellungen\test\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
502,98 Mb Total Physical Memory | 270,95 Mb Available Physical Memory | 53,87% Memory free
1,20 Gb Paging File | 0,98 Gb Available in Paging File | 81,34% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,27 Gb Total Space | 24,04 Gb Free Space | 64,51% Space Free | Partition Type: NTFS
 
Computer Name: PC3 | User Name: test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.29 16:11:10 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\test\Desktop\OTL.exe
PRC - [2012.07.17 14:57:12 | 000,469,136 | ---- | M] () -- C:\Programme\Comodo\Dragon\dragon_updater.exe
PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe
PRC - [2011.04.19 08:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.06.01 21:06:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003.05.05 08:57:30 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.29 08:39:06 | 001,789,440 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12072900\algo.dll
MOD - [2012.07.17 14:57:12 | 000,469,136 | ---- | M] () -- C:\Programme\Comodo\Dragon\dragon_updater.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.27 14:58:50 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.17 14:57:12 | 000,469,136 | ---- | M] () [Auto | Running] -- C:\Programme\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012.07.14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2006.06.01 21:06:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2006.06.01 21:06:00 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.07.03 18:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.07.03 18:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.08.17 19:17:50 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.08.17 19:17:50 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.09.01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1229272821-682003330-258243431-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1229272821-682003330-258243431-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1229272821-682003330-258243431-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1229272821-682003330-258243431-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1229272821-682003330-258243431-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\S-1-5-21-1229272821-682003330-258243431-1003\..\SearchScopes,DefaultScope = {60787F68-79A0-482F-814A-3827825E7638}
IE - HKU\S-1-5-21-1229272821-682003330-258243431-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1229272821-682003330-258243431-1003\..\SearchScopes\{60787F68-79A0-482F-814A-3827825E7638}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1229272821-682003330-258243431-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.07.20 14:47:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.19 13:41:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.07.19 15:49:28 | 000,000,000 | ---D | M]
 
[2008.11.23 11:49:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Mozilla\Extensions
[2008.11.23 11:49:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Mozilla\Firefox\Profiles\tg4brzqz.default\extensions
[2012.07.19 13:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.20 14:47:45 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAMME\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.07.17 20:00:14 | 000,170,624 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk = C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Dokumente und Einstellungen\Kurs\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1229272821-682003330-258243431-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O15 - HKU\S-1-5-21-1229272821-682003330-258243431-1003\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1229272821-682003330-258243431-1003\..Trusted Domains: microsoft.com ([*.update] * in Trusted sites)
O15 - HKU\S-1-5-21-1229272821-682003330-258243431-1003\..Trusted Domains: microsoft.com ([*.windowsupdate] * in Trusted sites)
O15 - HKU\S-1-5-21-1229272821-682003330-258243431-1003\..Trusted Domains: windowsupdate.com ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342699230156 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342699204468 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8C6F939-3239-446F-B722-BAAE46591BDB}: NameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\test\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\test\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.21 15:41:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d6b9c302-2bbb-11df-a153-0030056a97ed}\Shell\AutoRun\command - "" = D:\
O33 - MountPoints2\{d6b9c302-2bbb-11df-a153-0030056a97ed}\Shell\ubuntustick2\command - "" = D:\tools\casper-rw\casper-rw.exe
O33 - MountPoints2\{d6b9c302-2bbb-11df-a153-0030056a97ed}\Shell\ubuntustick3\command - "" = D:\tools\explore2fsPE\explore2fsPE.exe
O33 - MountPoints2\{e9e3cc48-ce13-11df-a16c-0030056a97ed}\Shell\AutoRun\command - "" = D:\StartPortableApps.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "AntiVirService"
MsConfig - Services: "AntiVirSchedulerService"
MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= -  File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 180 Days ==========
 
[2012.07.26 12:29:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\test\Eigene Dateien\Club
[2012.07.20 19:03:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Auslogics
[2012.07.20 19:03:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Auslogics
[2012.07.20 19:03:23 | 000,000,000 | ---D | C] -- C:\Programme\Auslogics
[2012.07.20 17:52:16 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\test\IECompatCache
[2012.07.20 17:19:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\test\Desktop\antivir
[2012.07.20 16:36:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012.07.20 16:29:58 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\test\Recent
[2012.07.20 14:46:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\OpenOffice.org
[2012.07.20 14:35:32 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012.07.20 14:35:31 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012.07.20 14:35:31 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012.07.20 14:35:30 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012.07.20 14:14:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
[2012.07.20 13:53:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
[2012.07.20 13:53:13 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.07.20 13:53:12 | 000,353,688 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.07.20 13:52:59 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.07.20 13:52:57 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.07.20 13:52:55 | 000,721,000 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.07.20 13:52:49 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.07.20 13:52:48 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.07.20 13:52:48 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.07.20 13:51:28 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.07.20 13:51:26 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012.07.20 13:50:43 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software
[2012.07.20 13:50:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2012.07.20 13:42:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\test\Lokale Einstellungen\Anwendungsdaten\Sun
[2012.07.20 12:54:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\test\Startmenü\Programme\Revo Uninstaller
[2012.07.20 12:54:52 | 000,000,000 | ---D | C] -- C:\Programme\VS Revo Group
[2012.07.20 12:31:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2012.07.20 12:02:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012.07.20 11:16:30 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012.07.20 11:16:29 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012.07.19 21:37:21 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\test\Desktop\OTL.exe
[2012.07.19 20:01:40 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.07.19 20:01:15 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\test\Desktop\esetsmartinstaller_enu.exe
[2012.07.19 19:41:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\COMODO
[2012.07.19 19:40:26 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\test\IETldCache
[2012.07.19 17:52:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Malwarebytes
[2012.07.19 17:51:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.07.19 17:51:41 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.07.19 17:51:40 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.07.19 17:45:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012.07.19 15:49:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PDF-XChange PDF Viewer
[2012.07.19 15:49:09 | 000,000,000 | ---D | C] -- C:\Programme\Tracker Software
[2012.07.19 14:28:02 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2012.07.19 14:21:29 | 000,000,000 | ---D | C] -- C:\Programme\Oracle
[2012.07.19 14:19:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Oracle
[2012.07.19 14:19:19 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012.07.19 14:10:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\COMODO
[2012.07.19 14:01:01 | 000,015,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012.07.19 13:41:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla
[2012.07.19 13:41:16 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service
[2012.07.19 13:34:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Comodo
[2012.07.19 13:33:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\test\Lokale Einstellungen\Anwendungsdaten\COMODO
[2012.07.19 13:33:53 | 000,045,320 | ---- | C] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll
[2012.07.19 13:33:34 | 000,000,000 | ---D | C] -- C:\Programme\Comodo
[2012.07.19 13:31:53 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71.dll
[2012.07.19 13:31:52 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2012.07.19 12:39:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in
[2012.05.23 20:12:51 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.02.29 16:09:48 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imagehlp.dll
[2012.02.22 21:49:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\test\Application Data
[33 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 180 Days ==========
 
[2012.07.29 16:19:04 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.29 16:13:01 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.07.29 16:12:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.29 16:12:41 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.29 16:11:10 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\test\Desktop\OTL.exe
[2012.07.29 15:58:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.07.29 12:38:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.27 14:58:49 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.07.27 14:58:49 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.07.26 14:33:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.07.26 11:24:54 | 000,632,049 | ---- | M] () -- C:\Dokumente und Einstellungen\test\Desktop\adwcleaner.exe
[2012.07.25 11:52:26 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.07.20 17:09:04 | 000,000,210 | -HS- | M] () -- C:\boot.ini
[2012.07.20 16:37:58 | 000,001,601 | ---- | M] () -- C:\Dokumente und Einstellungen\test\Desktop\Dragon Internet Browser.lnk
[2012.07.20 15:54:59 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\test\Desktop\CCleaner.lnk
[2012.07.20 15:13:38 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.20 13:53:14 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2012.07.20 12:54:53 | 000,000,889 | ---- | M] () -- C:\Dokumente und Einstellungen\test\Desktop\Revo Uninstaller.lnk
[2012.07.19 20:01:24 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\test\Desktop\esetsmartinstaller_enu.exe
[2012.07.19 17:51:52 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.19 15:49:24 | 000,000,838 | ---- | M] () -- C:\Dokumente und Einstellungen\test\Desktop\PDF-Viewer.lnk
[2012.07.19 14:15:57 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012.07.19 14:15:57 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012.07.19 14:15:56 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012.07.19 14:15:56 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012.07.19 13:35:51 | 000,045,320 | ---- | M] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll
[2012.07.19 13:31:53 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71.dll
[2012.07.19 13:31:52 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2012.07.05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012.07.05 22:06:20 | 000,687,544 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.07.03 18:21:53 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.07.03 18:21:53 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.07.03 18:21:52 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.06.13 15:55:13 | 001,866,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2012.06.13 15:55:13 | 001,866,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2012.06.08 16:25:14 | 008,503,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2012.06.05 17:49:29 | 001,372,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2012.06.05 17:49:29 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2012.06.04 17:35:32 | 000,210,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2012.06.04 06:32:07 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2012.06.02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2012.06.02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2012.06.02 15:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2012.06.02 15:19:38 | 000,015,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012.06.02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2012.06.02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2012.06.02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2012.06.02 15:19:34 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2012.06.02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2012.06.02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2012.06.02 15:19:28 | 000,023,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2012.06.02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2012.06.02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2012.06.02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2012.06.02 15:18:58 | 000,275,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012.06.02 15:18:58 | 000,018,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012.05.31 15:22:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012.05.28 20:16:36 | 000,536,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2012.05.16 17:07:03 | 000,916,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2012.05.11 20:10:22 | 011,111,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2012.05.11 16:40:25 | 001,212,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2012.05.11 16:40:25 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2012.05.11 16:40:25 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2012.05.11 16:40:25 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2012.05.11 16:40:25 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2012.05.11 16:40:25 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2012.05.11 16:40:25 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2012.05.11 16:40:24 | 006,007,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2012.05.11 16:40:24 | 002,000,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2012.05.11 16:40:24 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2012.05.11 16:40:24 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2012.05.11 16:40:24 | 000,629,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2012.05.11 16:40:24 | 000,629,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2012.05.11 16:40:24 | 000,521,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012.05.11 16:40:24 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2012.05.11 16:40:24 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2012.05.11 16:40:24 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2012.05.11 16:40:24 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2012.05.11 16:40:24 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2012.05.11 16:40:24 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2012.05.11 16:40:21 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2012.05.11 16:40:21 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2012.05.11 16:40:19 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012.05.11 16:40:19 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2012.05.11 16:40:19 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2012.05.11 13:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2012.05.11 13:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2012.05.11 13:38:02 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2012.05.05 05:14:34 | 002,194,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2012.05.05 05:14:34 | 002,194,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2012.05.05 05:14:34 | 002,071,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2012.05.05 05:14:34 | 002,071,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2012.05.05 05:14:31 | 002,150,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2012.05.05 05:14:31 | 002,029,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2012.05.02 15:46:30 | 000,139,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012.04.02 19:55:31 | 000,316,594 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.04.02 19:55:31 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.04.02 19:55:31 | 000,048,156 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.04.02 19:55:31 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.03.01 03:15:29 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2012.02.29 16:09:48 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll
[2012.02.29 16:09:48 | 000,148,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imagehlp.dll
[2012.02.29 14:16:50 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[33 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.26 14:32:33 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012.07.26 14:30:45 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2012.07.26 11:24:45 | 000,632,049 | ---- | C] () -- C:\Dokumente und Einstellungen\test\Desktop\adwcleaner.exe
[2012.07.20 16:37:58 | 000,001,601 | ---- | C] () -- C:\Dokumente und Einstellungen\test\Desktop\Dragon Internet Browser.lnk
[2012.07.20 14:47:48 | 000,000,308 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.07.20 14:20:53 | 000,000,849 | ---- | C] () -- C:\Dokumente und Einstellungen\test\Desktop\OpenOffice.org Calc.lnk
[2012.07.20 14:20:31 | 000,000,885 | ---- | C] () -- C:\Dokumente und Einstellungen\test\Desktop\OpenOffice.org Writer.lnk
[2012.07.20 14:08:42 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.20 14:08:41 | 000,001,082 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.20 13:53:14 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2012.07.20 12:54:53 | 000,000,889 | ---- | C] () -- C:\Dokumente und Einstellungen\test\Desktop\Revo Uninstaller.lnk
[2012.07.19 19:41:22 | 000,000,783 | ---- | C] () -- C:\Dokumente und Einstellungen\test\Startmenü\Programme\Internet Explorer.lnk
[2012.07.19 17:51:52 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.19 15:49:24 | 000,000,838 | ---- | C] () -- C:\Dokumente und Einstellungen\test\Desktop\PDF-Viewer.lnk
[2012.07.19 13:41:18 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2012.07.19 13:31:16 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.03.05 21:35:43 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\Mitglied\Lokale Einstellungen\Anwendungsdaten\1c638a4f\@
[2012.02.22 21:35:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.22 21:35:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2008.07.21 16:12:10 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\test\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== LOP Check ==========
 
[2012.07.20 13:50:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2011.01.14 19:17:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kurs\Anwendungsdaten\OpenOffice.org
[2012.07.20 19:03:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Auslogics
[2012.07.20 14:46:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\OpenOffice.org
[2012.07.19 14:19:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Oracle
[2012.07.29 16:13:01 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.08.17 11:51:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Adobe
[2012.07.20 19:03:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Auslogics
[2008.07.22 10:07:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Google
[2008.07.21 16:13:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Identities
[2008.07.22 10:06:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Macromedia
[2012.07.19 17:52:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Malwarebytes
[2012.02.22 21:50:58 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Microsoft
[2008.11.23 11:49:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Mozilla
[2012.07.20 14:46:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\OpenOffice.org
[2011.01.11 21:55:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\OpenOffice.org2
[2012.07.19 14:19:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Oracle
[2008.07.30 09:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Sun
[2008.08.16 20:02:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\U3
 
< %APPDATA%\*.exe /s >
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\U3\temp\cleanup.exe
[2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.07.22 08:57:33 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.07.22 08:57:33 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.07.22 08:57:33 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.07.22 08:57:33 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2005.10.12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: NVATABUS.SYS  >
[2005.08.18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\drivers\nvatabus.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: VIAMRAID.SYS  >
[2005.04.08 11:43:26 | 000,060,928 | ---- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\WINDOWS\system32\drivers\viamraid.sys
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.07.21 17:14:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.07.21 17:14:58 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.07.21 17:14:58 | 000,421,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

cosinus 29.07.2012 19:21
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
FF - user.js - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1229272821-682003330-258243431-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.21 15:41:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d6b9c302-2bbb-11df-a153-0030056a97ed}\Shell\AutoRun\command - "" = D:\
O33 - MountPoints2\{d6b9c302-2bbb-11df-a153-0030056a97ed}\Shell\ubuntustick2\command - "" = D:\tools\casper-rw\casper-rw.exe
O33 - MountPoints2\{d6b9c302-2bbb-11df-a153-0030056a97ed}\Shell\ubuntustick3\command - "" = D:\tools\explore2fsPE\explore2fsPE.exe
O33 - MountPoints2\{e9e3cc48-ce13-11df-a16c-0030056a97ed}\Shell\AutoRun\command - "" = D:\StartPortableApps.exe
:Files
C:\Dokumente und Einstellungen\Mitglied\Lokale Einstellungen\Anwendungsdaten\1c638a4f
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Riddle 29.07.2012 20:49
Warum wird eigentlich der Registry-Eintrag "NoDriveTypeAutoRun=145" entfernt? Ist das nicht der Standard-Wert, bzw. eine gebräuchliche Einstellung?

:OTL FIX:
Code:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1229272821-682003330-258243431-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6b9c302-2bbb-11df-a153-0030056a97ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6b9c302-2bbb-11df-a153-0030056a97ed}\ not found.
File D:\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6b9c302-2bbb-11df-a153-0030056a97ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6b9c302-2bbb-11df-a153-0030056a97ed}\ not found.
File D:\tools\casper-rw\casper-rw.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6b9c302-2bbb-11df-a153-0030056a97ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6b9c302-2bbb-11df-a153-0030056a97ed}\ not found.
File D:\tools\explore2fsPE\explore2fsPE.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9e3cc48-ce13-11df-a16c-0030056a97ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9e3cc48-ce13-11df-a16c-0030056a97ed}\ not found.
File D:\StartPortableApps.exe not found.
========== FILES ==========
C:\Dokumente und Einstellungen\Mitglied\Lokale Einstellungen\Anwendungsdaten\1c638a4f\U folder moved successfully.
C:\Dokumente und Einstellungen\Mitglied\Lokale Einstellungen\Anwendungsdaten\1c638a4f folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 19863 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Gast
->Temp folder emptied: 490159 bytes
->Temporary Internet Files folder emptied: 8190142 bytes
->FireFox cache emptied: 40097357 bytes
->Flash cache emptied: 971 bytes
 
User: Kurs
->Temp folder emptied: 302545 bytes
->Temporary Internet Files folder emptied: 58250152 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 675 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 279610 bytes
 
User: Mitglied
->Temp folder emptied: 8049803 bytes
->Temporary Internet Files folder emptied: 82303242 bytes
->Java cache emptied: 5091101 bytes
->FireFox cache emptied: 43360597 bytes
->Flash cache emptied: 3438 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: test
->Temp folder emptied: 258714135 bytes
->Temporary Internet Files folder emptied: 5520761 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 11930305 bytes
->Flash cache emptied: 14293 bytes
 
%systemdrive% .tmp files removed: 74128861 bytes
%systemroot% .tmp files removed: 2503692 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 904020 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 573,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
 
User: Gast
->Flash cache emptied: 0 bytes
 
User: Kurs
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: Mitglied
->Flash cache emptied: 0 bytes
 
User: NetworkService
 
User: test
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.55.0 log created on 07292012_210450

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 29.07.2012 21:05
Manche Einträge fixe ich so um sicherzugehen - und diesen dämlichen Autorun sollte IMHO immer grundsätzlich komplett deaktivieren!

Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Riddle 29.07.2012 21:22
Zip hochgeladen.

cosinus 30.07.2012 08:33
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Riddle 30.07.2012 11:05
Sieht doch gut aus, oder?

:TDSS:
Code:
11:54:56.0359 2284        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
11:54:56.0859 2284        ============================================================
11:54:56.0859 2284        Current date / time: 2012/07/30 11:54:56.0859
11:54:56.0859 2284        SystemInfo:
11:54:56.0859 2284       
11:54:56.0859 2284        OS Version: 5.1.2600 ServicePack: 3.0
11:54:56.0859 2284        Product type: Workstation
11:54:56.0859 2284        ComputerName: PC3
11:54:56.0859 2284        UserName: test
11:54:56.0859 2284        Windows directory: C:\WINDOWS
11:54:56.0859 2284        System windows directory: C:\WINDOWS
11:54:56.0859 2284        Processor architecture: Intel x86
11:54:56.0859 2284        Number of processors: 1
11:54:56.0859 2284        Page size: 0x1000
11:54:56.0859 2284        Boot type: Normal boot
11:54:56.0859 2284        ============================================================
11:54:59.0781 2284        Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:54:59.0796 2284        ============================================================
11:54:59.0796 2284        \Device\Harddisk0\DR0:
11:54:59.0796 2284        MBR partitions:
11:54:59.0796 2284        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A89182
11:54:59.0796 2284        ============================================================
11:54:59.0843 2284        C: <-> \Device\Harddisk0\DR0\Partition0
11:54:59.0843 2284        ============================================================
11:54:59.0843 2284        Initialize success
11:54:59.0843 2284        ============================================================
11:56:36.0687 3612        ============================================================
11:56:36.0687 3612        Scan started
11:56:36.0687 3612        Mode: Manual; SigCheck; TDLFS;
11:56:36.0687 3612        ============================================================
11:56:37.0015 3612        Aavmker4        (0b27ae82c113d3687024d18459440426) C:\WINDOWS\system32\drivers\Aavmker4.sys
11:56:37.0359 3612        Aavmker4 - ok
11:56:37.0375 3612        Abiosdsk - ok
11:56:37.0390 3612        abp480n5 - ok
11:56:37.0468 3612        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:56:37.0781 3612        ACPI - ok
11:56:37.0796 3612        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:56:38.0015 3612        ACPIEC - ok
11:56:38.0140 3612        AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:56:38.0187 3612        AdobeFlashPlayerUpdateSvc - ok
11:56:38.0218 3612        adpu160m - ok
11:56:38.0265 3612        aeaudio        (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
11:56:38.0343 3612        aeaudio - ok
11:56:38.0375 3612        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:56:38.0578 3612        aec - ok
11:56:38.0656 3612        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:56:38.0765 3612        AFD - ok
11:56:38.0781 3612        Aha154x - ok
11:56:38.0796 3612        aic78u2 - ok
11:56:38.0812 3612        aic78xx - ok
11:56:38.0875 3612        Alerter        (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
11:56:39.0109 3612        Alerter - ok
11:56:39.0156 3612        ALG            (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
11:56:39.0312 3612        ALG - ok
11:56:39.0328 3612        AliIde - ok
11:56:39.0343 3612        amsint - ok
11:56:39.0390 3612        AntiVirSchedulerService - ok
11:56:39.0406 3612        AntiVirService - ok
11:56:39.0468 3612        AppMgmt        (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
11:56:39.0625 3612        AppMgmt - ok
11:56:39.0625 3612        asc - ok
11:56:39.0656 3612        asc3350p - ok
11:56:39.0671 3612        asc3550 - ok
11:56:39.0718 3612        aswFsBlk        (1c1f3d6dddc046c920c493a779649f66) C:\WINDOWS\system32\drivers\aswFsBlk.sys
11:56:39.0750 3612        aswFsBlk - ok
11:56:39.0781 3612        aswMon2        (9e912fe7b41650701ef2b227aca440f3) C:\WINDOWS\system32\drivers\aswMon2.sys
11:56:39.0828 3612        aswMon2 - ok
11:56:39.0843 3612        AswRdr          (982e275d1c5801042fe94209fb0160fb) C:\WINDOWS\system32\drivers\AswRdr.sys
11:56:39.0890 3612        AswRdr - ok
11:56:39.0984 3612        aswSnx          (73dbcf808e00580f2a47f93dd9b03876) C:\WINDOWS\system32\drivers\aswSnx.sys
11:56:40.0093 3612        aswSnx - ok
11:56:40.0203 3612        aswSP          (6cbd7d3a33f498d09c831cdd732da2e0) C:\WINDOWS\system32\drivers\aswSP.sys
11:56:40.0296 3612        aswSP - ok
11:56:40.0343 3612        aswTdi          (7109a9aa551f37cd168c02368465957e) C:\WINDOWS\system32\drivers\aswTdi.sys
11:56:40.0390 3612        aswTdi - ok
11:56:40.0437 3612        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:56:40.0671 3612        AsyncMac - ok
11:56:40.0703 3612        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:56:40.0937 3612        atapi - ok
11:56:40.0968 3612        Atdisk - ok
11:56:41.0015 3612        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:56:41.0281 3612        Atmarpc - ok
11:56:41.0328 3612        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
11:56:41.0593 3612        AudioSrv - ok
11:56:41.0656 3612        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:56:41.0890 3612        audstub - ok
11:56:42.0015 3612        avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Programme\AVAST Software\Avast\AvastSvc.exe
11:56:42.0062 3612        avast! Antivirus - ok
11:56:42.0140 3612        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
11:56:42.0187 3612        avgntflt - ok
11:56:42.0234 3612        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
11:56:42.0265 3612        avipbb - ok
11:56:42.0343 3612        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:56:42.0578 3612        Beep - ok
11:56:42.0671 3612        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
11:56:43.0000 3612        BITS - ok
11:56:43.0046 3612        Browser        (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
11:56:43.0312 3612        Browser - ok
11:56:43.0375 3612        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:56:43.0625 3612        cbidf2k - ok
11:56:43.0640 3612        cd20xrnt - ok
11:56:43.0671 3612        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:56:43.0937 3612        Cdaudio - ok
11:56:43.0984 3612        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:56:44.0250 3612        Cdfs - ok
11:56:44.0296 3612        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:56:44.0546 3612        Cdrom - ok
11:56:44.0562 3612        Changer - ok
11:56:44.0625 3612        CiSvc          (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
11:56:44.0875 3612        CiSvc - ok
11:56:44.0921 3612        ClipSrv        (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
11:56:45.0187 3612        ClipSrv - ok
11:56:45.0203 3612        CmdIde - ok
11:56:45.0218 3612        COMSysApp - ok
11:56:45.0250 3612        Cpqarray - ok
11:56:45.0296 3612        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
11:56:45.0546 3612        CryptSvc - ok
11:56:45.0578 3612        dac2w2k - ok
11:56:45.0593 3612        dac960nt - ok
11:56:45.0671 3612        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
11:56:45.0828 3612        DcomLaunch - ok
11:56:45.0890 3612        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
11:56:46.0140 3612        Dhcp - ok
11:56:46.0187 3612        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:56:46.0453 3612        Disk - ok
11:56:46.0484 3612        dmadmin - ok
11:56:46.0625 3612        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
11:56:46.0984 3612        dmboot - ok
11:56:47.0015 3612        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
11:56:47.0328 3612        dmio - ok
11:56:47.0359 3612        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:56:47.0609 3612        dmload - ok
11:56:47.0656 3612        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
11:56:47.0921 3612        dmserver - ok
11:56:47.0953 3612        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:56:48.0203 3612        DMusic - ok
11:56:48.0250 3612        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
11:56:48.0359 3612        Dnscache - ok
11:56:48.0421 3612        Dot3svc        (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
11:56:48.0671 3612        Dot3svc - ok
11:56:48.0687 3612        dpti2o - ok
11:56:48.0843 3612        DragonUpdater  (7b8ba06b85ae250df996dcee2b31dd74) C:\Programme\Comodo\Dragon\dragon_updater.exe
11:56:48.0921 3612        DragonUpdater - ok
11:56:48.0968 3612        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:56:49.0218 3612        drmkaud - ok
11:56:49.0265 3612        E1000          (4beb6f44b0dc94af9fb20e97ab7ad47c) C:\WINDOWS\system32\DRIVERS\e1000325.sys
11:56:49.0343 3612        E1000 - ok
11:56:49.0390 3612        EapHost        (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
11:56:49.0656 3612        EapHost - ok
11:56:49.0734 3612        ERSvc          (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
11:56:49.0984 3612        ERSvc - ok
11:56:50.0062 3612        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
11:56:50.0171 3612        Eventlog - ok
11:56:50.0250 3612        EventSystem    (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
11:56:50.0343 3612        EventSystem - ok
11:56:50.0375 3612        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:56:50.0625 3612        Fastfat - ok
11:56:50.0703 3612        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
11:56:50.0812 3612        FastUserSwitchingCompatibility - ok
11:56:50.0859 3612        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:56:51.0125 3612        Fdc - ok
11:56:51.0171 3612        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
11:56:51.0421 3612        Fips - ok
11:56:51.0453 3612        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:56:51.0718 3612        Flpydisk - ok
11:56:51.0781 3612        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:56:52.0015 3612        FltMgr - ok
11:56:52.0078 3612        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:56:52.0343 3612        Fs_Rec - ok
11:56:52.0406 3612        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:56:52.0640 3612        Ftdisk - ok
11:56:52.0718 3612        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:56:52.0953 3612        Gpc - ok
11:56:53.0093 3612        gupdate        (506708142bc63daba64f2d3ad1dcd5bf) C:\Programme\Google\Update\GoogleUpdate.exe
11:56:53.0140 3612        gupdate - ok
11:56:53.0156 3612        gupdatem        (506708142bc63daba64f2d3ad1dcd5bf) C:\Programme\Google\Update\GoogleUpdate.exe
11:56:53.0203 3612        gupdatem - ok
11:56:53.0265 3612        gusvc          (c1b577b2169900f4cf7190c39f085794) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
11:56:53.0296 3612        gusvc - ok
11:56:53.0390 3612        helpsvc        (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:56:53.0640 3612        helpsvc - ok
11:56:53.0718 3612        HidServ        (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
11:56:53.0968 3612        HidServ - ok
11:56:54.0000 3612        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:56:54.0250 3612        HidUsb - ok
11:56:54.0296 3612        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
11:56:54.0546 3612        hkmsvc - ok
11:56:54.0562 3612        hpn - ok
11:56:54.0640 3612        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:56:54.0718 3612        HTTP - ok
11:56:54.0765 3612        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
11:56:55.0046 3612        HTTPFilter - ok
11:56:55.0078 3612        i2omgmt - ok
11:56:55.0093 3612        i2omp - ok
11:56:55.0156 3612        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:56:55.0406 3612        i8042prt - ok
11:56:55.0546 3612        ialm            (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
11:56:55.0718 3612        ialm - ok
11:56:55.0750 3612        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:56:56.0000 3612        Imapi - ok
11:56:56.0062 3612        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
11:56:56.0296 3612        ImapiService - ok
11:56:56.0328 3612        ini910u - ok
11:56:56.0375 3612        IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:56:56.0609 3612        IntelIde - ok
11:56:56.0656 3612        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:56:56.0906 3612        intelppm - ok
11:56:56.0953 3612        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:56:57.0203 3612        Ip6Fw - ok
11:56:57.0234 3612        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:56:57.0500 3612        IpFilterDriver - ok
11:56:57.0562 3612        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:56:57.0796 3612        IpInIp - ok
11:56:57.0843 3612        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:56:58.0078 3612        IpNat - ok
11:56:58.0140 3612        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:56:58.0390 3612        IPSec - ok
11:56:58.0421 3612        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:56:58.0562 3612        IRENUM - ok
11:56:58.0609 3612        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:56:58.0859 3612        isapnp - ok
11:56:58.0875 3612        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:56:59.0140 3612        Kbdclass - ok
11:56:59.0171 3612        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:56:59.0421 3612        kmixer - ok
11:56:59.0484 3612        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:56:59.0578 3612        KSecDD - ok
11:56:59.0625 3612        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
11:56:59.0750 3612        lanmanserver - ok
11:56:59.0812 3612        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
11:56:59.0906 3612        lanmanworkstation - ok
11:56:59.0921 3612        lbrtfdc - ok
11:57:00.0000 3612        LmHosts        (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
11:57:00.0265 3612        LmHosts - ok
11:57:00.0390 3612        MDM            (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
11:57:00.0437 3612        MDM - ok
11:57:00.0500 3612        Messenger      (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
11:57:00.0781 3612        Messenger - ok
11:57:00.0843 3612        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:57:01.0078 3612        mnmdd - ok
11:57:01.0156 3612        mnmsrvc        (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
11:57:01.0406 3612        mnmsrvc - ok
11:57:01.0453 3612        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
11:57:01.0671 3612        Modem - ok
11:57:01.0703 3612        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:57:01.0937 3612        Mouclass - ok
11:57:02.0000 3612        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:57:02.0250 3612        MountMgr - ok
11:57:02.0343 3612        MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
11:57:02.0390 3612        MozillaMaintenance - ok
11:57:02.0406 3612        mraid35x - ok
11:57:02.0468 3612        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:57:02.0703 3612        MRxDAV - ok
11:57:02.0796 3612        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:57:02.0937 3612        MRxSmb - ok
11:57:03.0000 3612        MSDTC          (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
11:57:03.0250 3612        MSDTC - ok
11:57:03.0281 3612        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:57:03.0531 3612        Msfs - ok
11:57:03.0546 3612        MSIServer - ok
11:57:03.0609 3612        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:57:03.0843 3612        MSKSSRV - ok
11:57:03.0859 3612        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:57:04.0078 3612        MSPCLOCK - ok
11:57:04.0093 3612        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:57:04.0359 3612        MSPQM - ok
11:57:04.0390 3612        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:57:04.0625 3612        mssmbios - ok
11:57:04.0687 3612        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:57:04.0750 3612        Mup - ok
11:57:04.0828 3612        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
11:57:05.0109 3612        napagent - ok
11:57:05.0171 3612        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:57:05.0453 3612        NDIS - ok
11:57:05.0500 3612        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:57:05.0562 3612        NdisTapi - ok
11:57:05.0593 3612        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:57:05.0828 3612        Ndisuio - ok
11:57:05.0906 3612        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:57:06.0156 3612        NdisWan - ok
11:57:06.0218 3612        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:57:06.0281 3612        NDProxy - ok
11:57:06.0312 3612        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:57:06.0546 3612        NetBIOS - ok
11:57:06.0593 3612        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:57:06.0828 3612        NetBT - ok
11:57:06.0875 3612        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
11:57:07.0140 3612        NetDDE - ok
11:57:07.0156 3612        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
11:57:07.0406 3612        NetDDEdsdm - ok
11:57:07.0453 3612        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:57:07.0687 3612        Netlogon - ok
11:57:07.0765 3612        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
11:57:08.0015 3612        Netman - ok
11:57:08.0140 3612        Nla            (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
11:57:08.0218 3612        Nla - ok
11:57:08.0281 3612        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:57:08.0515 3612        Npfs - ok
11:57:08.0578 3612        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:57:08.0890 3612        Ntfs - ok
11:57:08.0906 3612        NtLmSsp        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:57:09.0140 3612        NtLmSsp - ok
11:57:09.0203 3612        NtmsSvc        (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
11:57:09.0500 3612        NtmsSvc - ok
11:57:09.0546 3612        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:57:09.0781 3612        Null - ok
11:57:09.0843 3612        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:57:10.0109 3612        NwlnkFlt - ok
11:57:10.0125 3612        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:57:10.0359 3612        NwlnkFwd - ok
11:57:10.0437 3612        ose            (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
11:57:10.0468 3612        ose - ok
11:57:10.0546 3612        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
11:57:10.0781 3612        Parport - ok
11:57:10.0812 3612        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:57:11.0031 3612        PartMgr - ok
11:57:11.0078 3612        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
11:57:11.0484 3612        ParVdm - ok
11:57:11.0546 3612        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
11:57:11.0796 3612        PCI - ok
11:57:11.0796 3612        PCIDump - ok
11:57:11.0843 3612        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:57:12.0078 3612        PCIIde - ok
11:57:12.0109 3612        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:57:12.0343 3612        Pcmcia - ok
11:57:12.0375 3612        PDCOMP - ok
11:57:12.0406 3612        PDFRAME - ok
11:57:12.0421 3612        PDRELI - ok
11:57:12.0437 3612        PDRFRAME - ok
11:57:12.0453 3612        perc2 - ok
11:57:12.0484 3612        perc2hib - ok
11:57:12.0578 3612        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
11:57:12.0671 3612        PlugPlay - ok
11:57:12.0687 3612        PolicyAgent    (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:57:12.0937 3612        PolicyAgent - ok
11:57:13.0000 3612        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:57:13.0234 3612        PptpMiniport - ok
11:57:13.0250 3612        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:57:13.0500 3612        ProtectedStorage - ok
11:57:13.0531 3612        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:57:13.0765 3612        PSched - ok
11:57:13.0828 3612        PSI            (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
11:57:13.0875 3612        PSI - ok
11:57:13.0937 3612        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:57:14.0171 3612        Ptilink - ok
11:57:14.0187 3612        ql1080 - ok
11:57:14.0218 3612        Ql10wnt - ok
11:57:14.0234 3612        ql12160 - ok
11:57:14.0250 3612        ql1240 - ok
11:57:14.0281 3612        ql1280 - ok
11:57:14.0312 3612        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:57:14.0546 3612        RasAcd - ok
11:57:14.0609 3612        RasAuto        (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
11:57:14.0875 3612        RasAuto - ok
11:57:14.0906 3612        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:57:15.0156 3612        Rasl2tp - ok
11:57:15.0218 3612        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
11:57:15.0484 3612        RasMan - ok
11:57:15.0500 3612        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:57:15.0750 3612        RasPppoe - ok
11:57:15.0765 3612        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:57:15.0984 3612        Raspti - ok
11:57:16.0015 3612        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:57:16.0250 3612        Rdbss - ok
11:57:16.0296 3612        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:57:16.0515 3612        RDPCDD - ok
11:57:16.0578 3612        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:57:16.0812 3612        rdpdr - ok
11:57:16.0890 3612        RDPWD          (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
11:57:16.0984 3612        RDPWD - ok
11:57:17.0062 3612        RDSessMgr      (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
11:57:17.0328 3612        RDSessMgr - ok
11:57:17.0359 3612        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:57:17.0593 3612        redbook - ok
11:57:17.0656 3612        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
11:57:17.0890 3612        RemoteAccess - ok
11:57:17.0968 3612        RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
11:57:18.0218 3612        RemoteRegistry - ok
11:57:18.0281 3612        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
11:57:18.0515 3612        RpcLocator - ok
11:57:18.0593 3612        RpcSs          (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
11:57:18.0718 3612        RpcSs - ok
11:57:18.0781 3612        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
11:57:19.0046 3612        RSVP - ok
11:57:19.0109 3612        SamSs          (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:57:19.0343 3612        SamSs - ok
11:57:19.0406 3612        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
11:57:19.0656 3612        SCardSvr - ok
11:57:19.0734 3612        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
11:57:19.0984 3612        Schedule - ok
11:57:20.0062 3612        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:57:20.0171 3612        Secdrv - ok
11:57:20.0218 3612        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
11:57:20.0468 3612        seclogon - ok
11:57:20.0562 3612        Secunia PSI Agent - ok
11:57:20.0578 3612        Secunia Update Agent - ok
11:57:20.0640 3612        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
11:57:20.0890 3612        SENS - ok
11:57:20.0921 3612        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:57:21.0140 3612        serenum - ok
11:57:21.0156 3612        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
11:57:21.0406 3612        Serial - ok
11:57:21.0421 3612        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:57:21.0656 3612        Sfloppy - ok
11:57:21.0734 3612        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
11:57:22.0015 3612        SharedAccess - ok
11:57:22.0078 3612        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
11:57:22.0171 3612        ShellHWDetection - ok
11:57:22.0187 3612        Simbad - ok
11:57:22.0296 3612        smwdm          (5ac51dba9b3a75d6ca79583edbf23001) C:\WINDOWS\system32\drivers\smwdm.sys
11:57:22.0421 3612        smwdm - ok
11:57:22.0531 3612        SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
11:57:22.0546 3612        SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - warning
11:57:22.0546 3612        SoundMAX Agent Service (default) - detected UnsignedFile.Multi.Generic (1)
11:57:22.0562 3612        Sparrow - ok
11:57:22.0625 3612        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:57:22.0859 3612        splitter - ok
11:57:22.0921 3612        Spooler        (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:57:23.0015 3612        Spooler - ok
11:57:23.0062 3612        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
11:57:23.0203 3612        sr - ok
11:57:23.0265 3612        srservice      (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
11:57:23.0421 3612        srservice - ok
11:57:23.0500 3612        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:57:23.0640 3612        Srv - ok
11:57:23.0703 3612        SSDPSRV        (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
11:57:23.0859 3612        SSDPSRV - ok
11:57:23.0921 3612        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
11:57:24.0218 3612        stisvc - ok
11:57:24.0265 3612        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:57:24.0500 3612        swenum - ok
11:57:24.0531 3612        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:57:24.0765 3612        swmidi - ok
11:57:24.0781 3612        SwPrv - ok
11:57:24.0828 3612        symc810 - ok
11:57:24.0843 3612        symc8xx - ok
11:57:24.0859 3612        sym_hi - ok
11:57:24.0890 3612        sym_u3 - ok
11:57:24.0921 3612        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:57:25.0156 3612        sysaudio - ok
11:57:25.0218 3612        SysmonLog      (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
11:57:25.0484 3612        SysmonLog - ok
11:57:25.0546 3612        TapiSrv        (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
11:57:25.0812 3612        TapiSrv - ok
11:57:25.0890 3612        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:57:26.0000 3612        Tcpip - ok
11:57:26.0078 3612        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:57:26.0328 3612        TDPIPE - ok
11:57:26.0343 3612        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:57:26.0578 3612        TDTCP - ok
11:57:26.0625 3612        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:57:26.0859 3612        TermDD - ok
11:57:26.0953 3612        TermService    (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
11:57:27.0218 3612        TermService - ok
11:57:27.0281 3612        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
11:57:27.0359 3612        Themes - ok
11:57:27.0421 3612        TlntSvr        (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
11:57:27.0593 3612        TlntSvr - ok
11:57:27.0625 3612        TosIde - ok
11:57:27.0687 3612        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
11:57:27.0968 3612        TrkWks - ok
11:57:28.0000 3612        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:57:28.0234 3612        Udfs - ok
11:57:28.0250 3612        ultra - ok
11:57:28.0343 3612        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:57:28.0640 3612        Update - ok
11:57:28.0703 3612        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
11:57:28.0859 3612        upnphost - ok
11:57:28.0906 3612        UPS            (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
11:57:29.0156 3612        UPS - ok
11:57:29.0203 3612        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:57:29.0468 3612        usbccgp - ok
11:57:29.0515 3612        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:57:29.0750 3612        usbehci - ok
11:57:29.0812 3612        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:57:30.0031 3612        usbhub - ok
11:57:30.0093 3612        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:57:30.0343 3612        USBSTOR - ok
11:57:30.0406 3612        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:57:30.0625 3612        usbuhci - ok
11:57:30.0687 3612        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:57:30.0906 3612        VgaSave - ok
11:57:30.0937 3612        ViaIde - ok
11:57:30.0968 3612        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
11:57:31.0203 3612        VolSnap - ok
11:57:31.0281 3612        VSS            (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
11:57:31.0437 3612        VSS - ok
11:57:31.0515 3612        W32Time        (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
11:57:31.0765 3612        W32Time - ok
11:57:31.0843 3612        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:57:32.0062 3612        Wanarp - ok
11:57:32.0078 3612        WDICA - ok
11:57:32.0140 3612        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:57:32.0375 3612        wdmaud - ok
11:57:32.0421 3612        WebClient      (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
11:57:32.0671 3612        WebClient - ok
11:57:32.0781 3612        winmgmt        (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:57:33.0015 3612        winmgmt - ok
11:57:33.0093 3612        WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
11:57:33.0187 3612        WmdmPmSN - ok
11:57:33.0281 3612        Wmi            (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
11:57:33.0453 3612        Wmi - ok
11:57:33.0531 3612        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:57:33.0765 3612        WmiApSrv - ok
11:57:33.0953 3612        WMPNetworkSvc  (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
11:57:34.0078 3612        WMPNetworkSvc - ok
11:57:34.0156 3612        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
11:57:34.0406 3612        wscsvc - ok
11:57:34.0437 3612        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
11:57:34.0703 3612        wuauserv - ok
11:57:34.0796 3612        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
11:57:35.0109 3612        WZCSVC - ok
11:57:35.0171 3612        xmlprov        (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
11:57:35.0437 3612        xmlprov - ok
11:57:35.0468 3612        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
11:57:36.0250 3612        \Device\Harddisk0\DR0 - ok
11:57:36.0281 3612        Boot (0x1200)  (b5cdc5b09e495f2c2b0a690b7e209642) \Device\Harddisk0\DR0\Partition0
11:57:36.0296 3612        \Device\Harddisk0\DR0\Partition0 - ok
11:57:36.0296 3612        ============================================================
11:57:36.0296 3612        Scan finished
11:57:36.0296 3612        ============================================================
11:57:36.0437 3604        Detected object count: 1
11:57:36.0437 3604        Actual detected object count: 1
11:57:56.0156 3604        SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:56.0156 3604        SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 30.07.2012 16:09
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Riddle 30.07.2012 20:15
Leider lässt sich CF nicht dazu bewegen durchzulaufen. Beim 1. Start wurde die WH-Konsole installiert, die Registry gesichert und ein Wiederherstellungspunkt erstellt, aber danach bleibt CF an der Stelle mit dem Hinweis auf die voraussichtlichen 10 Minuten (oder länger) stehen - es passiert einfach nichts mehr. Auch ein 2. und ein 3. Versuch, jeweils nach Neustart, blieb ohne Erfolg.
Folgende Auffälligkeit: Obwohl ich Avira deinstalliert habe, zeigt CF an, dass der Echtzeitschutz noch aktiv sei. Ich habe in der Registry noch Einträge von Avira gefunden und diese gelöscht. Nun finde ich auf dem gesamten PC keine Dateien oder Hinweise mehr auf Avira - nur CF meckert immer noch ...???

Wie soll ich weiter vorgehen?

Gruß Riddle

cosinus 30.07.2012 21:20
Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.

Riddle 30.07.2012 22:12
Liste der Anhänge anzeigen (Anzahl: 1)
Bin Deiner Anweisung gefolgt. CF streikt allerdings weiterhin. Nach wie vor erscheint auch die Meldung zu Antivir, Screenshot im Anhang. Ich habe keine Ahnung, wo sich die Reste von Antivir verstecken.

Ziemlich ratlos! :confused:

cosinus 31.07.2012 09:49
Wenn der Echtzeitschutz (Wächter auch als Guard bekannt) deaktiviert ist, kannst du diese Meldung eigentlich ignorieren - scheint irgendein Bug von AntiVir diese Probleme sind bei diesem Virenscanner schön öfter beobachtet worden


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:27 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131