| |
| |||||||
Log-Analyse und Auswertung: FakeAlert gbR und SystemCheck auf Windows VistaWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.02.2012, 12:46
| #1 |
 |  FakeAlert gbR und SystemCheck auf Windows Vista Hallo, liebes Team, gestern nachmittag am Rechner hat ein Programm hat ein Programm "chromeupdater" nach Administrator-Rechten gefragt. Nachdem ich das Programm nicht kenne, habe ich versucht, die Aufforderung wegzuklicken. Das hat mehrmals nicht funktioniert. Dann haben sich plötzlich alle Programme geschlossen und der Rechner ist neu gestartet. Nach dem Neustart war der Bildschirm schwarz, die Desktopsymbole und die Schnellstartleiste waren verschwunden und ein SystemCheck hat sich gestartet. Dieser SystemCheck hat angeblich alle möglichen Probleme mit Laufwerk C: und Speicherplatz gefunden. Die Aufforderung zum Bereinigen habe ich nicht angeklickt. Ich habe dann nachfolgende Aktionen ausgeführt: 1. Systemwiederherstellung deaktiviert 2. McAfee Stinger installiert und laufen lassen. Das Programm hat vier infizierte Files gefunden und gelöscht. Nachdem aber der Bildschirm weiterhin schwarz war und alle anderen Symptome ebenfalls nicht verschwunden sind, habe ich 3. Malwarebytes installiert und einen Quick-Scan durchgeführt. Das Programm hat zwei infizierte Objekte gefunden, die es entfernt hat. 4. TDSSKiller geladen und ausgeführt - ohne Befund 5. Malwarebytes Vollscan - ohn Befund 6. unhide geladen und ausgeführt - beim ersten Mal ohne Auswirkungen, dann ein zweites Mal mit stillgelegtem Virenscanner laufen lassen - ebenfalls ohne Änderung. 7. defogger - ohne Fehlermeldung 8. dds.txt: Code:
ATTFilter .
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_26
Run by Chef at 9:58:19 on 2012-02-12
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.49.1031.18.3327.1517 [GMT 1:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\SYSTEM32\taskeng.exe
F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.UserSession.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\bgsvcgen.exe
C:\Windows\system32\conime.exe
F:\DATEV\PROGRAMM\B0001364\DtvScSer.exe
F:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe
F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
F:\DATEV\PROGRAMM\B0000150\ScWTS\DVCCSAWTSSetEntryNTE.exe
F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardManager.exe
F:\DATEV\PROGRAMM\Install\DvInesASDMon.Exe
C:\Program Files\Acronis\DriveMonitor\adm_tray.exe
F:\DATEV\PROGRAMM\B0000398\SiPaHost.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
F:\DATEV\PROGRAMM\Sws\LiMaServer.exe
F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
F:\DATEV\SYSTEM\rzpjwtch.exe
C:\Program Files\Netzmanager\netzmanager.exe
F:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE
F:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
F:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe
F:\DATEV\PROGRAMM\B0000404\msdisrv.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardService.exe
F:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
F:\DATEV\PROGRAMM\SWS\LiMaService.exe
C:\Windows\system32\wbem\wmiprvse.exe
F:\DATEV\PROGRAMM\B0001363\SCmIdentityScanner.exe
F:\DATEV\PROGRAMM\K0005003\Datev.Sdd.DataServer.exe
F:\DATEV\SYSTEM\NUKO\NKWLOGIN.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
F:\DATEV\PROGRAMM\K0008006\Datev.EO.Synchronization.Daemon.Launcher.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.datev.de/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - c:\program files\winload\tbWinl.dll
mURLSearchHooks: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - c:\program files\winload\tbWinl.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - c:\program files\winload\tbWinl.dll
BHO: {557F4852-8868-44dd-B5E9-9890AC4B1FD5} - No File
BHO: DtvIePwdSafeBHO Class: {6ef6b546-25fb-455b-801f-fdb3b3d39f9e} - f:\datev\programm\b0000397\DtvIePwdSafe.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: SCardBHOEvent Class: {af8cd625-e04a-4a8f-a90a-0c74846c2e30} - f:\datev\system\DVCCSAScardBHO002.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: DMS Schnellsuche: {bbfc5b4d-6bcd-4f13-ad6e-f6364f9dc621} - mscoree.dll
TB: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - c:\program files\winload\tbWinl.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [KeePass Password Safe] "c:\program files\keepass password safe\KeePass.exe"
uRun: [Datev.Arbeitsplatz.Scheduler.exe] f:\datev\programm\k0005000\Datev.Arbeitsplatz.Scheduler.exe
uRun: [DFÜ-Sammler] f:\datev\programm\rzkomm\ccsrv2.exe /SammlerEin /Delay 30
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [ScreenManager Pro for LCD] c:\program files\eizo\screenmanager pro for lcd\Lcdctrl.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DLPSP] "c:\program files\dell printers\additional color laser software\status monitor\DLPSP.EXE"
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [DVCCSAWTSSetEntryNTE] f:\datev\programm\b0000150\scwts\DVCCSAWTSSetEntryNTE.exe
mRun: [DATEV_SCardMan] f:\datev\programm\b0000347\scmgmt\ScardManager.exe
mRun: [DATEV Update-Monitor] "f:\datev\programm\install\DvInesASDMon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Skytel] Skytel.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [adm_tray.exe] c:\program files\acronis\drivemonitor\adm_tray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SiPaHost] f:\datev\programm\b0000398\sipahost.exe f:\datev\konfig\B0000398
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [ Malwarebytes Anti-Malware ] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [ Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
StartupFolder: d:\benutzer\chef\appdata\roaming\micros~1\windows\startm~1\programs\startup\cd-menu.lnk - e:\MENU.exe
StartupFolder: d:\benutzer\chef\appdata\roaming\microsoft\windows\start menu\programs\startup\VIWAS - USB Scanner.url
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\basiss~1.lnk - f:\datev\programm\bsoffice\service\OfficeDiag.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\datev-~1.lnk - f:\datev\programm\a0000007\DHNC.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\df-man~1.lnk - f:\datev\programm\b0000000\dfuemngr\DfueMan.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\lizenz~1.lnk - f:\datev\programm\sws\LiMaServer.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rz-dru~1.lnk - f:\datev\system\rzpjwtch.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\skyuse~1.lnk - f:\datev\programm\b0001401\UpdateDevmode.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: An OneNote s&enden - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: adac.de\www
Trusted Zone: dell.com\support.euro
Trusted Zone: deutschepost.de\stampitweb
Trusted Zone: localhost
Trusted Zone: t-online.de\email
Trusted Zone: top20free.de\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.123.1
TCP: Interfaces\{5D50606D-CA42-4B5F-A889-FD51BCAB22AA} : DhcpNameServer = 192.168.123.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {ADD9AEE8-B916-4CD6-A04B-9386DF90D594} - msiexec /fus {ADD9AEE8-B916-4CD6-A04B-9386DF90D594} /quiet
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\benutzer\chef\appdata\roaming\mozilla\firefox\profiles\pcwqv1rc.default\
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npideapl.dll
FF - plugin: c:\program files\phonostar-player\npphonostarDetectNP.dll
FF - plugin: f:\datev\programm\a0000015\npdvbm.dll
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-12-20 40368]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-2-1 475704]
R2 DATEV Logon Service;DATEV Logon Service;f:\datev\programm\b0001364\DtvScSer.exe [2010-9-3 406112]
R2 DATEV Update-Service;DATEV Update-Service;f:\datev\programm\install\DvInesASDSvc.Exe [2011-7-25 172640]
R2 DATEV ViwasClientService;DATEV ViwasClientService;f:\datev\programm\viwas\Datev.Viwas.ClientService.exe [2011-9-6 63488]
R2 Datev.Framework.RemoteServiceModel.EnablerService;DATEV DFL-Service-Manager;f:\datev\system\datev.framework.remoteservicemodel.genericservice2010.exe datev.framework.remoteservicemodel.enablerservice -svcrunlevel=9999 --> f:\datev\system\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 [?]
R2 DatevPrintService;DATEV Druckservice;f:\datev\programm\b0001442\PSNTServ.exe [2010-12-8 79872]
R2 Dcmanag;DATEV DFÜ-System Dienst;f:\datev\programm\b0000000\dfuemngr\DcManag.exe [2011-11-4 176128]
R2 DLSDB;Dell Printer Status Database;c:\program files\dell printers\additional color laser software\status monitor\dlsdbnt.exe [2009-3-7 140184]
R2 DVckService;DVckService;f:\datev\programm\b0000150\scserver\DVckService.exe [2008-9-13 2409056]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-11-30 21504]
R2 KOBIL_MSDI;KOBIL_MSDI;f:\datev\programm\b0000404\msdisrv.exe [2010-8-25 194144]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2010-8-25 22816]
R2 McAfeeFramework;McAfee Framework-Dienst;c:\program files\mcafee\common framework\FrameworkService.exe [2009-8-25 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2010-8-25 147984]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2010-8-25 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-2-1 159608]
R2 msftesql$DATEV_CL_DE01;SQL Server-Volltextsuche (DATEV_CL_DE01);c:\program files\microsoft sql server\mssql.4\mssql\binn\msftesql.exe [2010-3-26 91992]
R2 msftesql$DATEV_SV_DE01;SQL Server-Volltextsuche (DATEV_SV_DE01);c:\program files\microsoft sql server\mssql.1\mssql\binn\msftesql.exe [2010-3-26 91992]
R2 MSSQL$DATEV_CL_DE01;SQL Server (DATEV_CL_DE01);c:\program files\microsoft sql server\mssql.4\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 MSSQL$DATEV_SV_DE01;SQL Server (DATEV_SV_DE01);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\program files\netzmanager\nminfrais2\Netzmanager_Service.exe [2010-3-22 9728]
R2 SC_Serv3D;SC_Serv3D;c:\windows\system32\drivers\d3_kafm.sys [2011-7-19 75320]
R2 SCardService;DATEV SmartCard Service;f:\datev\programm\b0000347\scmgmt\SCardService.exe [2010-9-22 292960]
R2 Sicherheitspaket-Dienst;Sicherheitspaket-Dienst;f:\datev\programm\b0000398\sipahostservice.exe f:\datev\konfig\b0000398 --> f:\datev\programm\b0000398\sipahostservice.exe f:\datev\konfig\B0000398 [?]
R3 Datev.Database.Conserve;DATEV Connection Service;f:\datev\system\datev.framework.remoteservicemodel.genericservice2010.exe datev.database.conserve svcrunlevel=1000 --> f:\datev\system\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [?]
R3 Datev.Framework.RemoteServices.Messaging.CentralMessagingService;DATEV Messaging-Service;f:\datev\system\datev.framework.remoteservicemodel.genericservice2010.exe datev.framework.remoteservices.messaging.centralmessagingservice -svcrunlevel=1000 --> f:\datev\system\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices.Messaging.CentralMessagingService -SvcRunLevel=1000 [?]
R3 KOBCCEX;KOBCCEX;c:\windows\system32\drivers\KOBCCEX.sys [2009-10-8 23424]
R3 KOBCCID;KOBCCID;c:\windows\system32\drivers\KOBCCID.sys [2009-10-8 84352]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-2-1 91896]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-2-1 43192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9889db9b3521a;Google Update Service (gupdate1c9889db9b3521a);c:\program files\google\update\GoogleUpdate.exe [2009-2-6 133104]
S3 Datev.Framework.RemoteServices;DATEV DFL Infrastruktur-Dienst;f:\datev\system\datev.framework.remoteservicemodel.genericservice2010.exe datev.framework.remoteservices -svcrunlevel=1000 --> f:\datev\system\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 [?]
S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\system32\drivers\DslTestSp5.sys [2008-11-27 26816]
S3 DVDFUEavmnwapi;DATEV DFÜ-Erweiterung-Zugriffssteuerung;"f:\datev\programm\b0000303\extranet\dvdfueavmnwapi.exe" --> f:\datev\programm\b0000303\extranet\DVDFUEavmnwapi.exe [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-6 133104]
S3 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-2-1 87656]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-12-10 7808]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-11 18:42:31 -------- d-----w- d:\benutzer\chef\appdata\roaming\Malwarebytes
2012-02-11 18:42:22 -------- d-----w- c:\programdata\Malwarebytes
2012-02-11 18:42:20 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-11 18:42:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-11 17:59:01 14664 ----a-w- c:\windows\stinger.sys
2012-02-11 17:40:39 -------- d-----w- c:\program files\stinger
2012-02-11 16:11:08 -------- d-----w- C:\Quarantäne
2012-02-01 17:52:33 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2012-02-01 17:52:32 91896 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-01 17:52:32 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-02-01 17:52:32 76024 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-02-01 17:52:32 43192 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-02-01 17:52:31 64208 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2012-02-01 17:52:31 475704 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-02-01 17:52:31 159608 ----a-w- c:\windows\system32\mfevtps.exe
2012-02-01 17:51:41 -------- d-----w- c:\program files\McAfee
2012-01-31 06:22:49 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-31 06:22:49 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-31 06:22:49 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-31 06:22:48 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-31 06:22:48 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-31 06:22:48 377344 ----a-w- c:\windows\system32\winhttp.dll
.
==================== Find3M ====================
.
2012-02-01 09:38:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-28 09:19:26 467968 ------w- c:\windows\system32\rsct_ot.ocx
2011-11-25 15:59:48 376320 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 20:23:34 1205064 ----a-w- c:\windows\system32\ntdll.dll
2011-11-18 17:47:03 66560 ----a-w- c:\windows\system32\packager.dll
2011-04-21 14:33:38 2897408 ----a-w- c:\program files\EPortoInstaller2010_v2.1.msi
2011-04-21 14:33:30 436736 ----a-w- c:\program files\setup.exe
.
============= FINISH: 9:59:53,55 ===============
Code:
ATTFilter . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Business Boot Device: \Device\HarddiskVolume1 Install Date: 13.09.2008 14:55:19 System Uptime: 12.02.2012 09:02:17 (0 hours ago) . Motherboard: FUJITSU SIEMENS | | MS-7379VP Processor: Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz | CPU 1 | 2003/333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 119 GiB total, 82,537 GiB free. D: is FIXED (NTFS) - 206 GiB total, 103,851 GiB free. E: is CDROM () F: is FIXED (NTFS) - 144 GiB total, 84,977 GiB free. G: is FIXED (NTFS) - 463 GiB total, 371,469 GiB free. P: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . ACL 9 Acronis Drive Monitor Acronis*True*Image*Home Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.2 - Deutsch Adobe Reader 9.5.0 - Deutsch Apple Application Support Apple Mobile Device Support Apple Software Update Arbeitsblätter Leporello 1 Audible Download Manager Avanquest update Avery Wizard 4.0 B1315AppGuid Bonjour CDDRV_Installer Compatibility Pack for the 2007 Office system Crystal Reports Runtime XI DATEV Belegtransfer V.3.11 DATEV Infragistics Runtime V.3.2 DATEV Installation V.2.9 Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell-Druckersoftware Dell MFP Laser 3115cn Dienstprogramme Ver.1.0.1.0 Dell MFP Laser 3115cn ScanButton-Manager Ver.1.1.0.0 Dell MFP Laser 3115cn Scanner-Treiber Ver.1.1.6.0 Deutsche Post E-Porto Dialogseminar online V.3.0 flatster Formularpraxis - Verlag Dr. Otto Schmidt GeoSetter 3.3.60 GmbHR Google Earth Google Toolbar for Internet Explorer Google Update Helper Google Updater Hardcopy (C:\Program Files\Hardcopy) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) iCloud iPhone-Konfigurationsprogramm iTunes Java Auto Updater Java(TM) 6 Update 17 Java(TM) 6 Update 18 Java(TM) 6 Update 26 KeeForm 2.01 KeePass Password Safe 1.17 KhalInstallWrapper kobdfu x64x86 driver installation KOBIL CCID driver x64x86 Logitech SetPoint Malwarebytes Anti-Malware Version 1.60.1.1000 McAfee Agent McAfee AntiSpyware Enterprise Module McAfee VirusScan Enterprise Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 German Language Pack Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 3.5 Language Pack SP1 - deu Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Access 2002 Runtime Microsoft Office 2010 Primary Interop Assemblies Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access database engine 2007 (English) Microsoft Office Access MUI (German) 2010 Microsoft Office Excel MUI (German) 2010 Microsoft Office Home and Business 2010 Microsoft Office OneNote MUI (German) 2010 Microsoft Office Outlook MUI (German) 2010 Microsoft Office PowerPoint MUI (German) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proof (Italian) 2010 Microsoft Office Proofing (German) 2010 Microsoft Office Publisher MUI (German) 2010 Microsoft Office Shared MUI (German) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (German) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Microsoft SQL Server 2005-Abwärtskompatibilität Microsoft SQL Server 2005 (DATEV_CL_DE01) Microsoft SQL Server 2005 (DATEV_SV_DE01) Microsoft SQL Server Compact 3.5 SP1 English Microsoft SQL Server Native Client Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft XML Parser MobileMe Control Panel Motorola Phone Tools Mozilla Firefox 10.0 (x86 de) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 Parser and SDK MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB973685) Nero 7 Essentials Nero BurnLite 10 Nero Control Center 10 Nero ControlCenter 10 Help (CHM) Nero Core Components 10 Nero Update neroxml Netzmanager Notepad++ NVIDIA Drivers Paragon Partition Manager 9.0 Personal phonostar-Player Version 3.02.4 PHOTOfunSTUDIO 5.1 HD Edition QuickTime Realtek High Definition Audio Driver Safari ScreenManager Pro for LCD Secunia PSI Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition SolveigMM AVI Trimmer Spelling Dictionaries Support For Adobe Reader 9 SQLXML4 Stampit Home TuneUp Utilities 2008 Unlocker 1.8.7 Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) Visual C++ 9.0 CRT (x86) WinSXS MSM VLC media player 1.1.4 WeihnachtsTheme Winload Toolbar . ==== End Of File =========================== GMER.txt: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-12 11:31:44
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD1002FAEX-00Z3A0 rev.05.01D05
Running: w1fygi1p.exe; Driver: D:\Benutzer\Chef\AppData\Local\Temp\uxddqpod.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
Device \Driver\aksusb \Device\00000071 AKSCLASS.SYS (Aladdin Class Driver/Aladdin Knowledge Systems Ltd.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{64A3D41B-61A5-4834-9A42-FDE1C37B0005}@EditFlags 3
---- EOF - GMER 1.0.15 ----
Ich hoffe, ich habe das jetzt alles richtig gemacht mit den TXT.Files... Meine Fragen sind nun: - Ist das System jetzt wieder sauber oder muß ich noch weitere Bereinigungen durchführen? - Welche der runtergeladenen Programme kann ich guten Gewissens wieder löschen? - Muss ich sicherheitshalber alle meine Passwörter neu vergeben? - Wie kann so ein Trojaner das System angreifen wenn ich nie mit Administratorrechten arbeite und im Hintergrund der McAfee Virenscanner läuft, der täglich mindestens zweimal auf Aktualisierungen zugreift. Außerdem bin ich - zumindest bewußt - nicht auf irgendwelchen "wilden Seiten" unterwegs. Emails aus unbekannten Quellen werden sofort gelöscht und Anhänge machen ich auch nicht nach Belieben auf. Vielen Dank schon mal für Euere Hilfe Angela |
|
12.02.2012, 15:51
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | FakeAlert gbR und SystemCheck auf Windows VistaZitat:
__________________ |
|
12.02.2012, 16:13
| #3 |
| | FakeAlert gbR und SystemCheck auf Windows Vista Hallo Arne,
__________________hier sind die logs: Malwarebytes Quick-Scan: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.11.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19170 Chef :: CALLAS [Administrator] 11.02.2012 19:43:41 mbam-log-2012-02-11 (19-43-41).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 261397 Laufzeit: 13 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 D:\Benutzer\XXX\AppData\Local\Temp\1CCC.tmp (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Benutzer\XXX\AppData\Local\Temp\chromeupdtr.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Benutzer\XXX\AppData\Local\Temp\ddSrHDXHvZXSqi.exe.tmp (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.11.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19170 Chef :: CALLAS [Administrator] 11.02.2012 21:51:32 mbam-log-2012-02-11 (21-51-32).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 549233 Laufzeit: 2 Stunde(n), 54 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Und für den TDSSKiller finde ich leider kein Log :-( Wenn ich auf Report gehe, sehe ich Systeminfo von jetzt, kann den Report aber auch nicht kopieren. Soll ich den nochmals laufen lassen? Danke Angela |
|
12.02.2012, 16:15
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | FakeAlert gbR und SystemCheck auf Windows Vista Das passiert wenn du einfach Tools ausführt wenn man dich nciht angewiesen hat diese auszuführen. Ich poste VOR dem Einsatz von TDSS immer das hier: Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.02.2012, 16:26
| #5 |
| | FakeAlert gbR und SystemCheck auf Windows Vista Habs gefunden :-) Code:
ATTFilter 21:49:42.0667 7336 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
21:49:43.0046 7336 ============================================================
21:49:43.0046 7336 Current date / time: 2012/02/11 21:49:43.0046
21:49:43.0046 7336 SystemInfo:
21:49:43.0047 7336
21:49:43.0047 7336 OS Version: 6.0.6002 ServicePack: 2.0
21:49:43.0047 7336 Product type: Workstation
21:49:43.0047 7336 ComputerName: CALLAS
21:49:43.0047 7336 UserName: Chef
21:49:43.0047 7336 Windows directory: C:\Windows
21:49:43.0047 7336 System windows directory: C:\Windows
21:49:43.0047 7336 Processor architecture: Intel x86
21:49:43.0047 7336 Number of processors: 4
21:49:43.0047 7336 Page size: 0x1000
21:49:43.0047 7336 Boot type: Normal boot
21:49:43.0047 7336 ============================================================
21:49:43.0981 7336 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:49:43.0984 7336 Drive \Device\Harddisk1\DR1 - Size: 0x3F380000 (0.99 Gb), SectorSize: 0x200, Cylinders: 0x80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:49:43.0985 7336 \Device\Harddisk0\DR0:
21:49:43.0985 7336 MBR used
21:49:43.0985 7336 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEEE596A
21:49:43.0985 7336 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xEEE59A9, BlocksNum 0x19B2DD56
21:49:44.0002 7336 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x28A1373E, BlocksNum 0x11F10BB2
21:49:44.0018 7336 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3A92432F, BlocksNum 0x39DE1692
21:49:44.0018 7336 \Device\Harddisk1\DR1:
21:49:44.0019 7336 MBR used
21:49:44.0104 7336 Initialize success
21:49:44.0104 7336 ============================================================
21:49:50.0567 8056 ============================================================
21:49:50.0567 8056 Scan started
21:49:50.0567 8056 Mode: Manual;
21:49:50.0567 8056 ============================================================
21:49:51.0225 8056 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:49:51.0227 8056 ACPI - ok
21:49:51.0263 8056 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:49:51.0266 8056 adp94xx - ok
21:49:51.0289 8056 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:49:51.0291 8056 adpahci - ok
21:49:51.0304 8056 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:49:51.0305 8056 adpu160m - ok
21:49:51.0319 8056 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:49:51.0320 8056 adpu320 - ok
21:49:51.0349 8056 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:49:51.0351 8056 AFD - ok
21:49:51.0373 8056 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
21:49:51.0373 8056 agp440 - ok
21:49:51.0391 8056 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:49:51.0392 8056 aic78xx - ok
21:49:51.0422 8056 aksfridge (730e9d3bb324fb1899005aea63c6782d) C:\Windows\system32\drivers\aksfridge.sys
21:49:51.0425 8056 aksfridge - ok
21:49:51.0449 8056 akshasp (64fc197d24a2b240598f29ce0a6660c0) C:\Windows\system32\DRIVERS\akshasp.sys
21:49:51.0451 8056 akshasp - ok
21:49:51.0470 8056 aksusb (cce6c56f18d214de8d66f3f2a774cd5b) C:\Windows\system32\DRIVERS\aksusb.sys
21:49:51.0471 8056 aksusb - ok
21:49:51.0484 8056 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
21:49:51.0485 8056 aliide - ok
21:49:51.0504 8056 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
21:49:51.0504 8056 amdagp - ok
21:49:51.0522 8056 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
21:49:51.0523 8056 amdide - ok
21:49:51.0540 8056 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:49:51.0541 8056 AmdK7 - ok
21:49:51.0556 8056 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
21:49:51.0557 8056 AmdK8 - ok
21:49:51.0574 8056 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:49:51.0575 8056 arc - ok
21:49:51.0593 8056 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:49:51.0595 8056 arcsas - ok
21:49:51.0645 8056 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:49:51.0646 8056 AsyncMac - ok
21:49:51.0663 8056 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:49:51.0663 8056 atapi - ok
21:49:51.0700 8056 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:49:51.0700 8056 Beep - ok
21:49:51.0714 8056 blbdrive - ok
21:49:51.0751 8056 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:49:51.0752 8056 bowser - ok
21:49:51.0778 8056 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:49:51.0779 8056 BrFiltLo - ok
21:49:51.0793 8056 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:49:51.0794 8056 BrFiltUp - ok
21:49:51.0813 8056 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:49:51.0814 8056 Brserid - ok
21:49:51.0832 8056 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:49:51.0833 8056 BrSerWdm - ok
21:49:51.0851 8056 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:49:51.0851 8056 BrUsbMdm - ok
21:49:51.0863 8056 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:49:51.0863 8056 BrUsbSer - ok
21:49:51.0880 8056 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:49:51.0880 8056 BTHMODEM - ok
21:49:51.0900 8056 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:49:51.0901 8056 cdfs - ok
21:49:51.0929 8056 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:49:51.0930 8056 cdrom - ok
21:49:51.0948 8056 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
21:49:51.0949 8056 circlass - ok
21:49:51.0986 8056 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:49:51.0988 8056 CLFS - ok
21:49:52.0004 8056 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
21:49:52.0005 8056 cmdide - ok
21:49:52.0018 8056 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
21:49:52.0018 8056 Compbatt - ok
21:49:52.0029 8056 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:49:52.0030 8056 crcdisk - ok
21:49:52.0048 8056 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:49:52.0049 8056 Crusoe - ok
21:49:52.0079 8056 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
21:49:52.0082 8056 CSC - ok
21:49:52.0173 8056 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:49:52.0174 8056 DfsC - ok
21:49:52.0188 8056 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:49:52.0189 8056 disk - ok
21:49:52.0232 8056 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:49:52.0233 8056 drmkaud - ok
21:49:52.0261 8056 dsltestSp5 (c6b2e10cfe79169c72f0269087b9a603) C:\Windows\system32\Drivers\dsltestSp5.sys
21:49:52.0261 8056 dsltestSp5 - ok
21:49:52.0296 8056 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:49:52.0300 8056 DXGKrnl - ok
21:49:52.0318 8056 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:49:52.0319 8056 E1G60 - ok
21:49:52.0347 8056 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:49:52.0348 8056 Ecache - ok
21:49:52.0373 8056 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:49:52.0375 8056 elxstor - ok
21:49:52.0402 8056 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:49:52.0403 8056 exfat - ok
21:49:52.0418 8056 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:49:52.0420 8056 fastfat - ok
21:49:52.0436 8056 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:49:52.0437 8056 fdc - ok
21:49:52.0459 8056 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:49:52.0460 8056 FileInfo - ok
21:49:52.0509 8056 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:49:52.0510 8056 Filetrace - ok
21:49:52.0552 8056 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:49:52.0553 8056 flpydisk - ok
21:49:52.0563 8056 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:49:52.0565 8056 FltMgr - ok
21:49:52.0593 8056 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:49:52.0594 8056 Fs_Rec - ok
21:49:52.0614 8056 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:49:52.0615 8056 gagp30kx - ok
21:49:52.0642 8056 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:49:52.0642 8056 GEARAspiWDM - ok
21:49:52.0686 8056 Hardlock (a9d587e31dbee3e9bd97fefece0ba874) C:\Windows\system32\drivers\hardlock.sys
21:49:52.0690 8056 Hardlock - ok
21:49:52.0717 8056 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:49:52.0718 8056 HdAudAddService - ok
21:49:52.0744 8056 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:49:52.0748 8056 HDAudBus - ok
21:49:52.0765 8056 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:49:52.0766 8056 HidBth - ok
21:49:52.0788 8056 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:49:52.0789 8056 HidIr - ok
21:49:52.0805 8056 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:49:52.0806 8056 HidUsb - ok
21:49:52.0831 8056 hotcore3 (d308726110a6011514dcdfc6e3fc21f2) C:\Windows\system32\drivers\hotcore3.sys
21:49:52.0831 8056 hotcore3 - ok
21:49:52.0855 8056 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:49:52.0856 8056 HpCISSs - ok
21:49:52.0880 8056 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:49:52.0883 8056 HTTP - ok
21:49:52.0894 8056 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:49:52.0896 8056 i2omp - ok
21:49:52.0927 8056 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:49:52.0928 8056 i8042prt - ok
21:49:52.0950 8056 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:49:52.0952 8056 iaStorV - ok
21:49:52.0963 8056 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:49:52.0964 8056 iirsp - ok
21:49:53.0029 8056 IntcAzAudAddService (4c01298060cf930d26a75a86b874b6ae) C:\Windows\system32\drivers\RTKVHDA.sys
21:49:53.0043 8056 IntcAzAudAddService - ok
21:49:53.0074 8056 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:49:53.0075 8056 intelide - ok
21:49:53.0099 8056 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:49:53.0100 8056 intelppm - ok
21:49:53.0129 8056 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:49:53.0130 8056 IpFilterDriver - ok
21:49:53.0141 8056 IpInIp - ok
21:49:53.0152 8056 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:49:53.0153 8056 IPMIDRV - ok
21:49:53.0179 8056 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:49:53.0180 8056 IPNAT - ok
21:49:53.0223 8056 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:49:53.0224 8056 IRENUM - ok
21:49:53.0233 8056 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
21:49:53.0234 8056 isapnp - ok
21:49:53.0253 8056 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:49:53.0254 8056 iScsiPrt - ok
21:49:53.0263 8056 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:49:53.0264 8056 iteatapi - ok
21:49:53.0273 8056 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:49:53.0274 8056 iteraid - ok
21:49:53.0291 8056 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:49:53.0292 8056 kbdclass - ok
21:49:53.0313 8056 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:49:53.0314 8056 kbdhid - ok
21:49:53.0340 8056 KOBCCEX (3fc4be9a867fb4fb2a2f33a3b8a60446) C:\Windows\system32\drivers\KOBCCEX.sys
21:49:53.0341 8056 KOBCCEX - ok
21:49:53.0357 8056 KOBCCID (93c4f4a67d1e372e0d8d24392c53ca2b) C:\Windows\system32\drivers\KOBCCID.sys
21:49:53.0359 8056 KOBCCID - ok
21:49:53.0387 8056 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
21:49:53.0390 8056 KSecDD - ok
21:49:53.0449 8056 LEqdUsb (70035567754bed4e6ad353ca3f175127) C:\Windows\system32\Drivers\LEqdUsb.Sys
21:49:53.0449 8056 LEqdUsb - ok
21:49:53.0469 8056 LHidEqd (32491b6bae0afad1d7a62c0ef0af4321) C:\Windows\system32\Drivers\LHidEqd.Sys
21:49:53.0470 8056 LHidEqd - ok
21:49:53.0492 8056 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:49:53.0493 8056 LHidFilt - ok
21:49:53.0507 8056 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:49:53.0508 8056 lltdio - ok
21:49:53.0529 8056 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:49:53.0530 8056 LMouFilt - ok
21:49:53.0549 8056 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:49:53.0551 8056 LSI_FC - ok
21:49:53.0569 8056 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:49:53.0571 8056 LSI_SAS - ok
21:49:53.0590 8056 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:49:53.0591 8056 LSI_SCSI - ok
21:49:53.0610 8056 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:49:53.0611 8056 luafv - ok
21:49:53.0651 8056 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:49:53.0664 8056 megasas - ok
21:49:53.0709 8056 mfeapfk (a8d2c54c2f71f5cba7ca2734341e57e6) C:\Windows\system32\drivers\mfeapfk.sys
21:49:53.0710 8056 mfeapfk - ok
21:49:53.0727 8056 mfeavfk (28bb783d85df19e9e007e81daf40adcc) C:\Windows\system32\drivers\mfeavfk.sys
21:49:53.0729 8056 mfeavfk - ok
21:49:53.0746 8056 mfebopk (8e43e242073e9db5aa165ebe273ffd09) C:\Windows\system32\drivers\mfebopk.sys
21:49:53.0747 8056 mfebopk - ok
21:49:53.0831 8056 mfehidk (37800fbb68d88e3c3e49bb9c97233e87) C:\Windows\system32\drivers\mfehidk.sys
21:49:53.0834 8056 mfehidk - ok
21:49:53.0856 8056 mferkdet (47c91e229b129047f0138011ddf9f92f) C:\Windows\system32\drivers\mferkdet.sys
21:49:53.0857 8056 mferkdet - ok
21:49:53.0875 8056 mfetdik (78efa6fd2a486c476045eaa1d2f218b7) C:\Windows\system32\drivers\mfetdik.sys
21:49:53.0876 8056 mfetdik - ok
21:49:53.0896 8056 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:49:53.0897 8056 Modem - ok
21:49:53.0917 8056 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:49:53.0919 8056 monitor - ok
21:49:53.0940 8056 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:49:53.0941 8056 mouclass - ok
21:49:53.0953 8056 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:49:53.0954 8056 mouhid - ok
21:49:53.0972 8056 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:49:53.0972 8056 MountMgr - ok
21:49:53.0988 8056 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:49:53.0990 8056 mpio - ok
21:49:54.0007 8056 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:49:54.0009 8056 mpsdrv - ok
21:49:54.0021 8056 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:49:54.0022 8056 Mraid35x - ok
21:49:54.0041 8056 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:49:54.0042 8056 MRxDAV - ok
21:49:54.0059 8056 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:49:54.0062 8056 mrxsmb - ok
21:49:54.0086 8056 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:49:54.0088 8056 mrxsmb10 - ok
21:49:54.0099 8056 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:49:54.0100 8056 mrxsmb20 - ok
21:49:54.0109 8056 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
21:49:54.0110 8056 msahci - ok
21:49:54.0121 8056 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:49:54.0123 8056 msdsm - ok
21:49:54.0141 8056 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:49:54.0142 8056 Msfs - ok
21:49:54.0177 8056 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:49:54.0178 8056 msisadrv - ok
21:49:54.0207 8056 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:49:54.0208 8056 MSKSSRV - ok
21:49:54.0239 8056 msloop (0a562f61d84bf1988e4dd6413b76c1d4) C:\Windows\system32\DRIVERS\loop.sys
21:49:54.0240 8056 msloop - ok
21:49:54.0262 8056 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:49:54.0263 8056 MSPCLOCK - ok
21:49:54.0288 8056 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:49:54.0289 8056 MSPQM - ok
21:49:54.0304 8056 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:49:54.0306 8056 MsRPC - ok
21:49:54.0323 8056 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:49:54.0324 8056 mssmbios - ok
21:49:54.0344 8056 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:49:54.0345 8056 MSTEE - ok
21:49:54.0363 8056 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:49:54.0364 8056 Mup - ok
21:49:54.0402 8056 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:49:54.0403 8056 NativeWifiP - ok
21:49:54.0448 8056 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:49:54.0455 8056 NDIS - ok
21:49:54.0480 8056 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:49:54.0481 8056 NdisTapi - ok
21:49:54.0492 8056 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:49:54.0493 8056 Ndisuio - ok
21:49:54.0517 8056 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:49:54.0518 8056 NdisWan - ok
21:49:54.0536 8056 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:49:54.0537 8056 NDProxy - ok
21:49:54.0556 8056 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:49:54.0557 8056 NetBIOS - ok
21:49:54.0581 8056 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:49:54.0583 8056 netbt - ok
21:49:54.0617 8056 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:49:54.0618 8056 nfrd960 - ok
21:49:54.0632 8056 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:49:54.0634 8056 Npfs - ok
21:49:54.0652 8056 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:49:54.0653 8056 nsiproxy - ok
21:49:54.0675 8056 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:49:54.0682 8056 Ntfs - ok
21:49:54.0699 8056 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:49:54.0700 8056 ntrigdigi - ok
21:49:54.0720 8056 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:49:54.0721 8056 Null - ok
21:49:54.0843 8056 nvlddmkm (977f4622c4f2152331a4f1aee78269dd) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:49:54.0889 8056 nvlddmkm - ok
21:49:54.0900 8056 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:49:54.0901 8056 nvraid - ok
21:49:54.0911 8056 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:49:54.0912 8056 nvstor - ok
21:49:54.0929 8056 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
21:49:54.0931 8056 nv_agp - ok
21:49:54.0939 8056 NwlnkFlt - ok
21:49:54.0950 8056 NwlnkFwd - ok
21:49:54.0973 8056 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:49:54.0974 8056 ohci1394 - ok
21:49:55.0021 8056 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
21:49:55.0023 8056 Parport - ok
21:49:55.0033 8056 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:49:55.0034 8056 partmgr - ok
21:49:55.0050 8056 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
21:49:55.0051 8056 Parvdm - ok
21:49:55.0074 8056 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:49:55.0076 8056 pci - ok
21:49:55.0085 8056 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
21:49:55.0086 8056 pciide - ok
21:49:55.0104 8056 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:49:55.0105 8056 pcmcia - ok
21:49:55.0133 8056 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:49:55.0139 8056 PEAUTH - ok
21:49:55.0181 8056 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:49:55.0182 8056 PptpMiniport - ok
21:49:55.0192 8056 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:49:55.0193 8056 Processor - ok
21:49:55.0217 8056 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:49:55.0219 8056 PSched - ok
21:49:55.0233 8056 PSI (2bd178004165081538baa6e67970254f) C:\Windows\system32\DRIVERS\psi_mf.sys
21:49:55.0234 8056 PSI - ok
21:49:55.0259 8056 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:49:55.0265 8056 ql2300 - ok
21:49:55.0276 8056 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:49:55.0279 8056 ql40xx - ok
21:49:55.0298 8056 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:49:55.0299 8056 QWAVEdrv - ok
21:49:55.0311 8056 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:49:55.0312 8056 RasAcd - ok
21:49:55.0332 8056 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:49:55.0334 8056 Rasl2tp - ok
21:49:55.0350 8056 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:49:55.0351 8056 RasPppoe - ok
21:49:55.0377 8056 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:49:55.0379 8056 RasSstp - ok
21:49:55.0401 8056 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:49:55.0403 8056 rdbss - ok
21:49:55.0417 8056 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:49:55.0418 8056 RDPCDD - ok
21:49:55.0469 8056 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
21:49:55.0471 8056 rdpdr - ok
21:49:55.0488 8056 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:49:55.0489 8056 RDPENCDD - ok
21:49:55.0512 8056 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:49:55.0515 8056 RDPWD - ok
21:49:55.0547 8056 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:49:55.0548 8056 rspndr - ok
21:49:55.0566 8056 RTL8169 (17b1d7ce7af11fb24db1def9621c033b) C:\Windows\system32\DRIVERS\Rtlh86.sys
21:49:55.0569 8056 RTL8169 - ok
21:49:55.0584 8056 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:49:55.0586 8056 sbp2port - ok
21:49:55.0629 8056 SC_Serv3D (c88132c1a5fa5281958669febf7e63cd) C:\Windows\system32\drivers\d3_kafm.sys
21:49:55.0630 8056 SC_Serv3D - ok
21:49:55.0667 8056 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:49:55.0668 8056 secdrv - ok
21:49:55.0690 8056 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
21:49:55.0691 8056 Serenum - ok
21:49:55.0710 8056 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
21:49:55.0712 8056 Serial - ok
21:49:55.0737 8056 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:49:55.0738 8056 sermouse - ok
21:49:55.0766 8056 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
21:49:55.0767 8056 sffdisk - ok
21:49:55.0778 8056 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
21:49:55.0779 8056 sffp_mmc - ok
21:49:55.0796 8056 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
21:49:55.0798 8056 sffp_sd - ok
21:49:55.0812 8056 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:49:55.0813 8056 sfloppy - ok
21:49:55.0842 8056 SipIMNDI - ok
21:49:55.0864 8056 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
21:49:55.0865 8056 sisagp - ok
21:49:55.0875 8056 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:49:55.0876 8056 SiSRaid2 - ok
21:49:55.0888 8056 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:49:55.0890 8056 SiSRaid4 - ok
21:49:55.0915 8056 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:49:55.0917 8056 Smb - ok
21:49:55.0954 8056 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\Windows\system32\DRIVERS\snapman.sys
21:49:55.0955 8056 snapman - ok
21:49:55.0991 8056 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:49:55.0992 8056 spldr - ok
21:49:56.0026 8056 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:49:56.0028 8056 srv - ok
21:49:56.0072 8056 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:49:56.0074 8056 srv2 - ok
21:49:56.0148 8056 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:49:56.0149 8056 srvnet - ok
21:49:56.0189 8056 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:49:56.0190 8056 swenum - ok
21:49:56.0208 8056 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:49:56.0209 8056 Symc8xx - ok
21:49:56.0219 8056 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:49:56.0221 8056 Sym_hi - ok
21:49:56.0231 8056 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:49:56.0233 8056 Sym_u3 - ok
21:49:56.0279 8056 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:49:56.0285 8056 Tcpip - ok
21:49:56.0312 8056 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:49:56.0319 8056 Tcpip6 - ok
21:49:56.0345 8056 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:49:56.0346 8056 tcpipreg - ok
21:49:56.0366 8056 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:49:56.0368 8056 TDPIPE - ok
21:49:56.0383 8056 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\Windows\system32\DRIVERS\tdrpman.sys
21:49:56.0386 8056 tdrpman - ok
21:49:56.0405 8056 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:49:56.0406 8056 TDTCP - ok
21:49:56.0432 8056 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:49:56.0434 8056 tdx - ok
21:49:56.0458 8056 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:49:56.0459 8056 TermDD - ok
21:49:56.0478 8056 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys
21:49:56.0479 8056 tifsfilter - ok
21:49:56.0495 8056 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys
21:49:56.0498 8056 timounter - ok
21:49:56.0529 8056 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:49:56.0530 8056 tssecsrv - ok
21:49:56.0571 8056 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:49:56.0572 8056 tunmp - ok
21:49:56.0603 8056 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:49:56.0604 8056 tunnel - ok
21:49:56.0621 8056 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:49:56.0623 8056 uagp35 - ok
21:49:56.0656 8056 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:49:56.0658 8056 udfs - ok
21:49:56.0697 8056 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
21:49:56.0699 8056 uliagpkx - ok
21:49:56.0723 8056 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:49:56.0724 8056 uliahci - ok
21:49:56.0736 8056 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:49:56.0738 8056 UlSata - ok
21:49:56.0749 8056 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:49:56.0751 8056 ulsata2 - ok
21:49:56.0775 8056 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:49:56.0776 8056 umbus - ok
21:49:56.0816 8056 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys
21:49:56.0817 8056 UnlockerDriver5 - ok
21:49:56.0857 8056 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
21:49:56.0858 8056 USBAAPL - ok
21:49:56.0907 8056 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:49:56.0925 8056 usbccgp - ok
21:49:56.0948 8056 USBCCID (e0b8489aeda9ea33361037be6a8cf1ca) C:\Windows\system32\DRIVERS\usbccid.sys
21:49:56.0950 8056 USBCCID - ok
21:49:56.0960 8056 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:49:56.0961 8056 usbcir - ok
21:49:56.0983 8056 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:49:56.0985 8056 usbehci - ok
21:49:57.0018 8056 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:49:57.0019 8056 usbhub - ok
21:49:57.0030 8056 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:49:57.0031 8056 usbohci - ok
21:49:57.0055 8056 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:49:57.0056 8056 usbprint - ok
21:49:57.0076 8056 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:49:57.0077 8056 usbscan - ok
21:49:57.0099 8056 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\Windows\system32\DRIVERS\usbsermpt.sys
21:49:57.0099 8056 usbsermpt - ok
21:49:57.0115 8056 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:49:57.0116 8056 USBSTOR - ok
21:49:57.0145 8056 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:49:57.0147 8056 usbuhci - ok
21:49:57.0179 8056 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
21:49:57.0180 8056 vga - ok
21:49:57.0220 8056 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:49:57.0229 8056 VgaSave - ok
21:49:57.0269 8056 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
21:49:57.0271 8056 viaagp - ok
21:49:57.0292 8056 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:49:57.0293 8056 ViaC7 - ok
21:49:57.0306 8056 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
21:49:57.0307 8056 viaide - ok
21:49:57.0354 8056 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:49:57.0355 8056 volmgr - ok
21:49:57.0398 8056 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:49:57.0400 8056 volmgrx - ok
21:49:57.0418 8056 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:49:57.0420 8056 volsnap - ok
21:49:57.0440 8056 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:49:57.0442 8056 vsmraid - ok
21:49:57.0490 8056 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:49:57.0503 8056 WacomPen - ok
21:49:57.0526 8056 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:49:57.0528 8056 Wanarp - ok
21:49:57.0532 8056 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:49:57.0533 8056 Wanarpv6 - ok
21:49:57.0552 8056 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:49:57.0553 8056 Wd - ok
21:49:57.0574 8056 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:49:57.0578 8056 Wdf01000 - ok
21:49:57.0640 8056 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
21:49:57.0642 8056 WmiAcpi - ok
21:49:57.0679 8056 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:49:57.0681 8056 WpdUsb - ok
21:49:57.0703 8056 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:49:57.0705 8056 ws2ifsl - ok
21:49:57.0739 8056 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:49:57.0740 8056 WUDFRd - ok
21:49:57.0764 8056 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:49:57.0790 8056 \Device\Harddisk0\DR0 - ok
21:49:57.0798 8056 MBR (0x1B8) (30846f685a15ae1a0eb72dba1be67584) \Device\Harddisk1\DR1
21:49:59.0635 8056 \Device\Harddisk1\DR1 - ok
21:49:59.0638 8056 Boot (0x1200) (c37465d8a4c69118f0d52e9e3c833572) \Device\Harddisk0\DR0\Partition0
21:49:59.0639 8056 \Device\Harddisk0\DR0\Partition0 - ok
21:49:59.0649 8056 Boot (0x1200) (c6901efadb9c3f5567722e916c3528ff) \Device\Harddisk0\DR0\Partition1
21:49:59.0649 8056 \Device\Harddisk0\DR0\Partition1 - ok
21:49:59.0659 8056 Boot (0x1200) (0baeeed678a8ddbaeb4ca1f38ac1cbde) \Device\Harddisk0\DR0\Partition2
21:49:59.0660 8056 \Device\Harddisk0\DR0\Partition2 - ok
21:49:59.0676 8056 Boot (0x1200) (e83b67015b7e4481e32f8d986828347b) \Device\Harddisk0\DR0\Partition3
21:49:59.0676 8056 \Device\Harddisk0\DR0\Partition3 - ok
21:49:59.0677 8056 ============================================================
21:49:59.0677 8056 Scan finished
21:49:59.0677 8056 ============================================================
21:49:59.0687 4520 Detected object count: 0
21:49:59.0687 4520 Actual detected object count: 0
21:50:06.0473 7932 Deinitialize success
|
|
12.02.2012, 16:30
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | FakeAlert gbR und SystemCheck auf Windows Vista Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ --> FakeAlert gbR und SystemCheck auf Windows Vista |
|
12.02.2012, 21:02
| #7 |
| | FakeAlert gbR und SystemCheck auf Windows Vista So, der Scan hat jetzt leider ein bißerl gedauert und ich befürchte er hat auch was gefunden. Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5ef4140709363d4c9e4f35637810bd5b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-12 07:16:51
# local_time=2012-02-12 08:16:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 46223248 166594595 0 0
# compatibility_mode=8192 67108863 100 0 4531 4531 0 0
# scanned=379937
# found=4
# cleaned=0
# scan_time=12318
D:\Benutzer\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\2528ac4f-695562a9 Java/Agent.EA trojan (unable to clean) 00000000000000000000000000000000 I
D:\Benutzer\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\71a5af11-64d4eeb9 Java/Exploit.CVE-2011-3544.T trojan (unable to clean) 00000000000000000000000000000000 I
D:\Benutzer\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\161564f5-246b9b6e a variant of Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean) 00000000000000000000000000000000 I
D:\Benutzer\XXX\Downloads\SoftonicDownloader25577.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
Angela |
|
13.02.2012, 10:28
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | FakeAlert gbR und SystemCheck auf Windows VistaZitat:
Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.02.2012, 11:16
| #9 |
| | FakeAlert gbR und SystemCheck auf Windows Vista Der Scan ging ja direkt mal schnell :-) OTL.txt: Code:
ATTFilter OTL logfile created on: 13.02.2012 10:40:56 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = D:\Benutzer\XXX\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 51,42% Memory free 6,73 Gb Paging File | 4,50 Gb Available in Paging File | 66,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119,45 Gb Total Space | 82,94 Gb Free Space | 69,44% Space Free | Partition Type: NTFS Drive D: | 205,59 Gb Total Space | 104,04 Gb Free Space | 50,60% Space Free | Partition Type: NTFS Drive F: | 143,53 Gb Total Space | 84,63 Gb Free Space | 58,97% Space Free | Partition Type: NTFS Drive G: | 462,94 Gb Total Space | 371,47 Gb Free Space | 80,24% Space Free | Partition Type: NTFS Drive P: | 1009,51 Mb Total Space | 1009,22 Mb Free Space | 99,97% Space Free | Partition Type: FAT32 Computer Name: CALLAS | User Name: Chef | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.13 10:36:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Benutzer\XXX\Desktop\OTL.exe PRC - [2012.02.11 18:40:44 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe PRC - [2011.12.09 02:20:00 | 000,079,872 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0001442\PSNTServ.exe PRC - [2011.11.04 08:51:48 | 000,176,128 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe PRC - [2011.09.13 09:40:36 | 000,184,320 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\Check\DkDataSvr.exe PRC - [2011.09.09 05:30:00 | 000,080,992 | ---- | M] (DATEV eG) -- F:\DATEV\SYSTEM\Nuko\NKWLOGIN.exe PRC - [2011.09.06 14:25:54 | 000,009,824 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.UserSession.exe PRC - [2011.09.06 14:22:46 | 000,063,488 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe PRC - [2011.09.01 18:12:16 | 000,010,848 | ---- | M] (DATEV eG) -- F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe PRC - [2011.07.25 02:49:00 | 000,269,920 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\Install\DvInesASDMon.Exe PRC - [2011.07.25 02:49:00 | 000,172,640 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe PRC - [2011.06.28 09:22:08 | 000,549,472 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000150\ScWTS\DVCCSAWTSSetEntryNTE.exe PRC - [2011.06.28 09:18:54 | 002,409,056 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe PRC - [2011.05.09 14:52:04 | 000,271,456 | ---- | M] (Datev eG) -- F:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe PRC - [2011.05.09 14:52:02 | 000,595,552 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000398\SiPaHost.exe PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2010.12.10 17:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe PRC - [2010.12.10 17:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2010.11.26 15:53:14 | 000,878,176 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\Sws\LiMaService.exe PRC - [2010.11.26 15:53:14 | 000,378,976 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\Sws\LiMaServer.exe PRC - [2010.09.22 16:47:40 | 000,368,736 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardManager.exe PRC - [2010.09.22 16:47:22 | 000,292,960 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardService.exe PRC - [2010.09.13 17:58:00 | 000,866,912 | ---- | M] (DATEV eG) -- F:\DATEV\PROGRAMM\B0001363\SCmIdentityScanner.exe PRC - [2010.09.03 14:50:22 | 000,406,112 | ---- | M] (DATEV e.G.) -- F:\DATEV\PROGRAMM\B0001364\DtvScSer.exe PRC - [2010.08.25 20:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\mcshield.exe PRC - [2010.08.25 20:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe PRC - [2010.08.25 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe PRC - [2010.08.25 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\mfeann.exe PRC - [2010.08.25 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe PRC - [2010.06.04 17:59:08 | 000,533,808 | ---- | M] (Acronis) -- C:\Programme\Acronis\DriveMonitor\adm_tray.exe PRC - [2010.06.04 17:57:46 | 003,427,312 | ---- | M] (Acronis) -- C:\Programme\Acronis\DriveMonitor\adm.exe PRC - [2010.03.26 02:07:42 | 000,091,992 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\msftesql.exe PRC - [2010.03.26 02:07:42 | 000,091,992 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe PRC - [2010.03.22 16:19:11 | 001,540,096 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\netzmanager.exe PRC - [2010.03.22 15:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe PRC - [2009.10.27 18:23:50 | 000,660,504 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2009.10.27 18:20:18 | 000,365,560 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2009.08.25 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe PRC - [2009.08.25 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\UdaterUI.exe PRC - [2009.08.25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe PRC - [2009.08.25 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\McTray.exe PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.10 22:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.06.18 07:13:20 | 000,036,448 | ---- | M] (DATEV eG) -- F:\DATEV\SYSTEM\RzpjWtch.exe PRC - [2008.04.21 23:27:06 | 000,498,952 | ---- | M] () -- C:\Programme\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe PRC - [2008.04.21 23:00:36 | 000,911,168 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe PRC - [2008.04.21 22:54:38 | 002,622,296 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2008.03.26 12:21:30 | 005,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe ========== Modules (No Company Name) ========== MOD - [2012.02.01 18:51:15 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\Datev.Viwas.UserSession.Interfaces\6.1.0.0__cbc631f1c682336b\Datev.Viwas.UserSession.Interfaces.dll MOD - [2012.02.01 08:56:40 | 000,559,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Mic#\ab897c9ae44064f06a572ace612ef96a\Datev.Framework.MicroParts.Interface.ni.dll MOD - [2012.02.01 08:56:35 | 000,092,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Lic#\9af47ea84c5be571f69a62e7ac94c9e7\Datev.Framework.LicenseManagement.PlugIn.ni.dll MOD - [2012.02.01 08:56:31 | 002,413,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Int#\6a6701bcb6da8f46138f5b1640780d7e\Datev.Framework.Interface.ni.dll MOD - [2012.02.01 08:56:25 | 000,064,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Env#\ae95f9864b550d732008d36bbf8fa83c\Datev.Framework.Environment.ni.dll MOD - [2012.02.01 08:56:22 | 000,209,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Dir#\bdad833b78b3073f32424e5094f3087d\Datev.Framework.DirectStart.ni.dll MOD - [2012.02.01 08:56:03 | 000,114,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Stor#\5366d4f5a42e8eb59356a2268c79791b\Datev.ConfigDB.StorageProvider.ni.dll MOD - [2012.02.01 08:56:03 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Plug#\fd32ce8960bd6f90fabce86a6691d5fa\Datev.ConfigDB.PlugIn.ni.dll MOD - [2012.02.01 08:56:02 | 000,664,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB\ebabcc37e465653b44e7534ce4ef497e\Datev.ConfigDB.ni.dll MOD - [2012.02.01 08:56:02 | 000,064,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Inte#\b74271af9aa9c73597572b99b8c71446\Datev.ConfigDB.Interfaces.ni.dll MOD - [2012.02.01 08:38:32 | 000,922,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Dia#\866dc35fd221fbfeb1aba2bd2bf08b4c\Datev.Framework.Diagnostics.RealTimeTracing.ni.dll MOD - [2012.02.01 08:38:30 | 002,469,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Mic#\cfc192a04e1d1d97ee4f00297a630fc4\Datev.Framework.MicroKernel.ni.dll MOD - [2012.01.12 18:53:34 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\6a1e2938633d08d9d97c6940a537b1ff\System.IdentityModel.ni.dll MOD - [2012.01.12 18:53:32 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\a2046fbb45b00425d083cc8706b75479\System.ServiceModel.ni.dll MOD - [2012.01.12 18:52:59 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll MOD - [2012.01.12 18:52:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll MOD - [2011.10.16 18:44:39 | 001,072,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\16c385f23b5e493899f0d206dfb60094\System.IdentityModel.ni.dll MOD - [2011.10.16 18:44:37 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\559ebac0a85ae55da09827b8048f77bd\System.ServiceModel.ni.dll MOD - [2011.10.16 18:42:18 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\aab1c287bc73a03c51b55fb3f102c27e\System.ServiceProcess.ni.dll MOD - [2011.10.16 18:42:10 | 000,244,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\6df772247e44fc7cdaba2a87318ded7a\System.Runtime.Caching.ni.dll MOD - [2011.10.16 18:41:53 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\41a4f6cc5d596e952fd880ae1a47308f\System.Runtime.DurableInstancing.ni.dll MOD - [2011.10.16 18:41:53 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\caf1d94cb89859c72d6c8cd8774068d3\System.Transactions.ni.dll MOD - [2011.10.16 18:41:51 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\993f89ba22499c379d2a9dd25d13cd94\System.Runtime.Serialization.ni.dll MOD - [2011.10.16 18:41:51 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\398a52caf1e9fd1a6ea9dd589b0f6e68\SMDiagnostics.ni.dll MOD - [2011.10.16 18:41:48 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\bd729791a7504ef9ecb4ad6ebfd94935\System.Xml.Linq.ni.dll MOD - [2011.10.16 18:04:35 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a3ffdc1316821b5ceb32c9a788334329\System.Xaml.ni.dll MOD - [2011.10.16 17:47:35 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4b4c359912c1241246f50a4c47dbab3c\System.Runtime.Serialization.ni.dll MOD - [2011.10.16 17:47:30 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\a800035f1686fdb0b7a019b954a37cfe\SMDiagnostics.ni.dll MOD - [2011.10.16 17:45:37 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll MOD - [2011.10.16 17:44:16 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\02768700bc8f762ccfe37785ba8eb498\System.EnterpriseServices.ni.dll MOD - [2011.10.16 17:44:15 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8f3b3ab45e3e5fa61aa6cbfe2a8b61af\System.Transactions.ni.dll MOD - [2011.10.16 17:44:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll MOD - [2011.10.13 07:01:34 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll MOD - [2011.10.13 07:01:03 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll MOD - [2011.10.13 07:00:49 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll MOD - [2011.10.13 07:00:06 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll MOD - [2011.10.13 07:00:02 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll MOD - [2011.10.13 06:59:45 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll MOD - [2011.10.13 06:59:33 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll MOD - [2011.10.13 06:59:29 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll MOD - [2011.10.13 06:59:22 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2011.10.12 17:02:39 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\44a7d2597981a82da8b9e3e2298602de\System.Core.ni.dll MOD - [2011.10.12 17:02:37 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\419103071a5a5d17738afbe9dd03d58a\System.Xml.ni.dll MOD - [2011.10.12 17:02:33 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\17bfc7131aca3a393f430121f79307bd\System.Drawing.ni.dll MOD - [2011.10.12 17:02:33 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\4844dd28e0611d1ebd1e449fe822c2a5\System.Configuration.ni.dll MOD - [2011.10.12 17:02:31 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll MOD - [2011.10.12 17:02:24 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll MOD - [2011.06.28 09:22:06 | 000,068,704 | ---- | M] () -- F:\DATEV\PROGRAMM\B0000150\ScServer\ScEventSourcePlugin.dll MOD - [2011.05.09 14:52:00 | 000,203,264 | ---- | M] () -- F:\DATEV\SYSTEM\DVCCSipaHostApidll.dll MOD - [2010.07.12 09:05:32 | 000,030,304 | ---- | M] () -- F:\DATEV\PROGRAMM\B0000150\ScServer\ScWinMagicPlugin.dll MOD - [2010.06.04 17:40:26 | 000,012,128 | ---- | M] () -- C:\Programme\Common Files\Acronis\DriveMonitor\Common\icudt38.dll MOD - [2009.09.22 16:06:38 | 000,087,040 | ---- | M] () -- F:\DATEV\PROGRAMM\B0000391\DokSchutzShExt.dll MOD - [2009.09.16 17:24:04 | 000,101,888 | ---- | M] () -- F:\DATEV\SYSTEM\DVCCDBNETCONVAPIAX300.DLL MOD - [2009.03.29 20:42:20 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009.03.29 20:42:14 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.03.29 20:42:14 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2009.03.29 20:42:14 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009.03.29 20:42:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.02.18 10:39:54 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll MOD - [2008.05.02 05:15:37 | 000,010,240 | ---- | M] () -- C:\Programme\Unlocker\UnlockerCOM.dll MOD - [2008.04.21 22:43:20 | 001,336,600 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\fox.dll MOD - [2005.08.22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Programme\McAfee\Common Framework\cryptocme2.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (DVDFUEavmnwapi) SRV - File not found [On_Demand | Running] -- -- (Datev.Framework.RemoteServices.Messaging.CentralMessagingService) SRV - File not found [On_Demand | Running] -- -- (Datev.Framework.RemoteServices) SRV - File not found [Auto | Running] -- -- (Datev.Framework.RemoteServiceModel.EnablerService) SRV - File not found [On_Demand | Running] -- -- (Datev.Database.Conserve) SRV - [2012.02.11 18:40:44 | 000,159,608 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp) SRV - [2011.12.09 02:20:00 | 000,079,872 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\B0001442\PSNTServ.exe -- (DatevPrintService) SRV - [2011.11.04 08:51:48 | 000,176,128 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe -- (Dcmanag) SRV - [2011.09.06 14:22:46 | 000,063,488 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe -- (DATEV ViwasClientService) SRV - [2011.07.25 02:49:00 | 000,172,640 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe -- (DATEV Update-Service) SRV - [2011.06.28 09:18:54 | 002,409,056 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe -- (DVckService) SRV - [2011.05.09 14:52:04 | 000,271,456 | ---- | M] (Datev eG) [Auto | Running] -- F:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe -- (Sicherheitspaket-Dienst) SRV - [2010.09.22 16:47:22 | 000,292,960 | ---- | M] (DATEV eG) [Auto | Running] -- F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardService.exe -- (SCardService) SRV - [2010.09.03 14:50:22 | 000,406,112 | ---- | M] (DATEV e.G.) [Auto | Running] -- F:\DATEV\PROGRAMM\B0001364\DtvScSer.exe -- (DATEV Logon Service) SRV - [2010.08.25 20:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield) SRV - [2010.08.25 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager) SRV - [2010.08.25 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService) SRV - [2010.08.25 07:54:06 | 000,194,144 | ---- | M] (KOBIL Systems GmbH) [Disabled | Stopped] -- F:\DATEV\PROGRAMM\B0000404\msdisrv.exe -- (KOBIL_MSDI) SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.03.22 15:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service) SRV - [2009.10.27 18:23:50 | 000,660,504 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2009.08.25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2009.07.20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.01.28 09:52:46 | 002,790,400 | ---- | M] (Aladdin Knowledge Systems Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\hasplms.exe -- (hasplms) SRV - [2008.12.29 16:27:40 | 000,361,728 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2008.05.29 09:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2008.04.21 23:27:06 | 000,498,952 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen) SRV - [2006.12.07 16:52:14 | 000,140,184 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB) SRV - [2006.12.07 16:52:10 | 000,095,128 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD) ========== Driver Services (SafeList) ========== DRV - [2012.02.11 18:40:44 | 000,475,704 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2012.02.11 18:40:44 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2011.07.19 14:28:42 | 000,075,320 | ---- | M] (Datev eG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\d3_kafm.sys -- (SC_Serv3D) DRV - [2010.08.25 20:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2010.08.25 20:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2010.08.25 20:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfetdik.sys -- (mfetdik) DRV - [2010.08.25 20:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2010.03.04 12:50:14 | 000,261,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2009.10.08 15:45:22 | 000,023,424 | ---- | M] (KOBIL Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KOBCCEX.sys -- (KOBCCEX) DRV - [2009.10.08 15:45:10 | 000,084,352 | ---- | M] (KOBIL Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KOBCCID.sys -- (KOBCCID) DRV - [2009.07.09 13:18:56 | 000,587,776 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2009.06.22 09:06:32 | 000,016,384 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb) DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.06.17 17:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd) DRV - [2009.06.17 17:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb) DRV - [2009.05.21 15:43:20 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbsermpt.sys -- (usbsermpt) DRV - [2009.02.03 02:10:12 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp) DRV - [2009.01.16 10:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\aksfridge.sys -- (aksfridge) DRV - [2008.12.29 18:08:51 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2008.12.29 18:08:51 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2008.12.29 18:08:50 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman) DRV - [2008.12.29 18:08:48 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpman.sys -- (tdrpman) DRV - [2008.12.10 15:17:14 | 000,007,808 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2008.08.29 13:19:36 | 000,040,368 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hotcore3.sys -- (hotcore3) DRV - [2008.03.19 18:30:00 | 007,438,432 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.01.19 06:55:32 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\loop.sys -- (msloop) DRV - [2008.01.19 06:49:30 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID) DRV - [2007.09.12 17:24:00 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DslTestSp5.sys -- (dsltestSp5) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.datev.de/portal/ShowPage.do?pid=dpi&nid=302 IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.datev.de/ IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.6.18 FF - prefs.js..extensions.enabledItems: {1f91cde0-c040-11da-a94d-0800200c9a66}:3.2.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:1.0.2 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.9.99999 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@datev.de/DATEV_BestellManager,version=1.7: F:\DATEV\PROGRAMM\A0000015\npdvbm.dll ( DATEV eG) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files\phonostar-Player\npphonostarDetectNP.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 08:40:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.01 08:22:33 | 000,000,000 | ---D | M] [2009.02.01 13:57:41 | 000,000,000 | ---D | M] (No name found) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Extensions [2012.02.01 10:13:56 | 000,000,000 | ---D | M] (No name found) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions [2010.08.17 09:12:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.02.01 10:13:55 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2011.07.27 13:20:58 | 000,000,000 | ---D | M] (FoxClocks) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2011.05.15 09:42:40 | 000,000,000 | ---D | M] (Conduit Engine) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\engine@conduit.com [2011.07.27 13:21:08 | 000,000,000 | ---D | M] ("Nero Toolbar") -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\toolbar@ask.com [2012.02.02 08:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions () (No name found) -- D:\BENUTZER\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCWQV1RC.DEFAULT\EXTENSIONS\{1F91CDE0-C040-11DA-A94D-0800200C9A66}.XPI () (No name found) -- D:\BENUTZER\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCWQV1RC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- D:\BENUTZER\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCWQV1RC.DEFAULT\EXTENSIONS\FINDER@MEINGUTSCHEINCODE.DE.XPI [2012.01.29 17:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.08.25 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009.05.25 15:10:28 | 001,386,600 | ---- | M] (LINK & LINK Software) -- C:\Program Files\mozilla firefox\plugins\npideapl.dll [2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.29 14:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) O2 - BHO: (no name) - {557F4852-8868-44dd-B5E9-9890AC4B1FD5} - No CLSID value found. O2 - BHO: (DtvIePwdSafeBHO Class) - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - F:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe.dll (DATEV eG) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - F:\DATEV\SYSTEM\DVCCSASCardBHO002.dll (DATEV eG) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [adm_tray.exe] C:\Programme\Acronis\DriveMonitor\adm_tray.exe (Acronis) O4 - HKLM..\Run: [DATEV Update-Monitor] F:\DATEV\PROGRAMM\Install\DvInesASDMon.exe (DATEV eG) O4 - HKLM..\Run: [DATEV_SCardMan] F:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardManager.exe (DATEV eG) O4 - HKLM..\Run: [Dell MFP Color Laser Printer 3115cn Launcher] C:\Program Files\Dell Printers\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe (Dell Inc.) O4 - HKLM..\Run: [DVCCSAWTSSetEntryNTE] F:\DATEV\PROGRAMM\B0000150\ScWTS\DVCCSAWTSSetEntryNTE.exe (DATEV eG) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ScreenManager Pro for LCD] C:\Programme\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe (EIZO NANAO CORPORATION) O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [SiPaHost] F:\DATEV\PROGRAMM\B0000398\SiPaHost.exe (DATEV eG) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [Datev.Arbeitsplatz.Scheduler.exe] F:\DATEV\PROGRAMM\K0005000\Datev.Arbeitsplatz.Scheduler.exe (DATEV eG) O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [DFÜ-Sammler] F:\DATEV\PROGRAMM\RZKOMM\ccsrv2.exe () O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [GGAopsUxiAA.exe] C:\ProgramData\GGAopsUxiAA.exe File not found O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [KeePass Password Safe] C:\Program Files\KeePass Password Safe\KeePass.exe (Dominik Reichl) O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe File not found O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002..\Run: [Datev.Arbeitsplatz.Scheduler.exe] F:\DATEV\PROGRAMM\K0005000\Datev.Arbeitsplatz.Scheduler.exe (DATEV eG) O4 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002..\Run: [DFÜ-Sammler] F:\DATEV\PROGRAMM\RZKOMM\ccsrv2.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - Startup: D:\Benutzer\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = File not found O4 - Startup: D:\Benutzer\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CD-MENU.LNK = File not found O4 - Startup: D:\Benutzer\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VIWAS - USB Scanner.url () O4 - Startup: D:\Benutzer\Didi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = File not found O4 - Startup: D:\Benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DATEV Arbeitsplatz.lnk = F:\DATEV\PROGRAMM\K0005000\Arbeitsplatz.exe (DATEV eG) O4 - Startup: D:\Benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found O4 - Startup: D:\Benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG) O4 - Startup: D:\Benutzer\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O12 - Plugin for: .IPC - C:\Programme\Mozilla Firefox\plugins\npideapl.dll (LINK & LINK Software) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: bio-discount-markt.de ([www] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.com ([]http is out of zone range - 5) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.com ([]https is out of zone range - 5) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.de ([]http is out of zone range - 5) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.de ([]https is out of zone range - 5) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.de ([www] http is out of zone range - 5) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.de ([www] https is out of zone range - 5) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datev.de ([www.wissensvermittlung] * in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datevnet.de ([*.services] http is out of zone range - 5) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datevnet.de ([*.services] https is out of zone range - 5) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datevstadt.de ([]http is out of zone range - 5) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: datevstadt.de ([]https is out of zone range - 5) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: handelsblatt.com ([www] https in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: ing-diba.de ([www] https in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: jonglieren-lernen.de ([www] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: kaufdown.de ([www] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: lswb.de ([www] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: lufthansa.com ([newsletter] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: premium-content-center.de ([www.vhb] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: staatsoper.de ([secure] https in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: sueddeutsche.de ([kaufdown] https in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: sueddeutsche.de ([www] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: sued-west.com ([www] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: vkb.de ([cms] https in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1001\..Trusted Domains: wirtschaftspresse.biz ([www] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: adac.de ([www] https in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.at ([]http is out of zone range - 5) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.at ([]https is out of zone range - 5) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.com ([]http is out of zone range - 5) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.com ([]https is out of zone range - 5) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.de ([]http is out of zone range - 5) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.de ([]https is out of zone range - 5) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.de ([www] http is out of zone range - 5) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datev.de ([www] https is out of zone range - 5) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datevnet.de ([*.services] http is out of zone range - 5) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datevnet.de ([*.services] https is out of zone range - 5) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datevstadt.de ([]http is out of zone range - 5) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: datevstadt.de ([]https is out of zone range - 5) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: dell.com ([support.euro] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: deutschepost.de ([stampitweb] https in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: localhost ([]http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: localhost ([]https in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: t-online.de ([email] https in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Domains: top20free.de ([www] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Ranges: LocalHost ([http] in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3145037949-670496425-2720176754-1002\..Trusted Ranges: Range1 ([http] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D50606D-CA42-4B5F-A889-FD51BCAB22AA}: DhcpNameServer = 192.168.123.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: D:\Benutzer\Public\Pictures\Sample Pictures\Tornado2.jpg O24 - Desktop BackupWallPaper: D:\Benutzer\Public\Pictures\Sample Pictures\Tornado2.jpg O30 - LSA: Authentication Packages - (relog_ap) -C:\Windows\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk - C:\Programme\Audible\Bin\AudibleDownloadHelper.exe - (Audible, Inc.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hardcopy.LNK - C:\Programme\Hardcopy\hardcopy.exe - (sw4you, Siegfried Weckmann) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe - (Logitech, Inc.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.1 HD Edition.lnk - C:\Programme\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe - (Panasonic Corporation) MsConfig - StartUpFolder: D:^Benutzer^Chef^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) MsConfig - StartUpReg: DLPSP - hkey= - key= - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: KeePass Password Safe - hkey= - key= - C:\Program Files\KeePass Password Safe\KeePass.exe (Dominik Reichl) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: phonostarTimer - hkey= - key= - C:\Programme\phonostar-Player\phonostarTimer.exe () MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: STAMPIT-Tray - hkey= - key= - C:\Programme\STAMPIT\Binary\STRAY.EXE (Deutsche Post AG) MsConfig - StartUpReg: UnlockerAssistant - hkey= - key= - C:\Program Files\Unlocker\UnlockerAssistant.exe () MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 MsConfig - State: "bootini" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: McAfeeEngineService - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {0F1D198F-E5EA-4542-930E-2FB2B099F3F3} - LanaConfigTool_3383 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ADD9AEE8-B916-4CD6-A04B-9386DF90D594} - msiexec /fus {ADD9AEE8-B916-4CD6-A04B-9386DF90D594} /quiet ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297) ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\Windows\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.tscc - tsccvid.dll File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.02.12 16:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.02.11 19:42:31 | 000,000,000 | ---D | C] -- D:\Benutzer\Chef\AppData\Roaming\Malwarebytes [2012.02.11 19:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.11 19:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.11 19:42:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.02.11 19:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.02.11 18:59:01 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012.02.11 18:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\stinger [2012.02.11 17:11:08 | 000,000,000 | ---D | C] -- C:\Quarantäne [2012.02.01 18:52:32 | 000,091,896 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys [2012.02.01 18:52:32 | 000,087,656 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys [2012.02.01 18:52:32 | 000,076,024 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys [2012.02.01 18:52:32 | 000,043,192 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys [2012.02.01 18:52:31 | 000,475,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys [2012.02.01 18:52:31 | 000,159,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe [2012.02.01 18:52:31 | 000,064,208 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfetdik.sys [2012.02.01 18:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.02.01 18:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012.02.01 18:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee [2012.02.01 14:07:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.13 10:41:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.13 10:32:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.02.13 10:23:01 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7B350D1C-3775-4BB6-855B-FA96CDF39FC4}.job [2012.02.13 09:51:53 | 000,003,680 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.13 09:51:53 | 000,003,680 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.13 07:58:03 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.13 07:51:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.12 09:28:13 | 000,000,000 | ---- | M] () -- D:\Benutzer\Chef\defogger_reenable [2012.02.11 18:59:01 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012.02.11 18:40:44 | 000,475,704 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys [2012.02.11 18:40:44 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe [2012.02.11 18:40:44 | 000,087,656 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys [2012.02.09 17:24:20 | 001,009,612 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.09 17:24:20 | 000,911,982 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.09 17:24:20 | 000,278,674 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.09 17:24:20 | 000,219,280 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.02 19:58:34 | 000,000,705 | ---- | M] () -- C:\Windows\ODBC.INI [2012.02.01 19:03:30 | 000,000,021 | ---- | M] () -- C:\Windows\DvInesKurusOleServer003.INI [2012.02.01 11:03:37 | 000,000,694 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DATEV-Hinweis Mitteilungsdienst.lnk [2012.02.01 10:39:00 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\DATEV Arbeitsplatz pro V.2.03.lnk [2012.02.01 10:38:34 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.02.01 10:30:51 | 000,000,862 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office SR V.5.02 Initialisierung.lnk [2012.02.01 10:17:34 | 000,000,849 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk [2012.02.01 09:22:10 | 000,000,828 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DFÜ-Manager.lnk [2012.02.01 09:00:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\WPACLTASK_107450-38-2011-Prüfungsautomatisierung Lansche_Prüfungsautomatisierung_Lansche.job [2012.02.01 09:00:00 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\WPACLTASK_107450-38-2011-Prüfungsautomatisierung Lansche_Prüfungsautomatisierung_FIBU.job [2012.02.01 08:34:11 | 000,000,102 | ---- | M] () -- C:\Windows\Startup.INI [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.12 11:35:43 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office SR V.5.02 Initialisierung.lnk [2012.02.12 11:35:43 | 000,000,849 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk [2012.02.12 11:35:43 | 000,000,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DFÜ-Manager.lnk [2012.02.12 11:35:43 | 000,000,719 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lizenz-Manager Server.lnk [2012.02.12 11:35:43 | 000,000,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RZ-Druckertreiber V.2.3.lnk [2012.02.12 09:28:13 | 000,000,000 | ---- | C] () -- D:\Benutzer\Chef\defogger_reenable [2012.02.01 10:39:00 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\DATEV Arbeitsplatz pro V.2.03.lnk [2012.02.01 08:22:33 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2011.10.19 15:23:20 | 002,897,408 | ---- | C] () -- C:\Program Files\EPortoInstaller2010_v2.1.msi [2011.10.19 15:23:20 | 000,436,736 | ---- | C] () -- C:\Program Files\setup.exe [2011.07.01 12:55:07 | 000,000,130 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.04.19 13:37:11 | 000,000,093 | ---- | C] () -- D:\Benutzer\Chef\AppData\Roaming\BEVI.CFG [2010.12.17 08:38:47 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.09.22 16:48:26 | 000,032,352 | ---- | C] () -- C:\Windows\System32\JNILibrary.dll [2010.09.22 16:48:06 | 000,114,272 | ---- | C] () -- C:\Windows\System32\INetCert.dll [2010.07.26 11:12:23 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2010.07.26 11:12:23 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2010.07.26 11:12:23 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2010.07.26 11:12:23 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2010.07.26 11:12:23 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2010.07.26 11:12:23 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2010.07.26 11:12:23 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2010.07.26 11:12:23 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010.07.26 11:12:23 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2010.07.26 11:12:23 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2010.07.26 11:12:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2010.07.26 11:12:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010.07.26 11:12:23 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2010.07.26 11:12:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2010.07.26 11:12:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2010.07.26 11:12:23 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2010.07.26 11:12:23 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2010.07.26 11:12:23 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010.07.26 11:12:23 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010.04.16 07:40:49 | 000,000,118 | ---- | C] () -- C:\Windows\gmbhr.ini [2010.04.16 07:40:39 | 000,015,840 | ---- | C] () -- C:\Windows\System32\Machnm1.exe [2009.12.03 08:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.10.28 16:58:03 | 000,000,068 | ---- | C] () -- C:\Windows\wlep1.ini [2009.10.21 07:45:09 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.10.21 07:44:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.21 07:44:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.30 11:05:48 | 000,290,816 | ---- | C] () -- C:\Windows\System32\nsldap32v60.dll [2009.05.26 09:31:09 | 000,014,680 | ---- | C] () -- C:\Windows\System32\skypdfmonpro.dll [2009.05.26 09:31:09 | 000,012,632 | ---- | C] () -- C:\Windows\System32\skypdfmonuipro.dll [2009.05.25 21:00:46 | 000,000,021 | ---- | C] () -- C:\Windows\KurusDeinstall.INI [2009.05.21 10:33:06 | 000,000,012 | ---- | C] () -- C:\Windows\Ulead32.ini [2009.05.17 12:27:18 | 000,000,164 | ---- | C] () -- C:\Windows\DEINSTAL.INI [2009.05.17 12:05:44 | 000,000,000 | ---- | C] () -- C:\Windows\netop.ini [2009.05.17 09:28:58 | 000,000,095 | ---- | C] () -- D:\Benutzer\Chef\AppData\Local\fusioncache.dat [2009.05.17 08:57:01 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI [2009.05.17 08:54:29 | 000,000,101 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI [2009.05.17 08:54:28 | 000,000,101 | ---- | C] () -- C:\Windows\dvinesinstart001.INI [2009.05.17 08:52:06 | 000,000,102 | ---- | C] () -- C:\Windows\Startup.INI [2009.01.02 13:52:17 | 000,008,192 | ---- | C] () -- D:\Benutzer\Chef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.28 15:03:13 | 000,000,705 | ---- | C] () -- C:\Windows\ODBC.INI [2008.12.20 12:47:34 | 004,244,744 | ---- | C] () -- C:\Windows\System32\qtp-mt334.dll [2008.12.20 12:47:34 | 000,247,560 | ---- | C] () -- C:\Windows\System32\prgiso.dll [2008.11.30 14:19:21 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll [2008.11.30 12:58:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.10.30 17:00:22 | 000,048,640 | ---- | C] () -- C:\Windows\System32\nsldapssl32v60.dll [2008.10.30 16:59:24 | 000,025,088 | ---- | C] () -- C:\Windows\System32\nsldappr32v60.dll [2008.09.26 17:40:50 | 000,024,376 | ---- | C] () -- C:\Windows\System32\TALDM32A.dll [2008.09.26 17:40:50 | 000,022,832 | ---- | C] () -- C:\Windows\System32\TALDM32.DLL [2008.09.26 17:40:48 | 000,052,536 | ---- | C] () -- C:\Windows\System32\TAL12832.DLL [2008.09.13 13:53:35 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2008.07.09 16:23:08 | 000,255,288 | ---- | C] () -- C:\Windows\System32\SBSPAIN3.DLL [2008.07.09 16:22:28 | 000,075,576 | ---- | C] () -- C:\Windows\System32\ENCODE32.DLL [2007.01.15 08:19:16 | 000,016,473 | ---- | C] () -- C:\Windows\System32\SELF32.INI [2006.11.02 16:42:41 | 001,009,612 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:42:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:42:41 | 000,278,674 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:42:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:43 | 000,342,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 11:33:01 | 000,911,982 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,219,280 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.08.16 12:48:16 | 000,036,864 | ---- | C] () -- C:\Windows\System32\OrdMen.dll [2005.08.16 12:48:14 | 000,081,920 | ---- | C] () -- C:\Windows\System32\SOFFICK2.dll [2005.08.16 12:47:52 | 000,045,056 | ---- | C] () -- C:\Windows\System32\SBSPAIN2.DLL [2005.08.16 12:47:52 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SBSPAINT.DLL [2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll [2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll [2003.09.24 11:42:12 | 000,000,093 | ---- | C] () -- C:\Windows\tm.ini [2003.09.24 10:42:00 | 000,000,093 | ---- | C] () -- C:\Windows\System32\tm.ini [2001.05.07 14:51:42 | 000,001,091 | ---- | C] () -- C:\Windows\PCDBAudit.ini [1999.08.26 14:50:36 | 000,020,480 | ---- | C] () -- C:\Windows\System32\ddma32.dll [1999.01.19 14:18:30 | 000,110,080 | ---- | C] () -- C:\Windows\System32\LFPNG60N.DLL [1999.01.19 14:18:30 | 000,046,080 | ---- | C] () -- C:\Windows\System32\LFTIF60N.DLL [1999.01.19 14:18:30 | 000,043,008 | ---- | C] () -- C:\Windows\System32\LTFIL60N.DLL [1999.01.19 14:18:30 | 000,020,480 | ---- | C] () -- C:\Windows\System32\LFPSD60N.DLL [1999.01.19 14:18:30 | 000,019,968 | ---- | C] () -- C:\Windows\System32\LFTGA60N.DLL [1999.01.19 14:18:30 | 000,019,456 | ---- | C] () -- C:\Windows\System32\LFWPG60N.DLL [1999.01.19 14:18:30 | 000,019,456 | ---- | C] () -- C:\Windows\System32\LFWMF60N.DLL [1999.01.19 14:18:28 | 000,176,128 | ---- | C] () -- C:\Windows\System32\LFFAX60N.DLL [1999.01.19 14:18:28 | 000,141,824 | ---- | C] () -- C:\Windows\System32\LFCMP60N.DLL [1999.01.19 14:18:28 | 000,023,552 | ---- | C] () -- C:\Windows\System32\LFPCX60N.DLL [1999.01.19 14:18:28 | 000,022,528 | ---- | C] () -- C:\Windows\System32\LFPCT60N.DLL [1999.01.19 14:18:28 | 000,022,528 | ---- | C] () -- C:\Windows\System32\LFEPS60N.DLL [1999.01.19 14:18:28 | 000,022,016 | ---- | C] () -- C:\Windows\System32\LFBMP60N.DLL [1999.01.19 14:18:28 | 000,018,432 | ---- | C] () -- C:\Windows\System32\LFMSP60N.DLL [1999.01.19 14:18:28 | 000,017,920 | ---- | C] () -- C:\Windows\System32\LFMAC60N.DLL [1998.05.07 13:10:16 | 000,069,632 | ---- | C] () -- C:\Windows\System32\ODMA32.DLL [1995.05.19 10:13:00 | 000,005,440 | ---- | C] () -- C:\Windows\System32\WINDVS16.DLL [1995.02.14 23:11:00 | 000,017,920 | ---- | C] () -- C:\Windows\System32\IMPLODE.DLL ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.12.25 18:07:00 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Adobe [2009.05.22 16:09:45 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Ahead [2009.09.13 12:26:18 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Apple Computer [2011.07.21 14:19:41 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\DATEV [2010.10.06 20:17:09 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\DivX [2010.05.13 13:14:32 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\DMS [2008.12.31 12:36:21 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Google [2009.05.18 19:35:41 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Help [2008.12.20 12:32:22 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Identities [2010.07.26 11:12:22 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\InstallShield [2009.02.01 13:50:16 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\KeePass [2009.05.22 09:15:59 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Logitech [2008.12.23 13:51:17 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Macromedia [2012.02.11 19:42:31 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Malwarebytes [2011.07.01 12:53:27 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\McAfee [2009.06.24 07:56:49 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\MGS [2011.03.24 15:16:46 | 000,000,000 | --SD | M] -- D:\Benutzer\Chef\AppData\Roaming\Microsoft [2009.02.01 13:57:41 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Mozilla [2009.02.08 14:01:44 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\Notepad++ [2009.10.21 07:36:38 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\phonostar GmbH [2009.11.20 10:17:38 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\phonostar-Player [2008.12.20 12:54:12 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\T-Online [2008.12.29 16:14:42 | 000,000,000 | ---D | M] -- D:\Benutzer\Chef\AppData\Roaming\TuneUp Software < %APPDATA%\*.exe /s > [2008.12.25 17:36:29 | 000,025,214 | R--- | M] () -- D:\Benutzer\Chef\AppData\Roaming\Microsoft\Installer\{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}\_52312b2a.exe [2011.11.08 18:59:33 | 000,347,088 | ---- | M] (Ask.com) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\toolbar@ask.com\chrome\content\NeroApplicationManager.exe [2011.03.24 09:49:20 | 002,844,552 | ---- | M] (Ask.com ) -- D:\Benutzer\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\pcwqv1rc.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe [2011.07.27 16:32:14 | 012,727,952 | ---- | M] ( ) -- D:\Benutzer\Chef\AppData\Roaming\phonostar GmbH\phonostar-Player\update.exe [1 D:\Benutzer\Chef\AppData\Roaming\phonostar GmbH\phonostar-Player\*.tmp files -> D:\Benutzer\Chef\AppData\Roaming\phonostar GmbH\phonostar-Player\*.tmp -> ] < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.11.27 22:02:08 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.11.27 22:02:08 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.11.27 22:02:08 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2010.03.05 10:25:58 | 000,043,520 | ---- | M] (Panasonic Corporation) MD5=5DC962B15A2057814728D2BDE118BE07 -- C:\Program Files\Panasonic\PHOTOfunSTUDIO 5.1 HD\Core\EventLog\EventLog.dll [2010.03.05 10:25:58 | 000,043,520 | ---- | M] (Panasonic Corporation) MD5=5DC962B15A2057814728D2BDE118BE07 -- C:\Program Files\Panasonic\PHOTOfunSTUDIO 5.1 HD\Core\Spec\AVCHD\BDCore\EventLog.dll < MD5 for: IASTORV.SYS > [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.11.27 21:49:57 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll [2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.11.27 21:49:57 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
13.02.2012, 11:17
| #10 |
| | FakeAlert gbR und SystemCheck auf Windows Vista Und hier das zweite log, weil nicht alles in einen Post gepasst hat. Extras.txt: uuups - brauch ma ja gar ned... Gruß Angela Geändert von Angela_64 (13.02.2012 um 11:45 Uhr) |
|
13.02.2012, 13:00
| #11 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | FakeAlert gbR und SystemCheck auf Windows VistaZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.02.2012, 13:47
| #12 |
| | FakeAlert gbR und SystemCheck auf Windows Vista Der wird u.a. fürs Büro benutzt. Gruß Angela |
|
13.02.2012, 13:54
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | FakeAlert gbR und SystemCheck auf Windows Vista Bei Bürorechnern solltest du überlegen ob du einen derartigen Kompromiss überhaupt eingehen willst. Wieso habt ihr keinen EDV-Support für einen gewerblich genutzeten Rechner, der im Büro steht?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.02.2012, 13:55
| #14 |
| | FakeAlert gbR und SystemCheck auf Windows Vista Weil ich das bisher immer ganz gut alleine hinbekommen habe... Welchen Kompromiss? |
|
13.02.2012, 14:16
| #15 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | FakeAlert gbR und SystemCheck auf Windows VistaZitat:
Ich glaube dein Rechner ist schon ein fast unverzichtbares Hilfsmittel geworden oder kannst du dir einen Ausfall leisten und dann dich selbst um alles kümmern, während die andere Arbeit liegen bleibt? Kundenbetreuuung etc.? Na ich weiß nicht. Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu FakeAlert gbR und SystemCheck auf Windows Vista |
| bildschirm, cpu, document, dsl, excel, firefox, flash player, frage, google, google earth, helper, installation, laufwerk c, locker, mozilla, msiexec, nicht starten, outlook 2010, plug-in, programm, registry, rundll, secur, security, security update, software, speicherplatz, starten, studio, svchost.exe, trojaner, udp, usb, vista, windows, winload toolbar |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
