google rocketnews

da_tschaemp · 14.05.2012, 15:30

Hallo,

ich habe das gleiche Problem, wie ich es hier auf dem board auch schon zwei mal gelesen habe.
bei der google-suche werde ich nicht mehr auf die eigentlich angeklickten Links geleitet sondern meistens "rocketradio" oder ähnliche.
Außerdem lässt sich das Windows-Sicherheitscenter nicht mehr aktivieren.

Ich war mir nicht sicher, ob ich die Anleitungen von den beiden anderen Topics auch einfach umsetzen soll und kann, oder ob ich dort antworten soll. Dewegen habe ich jetzt mal ein eigenes Thema erstellt...

Gruß Bernd

cosinus · 14.05.2012, 19:15

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

da_tschaemp · 14.05.2012, 20:48

dank schon mal im Voraus für die Hilfe

hier erst mal das Malware Bytes log

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.14.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
da_tschaemp2 :: DA_TSCHAEMP2-PC [Administrator]

Schutz: Aktiviert

14.05.2012 20:39:25
mbam-log-2012-05-14 (21-45-36).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 323054
Laufzeit: 46 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 24
J:\System Volume Information\_restore{15FB6BBE-E694-4ADF-9962-79E8DD56CA03}\RP79\A0056365.exe (Trojan.Agent) -> Keine Aktion durchgeführt.
J:\System Volume Information\_restore{15FB6BBE-E694-4ADF-9962-79E8DD56CA03}\RP79\A0056369.exe (PUP.Joke.Buttons) -> Keine Aktion durchgeführt.
J:\System Volume Information\_restore{15FB6BBE-E694-4ADF-9962-79E8DD56CA03}\RP79\A0056370.exe (PUP.Joke.Schock) -> Keine Aktion durchgeführt.
J:\System Volume Information\_restore{15FB6BBE-E694-4ADF-9962-79E8DD56CA03}\RP79\A0056373.exe (BadJoke.Finger) -> Keine Aktion durchgeführt.
J:\System Volume Information\_restore{15FB6BBE-E694-4ADF-9962-79E8DD56CA03}\RP79\A0056374.exe (Trojan.Bier) -> Keine Aktion durchgeführt.
J:\System Volume Information\_restore{15FB6BBE-E694-4ADF-9962-79E8DD56CA03}\RP79\A0056378.exe (Joke.Zappa) -> Keine Aktion durchgeführt.
J:\System Volume Information\_restore{15FB6BBE-E694-4ADF-9962-79E8DD56CA03}\RP79\A0056380.exe (PUP.Joke.RJLSoftware) -> Keine Aktion durchgeführt.
J:\System Volume Information\_restore{15FB6BBE-E694-4ADF-9962-79E8DD56CA03}\RP88\A0064191.exe (Trojan.Agent) -> Keine Aktion durchgeführt.
J:\System Volume Information\_restore{15FB6BBE-E694-4ADF-9962-79E8DD56CA03}\RP88\A0064195.exe (PUP.Joke.Buttons) -> Keine Aktion durchgeführt.
J:\System Volume Information\_restore{15FB6BBE-E694-4ADF-9962-79E8DD56CA03}\RP88\A0064196.exe (PUP.Joke.Schock) -> Keine Aktion durchgeführt.
J:\System Volume Information\_restore{15FB6BBE-E694-4ADF-9962-79E8DD56CA03}\RP88\A0064199.exe (BadJoke.Finger) -> Keine Aktion durchgeführt.
J:\System Volume Information\_restore{15FB6BBE-E694-4ADF-9962-79E8DD56CA03}\RP88\A0064200.exe (Trojan.Bier) -> Keine Aktion durchgeführt.
J:\System Volume Information\_restore{15FB6BBE-E694-4ADF-9962-79E8DD56CA03}\RP88\A0064204.exe (Joke.Zappa) -> Keine Aktion durchgeführt.
J:\System Volume Information\_restore{15FB6BBE-E694-4ADF-9962-79E8DD56CA03}\RP88\A0064206.exe (PUP.Joke.RJLSoftware) -> Keine Aktion durchgeführt.
J:\System Volume Information\_restore{4B847C8A-B664-4BE2-95C0-358F95FB3946}\RP1\A0000023.exe (Trojan.Agent) -> Keine Aktion durchgeführt.
J:\System Volume Information\_restore{D6B5B28D-72E6-4DCB-81EB-A9B38511A4B4}\RP223\A0056978.exe (Backdoor.Bot) -> Keine Aktion durchgeführt.
J:\System Volume Information\_restore{9E2AD194-5F72-43EC-AE14-D7B42B6F0DE9}\RP277\A0051786.exe (Trojan.Dropper) -> Keine Aktion durchgeführt.
J:\System Volume Information\_restore{9E2AD194-5F72-43EC-AE14-D7B42B6F0DE9}\RP277\A0053150.exe (Trojan.Agent) -> Keine Aktion durchgeführt.
J:\System Volume Information\_restore{9E2AD194-5F72-43EC-AE14-D7B42B6F0DE9}\RP277\A0053154.exe (PUP.Joke.Buttons) -> Keine Aktion durchgeführt.
J:\System Volume Information\_restore{9E2AD194-5F72-43EC-AE14-D7B42B6F0DE9}\RP277\A0053155.exe (PUP.Joke.Schock) -> Keine Aktion durchgeführt.
J:\System Volume Information\_restore{9E2AD194-5F72-43EC-AE14-D7B42B6F0DE9}\RP277\A0053158.exe (BadJoke.Finger) -> Keine Aktion durchgeführt.
J:\System Volume Information\_restore{9E2AD194-5F72-43EC-AE14-D7B42B6F0DE9}\RP277\A0053162.exe (Joke.Zappa) -> Keine Aktion durchgeführt.
J:\System Volume Information\_restore{9E2AD194-5F72-43EC-AE14-D7B42B6F0DE9}\RP277\A0053164.exe (PUP.Joke.RJLSoftware) -> Keine Aktion durchgeführt.
J:\System Volume Information\_restore{9E2AD194-5F72-43EC-AE14-D7B42B6F0DE9}\RP277\A0053189.exe (Adware.Onlinegames) -> Keine Aktion durchgeführt.

(Ende)

und hier das ESET log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=73fec6f4a6ab6042ade9ff5b3be1d62b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-14 09:44:53
# local_time=2012-05-14 11:44:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 95680 88656600 0 0
# compatibility_mode=8192 67108863 100 0 246 246 0 0
# scanned=124412
# found=7
# cleaned=0
# scan_time=6484
C:\Windows\Temp\886856.exe	Win32/PSW.Delf.OBN trojan (unable to clean)	00000000000000000000000000000000	I
J:\System Volume Information\_restore{15FB6BBE-E694-4ADF-9962-79E8DD56CA03}\RP79\A0056386.exe	Win32/JepRuss.A joke (unable to clean)	00000000000000000000000000000000	I
J:\System Volume Information\_restore{15FB6BBE-E694-4ADF-9962-79E8DD56CA03}\RP88\A0064212.exe	Win32/JepRuss.A joke (unable to clean)	00000000000000000000000000000000	I
J:\System Volume Information\_restore{9E2AD194-5F72-43EC-AE14-D7B42B6F0DE9}\RP277\A0052886.exe	probably a variant of Win32/TrojanDownloader.VB.IRCSLWN trojan (unable to clean)	00000000000000000000000000000000	I
J:\System Volume Information\_restore{9E2AD194-5F72-43EC-AE14-D7B42B6F0DE9}\RP277\A0052918.exe	multiple threats (unable to clean)	00000000000000000000000000000000	I
J:\System Volume Information\_restore{9E2AD194-5F72-43EC-AE14-D7B42B6F0DE9}\RP277\A0052934.exe	multiple threats (unable to clean)	00000000000000000000000000000000	I
J:\System Volume Information\_restore{9E2AD194-5F72-43EC-AE14-D7B42B6F0DE9}\RP277\A0053170.exe	Win32/JepRuss.A joke (unable to clean)	00000000000000000000000000000000	I

cosinus · 15.05.2012, 08:51

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

da_tschaemp · 15.05.2012, 10:39

ich sitze im Moment nicht an dem befallenden Computer deswegen kann ich grade nicht genau nachschauen.
aber mir ist eigentlich nichts aufgefallen, abgesehen von den Problemen beim googeln und dass dieses Sicherheits-Center nicht aktiviert war ist mir nichts aufgefallen.
aber wenn du das noch genauer wissen willst/musst, sehe ich heute nachmittag noch mal genau nach.

cosinus · 15.05.2012, 13:42

Ja sieh nochmal nachher richtig nach

da_tschaemp · 15.05.2012, 15:55

Also leere Ordner sind im Startmenü nicht vorhanden
ob welche fehlen kann ich schlecht sagen, weil ich nicht mehr genau weiß ob ich das bei allen programmen so eingestellt habe. Aufgefallen ist mir z.B. dass Opera keinen Ordner im Startmenü hat

cosinus · 15.05.2012, 20:04

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

da_tschaemp · 15.05.2012, 22:33

hier das OTL-log

Code:

ATTFilter

OTL logfile created on: 15.05.2012 23:23:39 - Run 1
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\da_tschaemp2\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 74,95% Memory free
4,00 Gb Paging File | 3,18 Gb Available in Paging File | 79,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50,00 Gb Total Space | 29,30 Gb Free Space | 58,59% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 48,16 Gb Free Space | 96,32% Space Free | Partition Type: NTFS
Drive E: | 150,00 Gb Total Space | 147,07 Gb Free Space | 98,05% Space Free | Partition Type: NTFS
Drive F: | 150,00 Gb Total Space | 149,91 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive G: | 65,76 Gb Total Space | 65,63 Gb Free Space | 99,80% Space Free | Partition Type: NTFS
 
Computer Name: DA_TSCHAEMP2-PC | User Name: da_tschaemp2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.15 23:19:07 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\da_tschaemp2\Desktop\OTL.exe
PRC - [2012.05.08 17:30:11 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 17:30:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 17:30:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 17:30:11 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.07 12:47:46 | 000,160,840 | ---- | M] (Geek Software GmbH) -- E:\PDF24\pdf24.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- E:\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.02.24 00:33:38 | 000,198,136 | ---- | M] (Nitro PDF Software) -- E:\NitroReader\NitroPDFReaderDriverService2.exe
PRC - [2012.02.23 12:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- E:\TeamViewer\TeamViewer_Service.exe
PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\da_tschaemp2\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.10.08 07:18:42 | 000,726,288 | ---- | M] () -- E:\VPN\iked.exe
PRC - [2010.10.08 07:18:42 | 000,541,968 | ---- | M] () -- E:\VPN\ipsecd.exe
PRC - [2010.10.08 07:18:42 | 000,054,544 | ---- | M] () -- E:\VPN\dtpd.exe
PRC - [2010.05.18 08:46:01 | 001,989,120 | ---- | M] () -- C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
PRC - [2009.03.06 00:57:56 | 000,227,352 | ---- | M] (SonicWALL, Inc.) -- E:\SonicWall\SWGVCSvc.exe
PRC - [2009.02.26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007.04.03 17:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- E:\Cisco\cvpnd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.17 21:55:35 | 000,166,912 | ---- | M] () -- E:\WinRAR\RarExt.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.05.18 08:46:01 | 001,989,120 | ---- | M] () -- C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
MOD - [2009.11.19 14:10:25 | 001,384,520 | ---- | M] () -- C:\Windows\twain_32\Samsung\SCX3200\SSOle.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.08 17:30:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- E:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 17:30:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- E:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.04 19:11:22 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.24 00:33:38 | 000,198,136 | ---- | M] (Nitro PDF Software) [Auto | Running] -- E:\NitroReader\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2012.02.23 12:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- E:\TeamViewer\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.10.08 07:18:42 | 000,726,288 | ---- | M] () [Auto | Running] -- E:\VPN\iked.exe -- (iked)
SRV - [2010.10.08 07:18:42 | 000,541,968 | ---- | M] () [Auto | Running] -- E:\VPN\ipsecd.exe -- (ipsecd)
SRV - [2010.10.08 07:18:42 | 000,054,544 | ---- | M] () [Auto | Running] -- E:\VPN\dtpd.exe -- (dtpd)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.06 00:57:56 | 000,227,352 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- E:\SonicWall\SWGVCSvc.exe -- (SWGVCSvc)
SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007.04.03 17:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- E:\Cisco\cvpnd.exe -- (CVPND)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - [2012.05.08 17:30:11 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 17:30:11 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.02.10 06:13:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.12.16 17:53:01 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.02 09:18:48 | 000,017,920 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt)
DRV - [2010.09.02 09:18:48 | 000,013,824 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet)
DRV - [2010.06.25 19:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009.11.17 10:15:42 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.sys -- (SSPORT)
DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 00:02:46 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2009.03.06 00:58:12 | 000,087,064 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\SWIPsec.sys -- (SWIPsec)
DRV - [2009.03.04 19:03:32 | 000,021,016 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWVNIC.sys -- (SWVNIC)
DRV - [2008.11.16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.04.03 17:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007.01.18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005.10.25 10:56:00 | 000,011,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\pvavsaud.sys -- (CXAVSAUD)
DRV - [2004.08.13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3519979055-2756968749-2926456787-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3519979055-2756968749-2926456787-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3519979055-2756968749-2926456787-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3519979055-2756968749-2926456787-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\java\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: E:\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: E:\Firefox\components [2012.02.29 20:10:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: E:\Firefox\plugins
 
[2012.03.01 09:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\da_tschaemp2\AppData\Roaming\mozilla\Extensions
[2012.05.05 14:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\da_tschaemp2\AppData\Roaming\mozilla\Firefox\Profiles\uhkxh89i.default\extensions
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\java\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [3200 Scan2PC] C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] E:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] E:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDFPrint] E:\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\da_tschaemp2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\da_tschaemp2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3519979055-2756968749-2926456787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\da_tschaemp2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26348948-0901-4552-BD5B-FFA924C2F4AE}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C17C8B53-9781-4D18-BEE2-DBFAD179FA5E}: Domain = rz.fh-kempten.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C17C8B53-9781-4D18-BEE2-DBFAD179FA5E}: NameServer = 193.174.193.80
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^da_tschaemp2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Trillian.lnk - E:\Trillian\trillian.exe - (Cerulean Studios)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: Spotify - hkey= - key= - C:\Users\da_tschaemp2\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.15 23:19:07 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\da_tschaemp2\Desktop\OTL.exe
[2012.05.14 21:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.14 21:52:31 | 002,322,184 | ---- | C] (ESET) -- C:\Users\da_tschaemp2\Desktop\esetsmartinstaller_enu.exe
[2012.05.14 20:37:23 | 000,000,000 | ---D | C] -- C:\Users\da_tschaemp2\AppData\Roaming\Malwarebytes
[2012.05.14 20:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.14 20:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.14 20:37:17 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.14 20:35:32 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\da_tschaemp2\Desktop\malwarebytes_antimalware_1.61.exe
[2012.05.13 17:45:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.08 09:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.04.18 12:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.04.18 12:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.15 23:19:07 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\da_tschaemp2\Desktop\OTL.exe
[2012.05.15 23:14:43 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.15 23:14:43 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.15 23:11:46 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.15 23:11:46 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.15 23:11:46 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.15 23:11:46 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.15 23:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.15 23:07:22 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\Fgleovvng.job
[2012.05.15 23:07:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.15 23:07:12 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.14 21:52:32 | 002,322,184 | ---- | M] (ESET) -- C:\Users\da_tschaemp2\Desktop\esetsmartinstaller_enu.exe
[2012.05.14 20:36:38 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\da_tschaemp2\Desktop\malwarebytes_antimalware_1.61.exe
[2012.05.13 23:01:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.05.13 20:14:18 | 000,403,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.13 18:59:11 | 000,151,552 | RHS- | M] () -- C:\Windows\System32\C_8573.dll
[2012.05.08 17:30:11 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.08 17:30:11 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.05.02 19:16:21 | 000,317,329 | ---- | M] () -- C:\Users\da_tschaemp2\Desktop\Tischtennis_Ausschreibung_2012_CD.pdf
[2012.04.16 11:38:09 | 000,040,262 | ---- | M] () -- C:\Users\da_tschaemp2\Desktop\Sportprogramm_SS12_final.pdf
 
========== Files Created - No Company Name ==========
 
[2012.05.13 23:01:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.05.13 18:59:11 | 000,151,552 | RHS- | C] () -- C:\Windows\System32\C_8573.dll
[2012.05.13 18:59:11 | 000,000,318 | ---- | C] () -- C:\Windows\tasks\Fgleovvng.job
[2012.05.02 19:16:21 | 000,317,329 | ---- | C] () -- C:\Users\da_tschaemp2\Desktop\Tischtennis_Ausschreibung_2012_CD.pdf
[2012.04.16 11:38:08 | 000,040,262 | ---- | C] () -- C:\Users\da_tschaemp2\Desktop\Sportprogramm_SS12_final.pdf
[2012.03.04 11:40:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.03.02 12:23:51 | 000,482,408 | ---- | C] () -- C:\Windows\SSndii.exe
[2012.03.02 12:22:57 | 000,113,768 | ---- | C] () -- C:\Windows\Wiainst.exe
[2012.03.02 00:45:51 | 000,065,107 | ---- | C] () -- C:\Windows\War3Unin.dat
[2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.04.14 03:40:42 | 000,024,064 | ---- | C] () -- C:\Windows\System32\ssb3ml3.dll
[2010.06.25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
 
========== LOP Check ==========
 
[2012.02.29 20:09:38 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Downloaded Installations
[2012.05.15 23:07:42 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Dropbox
[2012.02.29 20:13:18 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\DVDVideoSoft
[2012.02.29 20:13:15 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.09 17:47:50 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Nitro PDF
[2012.02.29 19:27:49 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Opera
[2012.04.14 20:23:42 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Spotify
[2012.02.29 20:18:59 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Trillian
[2012.05.15 18:19:18 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\TV-Browser
[2012.05.15 23:07:22 | 000,000,318 | ---- | M] () -- C:\Windows\Tasks\Fgleovvng.job
[2012.04.25 19:39:13 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.02.29 20:16:01 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Adobe
[2012.03.01 20:56:33 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Apple Computer
[2012.03.01 01:26:08 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Avira
[2012.02.29 20:09:38 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Downloaded Installations
[2012.05.15 23:07:42 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Dropbox
[2012.02.29 20:13:18 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\DVDVideoSoft
[2012.02.29 20:13:15 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.29 18:08:43 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Identities
[2012.03.02 12:23:18 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\InstallShield
[2012.02.29 20:16:01 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Macromedia
[2012.05.14 20:37:23 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Media Center Programs
[2012.04.02 17:51:08 | 000,000,000 | --SD | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Microsoft
[2012.03.01 09:38:07 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Mozilla
[2012.05.09 17:47:50 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Nitro PDF
[2012.02.29 19:27:49 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Opera
[2012.05.15 23:21:43 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Skype
[2012.03.17 15:09:52 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\SonicWALL
[2012.04.14 20:23:42 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Spotify
[2012.02.29 20:18:59 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\Trillian
[2012.05.15 18:19:18 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\TV-Browser
[2012.05.04 19:51:37 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\vlc
[2012.03.01 11:00:06 | 000,000,000 | ---D | M] -- C:\Users\da_tschaemp2\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\da_tschaemp2\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 01:03:22 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\da_tschaemp2\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.03.14 22:33:40 | 004,011,184 | ---- | M] (Spotify Ltd) -- C:\Users\da_tschaemp2\AppData\Roaming\Spotify\spotify.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.05.13 18:59:11 | 000,151,552 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\C_8573.dll
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll

< End of report >

cosinus · 16.05.2012, 13:02

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3519979055-2756968749-2926456787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2012.05.13 18:59:11 | 000,151,552 | RHS- | C] () -- C:\Windows\System32\C_8573.dll
[2012.05.13 18:59:11 | 000,000,318 | ---- | C] () -- C:\Windows\tasks\Fgleovvng.job
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

da_tschaemp · 16.05.2012, 16:22

so, hier das log- von dem OTL-fix:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3519979055-2756968749-2926456787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Windows\System32\C_8573.dll moved successfully.
C:\Windows\Tasks\Fgleovvng.job moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: da_tschaemp2
->Temp folder emptied: 122081224 bytes
->Temporary Internet Files folder emptied: 30210398 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 216056943 bytes
->Opera cache emptied: 21994576 bytes
->Flash cache emptied: 53799 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14995131 bytes
RecycleBin emptied: 12764075 bytes
 
Total Files Cleaned = 399,00 mb
 
 
[EMPTYFLASH]
 
User: All Users

cosinus · 16.05.2012, 20:34

Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

da_tschaemp · 17.05.2012, 11:07

ok, ist hochgeladen

cosinus · 17.05.2012, 18:12

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

da_tschaemp · 20.05.2012, 15:42

Hey,
sorry dass du solange auf eine Antwort warten musstest. Ich war das Wochenende unterwegs. Aber hier das Log:

Code:

ATTFilter

16:38:57.0030 0776	TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
16:38:57.0195 0776	============================================================
16:38:57.0196 0776	Current date / time: 2012/05/20 16:38:57.0195
16:38:57.0196 0776	SystemInfo:
16:38:57.0196 0776	
16:38:57.0196 0776	OS Version: 6.1.7601 ServicePack: 1.0
16:38:57.0196 0776	Product type: Workstation
16:38:57.0196 0776	ComputerName: DA_TSCHAEMP2-PC
16:38:57.0196 0776	UserName: da_tschaemp2
16:38:57.0197 0776	Windows directory: C:\Windows
16:38:57.0197 0776	System windows directory: C:\Windows
16:38:57.0197 0776	Processor architecture: Intel x86
16:38:57.0197 0776	Number of processors: 2
16:38:57.0197 0776	Page size: 0x1000
16:38:57.0197 0776	Boot type: Normal boot
16:38:57.0197 0776	============================================================
16:38:58.0658 0776	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x14B355, SectorsPerTrack: 0xC, TracksPerCylinder: 0x3C, Type 'K0', Flags 0x00000050
16:38:58.0660 0776	============================================================
16:38:58.0660 0776	\Device\Harddisk0\DR0:
16:38:58.0660 0776	MBR partitions:
16:38:58.0660 0776	Initialize success
16:38:58.0660 0776	============================================================
16:39:49.0843 2876	============================================================
16:39:49.0843 2876	Scan started
16:39:49.0843 2876	Mode: Manual; SigCheck; TDLFS; 
16:39:49.0843 2876	============================================================
16:39:50.0358 2876	1394ohci - ok
16:39:50.0374 2876	ACPI - ok
16:39:50.0389 2876	AcpiPmi - ok
16:39:50.0436 2876	AdobeFlashPlayerUpdateSvc - ok
16:39:50.0452 2876	adp94xx - ok
16:39:50.0452 2876	adpahci - ok
16:39:50.0452 2876	adpu320 - ok
16:39:50.0467 2876	AeLookupSvc - ok
16:39:50.0483 2876	AFD - ok
16:39:50.0483 2876	agp440 - ok
16:39:50.0498 2876	aic78xx - ok
16:39:50.0498 2876	ALG - ok
16:39:50.0514 2876	aliide - ok
16:39:50.0514 2876	amdagp - ok
16:39:50.0514 2876	amdide - ok
16:39:50.0530 2876	AmdK8 - ok
16:39:50.0530 2876	AmdPPM - ok
16:39:50.0530 2876	amdsata - ok
16:39:50.0545 2876	amdsbs - ok
16:39:50.0545 2876	amdxata - ok
16:39:50.0545 2876	AntiVirSchedulerService - ok
16:39:50.0561 2876	AntiVirService - ok
16:39:50.0561 2876	AppID - ok
16:39:50.0561 2876	AppIDSvc - ok
16:39:50.0576 2876	Appinfo - ok
16:39:50.0576 2876	Apple Mobile Device - ok
16:39:50.0576 2876	AppMgmt - ok
16:39:50.0592 2876	arc - ok
16:39:50.0592 2876	arcsas - ok
16:39:50.0608 2876	AsyncMac - ok
16:39:50.0608 2876	atapi - ok
16:39:50.0623 2876	AtcL001 - ok
16:39:50.0623 2876	AudioEndpointBuilder - ok
16:39:50.0623 2876	Audiosrv - ok
16:39:50.0639 2876	avgntflt - ok
16:39:50.0639 2876	avipbb - ok
16:39:50.0639 2876	avkmgr - ok
16:39:50.0654 2876	AxInstSV - ok
16:39:50.0654 2876	b06bdrv - ok
16:39:50.0654 2876	b57nd60x - ok
16:39:50.0670 2876	BDESVC - ok
16:39:50.0670 2876	Beep - ok
16:39:50.0686 2876	BFE - ok
16:39:50.0686 2876	BITS - ok
16:39:50.0686 2876	blbdrive - ok
16:39:50.0701 2876	Bonjour Service - ok
16:39:50.0701 2876	bowser - ok
16:39:50.0701 2876	BrFiltLo - ok
16:39:50.0717 2876	BrFiltUp - ok
16:39:50.0717 2876	Browser - ok
16:39:50.0717 2876	Brserid - ok
16:39:50.0732 2876	BrSerWdm - ok
16:39:50.0732 2876	BrUsbMdm - ok
16:39:50.0732 2876	BrUsbSer - ok
16:39:50.0748 2876	BTHMODEM - ok
16:39:50.0748 2876	bthserv - ok
16:39:50.0764 2876	cdfs - ok
16:39:50.0764 2876	cdrom - ok
16:39:50.0764 2876	CertPropSvc - ok
16:39:50.0779 2876	circlass - ok
16:39:50.0779 2876	CLFS - ok
16:39:50.0779 2876	clr_optimization_v2.0.50727_32 - ok
16:39:50.0795 2876	clr_optimization_v4.0.30319_32 - ok
16:39:50.0795 2876	CmBatt - ok
16:39:50.0810 2876	cmdide - ok
16:39:50.0810 2876	CNG - ok
16:39:50.0810 2876	Compbatt - ok
16:39:50.0826 2876	CompositeBus - ok
16:39:50.0826 2876	COMSysApp - ok
16:39:50.0826 2876	crcdisk - ok
16:39:50.0842 2876	CryptSvc - ok
16:39:50.0842 2876	CSC - ok
16:39:50.0842 2876	CscService - ok
16:39:50.0857 2876	CVirtA - ok
16:39:50.0873 2876	CVPND - ok
16:39:50.0873 2876	CVPNDRVA - ok
16:39:50.0888 2876	CXAVSAUD - ok
16:39:50.0888 2876	DcomLaunch - ok
16:39:50.0888 2876	defragsvc - ok
16:39:50.0904 2876	DfsC - ok
16:39:50.0920 2876	DgiVecp - ok
16:39:50.0920 2876	Dhcp - ok
16:39:50.0920 2876	discache - ok
16:39:50.0935 2876	Disk - ok
16:39:50.0935 2876	DNE - ok
16:39:50.0951 2876	Dnscache - ok
16:39:50.0951 2876	dot3svc - ok
16:39:50.0966 2876	DPS - ok
16:39:50.0966 2876	drmkaud - ok
16:39:50.0966 2876	dtpd - ok
16:39:50.0982 2876	DXGKrnl - ok
16:39:50.0982 2876	EapHost - ok
16:39:50.0982 2876	ebdrv - ok
16:39:50.0998 2876	EFS - ok
16:39:50.0998 2876	elxstor - ok
16:39:50.0998 2876	ErrDev - ok
16:39:51.0013 2876	EventSystem - ok
16:39:51.0013 2876	exfat - ok
16:39:51.0029 2876	fastfat - ok
16:39:51.0029 2876	Fax - ok
16:39:51.0029 2876	fdc - ok
16:39:51.0044 2876	fdPHost - ok
16:39:51.0044 2876	FDResPub - ok
16:39:51.0044 2876	FileInfo - ok
16:39:51.0060 2876	Filetrace - ok
16:39:51.0060 2876	flpydisk - ok
16:39:51.0060 2876	FltMgr - ok
16:39:51.0060 2876	FontCache - ok
16:39:51.0076 2876	FontCache3.0.0.0 - ok
16:39:51.0076 2876	FsDepends - ok
16:39:51.0076 2876	Fs_Rec - ok
16:39:51.0091 2876	fvevol - ok
16:39:51.0091 2876	gagp30kx - ok
16:39:51.0107 2876	GEARAspiWDM - ok
16:39:51.0107 2876	gpsvc - ok
16:39:51.0107 2876	hcw85cir - ok
16:39:51.0122 2876	HCW88TUNE - ok
16:39:51.0122 2876	hcw88vid - ok
16:39:51.0122 2876	HCW88XBAR - ok
16:39:51.0138 2876	HdAudAddService - ok
16:39:51.0138 2876	HDAudBus - ok
16:39:51.0138 2876	HidBatt - ok
16:39:51.0154 2876	HidBth - ok
16:39:51.0154 2876	HidIr - ok
16:39:51.0154 2876	hidserv - ok
16:39:51.0154 2876	HidUsb - ok
16:39:51.0169 2876	hkmsvc - ok
16:39:51.0169 2876	HomeGroupListener - ok
16:39:51.0169 2876	HomeGroupProvider - ok
16:39:51.0185 2876	HpSAMD - ok
16:39:51.0185 2876	HTTP - ok
16:39:51.0185 2876	hwpolicy - ok
16:39:51.0200 2876	i8042prt - ok
16:39:51.0200 2876	iaStorV - ok
16:39:51.0200 2876	idsvc - ok
16:39:51.0216 2876	iirsp - ok
16:39:51.0216 2876	iked - ok
16:39:51.0216 2876	IKEEXT - ok
16:39:51.0232 2876	intelide - ok
16:39:51.0247 2876	intelppm - ok
16:39:51.0247 2876	IPBusEnum - ok
16:39:51.0247 2876	IpFilterDriver - ok
16:39:51.0247 2876	iphlpsvc - ok
16:39:51.0263 2876	IPMIDRV - ok
16:39:51.0263 2876	IPNAT - ok
16:39:51.0263 2876	iPod Service - ok
16:39:51.0278 2876	ipsecd - ok
16:39:51.0278 2876	IRENUM - ok
16:39:51.0278 2876	isapnp - ok
16:39:51.0294 2876	iScsiPrt - ok
16:39:51.0294 2876	kbdclass - ok
16:39:51.0294 2876	kbdhid - ok
16:39:51.0310 2876	KeyIso - ok
16:39:51.0310 2876	KSecDD - ok
16:39:51.0310 2876	KSecPkg - ok
16:39:51.0325 2876	KtmRm - ok
16:39:51.0325 2876	LanmanServer - ok
16:39:51.0325 2876	LanmanWorkstation - ok
16:39:51.0341 2876	lltdio - ok
16:39:51.0341 2876	lltdsvc - ok
16:39:51.0356 2876	lmhosts - ok
16:39:51.0356 2876	LSI_FC - ok
16:39:51.0356 2876	LSI_SAS - ok
16:39:51.0372 2876	LSI_SAS2 - ok
16:39:51.0372 2876	LSI_SCSI - ok
16:39:51.0372 2876	luafv - ok
16:39:51.0388 2876	MBAMProtector - ok
16:39:51.0388 2876	MBAMService - ok
16:39:51.0403 2876	megasas - ok
16:39:51.0403 2876	MegaSR - ok
16:39:51.0403 2876	Microsoft Office Groove Audit Service - ok
16:39:51.0419 2876	MMCSS - ok
16:39:51.0419 2876	Modem - ok
16:39:51.0419 2876	monitor - ok
16:39:51.0434 2876	mouclass - ok
16:39:51.0434 2876	mouhid - ok
16:39:51.0434 2876	mountmgr - ok
16:39:51.0450 2876	mpio - ok
16:39:51.0450 2876	mpsdrv - ok
16:39:51.0450 2876	MpsSvc - ok
16:39:51.0466 2876	MRxDAV - ok
16:39:51.0466 2876	mrxsmb - ok
16:39:51.0466 2876	mrxsmb10 - ok
16:39:51.0481 2876	mrxsmb20 - ok
16:39:51.0481 2876	msahci - ok
16:39:51.0481 2876	msdsm - ok
16:39:51.0497 2876	MSDTC - ok
16:39:51.0497 2876	Msfs - ok
16:39:51.0512 2876	mshidkmdf - ok
16:39:51.0512 2876	msisadrv - ok
16:39:51.0512 2876	MSiSCSI - ok
16:39:51.0512 2876	msiserver - ok
16:39:51.0528 2876	MSKSSRV - ok
16:39:51.0528 2876	MSPCLOCK - ok
16:39:51.0528 2876	MSPQM - ok
16:39:51.0544 2876	MsRPC - ok
16:39:51.0544 2876	mssmbios - ok
16:39:51.0559 2876	MSTEE - ok
16:39:51.0559 2876	MTConfig - ok
16:39:51.0559 2876	MTsensor - ok
16:39:51.0575 2876	Mup - ok
16:39:51.0575 2876	napagent - ok
16:39:51.0575 2876	NativeWifiP - ok
16:39:51.0590 2876	NDIS - ok
16:39:51.0590 2876	NdisCap - ok
16:39:51.0590 2876	NdisTapi - ok
16:39:51.0606 2876	Ndisuio - ok
16:39:51.0606 2876	NdisWan - ok
16:39:51.0606 2876	NDProxy - ok
16:39:51.0606 2876	NetBIOS - ok
16:39:51.0622 2876	NetBT - ok
16:39:51.0622 2876	Netlogon - ok
16:39:51.0622 2876	Netman - ok
16:39:51.0637 2876	netprofm - ok
16:39:51.0637 2876	NetTcpPortSharing - ok
16:39:51.0637 2876	nfrd960 - ok
16:39:51.0653 2876	NitroReaderDriverReadSpool2 - ok
16:39:51.0668 2876	NlaSvc - ok
16:39:51.0668 2876	NPF - ok
16:39:51.0668 2876	Npfs - ok
16:39:51.0684 2876	nsi - ok
16:39:51.0684 2876	nsiproxy - ok
16:39:51.0684 2876	Ntfs - ok
16:39:51.0700 2876	Null - ok
16:39:51.0700 2876	nvlddmkm - ok
16:39:51.0700 2876	nvraid - ok
16:39:51.0715 2876	nvstor - ok
16:39:51.0715 2876	nvsvc - ok
16:39:51.0715 2876	nvUpdatusService - ok
16:39:51.0731 2876	nv_agp - ok
16:39:51.0731 2876	odserv - ok
16:39:51.0746 2876	ohci1394 - ok
16:39:51.0746 2876	ose - ok
16:39:51.0746 2876	p2pimsvc - ok
16:39:51.0762 2876	p2psvc - ok
16:39:51.0762 2876	Parport - ok
16:39:51.0762 2876	partmgr - ok
16:39:51.0778 2876	Parvdm - ok
16:39:51.0778 2876	PcaSvc - ok
16:39:51.0778 2876	pci - ok
16:39:51.0793 2876	pciide - ok
16:39:51.0793 2876	pcmcia - ok
16:39:51.0793 2876	pcw - ok
16:39:51.0809 2876	PEAUTH - ok
16:39:51.0809 2876	PeerDistSvc - ok
16:39:51.0824 2876	pla - ok
16:39:51.0824 2876	PlugPlay - ok
16:39:51.0840 2876	PNRPAutoReg - ok
16:39:51.0840 2876	PNRPsvc - ok
16:39:51.0840 2876	PolicyAgent - ok
16:39:51.0856 2876	Power - ok
16:39:51.0856 2876	PptpMiniport - ok
16:39:51.0856 2876	Processor - ok
16:39:51.0871 2876	ProfSvc - ok
16:39:51.0871 2876	ProtectedStorage - ok
16:39:51.0871 2876	Psched - ok
16:39:51.0887 2876	ql2300 - ok
16:39:51.0887 2876	ql40xx - ok
16:39:51.0887 2876	QWAVE - ok
16:39:51.0902 2876	QWAVEdrv - ok
16:39:51.0902 2876	RasAcd - ok
16:39:51.0902 2876	RasAgileVpn - ok
16:39:51.0918 2876	RasAuto - ok
16:39:51.0918 2876	Rasl2tp - ok
16:39:51.0918 2876	RasMan - ok
16:39:51.0934 2876	RasPppoe - ok
16:39:51.0934 2876	RasSstp - ok
16:39:51.0934 2876	rdbss - ok
16:39:51.0949 2876	rdpbus - ok
16:39:51.0949 2876	RDPCDD - ok
16:39:51.0949 2876	RDPDR - ok
16:39:51.0965 2876	RDPENCDD - ok
16:39:51.0965 2876	RDPREFMP - ok
16:39:51.0965 2876	RDPWD - ok
16:39:51.0980 2876	rdyboost - ok
16:39:51.0980 2876	RemoteAccess - ok
16:39:51.0980 2876	RemoteRegistry - ok
16:39:51.0996 2876	rpcapd - ok
16:39:51.0996 2876	RpcEptMapper - ok
16:39:51.0996 2876	RpcLocator - ok
16:39:52.0012 2876	RpcSs - ok
16:39:52.0012 2876	rspndr - ok
16:39:52.0012 2876	s3cap - ok
16:39:52.0027 2876	SamSs - ok
16:39:52.0027 2876	sbp2port - ok
16:39:52.0027 2876	SCardSvr - ok
16:39:52.0027 2876	scfilter - ok
16:39:52.0043 2876	Schedule - ok
16:39:52.0043 2876	SCPolicySvc - ok
16:39:52.0043 2876	SDRSVC - ok
16:39:52.0058 2876	secdrv - ok
16:39:52.0058 2876	seclogon - ok
16:39:52.0058 2876	SENS - ok
16:39:52.0074 2876	SensrSvc - ok
16:39:52.0074 2876	Serenum - ok
16:39:52.0074 2876	Serial - ok
16:39:52.0090 2876	sermouse - ok
16:39:52.0090 2876	SessionEnv - ok
16:39:52.0105 2876	sffdisk - ok
16:39:52.0105 2876	sffp_mmc - ok
16:39:52.0105 2876	sffp_sd - ok
16:39:52.0121 2876	sfloppy - ok
16:39:52.0121 2876	SharedAccess - ok
16:39:52.0121 2876	ShellHWDetection - ok
16:39:52.0136 2876	sisagp - ok
16:39:52.0136 2876	SiSRaid2 - ok
16:39:52.0136 2876	SiSRaid4 - ok
16:39:52.0152 2876	SkypeUpdate - ok
16:39:52.0152 2876	Smb - ok
16:39:52.0168 2876	SNMPTRAP - ok
16:39:52.0168 2876	spldr - ok
16:39:52.0168 2876	Spooler - ok
16:39:52.0183 2876	sppsvc - ok
16:39:52.0183 2876	sppuinotify - ok
16:39:52.0183 2876	srv - ok
16:39:52.0199 2876	srv2 - ok
16:39:52.0199 2876	srvnet - ok
16:39:52.0199 2876	SSDPSRV - ok
16:39:52.0214 2876	ssmdrv - ok
16:39:52.0214 2876	SSPORT - ok
16:39:52.0214 2876	SstpSvc - ok
16:39:52.0230 2876	Stereo Service - ok
16:39:52.0230 2876	stexstor - ok
16:39:52.0230 2876	StiSvc - ok
16:39:52.0246 2876	storflt - ok
16:39:52.0246 2876	StorSvc - ok
16:39:52.0246 2876	storvsc - ok
16:39:52.0261 2876	swenum - ok
16:39:52.0261 2876	SWGVCSvc - ok
16:39:52.0261 2876	SWIPsec - ok
16:39:52.0277 2876	swprv - ok
16:39:52.0277 2876	SWVNIC - ok
16:39:52.0277 2876	SysMain - ok
16:39:52.0292 2876	TabletInputService - ok
16:39:52.0292 2876	TapiSrv - ok
16:39:52.0292 2876	TBS - ok
16:39:52.0308 2876	Tcpip - ok
16:39:52.0308 2876	TCPIP6 - ok
16:39:52.0308 2876	tcpipreg - ok
16:39:52.0324 2876	TDPIPE - ok
16:39:52.0324 2876	TDTCP - ok
16:39:52.0324 2876	tdx - ok
16:39:52.0339 2876	TeamViewer7 - ok
16:39:52.0339 2876	teamviewervpn - ok
16:39:52.0339 2876	TermDD - ok
16:39:52.0355 2876	TermService - ok
16:39:52.0355 2876	Themes - ok
16:39:52.0355 2876	THREADORDER - ok
16:39:52.0370 2876	TrkWks - ok
16:39:52.0370 2876	TrustedInstaller - ok
16:39:52.0386 2876	tssecsrv - ok
16:39:52.0386 2876	TsUsbFlt - ok
16:39:52.0386 2876	tunnel - ok
16:39:52.0402 2876	uagp35 - ok
16:39:52.0402 2876	udfs - ok
16:39:52.0402 2876	UI0Detect - ok
16:39:52.0417 2876	uliagpkx - ok
16:39:52.0417 2876	umbus - ok
16:39:52.0417 2876	UmPass - ok
16:39:52.0433 2876	UmRdpService - ok
16:39:52.0433 2876	upnphost - ok
16:39:52.0433 2876	usbccgp - ok
16:39:52.0448 2876	usbcir - ok
16:39:52.0448 2876	usbehci - ok
16:39:52.0448 2876	usbhub - ok
16:39:52.0464 2876	usbohci - ok
16:39:52.0464 2876	usbprint - ok
16:39:52.0464 2876	usbscan - ok
16:39:52.0480 2876	USBSTOR - ok
16:39:52.0480 2876	usbuhci - ok
16:39:52.0480 2876	UxSms - ok
16:39:52.0480 2876	VaultSvc - ok
16:39:52.0495 2876	vdrvroot - ok
16:39:52.0495 2876	vds - ok
16:39:52.0495 2876	vflt - ok
16:39:52.0511 2876	vga - ok
16:39:52.0511 2876	VgaSave - ok
16:39:52.0511 2876	vhdmp - ok
16:39:52.0526 2876	viaagp - ok
16:39:52.0526 2876	ViaC7 - ok
16:39:52.0526 2876	viaide - ok
16:39:52.0542 2876	vmbus - ok
16:39:52.0542 2876	VMBusHID - ok
16:39:52.0542 2876	vnet - ok
16:39:52.0558 2876	volmgr - ok
16:39:52.0558 2876	volmgrx - ok
16:39:52.0558 2876	volsnap - ok
16:39:52.0573 2876	vsmraid - ok
16:39:52.0573 2876	VSS - ok
16:39:52.0573 2876	vwifibus - ok
16:39:52.0573 2876	W32Time - ok
16:39:52.0589 2876	WacomPen - ok
16:39:52.0589 2876	WANARP - ok
16:39:52.0604 2876	Wanarpv6 - ok
16:39:52.0604 2876	wbengine - ok
16:39:52.0604 2876	WbioSrvc - ok
16:39:52.0620 2876	wcncsvc - ok
16:39:52.0620 2876	WcsPlugInService - ok
16:39:52.0620 2876	Wd - ok
16:39:52.0636 2876	Wdf01000 - ok
16:39:52.0636 2876	WdiServiceHost - ok
16:39:52.0636 2876	WdiSystemHost - ok
16:39:52.0651 2876	WebClient - ok
16:39:52.0651 2876	Wecsvc - ok
16:39:52.0651 2876	wercplsupport - ok
16:39:52.0651 2876	WerSvc - ok
16:39:52.0667 2876	WfpLwf - ok
16:39:52.0667 2876	WIMMount - ok
16:39:52.0667 2876	WinDefend - ok
16:39:52.0682 2876	WinHttpAutoProxySvc - ok
16:39:52.0682 2876	Winmgmt - ok
16:39:52.0698 2876	WinRM - ok
16:39:52.0698 2876	WinUsb - ok
16:39:52.0714 2876	Wlansvc - ok
16:39:52.0714 2876	WmiAcpi - ok
16:39:52.0714 2876	wmiApSrv - ok
16:39:52.0729 2876	WPCSvc - ok
16:39:52.0729 2876	WPDBusEnum - ok
16:39:52.0729 2876	ws2ifsl - ok
16:39:52.0745 2876	wscsvc - ok
16:39:52.0745 2876	WSearch - ok
16:39:52.0745 2876	wuauserv - ok
16:39:52.0760 2876	WudfPf - ok
16:39:52.0760 2876	WUDFRd - ok
16:39:52.0776 2876	wudfsvc - ok
16:39:52.0776 2876	WwanSvc - ok
16:39:52.0792 2876	xnacc - ok
16:39:52.0792 2876	xusb21 - ok
16:39:52.0823 2876	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:39:53.0213 2876	\Device\Harddisk0\DR0 - ok
16:39:53.0213 2876	============================================================
16:39:53.0213 2876	Scan finished
16:39:53.0213 2876	============================================================
16:39:53.0244 0640	Detected object count: 0
16:39:53.0244 0640	Actual detected object count: 0

15.05.2012, 08:51	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	google rocketnews Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

15.05.2012, 13:42	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	google rocketnews Ja sieh nochmal nachher richtig nach __________________ --> google rocketnews

google rocketnews

Plagegeister aller Art und deren Bekämpfung: google rocketnews