100€ ukash paysafe Trojaner eingefangen

Kiki140381 · 22.05.2012, 08:27

Hallo,
auch ich habe mir einen Trojaner eingefangen. Ich soll 100€ Ukash Code eingeben, dann wird ein Update von Windows installiert und der Trojaner entfernt. So ähnlich auf jeden Fall. Über den abgesicherten Modus habe ich Malwarebytes schon mal durchlaufen lassen und alles gefundene gelöscht.
Hier mal der Report:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.22.01

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Schulte-Klein :: SCHULTEKLEIN [Administrator]

Schutz: Deaktiviert

22.05.2012 08:34:00
mbam-log-2012-05-22 (08-34-00).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 321003
Laufzeit: 33 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|98A9E20A (Trojan.Agent.RNSGen) -> Daten: C:\Users\Schulte-Klein\AppData\Roaming\Cnlfvc\3EE9224F98A9E20A7105.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Schulte-Klein\AppData\Local\Temp\ajnylwivfl.pre (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Schulte-Klein\AppData\Local\Temp\imnltrjayn.pre (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Schulte-Klein\AppData\Local\Temp\ksyqldrnbp.pre (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Schulte-Klein\AppData\Local\Temp\tpmhylkjuf.pre (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Kann mir jemand helfen?
Was sollte ich als nächstes tun?
Vielen vielen Dank im Voraus!

LG,
Kiki

So, nachdem ich alles gefundene gelöscht hatte und den PC neu gestartet habe (sollte ich) kam ich wieder normal ins System rein, brauchte den abgesicherten Modus nicht mehr. Bisher hab ich keine Dateien oder Bilder gefunden, die verschlüsselt wurden.

In vielen anderen Posts war von OTL die Rede, auch das hab ich mal durchlaufen lassen.
Auch hier mal die Reporte:
OTL Editor:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 22.05.2012 10:51:09 - Run 1
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\Schulte-Klein\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 40,37% Memory free
3,93 Gb Paging File | 2,53 Gb Available in Paging File | 64,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1397,17 Gb Total Space | 1373,18 Gb Free Space | 98,28% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 728,56 Gb Free Space | 78,21% Space Free | Partition Type: NTFS
 
Computer Name: SCHULTEKLEIN | User Name: Schulte-Klein | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Schulte-Klein\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFAE.EXE (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe (SiSoftware)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MpKsld8f9329d) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{562DE093-3092-474D-810F-FEF768BE6D1C}\MpKsld8f9329d.sys (Microsoft Corporation)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP2\WNt500x86\sandra.sys (SiSoftware)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=OIE9MSE
IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=OIE9MSE
IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F1 B3 EF BF BD 91 CC 01  [binary data]
IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE454
IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.16 17:38:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.11 18:55:17 | 000,000,000 | ---D | M]
 
[2011.10.23 22:25:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schulte-Klein\AppData\Roaming\mozilla\Extensions
[2012.05.04 14:51:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schulte-Klein\AppData\Roaming\mozilla\Firefox\Profiles\218l6qfc.default\extensions
[2011.12.19 20:35:36 | 000,000,933 | ---- | M] () -- C:\Users\Schulte-Klein\AppData\Roaming\Mozilla\Firefox\Profiles\218l6qfc.default\searchplugins\11-suche.xml
[2011.12.19 20:35:37 | 000,002,419 | ---- | M] () -- C:\Users\Schulte-Klein\AppData\Roaming\Mozilla\Firefox\Profiles\218l6qfc.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 20:35:36 | 000,010,525 | ---- | M] () -- C:\Users\Schulte-Klein\AppData\Roaming\Mozilla\Firefox\Profiles\218l6qfc.default\searchplugins\gmx-suche.xml
[2011.12.19 20:35:37 | 000,002,457 | ---- | M] () -- C:\Users\Schulte-Klein\AppData\Roaming\Mozilla\Firefox\Profiles\218l6qfc.default\searchplugins\lastminute.xml
[2011.12.19 20:35:36 | 000,005,508 | ---- | M] () -- C:\Users\Schulte-Klein\AppData\Roaming\Mozilla\Firefox\Profiles\218l6qfc.default\searchplugins\webde-suche.xml
[2012.04.17 10:01:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.17 10:01:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.03.03 16:26:59 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\SCHULTE-KLEIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\218L6QFC.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
[2012.04.17 18:37:08 | 000,576,958 | ---- | M] () (No name found) -- C:\USERS\SCHULTE-KLEIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\218L6QFC.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.04.16 17:38:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.09.12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2009.09.12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2009.09.12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2009.09.12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2012.04.17 10:01:00 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.09.12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009.09.12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012.04.12 14:34:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.12 14:34:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.12 14:34:45 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.12 14:34:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.12 14:34:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.12 14:34:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000..\Run: [EPSON S21 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Schulte-Klein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F0BDD75-EC95-4CCD-B7F6-0437E3992EDB}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{370D42C9-1849-4E93-A7B6-8F1D6DA5C308}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.05.06 04:54:56 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002.10.16 19:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{45a4cf4d-ff25-11e0-a54d-00040efab484}\Shell - "" = AutoRun
O33 - MountPoints2\{45a4cf4d-ff25-11e0-a54d-00040efab484}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.22 10:09:03 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Schulte-Klein\Desktop\OTL.exe
[2012.05.22 09:34:24 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.05.22 08:32:05 | 000,000,000 | ---D | C] -- C:\Users\Schulte-Klein\AppData\Roaming\Malwarebytes
[2012.05.22 08:31:59 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.22 08:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.22 08:31:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.22 08:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.16 21:56:54 | 000,000,000 | ---D | C] -- C:\Users\Schulte-Klein\AppData\Roaming\Cnlfvc
[2012.05.16 21:52:04 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.16 21:52:04 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.16 21:52:03 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.05.16 21:52:00 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.05.04 14:49:42 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.22 10:40:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.22 10:27:34 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.22 10:09:15 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Schulte-Klein\Desktop\OTL.exe
[2012.05.22 09:37:54 | 000,021,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.22 09:37:54 | 000,021,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.22 09:34:24 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.05.22 09:30:56 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.22 09:30:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.22 09:30:40 | 1582,686,208 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.22 08:32:00 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.18 17:59:26 | 000,292,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.16 22:22:18 | 000,698,232 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.16 22:22:18 | 000,653,550 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.16 22:22:18 | 000,148,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.16 22:22:18 | 000,121,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.05 18:27:09 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.05.05 18:27:09 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.05.03 15:45:55 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.22 08:32:00 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.04 14:49:44 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.03 15:45:53 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.04.19 11:35:36 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.04.19 11:35:36 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.04.19 11:32:47 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2012.03.03 16:06:54 | 011,304,960 | ---- | C] () -- C:\Users\Schulte-Klein\AppData\Roaming\Sandra.mdb
[2011.10.13 12:59:42 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011.10.13 12:59:40 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011.10.13 12:59:40 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011.10.13 12:31:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.10.13 12:30:24 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011.04.12 03:30:05 | 000,698,232 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 03:30:05 | 000,148,428 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.10.22 02:00:00 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin

< End of report >

--- --- ---

Extras-Editor:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 22.05.2012 10:51:09 - Run 1
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\Schulte-Klein\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 40,37% Memory free
3,93 Gb Paging File | 2,53 Gb Available in Paging File | 64,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1397,17 Gb Total Space | 1373,18 Gb Free Space | 98,28% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 728,56 Gb Free Space | 78,21% Space Free | Partition Type: NTFS
 
Computer Name: SCHULTEKLEIN | User Name: Schulte-Klein | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3090701242-3661903118-1919355671-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A100FF8-EE5D-42DF-B313-EA1DC1586971}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2F189912-A2AB-4096-B071-1F8A061D8985}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4B0E4AD2-5112-4F65-91B6-EBB6A230E77C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{5BFEB45F-1DDE-41F0-AD48-405969930064}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5DA32F5E-56D8-41A0-94EE-D0C388DEBC23}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6022DFCA-55CE-4529-B5A8-79290865FFE3}" = lport=138 | protocol=17 | dir=in | app=system | 
"{60E40E81-6969-4606-BE52-1817E76AF200}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7851969F-2800-421A-AD20-39E053405A6E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8196655A-EEB6-47BA-A167-D263AEE367FA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{90BBF965-0A55-4962-8E0F-B8D5D3854F6E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{98D2259F-B593-4673-BECA-BD4FF1ABFA44}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9C4E792F-5145-4B7B-8DED-16B8B0F2D650}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A8A189C9-1D48-49C9-8F5C-4A7A94D4458C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B15BD32B-091D-412B-A751-35168D08CFE1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C95C69FC-5D0A-4684-AA6B-FD81EDDC5F55}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D3695D38-1640-4FF7-8962-69E159E08B75}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D3D59037-E4F0-42EC-B957-BF890193AAE0}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp2\rpcagentsrv.exe | 
"{D710385E-043C-4E80-AF22-339EC76EE010}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D91CDDC6-EBE6-437F-B09C-E02EAC5A154A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DCBF1A43-4546-40D6-B567-2D0B2C62CD25}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp2\wnt500x86\rpcsandrasrv.exe | 
"{F0CA973B-0E28-4901-AC46-908B1B1E6973}" = lport=445 | protocol=6 | dir=in | app=system | 
"{FE19EB2E-F0AF-4BA7-8280-F18AA23EF109}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CD1D63-66D5-4EE5-A62B-E8177CEF8ED0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{398A3A89-A139-49AB-BA67-6DFB3F52D252}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3C2BCA99-4A17-41EC-A3A2-3E696A929BE1}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{62B0575E-F383-4A0C-9BC1-0A3696D01825}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{79B77ADD-256C-44BD-9C03-D99EF0D78381}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 
"{83F55033-BF0C-4974-A2C7-31303F7E238B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9B124C8C-530E-42FD-8DC1-57026096DA0A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D1C0A667-027B-4B93-A98E-26179DBE5B04}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EE2057DB-F330-4239-A17C-AF2A684C6D1A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FDA56006-2740-4E90-805C-55D9E3CD5062}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix Online Plug-in (Web)
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite DCP-165C
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix Online Plug-in (USB)
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix Online Plug-in (HDX)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2012.SP2
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix Online Plug-in (DV)
"{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVMWLANCLI" = AVM FRITZ!WLAN
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"EPSON S21 Series" = Druckerdeinstallation für EPSON S21 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.05.2012 12:46:31 | Computer Name = SchulteKlein | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.05.2012 12:46:32 | Computer Name = SchulteKlein | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 22.05.2012 02:30:19 | Computer Name = SchulteKlein | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.05.2012 03:30:59 | Computer Name = SchulteKlein | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Citrix\ICA
 Client\MFC80.DLL". Fehler in Manifest- oder Richtliniendatei "C:\Program Files\Citrix\ICA
 Client\Microsoft.VC80.MFCLOC.MANIFEST" in Zeile  5.  Die im Manifest gefundene Komponenten-ID
 stimmt nicht mit der ID der angeforderten Komponente überein.  Verweis: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition:
 Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Verwenden
 Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 22.05.2012 03:31:10 | Computer Name = SchulteKlein | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 22.05.2012 03:31:13 | Computer Name = SchulteKlein | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 22.05.2012 03:32:27 | Computer Name = SchulteKlein | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.05.2012 03:34:25 | Computer Name = SchulteKlein | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 22.05.2012 03:59:21 | Computer Name = SchulteKlein | Source = Windows Backup | ID = 4104
Description = 
 
Error - 22.05.2012 04:33:02 | Computer Name = SchulteKlein | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 22.05.2012 02:29:08 | Computer Name = SchulteKlein | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.05.2012 02:29:08 | Computer Name = SchulteKlein | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.05.2012 02:29:08 | Computer Name = SchulteKlein | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.05.2012 02:29:08 | Computer Name = SchulteKlein | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.05.2012 02:29:08 | Computer Name = SchulteKlein | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.05.2012 02:29:08 | Computer Name = SchulteKlein | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.05.2012 02:29:10 | Computer Name = SchulteKlein | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.05.2012 02:29:10 | Computer Name = SchulteKlein | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.05.2012 02:38:43 | Computer Name = SchulteKlein | Source = DCOM | ID = 10005
Description = 
 
Error - 22.05.2012 02:38:43 | Computer Name = SchulteKlein | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.127.224.0     Aktualisierungsquelle: %%859

	Aktualisierungsphase:
 %%852     Quellpfad: Default URL     Signaturtyp: %%800     Aktualisierungstyp: %%803     Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.8403.0     Fehlercode:
 0x8007043c     Fehlerbeschreibung: Der Dienst kann nicht im abgesicherten Modus gestartet
 werden. 
 
 
< End of report >

--- --- ---

Was sollte ich weiter tun?
Wer kann mir helfen?

cosinus · 22.05.2012, 14:44

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Kiki140381 · 23.05.2012, 09:17

Hallo Arne,
vielen Dank für deine Hilfe.

Eset ist nun endlich durchgelaufen, hier der Log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=10d4a4ed6433644cb694b870f2324a97
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-23 08:12:08
# local_time=2012-05-23 10:12:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 18024414 89388491 0 0
# compatibility_mode=8192 67108863 100 0 170 170 0 0
# scanned=117615
# found=2
# cleaned=0
# scan_time=3427
C:\Users\Schulte-Klein\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\5c1899f4-165b8a96	Java/Agent.EI trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Schulte-Klein\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\271470fa-4d03e308	Java/Agent.EI trojan (unable to clean)	00000000000000000000000000000000	I

Und nun?
LG,
Kiki

cosinus · 23.05.2012, 10:28

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus wieder uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Kiki140381 · 23.05.2012, 10:40

Der normale Modus funktioniert ohne Probleme.
Im Startmenü ist alles vorhanden, so wie es sein sollte.

LG,
Kiki

cosinus · 23.05.2012, 10:46

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Kiki140381 · 23.05.2012, 11:11

So, durchgelaufen.
Hier das neue OTL Log

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 23.05.2012 11:54:41 - Run 2
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\Schulte-Klein\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 59,54% Memory free
3,93 Gb Paging File | 3,05 Gb Available in Paging File | 77,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1397,17 Gb Total Space | 1372,87 Gb Free Space | 98,26% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 728,56 Gb Free Space | 78,21% Space Free | Partition Type: NTFS
 
Computer Name: SCHULTEKLEIN | User Name: Schulte-Klein | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Schulte-Klein\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe (SiSoftware)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP2\WNt500x86\sandra.sys (SiSoftware)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=OIE9MSE
IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=OIE9MSE
IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F1 B3 EF BF BD 91 CC 01  [binary data]
IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE454
IE - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.23 07:31:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.11 18:55:17 | 000,000,000 | ---D | M]
 
[2011.10.23 22:25:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schulte-Klein\AppData\Roaming\mozilla\Extensions
[2012.05.04 14:51:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schulte-Klein\AppData\Roaming\mozilla\Firefox\Profiles\218l6qfc.default\extensions
[2011.12.19 20:35:36 | 000,000,933 | ---- | M] () -- C:\Users\Schulte-Klein\AppData\Roaming\Mozilla\Firefox\Profiles\218l6qfc.default\searchplugins\11-suche.xml
[2011.12.19 20:35:37 | 000,002,419 | ---- | M] () -- C:\Users\Schulte-Klein\AppData\Roaming\Mozilla\Firefox\Profiles\218l6qfc.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 20:35:36 | 000,010,525 | ---- | M] () -- C:\Users\Schulte-Klein\AppData\Roaming\Mozilla\Firefox\Profiles\218l6qfc.default\searchplugins\gmx-suche.xml
[2011.12.19 20:35:37 | 000,002,457 | ---- | M] () -- C:\Users\Schulte-Klein\AppData\Roaming\Mozilla\Firefox\Profiles\218l6qfc.default\searchplugins\lastminute.xml
[2011.12.19 20:35:36 | 000,005,508 | ---- | M] () -- C:\Users\Schulte-Klein\AppData\Roaming\Mozilla\Firefox\Profiles\218l6qfc.default\searchplugins\webde-suche.xml
[2012.05.23 07:31:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.03 16:26:59 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\SCHULTE-KLEIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\218L6QFC.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
[2012.04.17 18:37:08 | 000,576,958 | ---- | M] () (No name found) -- C:\USERS\SCHULTE-KLEIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\218L6QFC.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.05.23 07:31:24 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.09.12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2009.09.12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2009.09.12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2009.09.12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2012.04.17 10:01:00 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.09.12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009.09.12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012.04.12 14:34:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.12 14:34:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.12 14:34:45 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.12 14:34:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.12 14:34:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.12 14:34:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3090701242-3661903118-1919355671-1000..\Run: [EPSON S21 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Schulte-Klein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F0BDD75-EC95-4CCD-B7F6-0437E3992EDB}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{370D42C9-1849-4E93-A7B6-8F1D6DA5C308}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.05.06 04:54:56 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002.10.16 19:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{45a4cf4d-ff25-11e0-a54d-00040efab484}\Shell - "" = AutoRun
O33 - MountPoints2\{45a4cf4d-ff25-11e0-a54d-00040efab484}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX: >{7054aa8b-4843-4885-9807-411c9938d8a6} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.23 09:12:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.23 07:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.23 07:31:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.23 07:28:55 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.05.22 11:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.05.22 11:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.22 10:09:03 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Schulte-Klein\Desktop\OTL.exe
[2012.05.22 08:32:05 | 000,000,000 | ---D | C] -- C:\Users\Schulte-Klein\AppData\Roaming\Malwarebytes
[2012.05.22 08:31:59 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.22 08:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.22 08:31:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.22 08:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.16 21:56:54 | 000,000,000 | ---D | C] -- C:\Users\Schulte-Klein\AppData\Roaming\Cnlfvc
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.23 11:40:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.23 11:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.23 07:37:47 | 000,021,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.23 07:37:47 | 000,021,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.23 07:30:54 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.23 07:30:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.23 07:30:35 | 1582,686,208 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.22 11:25:10 | 000,103,390 | ---- | M] () -- C:\Users\Schulte-Klein\Documents\cc_20120522_112453.reg
[2012.05.22 11:11:03 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.22 10:09:15 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Schulte-Klein\Desktop\OTL.exe
[2012.05.22 08:32:00 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.18 17:59:26 | 000,292,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.16 22:22:18 | 000,698,232 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.16 22:22:18 | 000,653,550 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.16 22:22:18 | 000,148,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.16 22:22:18 | 000,121,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.03 15:45:55 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.22 11:24:59 | 000,103,390 | ---- | C] () -- C:\Users\Schulte-Klein\Documents\cc_20120522_112453.reg
[2012.05.22 11:11:03 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.22 08:32:00 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.04 14:49:44 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.03 15:45:53 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.04.19 11:35:36 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.04.19 11:35:36 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.04.19 11:32:47 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2012.03.03 16:06:54 | 011,304,960 | ---- | C] () -- C:\Users\Schulte-Klein\AppData\Roaming\Sandra.mdb
[2011.10.13 12:59:42 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011.10.13 12:59:40 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011.10.13 12:59:40 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011.10.13 12:31:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.10.13 12:30:24 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011.04.12 03:30:05 | 000,698,232 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 03:30:05 | 000,148,428 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.10.22 02:00:00 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
 
========== LOP Check ==========
 
[2012.05.18 18:46:40 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\Cnlfvc
[2011.10.28 19:32:32 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\ICAClient
[2011.10.27 19:16:57 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\OpenOffice.org
[2012.01.22 15:22:33 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.10.28 16:07:18 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\Adobe
[2012.04.20 15:21:48 | 000,000,000 | R--D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\Brother
[2012.05.18 18:46:40 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\Cnlfvc
[2011.10.28 15:45:44 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\Google
[2011.10.28 19:32:32 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\ICAClient
[2011.10.23 21:32:21 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\Identities
[2012.04.19 11:31:32 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\InstallShield
[2011.10.23 22:14:21 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\Macromedia
[2012.05.22 08:32:05 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\Malwarebytes
[2011.04.12 03:39:07 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\Media Center Programs
[2012.03.03 16:11:40 | 000,000,000 | --SD | M] -- C:\Users\Schulte-Klein\AppData\Roaming\Microsoft
[2011.10.23 22:25:29 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\Mozilla
[2011.10.27 19:16:57 | 000,000,000 | ---D | M] -- C:\Users\Schulte-Klein\AppData\Roaming\OpenOffice.org
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

--- --- ---

cosinus · 23.05.2012, 19:51

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.05.06 04:54:56 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002.10.16 19:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{45a4cf4d-ff25-11e0-a54d-00040efab484}\Shell - "" = AutoRun
O33 - MountPoints2\{45a4cf4d-ff25-11e0-a54d-00040efab484}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\pushinst.exe
[2012.05.23 07:28:55 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.05.16 21:56:54 | 000,000,000 | ---D | C] -- C:\Users\Schulte-Klein\AppData\Roaming\Cnlfvc
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Kiki140381 · 24.05.2012, 07:09

Guten Morgen Arne,
das OTL-Fix ist fertig, hier der Logfile:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File  not found.
E:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45a4cf4d-ff25-11e0-a54d-00040efab484}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45a4cf4d-ff25-11e0-a54d-00040efab484}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45a4cf4d-ff25-11e0-a54d-00040efab484}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45a4cf4d-ff25-11e0-a54d-00040efab484}\ not found.
File F:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\pushinst.exe not found.
C:\found.000 folder moved successfully.
C:\Users\Schulte-Klein\AppData\Roaming\Cnlfvc folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Schulte-Klein
->Temp folder emptied: 3073 bytes
->Temporary Internet Files folder emptied: 4103737 bytes
->Java cache emptied: 383462 bytes
->FireFox cache emptied: 56380240 bytes
->Flash cache emptied: 487 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5100 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 58,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Schulte-Klein
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.43.1 log created on 05242012_080155

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 24.05.2012, 21:17

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Kiki140381 · 25.05.2012, 07:34

Hallo Arne,
vielen Dank für deine weitere Hilfe!

Hier der Report:

Code:

ATTFilter

08:08:16.0943 2828	TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
08:08:17.0114 2828	============================================================
08:08:17.0114 2828	Current date / time: 2012/05/25 08:08:17.0114
08:08:17.0114 2828	SystemInfo:
08:08:17.0114 2828	
08:08:17.0114 2828	OS Version: 6.1.7601 ServicePack: 1.0
08:08:17.0114 2828	Product type: Workstation
08:08:17.0114 2828	ComputerName: SCHULTEKLEIN
08:08:17.0114 2828	UserName: Schulte-Klein
08:08:17.0114 2828	Windows directory: C:\Windows
08:08:17.0114 2828	System windows directory: C:\Windows
08:08:17.0114 2828	Processor architecture: Intel x86
08:08:17.0114 2828	Number of processors: 2
08:08:17.0114 2828	Page size: 0x1000
08:08:17.0114 2828	Boot type: Normal boot
08:08:17.0114 2828	============================================================
08:08:18.0331 2828	Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2F509, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
08:08:18.0503 2828	Drive \Device\Harddisk2\DR2 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:08:18.0503 2828	============================================================
08:08:18.0503 2828	\Device\Harddisk0\DR0:
08:08:18.0503 2828	MBR partitions:
08:08:18.0503 2828	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:08:18.0503 2828	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAEA54800
08:08:18.0503 2828	\Device\Harddisk2\DR2:
08:08:18.0503 2828	MBR partitions:
08:08:18.0503 2828	\Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
08:08:18.0503 2828	============================================================
08:08:18.0549 2828	C: <-> \Device\Harddisk0\DR0\Partition1
08:08:18.0581 2828	E: <-> \Device\Harddisk2\DR2\Partition0
08:08:18.0581 2828	============================================================
08:08:18.0581 2828	Initialize success
08:08:18.0581 2828	============================================================
08:08:50.0062 1032	============================================================
08:08:50.0062 1032	Scan started
08:08:50.0062 1032	Mode: Manual; SigCheck; TDLFS; 
08:08:50.0062 1032	============================================================
08:08:50.0342 1032	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
08:08:50.0405 1032	1394ohci - ok
08:08:50.0436 1032	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
08:08:50.0452 1032	ACPI - ok
08:08:50.0467 1032	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
08:08:50.0514 1032	AcpiPmi - ok
08:08:50.0654 1032	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
08:08:50.0654 1032	AdobeARMservice - ok
08:08:50.0748 1032	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:08:50.0764 1032	AdobeFlashPlayerUpdateSvc - ok
08:08:50.0795 1032	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
08:08:50.0810 1032	adp94xx - ok
08:08:50.0826 1032	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
08:08:50.0842 1032	adpahci - ok
08:08:50.0857 1032	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
08:08:50.0873 1032	adpu320 - ok
08:08:50.0920 1032	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
08:08:50.0998 1032	AeLookupSvc - ok
08:08:51.0029 1032	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
08:08:51.0076 1032	AFD - ok
08:08:51.0076 1032	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
08:08:51.0091 1032	agp440 - ok
08:08:51.0122 1032	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
08:08:51.0138 1032	aic78xx - ok
08:08:51.0154 1032	ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
08:08:51.0200 1032	ALG - ok
08:08:51.0216 1032	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
08:08:51.0232 1032	aliide - ok
08:08:51.0247 1032	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
08:08:51.0263 1032	amdagp - ok
08:08:51.0263 1032	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
08:08:51.0278 1032	amdide - ok
08:08:51.0294 1032	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
08:08:51.0325 1032	AmdK8 - ok
08:08:51.0341 1032	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
08:08:51.0356 1032	AmdPPM - ok
08:08:51.0388 1032	amdsata         (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
08:08:51.0403 1032	amdsata - ok
08:08:51.0419 1032	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
08:08:51.0434 1032	amdsbs - ok
08:08:51.0434 1032	amdxata         (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
08:08:51.0450 1032	amdxata - ok
08:08:51.0466 1032	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
08:08:51.0497 1032	AppID - ok
08:08:51.0528 1032	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
08:08:51.0544 1032	AppIDSvc - ok
08:08:51.0559 1032	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
08:08:51.0590 1032	Appinfo - ok
08:08:51.0980 1032	AppMgmt         (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
08:08:52.0012 1032	AppMgmt - ok
08:08:52.0027 1032	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
08:08:52.0027 1032	arc - ok
08:08:52.0043 1032	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
08:08:52.0058 1032	arcsas - ok
08:08:52.0199 1032	aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
08:08:52.0214 1032	aspnet_state - ok
08:08:52.0246 1032	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
08:08:52.0308 1032	AsyncMac - ok
08:08:52.0324 1032	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
08:08:52.0324 1032	atapi - ok
08:08:52.0370 1032	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
08:08:52.0402 1032	AudioEndpointBuilder - ok
08:08:52.0417 1032	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
08:08:52.0433 1032	Audiosrv - ok
08:08:52.0526 1032	AVM WLAN Connection Service (c6f4c466b654c1be98af31418bb5ac30) C:\Program Files\avmwlanstick\WlanNetService.exe
08:08:52.0636 1032	AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
08:08:52.0636 1032	AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
08:08:52.0651 1032	avmeject        (263cf9d248fd5e020a1333ed4f7eaa88) C:\Windows\system32\drivers\avmeject.sys
08:08:52.0682 1032	avmeject ( UnsignedFile.Multi.Generic ) - warning
08:08:52.0682 1032	avmeject - detected UnsignedFile.Multi.Generic (1)
08:08:52.0698 1032	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
08:08:52.0760 1032	AxInstSV - ok
08:08:52.0792 1032	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
08:08:52.0823 1032	b06bdrv - ok
08:08:52.0854 1032	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
08:08:52.0870 1032	b57nd60x - ok
08:08:52.0901 1032	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
08:08:52.0948 1032	BDESVC - ok
08:08:52.0963 1032	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
08:08:52.0994 1032	Beep - ok
08:08:53.0026 1032	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
08:08:53.0057 1032	BFE - ok
08:08:53.0104 1032	BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
08:08:53.0135 1032	BITS - ok
08:08:53.0150 1032	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
08:08:53.0166 1032	blbdrive - ok
08:08:53.0197 1032	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
08:08:53.0228 1032	bowser - ok
08:08:53.0244 1032	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
08:08:53.0275 1032	BrFiltLo - ok
08:08:53.0275 1032	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
08:08:53.0306 1032	BrFiltUp - ok
08:08:53.0322 1032	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
08:08:53.0353 1032	Browser - ok
08:08:53.0369 1032	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
08:08:53.0416 1032	Brserid - ok
08:08:53.0431 1032	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
08:08:53.0447 1032	BrSerWdm - ok
08:08:53.0462 1032	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:08:53.0478 1032	BrUsbMdm - ok
08:08:53.0494 1032	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
08:08:53.0509 1032	BrUsbSer - ok
08:08:53.0525 1032	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
08:08:53.0540 1032	BTHMODEM - ok
08:08:53.0572 1032	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
08:08:53.0587 1032	bthserv - ok
08:08:53.0618 1032	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
08:08:53.0650 1032	cdfs - ok
08:08:53.0681 1032	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
08:08:53.0696 1032	cdrom - ok
08:08:53.0712 1032	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
08:08:53.0743 1032	CertPropSvc - ok
08:08:53.0743 1032	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
08:08:53.0759 1032	circlass - ok
08:08:53.0790 1032	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
08:08:53.0806 1032	CLFS - ok
08:08:53.0884 1032	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:08:53.0884 1032	clr_optimization_v2.0.50727_32 - ok
08:08:53.0993 1032	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:08:53.0993 1032	clr_optimization_v4.0.30319_32 - ok
08:08:54.0008 1032	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
08:08:54.0024 1032	CmBatt - ok
08:08:54.0024 1032	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
08:08:54.0040 1032	cmdide - ok
08:08:54.0086 1032	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
08:08:54.0102 1032	CNG - ok
08:08:54.0118 1032	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
08:08:54.0133 1032	Compbatt - ok
08:08:54.0164 1032	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
08:08:54.0196 1032	CompositeBus - ok
08:08:54.0196 1032	COMSysApp - ok
08:08:54.0211 1032	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
08:08:54.0227 1032	crcdisk - ok
08:08:54.0242 1032	CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
08:08:54.0274 1032	CryptSvc - ok
08:08:54.0305 1032	CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
08:08:54.0320 1032	CSC - ok
08:08:54.0352 1032	CscService      (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
08:08:54.0383 1032	CscService - ok
08:08:54.0414 1032	ctxusbm         (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
08:08:54.0445 1032	ctxusbm - ok
08:08:54.0476 1032	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
08:08:54.0508 1032	DcomLaunch - ok
08:08:54.0523 1032	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
08:08:54.0554 1032	defragsvc - ok
08:08:54.0586 1032	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
08:08:54.0617 1032	DfsC - ok
08:08:54.0632 1032	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
08:08:54.0679 1032	Dhcp - ok
08:08:54.0757 1032	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
08:08:54.0788 1032	discache - ok
08:08:54.0820 1032	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
08:08:54.0835 1032	Disk - ok
08:08:54.0851 1032	dmvsc           (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
08:08:54.0866 1032	dmvsc - ok
08:08:54.0898 1032	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
08:08:54.0913 1032	Dnscache - ok
08:08:54.0929 1032	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
08:08:54.0960 1032	dot3svc - ok
08:08:54.0976 1032	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
08:08:55.0022 1032	DPS - ok
08:08:55.0054 1032	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
08:08:55.0069 1032	drmkaud - ok
08:08:55.0100 1032	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
08:08:55.0116 1032	DXGKrnl - ok
08:08:55.0132 1032	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
08:08:55.0163 1032	EapHost - ok
08:08:55.0272 1032	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
08:08:55.0350 1032	ebdrv - ok
08:08:55.0444 1032	EFS             (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
08:08:55.0475 1032	EFS - ok
08:08:55.0537 1032	ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
08:08:55.0568 1032	ehRecvr - ok
08:08:55.0584 1032	ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
08:08:55.0600 1032	ehSched - ok
08:08:55.0646 1032	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
08:08:55.0662 1032	elxstor - ok
08:08:55.0678 1032	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
08:08:55.0693 1032	ErrDev - ok
08:08:55.0740 1032	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
08:08:55.0771 1032	EventSystem - ok
08:08:55.0802 1032	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
08:08:55.0818 1032	exfat - ok
08:08:55.0834 1032	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
08:08:55.0849 1032	fastfat - ok
08:08:55.0880 1032	Fax             (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
08:08:55.0927 1032	Fax - ok
08:08:55.0943 1032	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
08:08:55.0943 1032	fdc - ok
08:08:55.0958 1032	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
08:08:55.0974 1032	fdPHost - ok
08:08:55.0990 1032	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
08:08:56.0021 1032	FDResPub - ok
08:08:56.0177 1032	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
08:08:56.0192 1032	FileInfo - ok
08:08:56.0192 1032	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
08:08:56.0224 1032	Filetrace - ok
08:08:56.0239 1032	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
08:08:56.0270 1032	flpydisk - ok
08:08:56.0302 1032	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
08:08:56.0302 1032	FltMgr - ok
08:08:56.0333 1032	FontCache       (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll
08:08:56.0380 1032	FontCache - ok
08:08:56.0442 1032	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:08:56.0458 1032	FontCache3.0.0.0 - ok
08:08:56.0598 1032	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
08:08:56.0614 1032	FsDepends - ok
08:08:56.0692 1032	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
08:08:56.0707 1032	Fs_Rec - ok
08:08:56.0785 1032	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
08:08:56.0801 1032	fvevol - ok
08:08:57.0472 1032	FWLANUSB        (ff12fa487265da2ac7de4be53f72ff1a) C:\Windows\system32\DRIVERS\fwlanusb.sys
08:08:57.0518 1032	FWLANUSB - ok
08:08:57.0518 1032	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
08:08:57.0534 1032	gagp30kx - ok
08:08:57.0565 1032	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
08:08:57.0612 1032	gpsvc - ok
08:08:57.0690 1032	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
08:08:57.0706 1032	gupdate - ok
08:08:57.0706 1032	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
08:08:57.0721 1032	gupdatem - ok
08:08:57.0737 1032	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
08:08:57.0737 1032	gusvc - ok
08:08:57.0752 1032	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
08:08:57.0784 1032	hcw85cir - ok
08:08:57.0799 1032	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
08:08:57.0830 1032	HdAudAddService - ok
08:08:57.0846 1032	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:08:57.0862 1032	HDAudBus - ok
08:08:57.0877 1032	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
08:08:57.0893 1032	HidBatt - ok
08:08:57.0908 1032	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
08:08:57.0940 1032	HidBth - ok
08:08:57.0971 1032	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
08:08:57.0986 1032	HidIr - ok
08:08:58.0002 1032	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
08:08:58.0049 1032	hidserv - ok
08:08:58.0049 1032	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
08:08:58.0064 1032	HidUsb - ok
08:08:58.0096 1032	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
08:08:58.0127 1032	hkmsvc - ok
08:08:58.0142 1032	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
08:08:58.0174 1032	HomeGroupListener - ok
08:08:58.0205 1032	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
08:08:58.0220 1032	HomeGroupProvider - ok
08:08:58.0236 1032	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
08:08:58.0252 1032	HpSAMD - ok
08:08:58.0267 1032	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
08:08:58.0298 1032	HTTP - ok
08:08:58.0314 1032	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
08:08:58.0330 1032	hwpolicy - ok
08:08:58.0345 1032	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
08:08:58.0361 1032	i8042prt - ok
08:08:58.0392 1032	iaStorV         (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
08:08:58.0408 1032	iaStorV - ok
08:08:58.0517 1032	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:08:58.0532 1032	idsvc - ok
08:08:58.0813 1032	igfx            (aa1636107c0c05a881bfbce41142c70f) C:\Windows\system32\DRIVERS\igdkmd32.sys
08:08:59.0032 1032	igfx - ok
08:08:59.0125 1032	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
08:08:59.0141 1032	iirsp - ok
08:08:59.0172 1032	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
08:08:59.0219 1032	IKEEXT - ok
08:08:59.0234 1032	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
08:08:59.0250 1032	intelide - ok
08:08:59.0266 1032	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
08:08:59.0266 1032	intelppm - ok
08:08:59.0281 1032	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
08:08:59.0312 1032	IPBusEnum - ok
08:08:59.0328 1032	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:08:59.0359 1032	IpFilterDriver - ok
08:08:59.0390 1032	iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
08:08:59.0422 1032	iphlpsvc - ok
08:08:59.0437 1032	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
08:08:59.0453 1032	IPMIDRV - ok
08:08:59.0468 1032	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
08:08:59.0500 1032	IPNAT - ok
08:08:59.0515 1032	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
08:08:59.0531 1032	IRENUM - ok
08:08:59.0546 1032	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
08:08:59.0562 1032	isapnp - ok
08:08:59.0578 1032	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
08:08:59.0593 1032	iScsiPrt - ok
08:08:59.0609 1032	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
08:08:59.0624 1032	kbdclass - ok
08:08:59.0640 1032	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
08:08:59.0656 1032	kbdhid - ok
08:08:59.0702 1032	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
08:08:59.0702 1032	KeyIso - ok
08:08:59.0718 1032	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
08:08:59.0718 1032	KSecDD - ok
08:08:59.0749 1032	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
08:08:59.0765 1032	KSecPkg - ok
08:08:59.0796 1032	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
08:08:59.0827 1032	KtmRm - ok
08:08:59.0874 1032	L1C             (b86270cc948ead6481ac487d65ddb462) C:\Windows\system32\DRIVERS\L1C62x86.sys
08:08:59.0890 1032	L1C - ok
08:08:59.0921 1032	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
08:08:59.0952 1032	LanmanServer - ok
08:08:59.0983 1032	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
08:09:00.0014 1032	LanmanWorkstation - ok
08:09:00.0046 1032	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
08:09:00.0077 1032	lltdio - ok
08:09:00.0092 1032	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
08:09:00.0124 1032	lltdsvc - ok
08:09:00.0124 1032	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
08:09:00.0170 1032	lmhosts - ok
08:09:00.0202 1032	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
08:09:00.0217 1032	LSI_FC - ok
08:09:00.0217 1032	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
08:09:00.0233 1032	LSI_SAS - ok
08:09:00.0264 1032	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
08:09:00.0264 1032	LSI_SAS2 - ok
08:09:00.0280 1032	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
08:09:00.0295 1032	LSI_SCSI - ok
08:09:00.0311 1032	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
08:09:00.0326 1032	luafv - ok
08:09:00.0373 1032	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
08:09:00.0373 1032	MBAMProtector - ok
08:09:00.0467 1032	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
08:09:00.0482 1032	MBAMService - ok
08:09:00.0498 1032	Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
08:09:00.0514 1032	Mcx2Svc - ok
08:09:00.0529 1032	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
08:09:00.0545 1032	megasas - ok
08:09:00.0560 1032	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
08:09:00.0576 1032	MegaSR - ok
08:09:00.0607 1032	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
08:09:00.0638 1032	MMCSS - ok
08:09:00.0654 1032	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
08:09:00.0685 1032	Modem - ok
08:09:00.0701 1032	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
08:09:00.0732 1032	monitor - ok
08:09:00.0732 1032	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
08:09:00.0748 1032	mouclass - ok
08:09:00.0779 1032	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\drivers\mouhid.sys
08:09:00.0794 1032	mouhid - ok
08:09:00.0826 1032	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
08:09:00.0826 1032	mountmgr - ok
08:09:00.0888 1032	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:09:00.0888 1032	MozillaMaintenance - ok
08:09:00.0950 1032	MpFilter        (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
08:09:00.0966 1032	MpFilter - ok
08:09:00.0982 1032	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
08:09:00.0997 1032	mpio - ok
08:09:01.0091 1032	MpKsl22a8baf3   (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DA253904-9037-4343-823B-F041A9CA08F6}\MpKsl22a8baf3.sys
08:09:01.0091 1032	MpKsl22a8baf3 - ok
08:09:01.0106 1032	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
08:09:01.0138 1032	mpsdrv - ok
08:09:01.0262 1032	MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
08:09:01.0309 1032	MpsSvc - ok
08:09:01.0325 1032	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
08:09:01.0356 1032	MRxDAV - ok
08:09:01.0387 1032	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:09:01.0418 1032	mrxsmb - ok
08:09:01.0434 1032	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:09:01.0465 1032	mrxsmb10 - ok
08:09:01.0465 1032	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:09:01.0496 1032	mrxsmb20 - ok
08:09:01.0512 1032	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
08:09:01.0528 1032	msahci - ok
08:09:01.0543 1032	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
08:09:01.0559 1032	msdsm - ok
08:09:01.0574 1032	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
08:09:01.0590 1032	MSDTC - ok
08:09:01.0621 1032	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
08:09:01.0652 1032	Msfs - ok
08:09:01.0652 1032	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
08:09:01.0684 1032	mshidkmdf - ok
08:09:01.0699 1032	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
08:09:01.0715 1032	msisadrv - ok
08:09:01.0730 1032	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
08:09:01.0762 1032	MSiSCSI - ok
08:09:01.0762 1032	msiserver - ok
08:09:01.0793 1032	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
08:09:01.0824 1032	MSKSSRV - ok
08:09:01.0886 1032	MsMpSvc         (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
08:09:01.0902 1032	MsMpSvc - ok
08:09:01.0918 1032	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
08:09:01.0949 1032	MSPCLOCK - ok
08:09:01.0949 1032	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
08:09:01.0980 1032	MSPQM - ok
08:09:01.0996 1032	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
08:09:02.0011 1032	MsRPC - ok
08:09:02.0027 1032	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
08:09:02.0042 1032	mssmbios - ok
08:09:02.0074 1032	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
08:09:02.0089 1032	MSTEE - ok
08:09:02.0105 1032	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
08:09:02.0136 1032	MTConfig - ok
08:09:02.0136 1032	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
08:09:02.0152 1032	Mup - ok
08:09:02.0167 1032	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
08:09:02.0198 1032	napagent - ok
08:09:02.0230 1032	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
08:09:02.0261 1032	NativeWifiP - ok
08:09:02.0292 1032	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
08:09:02.0308 1032	NDIS - ok
08:09:02.0323 1032	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
08:09:02.0354 1032	NdisCap - ok
08:09:02.0386 1032	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
08:09:02.0417 1032	NdisTapi - ok
08:09:02.0542 1032	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
08:09:02.0557 1032	Ndisuio - ok
08:09:02.0854 1032	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
08:09:02.0900 1032	NdisWan - ok
08:09:02.0900 1032	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
08:09:02.0932 1032	NDProxy - ok
08:09:02.0932 1032	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
08:09:02.0963 1032	NetBIOS - ok
08:09:02.0978 1032	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
08:09:03.0010 1032	NetBT - ok
08:09:03.0056 1032	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
08:09:03.0056 1032	Netlogon - ok
08:09:03.0088 1032	Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
08:09:03.0119 1032	Netman - ok
08:09:03.0244 1032	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:09:03.0259 1032	NetMsmqActivator - ok
08:09:03.0259 1032	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:09:03.0275 1032	NetPipeActivator - ok
08:09:03.0290 1032	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
08:09:03.0322 1032	netprofm - ok
08:09:03.0322 1032	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:09:03.0337 1032	NetTcpActivator - ok
08:09:03.0337 1032	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:09:03.0353 1032	NetTcpPortSharing - ok
08:09:03.0368 1032	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
08:09:03.0384 1032	nfrd960 - ok
08:09:03.0446 1032	NisDrv          (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:09:03.0462 1032	NisDrv - ok
08:09:03.0524 1032	NisSrv          (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
08:09:03.0540 1032	NisSrv - ok
08:09:03.0571 1032	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
08:09:03.0602 1032	NlaSvc - ok
08:09:03.0602 1032	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
08:09:03.0634 1032	Npfs - ok
08:09:03.0649 1032	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
08:09:03.0680 1032	nsi - ok
08:09:03.0680 1032	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
08:09:03.0696 1032	nsiproxy - ok
08:09:03.0743 1032	Ntfs            (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
08:09:03.0790 1032	Ntfs - ok
08:09:03.0805 1032	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
08:09:03.0836 1032	Null - ok
08:09:03.0852 1032	nvraid          (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
08:09:03.0868 1032	nvraid - ok
08:09:03.0883 1032	nvstor          (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
08:09:03.0883 1032	nvstor - ok
08:09:03.0899 1032	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
08:09:03.0914 1032	nv_agp - ok
08:09:03.0930 1032	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
08:09:03.0946 1032	ohci1394 - ok
08:09:03.0961 1032	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
08:09:03.0992 1032	p2pimsvc - ok
08:09:04.0024 1032	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
08:09:04.0039 1032	p2psvc - ok
08:09:04.0242 1032	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
08:09:04.0258 1032	Parport - ok
08:09:04.0304 1032	partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
08:09:04.0320 1032	partmgr - ok
08:09:04.0320 1032	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
08:09:04.0336 1032	Parvdm - ok
08:09:04.0351 1032	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
08:09:04.0367 1032	PcaSvc - ok
08:09:04.0382 1032	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
08:09:04.0398 1032	pci - ok
08:09:04.0414 1032	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
08:09:04.0429 1032	pciide - ok
08:09:04.0429 1032	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
08:09:04.0445 1032	pcmcia - ok
08:09:04.0460 1032	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
08:09:04.0476 1032	pcw - ok
08:09:04.0507 1032	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
08:09:04.0554 1032	PEAUTH - ok
08:09:04.0601 1032	PeerDistSvc     (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
08:09:04.0632 1032	PeerDistSvc - ok
08:09:04.0710 1032	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
08:09:04.0772 1032	pla - ok
08:09:04.0866 1032	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
08:09:04.0897 1032	PlugPlay - ok
08:09:04.0897 1032	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
08:09:04.0928 1032	PNRPAutoReg - ok
08:09:04.0944 1032	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
08:09:04.0960 1032	PNRPsvc - ok
08:09:05.0006 1032	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
08:09:05.0038 1032	PolicyAgent - ok
08:09:05.0053 1032	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
08:09:05.0100 1032	Power - ok
08:09:05.0147 1032	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
08:09:05.0178 1032	PptpMiniport - ok
08:09:05.0194 1032	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
08:09:05.0209 1032	Processor - ok
08:09:05.0240 1032	ProfSvc         (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
08:09:05.0272 1032	ProfSvc - ok
08:09:05.0318 1032	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
08:09:05.0318 1032	ProtectedStorage - ok
08:09:05.0334 1032	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
08:09:05.0365 1032	Psched - ok
08:09:05.0412 1032	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
08:09:05.0459 1032	ql2300 - ok
08:09:05.0521 1032	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
08:09:05.0537 1032	ql40xx - ok
08:09:05.0552 1032	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
08:09:05.0568 1032	QWAVE - ok
08:09:05.0584 1032	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
08:09:05.0599 1032	QWAVEdrv - ok
08:09:05.0615 1032	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
08:09:05.0646 1032	RasAcd - ok
08:09:05.0693 1032	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:09:05.0708 1032	RasAgileVpn - ok
08:09:05.0724 1032	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
08:09:05.0755 1032	RasAuto - ok
08:09:05.0771 1032	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:09:05.0818 1032	Rasl2tp - ok
08:09:05.0849 1032	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
08:09:05.0880 1032	RasMan - ok
08:09:05.0911 1032	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
08:09:05.0942 1032	RasPppoe - ok
08:09:05.0958 1032	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
08:09:05.0989 1032	RasSstp - ok
08:09:06.0005 1032	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
08:09:06.0052 1032	rdbss - ok
08:09:06.0052 1032	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
08:09:06.0067 1032	rdpbus - ok
08:09:06.0083 1032	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:09:06.0098 1032	RDPCDD - ok
08:09:06.0130 1032	RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
08:09:06.0161 1032	RDPDR - ok
08:09:06.0161 1032	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
08:09:06.0192 1032	RDPENCDD - ok
08:09:06.0192 1032	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
08:09:06.0239 1032	RDPREFMP - ok
08:09:06.0286 1032	RDPWD           (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
08:09:06.0301 1032	RDPWD - ok
08:09:06.0317 1032	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
08:09:06.0332 1032	rdyboost - ok
08:09:06.0348 1032	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
08:09:06.0379 1032	RemoteAccess - ok
08:09:06.0395 1032	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
08:09:06.0457 1032	RemoteRegistry - ok
08:09:06.0473 1032	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
08:09:06.0504 1032	RpcEptMapper - ok
08:09:06.0520 1032	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
08:09:06.0535 1032	RpcLocator - ok
08:09:06.0566 1032	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
08:09:06.0598 1032	RpcSs - ok
08:09:06.0598 1032	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
08:09:06.0629 1032	rspndr - ok
08:09:06.0644 1032	s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
08:09:06.0676 1032	s3cap - ok
08:09:06.0722 1032	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
08:09:06.0722 1032	SamSs - ok
08:09:06.0941 1032	SANDRA          (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\WNt500x86\Sandra.sys
08:09:07.0003 1032	SANDRA - ok
08:09:07.0034 1032	SandraAgentSrv  (28d22b00901ee48bb98899abad5da11e) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe
08:09:07.0112 1032	SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning
08:09:07.0112 1032	SandraAgentSrv - detected UnsignedFile.Multi.Generic (1)
08:09:07.0144 1032	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
08:09:07.0159 1032	sbp2port - ok
08:09:07.0175 1032	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
08:09:07.0206 1032	SCardSvr - ok
08:09:07.0300 1032	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
08:09:07.0346 1032	scfilter - ok
08:09:07.0378 1032	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
08:09:07.0424 1032	Schedule - ok
08:09:07.0456 1032	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
08:09:07.0471 1032	SCPolicySvc - ok
08:09:07.0487 1032	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
08:09:07.0580 1032	SDRSVC - ok
08:09:07.0612 1032	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
08:09:07.0643 1032	secdrv - ok
08:09:07.0643 1032	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
08:09:07.0690 1032	seclogon - ok
08:09:07.0721 1032	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
08:09:07.0752 1032	SENS - ok
08:09:07.0768 1032	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
08:09:07.0799 1032	SensrSvc - ok
08:09:07.0814 1032	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
08:09:07.0830 1032	Serenum - ok
08:09:07.0846 1032	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
08:09:07.0861 1032	Serial - ok
08:09:07.0877 1032	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
08:09:07.0892 1032	sermouse - ok
08:09:07.0924 1032	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
08:09:07.0939 1032	SessionEnv - ok
08:09:07.0955 1032	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
08:09:07.0986 1032	sffdisk - ok
08:09:08.0017 1032	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
08:09:08.0033 1032	sffp_mmc - ok
08:09:08.0048 1032	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
08:09:08.0064 1032	sffp_sd - ok
08:09:08.0080 1032	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
08:09:08.0095 1032	sfloppy - ok
08:09:08.0126 1032	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
08:09:08.0158 1032	SharedAccess - ok
08:09:08.0173 1032	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
08:09:08.0220 1032	ShellHWDetection - ok
08:09:08.0236 1032	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
08:09:08.0251 1032	sisagp - ok
08:09:08.0267 1032	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
08:09:08.0267 1032	SiSRaid2 - ok
08:09:08.0282 1032	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
08:09:08.0298 1032	SiSRaid4 - ok
08:09:08.0329 1032	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
08:09:08.0360 1032	Smb - ok
08:09:08.0392 1032	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
08:09:08.0392 1032	SNMPTRAP - ok
08:09:08.0407 1032	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
08:09:08.0423 1032	spldr - ok
08:09:08.0454 1032	Spooler         (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
08:09:08.0485 1032	Spooler - ok
08:09:08.0563 1032	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
08:09:08.0641 1032	sppsvc - ok
08:09:08.0704 1032	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
08:09:08.0735 1032	sppuinotify - ok
08:09:08.0766 1032	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
08:09:08.0797 1032	srv - ok
08:09:08.0828 1032	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
08:09:08.0844 1032	srv2 - ok
08:09:08.0875 1032	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
08:09:08.0891 1032	srvnet - ok
08:09:08.0922 1032	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
08:09:08.0953 1032	SSDPSRV - ok
08:09:08.0969 1032	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
08:09:09.0000 1032	SstpSvc - ok
08:09:09.0031 1032	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
08:09:09.0031 1032	stexstor - ok
08:09:09.0078 1032	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
08:09:09.0094 1032	StiSvc - ok
08:09:09.0109 1032	storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
08:09:09.0125 1032	storflt - ok
08:09:09.0140 1032	StorSvc         (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
08:09:09.0156 1032	StorSvc - ok
08:09:09.0187 1032	storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
08:09:09.0203 1032	storvsc - ok
08:09:09.0218 1032	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
08:09:09.0218 1032	swenum - ok
08:09:09.0250 1032	swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
08:09:09.0281 1032	swprv - ok
08:09:09.0328 1032	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
08:09:09.0374 1032	SysMain - ok
08:09:09.0406 1032	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
08:09:09.0421 1032	TabletInputService - ok
08:09:09.0437 1032	TapiSrv         (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
08:09:09.0484 1032	TapiSrv - ok
08:09:09.0499 1032	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
08:09:09.0546 1032	TBS - ok
08:09:09.0655 1032	Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
08:09:09.0702 1032	Tcpip - ok
08:09:09.0718 1032	TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
08:09:09.0749 1032	TCPIP6 - ok
08:09:09.0780 1032	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
08:09:09.0796 1032	tcpipreg - ok
08:09:09.0811 1032	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
08:09:09.0827 1032	TDPIPE - ok
08:09:09.0874 1032	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
08:09:09.0889 1032	TDTCP - ok
08:09:09.0905 1032	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
08:09:09.0936 1032	tdx - ok
08:09:10.0061 1032	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
08:09:10.0076 1032	TermDD - ok
08:09:10.0108 1032	TermService     (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
08:09:10.0139 1032	TermService - ok
08:09:10.0170 1032	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
08:09:10.0186 1032	Themes - ok
08:09:10.0201 1032	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
08:09:10.0232 1032	THREADORDER - ok
08:09:10.0264 1032	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
08:09:10.0295 1032	TrkWks - ok
08:09:10.0841 1032	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
08:09:10.0872 1032	TrustedInstaller - ok
08:09:10.0888 1032	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:09:10.0919 1032	tssecsrv - ok
08:09:10.0934 1032	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
08:09:10.0950 1032	TsUsbFlt - ok
08:09:10.0966 1032	TsUsbGD         (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
08:09:10.0981 1032	TsUsbGD - ok
08:09:10.0997 1032	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
08:09:11.0028 1032	tunnel - ok
08:09:11.0044 1032	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
08:09:11.0059 1032	uagp35 - ok
08:09:11.0075 1032	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
08:09:11.0106 1032	udfs - ok
08:09:11.0137 1032	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
08:09:11.0153 1032	UI0Detect - ok
08:09:11.0168 1032	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
08:09:11.0184 1032	uliagpkx - ok
08:09:11.0200 1032	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
08:09:11.0215 1032	umbus - ok
08:09:11.0215 1032	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
08:09:11.0231 1032	UmPass - ok
08:09:11.0262 1032	UmRdpService    (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
08:09:11.0278 1032	UmRdpService - ok
08:09:11.0309 1032	upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
08:09:11.0340 1032	upnphost - ok
08:09:11.0356 1032	usbccgp         (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
08:09:11.0371 1032	usbccgp - ok
08:09:11.0387 1032	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
08:09:11.0402 1032	usbcir - ok
08:09:11.0418 1032	usbehci         (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\DRIVERS\usbehci.sys
08:09:11.0434 1032	usbehci - ok
08:09:11.0465 1032	usbhub          (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\DRIVERS\usbhub.sys
08:09:11.0480 1032	usbhub - ok
08:09:11.0496 1032	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
08:09:11.0512 1032	usbohci - ok
08:09:11.0527 1032	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
08:09:11.0543 1032	usbprint - ok
08:09:11.0558 1032	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
08:09:11.0574 1032	usbscan - ok
08:09:11.0590 1032	USBSTOR         (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:09:11.0605 1032	USBSTOR - ok
08:09:11.0621 1032	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
08:09:11.0636 1032	usbuhci - ok
08:09:11.0652 1032	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
08:09:11.0683 1032	UxSms - ok
08:09:11.0730 1032	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
08:09:11.0730 1032	VaultSvc - ok
08:09:11.0761 1032	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
08:09:11.0761 1032	vdrvroot - ok
08:09:11.0792 1032	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
08:09:11.0839 1032	vds - ok
08:09:11.0839 1032	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
08:09:11.0870 1032	vga - ok
08:09:11.0933 1032	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
08:09:11.0964 1032	VgaSave - ok
08:09:11.0980 1032	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
08:09:11.0980 1032	vhdmp - ok
08:09:12.0026 1032	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
08:09:12.0042 1032	viaagp - ok
08:09:12.0073 1032	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
08:09:12.0089 1032	ViaC7 - ok
08:09:12.0104 1032	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
08:09:12.0120 1032	viaide - ok
08:09:12.0136 1032	vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
08:09:12.0151 1032	vmbus - ok
08:09:12.0167 1032	VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
08:09:12.0198 1032	VMBusHID - ok
08:09:12.0214 1032	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
08:09:12.0214 1032	volmgr - ok
08:09:12.0245 1032	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
08:09:12.0260 1032	volmgrx - ok
08:09:12.0276 1032	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
08:09:12.0292 1032	volsnap - ok
08:09:12.0323 1032	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
08:09:12.0323 1032	vsmraid - ok
08:09:12.0370 1032	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
08:09:12.0416 1032	VSS - ok
08:09:12.0432 1032	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
08:09:12.0448 1032	vwifibus - ok
08:09:12.0463 1032	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
08:09:12.0494 1032	W32Time - ok
08:09:12.0510 1032	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
08:09:12.0541 1032	WacomPen - ok
08:09:12.0557 1032	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:09:12.0588 1032	WANARP - ok
08:09:12.0604 1032	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:09:12.0619 1032	Wanarpv6 - ok
08:09:12.0682 1032	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
08:09:12.0744 1032	wbengine - ok
08:09:12.0775 1032	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
08:09:12.0806 1032	WbioSrvc - ok
08:09:12.0822 1032	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
08:09:12.0853 1032	wcncsvc - ok
08:09:12.0869 1032	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
08:09:12.0900 1032	WcsPlugInService - ok
08:09:12.0916 1032	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
08:09:12.0931 1032	Wd - ok
08:09:12.0962 1032	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
08:09:12.0978 1032	Wdf01000 - ok
08:09:12.0978 1032	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
08:09:13.0025 1032	WdiServiceHost - ok
08:09:13.0025 1032	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
08:09:13.0040 1032	WdiSystemHost - ok
08:09:13.0072 1032	WebClient       (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
08:09:13.0087 1032	WebClient - ok
08:09:13.0134 1032	Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
08:09:13.0165 1032	Wecsvc - ok
08:09:13.0196 1032	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
08:09:13.0212 1032	wercplsupport - ok
08:09:13.0243 1032	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
08:09:13.0259 1032	WerSvc - ok
08:09:13.0274 1032	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
08:09:13.0306 1032	WfpLwf - ok
08:09:13.0321 1032	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
08:09:13.0337 1032	WIMMount - ok
08:09:13.0430 1032	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
08:09:13.0477 1032	WinDefend - ok
08:09:13.0493 1032	WinHttpAutoProxySvc - ok
08:09:13.0540 1032	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
08:09:13.0555 1032	Winmgmt - ok
08:09:13.0618 1032	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
08:09:13.0680 1032	WinRM - ok
08:09:13.0742 1032	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
08:09:13.0758 1032	WinUsb - ok
08:09:13.0805 1032	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
08:09:13.0836 1032	Wlansvc - ok
08:09:13.0852 1032	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
08:09:13.0852 1032	WmiAcpi - ok
08:09:13.0883 1032	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
08:09:13.0898 1032	wmiApSrv - ok
08:09:13.0992 1032	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
08:09:14.0023 1032	WMPNetworkSvc - ok
08:09:14.0054 1032	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
08:09:14.0070 1032	WPCSvc - ok
08:09:14.0086 1032	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
08:09:14.0101 1032	WPDBusEnum - ok
08:09:14.0148 1032	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
08:09:14.0164 1032	ws2ifsl - ok
08:09:14.0179 1032	wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
08:09:14.0195 1032	wscsvc - ok
08:09:14.0210 1032	WSearch - ok
08:09:14.0288 1032	wuauserv        (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
08:09:14.0351 1032	wuauserv - ok
08:09:14.0444 1032	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
08:09:14.0460 1032	WudfPf - ok
08:09:14.0507 1032	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:09:14.0522 1032	WUDFRd - ok
08:09:14.0554 1032	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
08:09:14.0585 1032	wudfsvc - ok
08:09:14.0600 1032	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
08:09:14.0632 1032	WwanSvc - ok
08:09:14.0647 1032	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:09:14.0881 1032	\Device\Harddisk0\DR0 - ok
08:09:14.0897 1032	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
08:09:14.0990 1032	\Device\Harddisk2\DR2 - ok
08:09:15.0006 1032	Boot (0x1200)   (290e8e188dc36f8044880ceb645fa6ef) \Device\Harddisk0\DR0\Partition0
08:09:15.0006 1032	\Device\Harddisk0\DR0\Partition0 - ok
08:09:15.0022 1032	Boot (0x1200)   (707f8509dfaf872a707e531751838637) \Device\Harddisk0\DR0\Partition1
08:09:15.0022 1032	\Device\Harddisk0\DR0\Partition1 - ok
08:09:15.0022 1032	Boot (0x1200)   (186f6d6ffecfec69a4ca3d001c1e12e7) \Device\Harddisk2\DR2\Partition0
08:09:15.0037 1032	\Device\Harddisk2\DR2\Partition0 - ok
08:09:15.0037 1032	============================================================
08:09:15.0037 1032	Scan finished
08:09:15.0037 1032	============================================================
08:09:15.0053 3776	Detected object count: 3
08:09:15.0053 3776	Actual detected object count: 3
08:32:09.0635 3776	AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
08:32:09.0635 3776	AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:32:09.0635 3776	avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
08:32:09.0635 3776	avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:32:09.0635 3776	SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user
08:32:09.0635 3776	SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 25.05.2012, 11:38

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Kiki140381 · 25.05.2012, 12:18

So, ComboFix hab ich auch durchlaufen lassen.
Ich hoffe, ich habe nichts weiter kaputt gemacht. Obwohl ich der Meinung war, dass ich mein Antivirenprogramm ausgeschaltet hatte (MsMpEng.exe und msseces.exe hatte ich im TaskManager beendet) sagte ComboFix mir, das Programm sei noch aktiv. Nochmal im TaskManager nachgeschaut lief MsMpEng.exe wieder, hab ich das wieder beendet, sagte ComboFix mir, das Programm läuft immernoch. Daraufhin hab ich es deinstalliert.

Hier nun der log von ComboFix:

[Code]
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-05-25.02 - Schulte-Klein 25.05.2012  12:59:04.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2012.1276 [GMT 2:00]
ausgeführt von:: c:\users\Schulte-Klein\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-25 bis 2012-05-25  ))))))))))))))))))))))))))))))
.
.
2012-05-25 11:02 . 2012-05-25 11:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-05-24 06:01 . 2012-05-24 06:01	--------	d-----w-	C:\_OTL
2012-05-23 07:12 . 2012-05-23 07:12	--------	d-----w-	c:\program files\ESET
2012-05-23 05:31 . 2012-05-23 05:31	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2012-05-23 05:31 . 2012-05-23 05:31	157352	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-23 05:31 . 2012-05-23 05:31	129976	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-22 09:11 . 2012-05-22 09:11	--------	d-----w-	c:\program files\CCleaner
2012-05-22 06:32 . 2012-05-22 06:32	--------	d-----w-	c:\users\Schulte-Klein\AppData\Roaming\Malwarebytes
2012-05-22 06:31 . 2012-05-22 06:32	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-05-22 06:31 . 2012-05-22 06:31	--------	d-----w-	c:\programdata\Malwarebytes
2012-05-22 06:31 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-16 19:52 . 2012-03-31 04:29	936960	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-16 19:52 . 2012-03-30 10:23	1291632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-16 19:52 . 2012-03-31 04:30	1221632	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2012-05-16 19:52 . 2012-03-31 04:29	989184	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2012-05-16 19:52 . 2012-03-31 04:29	969216	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2012-05-16 19:52 . 2012-03-31 04:39	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-16 19:52 . 2012-03-31 04:39	3913072	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-16 19:52 . 2012-03-31 02:36	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-05-16 19:52 . 2012-03-17 07:27	56176	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-05-16 19:52 . 2012-03-03 05:31	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-05-04 12:49 . 2012-05-05 16:27	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 16:27 . 2011-10-23 20:14	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-17 08:00 . 2011-10-24 14:28	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-03-01 05:46 . 2012-04-13 12:24	19824	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-13 12:24	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-13 12:24	159232	----a-w-	c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-13 12:24	5120	----a-w-	c:\windows\system32\wmi.dll
2012-02-28 01:18 . 2012-04-13 12:27	1799168	----a-w-	c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-13 12:27	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-13 12:27	1127424	----a-w-	c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-13 12:27	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2009-09-12 21:05 . 2009-09-12 21:05	124240	----a-w-	c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-12 21:06 . 2009-09-12 21:06	13136	----a-w-	c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-12 21:06 . 2009-09-12 21:06	70488	----a-w-	c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-09-12 21:06 . 2009-09-12 21:06	91480	----a-w-	c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-12 21:06 . 2009-09-12 21:06	22360	----a-w-	c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-12 21:07 . 2009-09-12 21:07	255312	----a-w-	c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-12 21:06 . 2009-09-12 21:06	31064	----a-w-	c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-12 21:06 . 2009-09-12 21:06	40280	----a-w-	c:\program files\mozilla firefox\plugins\icalogon.dll
2009-08-14 11:33 . 2009-08-14 11:33	652640	----a-w-	c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-12 21:06 . 2009-09-12 21:06	23896	----a-w-	c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-05-23 05:31 . 2011-10-23 20:24	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-23 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 171288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 172824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Schulte-Klein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-23 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 4352]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2010-10-22 265088]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-23 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-23 129976]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe [2009-02-03 95896]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
S1 MpKsl0d17bea9;MpKsl0d17bea9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA253904-9037-4343-823B-F041A9CA08F6}\MpKsl0d17bea9.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-04-21 68208]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSL0D17BEA9
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 16:27]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-23 20:13]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-23 20:13]
.
.
------- Zusätzlicher Suchlauf -------
.
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Schulte-Klein\AppData\Roaming\Mozilla\Firefox\Profiles\218l6qfc.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-05-25  13:03:59
ComboFix-quarantined-files.txt  2012-05-25 11:03
.
Vor Suchlauf: 7 Verzeichnis(se), 1.476.598.386.688 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 1.476.498.235.392 Bytes frei
.
- - End Of File - - DD3E16372F752BD8D356B01790DE0B1E

--- --- ---
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-05-25.02 - Schulte-Klein 25.05.2012  12:59:04.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2012.1276 [GMT 2:00]
ausgeführt von:: c:\users\Schulte-Klein\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-25 bis 2012-05-25  ))))))))))))))))))))))))))))))
.
.
2012-05-25 11:02 . 2012-05-25 11:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-05-24 06:01 . 2012-05-24 06:01	--------	d-----w-	C:\_OTL
2012-05-23 07:12 . 2012-05-23 07:12	--------	d-----w-	c:\program files\ESET
2012-05-23 05:31 . 2012-05-23 05:31	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2012-05-23 05:31 . 2012-05-23 05:31	157352	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-23 05:31 . 2012-05-23 05:31	129976	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-22 09:11 . 2012-05-22 09:11	--------	d-----w-	c:\program files\CCleaner
2012-05-22 06:32 . 2012-05-22 06:32	--------	d-----w-	c:\users\Schulte-Klein\AppData\Roaming\Malwarebytes
2012-05-22 06:31 . 2012-05-22 06:32	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-05-22 06:31 . 2012-05-22 06:31	--------	d-----w-	c:\programdata\Malwarebytes
2012-05-22 06:31 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-16 19:52 . 2012-03-31 04:29	936960	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-16 19:52 . 2012-03-30 10:23	1291632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-16 19:52 . 2012-03-31 04:30	1221632	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2012-05-16 19:52 . 2012-03-31 04:29	989184	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2012-05-16 19:52 . 2012-03-31 04:29	969216	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2012-05-16 19:52 . 2012-03-31 04:39	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-16 19:52 . 2012-03-31 04:39	3913072	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-16 19:52 . 2012-03-31 02:36	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-05-16 19:52 . 2012-03-17 07:27	56176	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-05-16 19:52 . 2012-03-03 05:31	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-05-04 12:49 . 2012-05-05 16:27	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 16:27 . 2011-10-23 20:14	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-17 08:00 . 2011-10-24 14:28	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-03-01 05:46 . 2012-04-13 12:24	19824	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-13 12:24	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-13 12:24	159232	----a-w-	c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-13 12:24	5120	----a-w-	c:\windows\system32\wmi.dll
2012-02-28 01:18 . 2012-04-13 12:27	1799168	----a-w-	c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-13 12:27	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-13 12:27	1127424	----a-w-	c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-13 12:27	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2009-09-12 21:05 . 2009-09-12 21:05	124240	----a-w-	c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-12 21:06 . 2009-09-12 21:06	13136	----a-w-	c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-12 21:06 . 2009-09-12 21:06	70488	----a-w-	c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-09-12 21:06 . 2009-09-12 21:06	91480	----a-w-	c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-12 21:06 . 2009-09-12 21:06	22360	----a-w-	c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-12 21:07 . 2009-09-12 21:07	255312	----a-w-	c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-12 21:06 . 2009-09-12 21:06	31064	----a-w-	c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-12 21:06 . 2009-09-12 21:06	40280	----a-w-	c:\program files\mozilla firefox\plugins\icalogon.dll
2009-08-14 11:33 . 2009-08-14 11:33	652640	----a-w-	c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-12 21:06 . 2009-09-12 21:06	23896	----a-w-	c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-05-23 05:31 . 2011-10-23 20:24	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-23 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 171288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 172824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Schulte-Klein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-23 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 4352]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2010-10-22 265088]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-23 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-23 129976]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe [2009-02-03 95896]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
S1 MpKsl0d17bea9;MpKsl0d17bea9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA253904-9037-4343-823B-F041A9CA08F6}\MpKsl0d17bea9.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-04-21 68208]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSL0D17BEA9
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 16:27]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-23 20:13]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-23 20:13]
.
.
------- Zusätzlicher Suchlauf -------
.
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Schulte-Klein\AppData\Roaming\Mozilla\Firefox\Profiles\218l6qfc.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-05-25  13:03:59
ComboFix-quarantined-files.txt  2012-05-25 11:03
.
Vor Suchlauf: 7 Verzeichnis(se), 1.476.598.386.688 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 1.476.498.235.392 Bytes frei
.
- - End Of File - - DD3E16372F752BD8D356B01790DE0B1E

--- --- ---

cosinus · 25.05.2012, 13:15

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Kiki140381 · 25.05.2012, 14:12

So, fertig.
GMER wollte nicht.

Hier die logs von OSAM und aswMBR

OSAM

Code:

ATTFilter

OSAM Logfile:

	Code: 

 ATTFilter

  
	Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 14:54:13 on 25.05.2012

OS: Windows 7  Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 12.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys
"catchme" (catchme) - ? - C:\Users\SCHULT~1\AppData\Local\Temp\catchme.sys  (File not found)
"Citrix USB Monitor Driver" (ctxusbm) - "Citrix Systems, Inc." - C:\Windows\System32\DRIVERS\ctxusbm.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"MpKsl0d17bea9" (MpKsl0d17bea9) - ? - c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DA253904-9037-4343-823B-F041A9CA08F6}\MpKsl0d17bea9.sys  (File not found)
"pgddyaod" (pgddyaod) - ? - C:\Users\SCHULT~1\AppData\Local\Temp\pgddyaod.sys  (Hidden registry entry, rootkit activity | File not found)
"SANDRA" (SANDRA) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\WNt500x86\Sandra.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Schulte-Klein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AVMWlanClient" - "AVM Berlin" - C:\Program Files\avmwlanstick\wlangui.exe
"BrMfcWnd" - "Brother Industries, Ltd." - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"ConnectionCenter" - "Citrix Systems, Inc." - "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
"ControlCenter3" - "Brother Industries, Ltd." - C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"EPSON S21 Series 32MonitorBE" - "SEIKO EPSON CORPORATION" - C:\Windows\system32\E_FLBFAE.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"AVM WLAN Connection Service" (AVM WLAN Connection Service) - "AVM Berlin" - C:\Program Files\avmwlanstick\WlanNetService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"SiSoftware Deployment Agent Service" (SandraAgentSrv) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe

===[ Logfile end ]=========================================[ Logfile end ]===
         
 --- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

und aswMBR

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-25 14:55:58
-----------------------------
14:55:58.616    OS Version: Windows 6.1.7601 Service Pack 1
14:55:58.616    Number of processors: 2 586 0x170A
14:55:58.617    ComputerName: SCHULTEKLEIN  UserName: 
14:56:02.156    Initialize success
14:58:06.414    AVAST engine defs: 12052500
15:00:01.484    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:00:01.489    Disk 0 Vendor: ST1500DL003-9VT16L CC32 Size: 1430799MB BusType: 3
15:00:01.508    Disk 0 MBR read successfully
15:00:01.513    Disk 0 MBR scan
15:00:01.521    Disk 0 Windows 7 default MBR code
15:00:01.535    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
15:00:01.555    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS      1430697 MB offset 206848
15:00:01.566    Disk 0 scanning sectors +2930274304
15:00:01.643    Disk 0 scanning C:\Windows\system32\drivers
15:00:10.521    Service scanning
15:00:25.073    Modules scanning
15:00:29.940    Disk 0 trace - called modules:
15:00:29.951    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 
15:00:29.956    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x855ee030]
15:00:29.960    3 CLASSPNP.SYS[889cd59e] -> nt!IofCallDriver -> [0x84871918]
15:00:29.964    5 ACPI.sys[884b23d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85146030]
15:00:42.314    AVAST engine scan C:\Windows
15:00:47.721    AVAST engine scan C:\Windows\system32
15:03:11.554    AVAST engine scan C:\Windows\system32\drivers
15:03:25.849    AVAST engine scan C:\Users\Schulte-Klein
15:04:01.631    AVAST engine scan C:\ProgramData
15:04:12.400    Scan finished successfully
15:08:32.816    Disk 0 MBR has been saved successfully to "C:\Users\Schulte-Klein\Desktop\MBR.dat"
15:08:32.820    The log file has been saved successfully to "C:\Users\Schulte-Klein\Desktop\aswMBR.txt"

23.05.2012, 10:28	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	100€ ukash paysafe Trojaner eingefangen Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus wieder uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

100€ ukash paysafe Trojaner eingefangen

Log-Analyse und Auswertung: 100€ ukash paysafe Trojaner eingefangen