| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Small.FI und TR/ATRAPS.Gen2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.06.2012, 13:43
| #16 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  TR/Small.FI und TR/ATRAPS.Gen2 Firmen-/Bürorechner werden hier eigentlich nicht bereinigt Siehe => http://www.trojaner-board.de/108422-...-anfragen.html Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.06.2012, 14:09
| #17 |
 | TR/Small.FI und TR/ATRAPS.Gen2 Das habe leider nicht gesehen, habe lediglich den Thread mit den Hinweisen, was bei Eröffnung eines Threads zu beachten ist gelesen. Gibt es denn jetzt noch die Möglichkeit Hilfe zu bekommen für mich?
__________________Zu einer Spende ist meine Mutter bestimmt bereit. |
|
29.06.2012, 09:55
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Small.FI und TR/ATRAPS.Gen2 Wie es da steht:
__________________Zitat:
__________________ |
|
29.06.2012, 10:12
| #19 |
| | TR/Small.FI und TR/ATRAPS.Gen2 In dem 30.000 Seelen-Ort ist das IT-igste ein "Tintencenter". Deren Kenntnisse beschränken sich allerdings auf das Wiederbefüllen von Tonern... Also nein! Vielen Dank! :-) |
|
29.06.2012, 12:24
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Small.FI und TR/ATRAPS.Gen2 Ok, machen wir weiter. Den zweiten überflüssig bis kontaproduktiven Virenscanner hast du deinstalliert? Wenn ja: Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.06.2012, 16:36
| #21 |
| | TR/Small.FI und TR/ATRAPS.Gen2 Hallo Arne, hier jetzt die Logfile des erneuten OTL-Custom Scan: OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.06.2012 16:18:58 - Run 3 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\PC Sek Vorn\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 988,80 Mb Total Physical Memory | 449,09 Mb Available Physical Memory | 45,42% Memory free 1,97 Gb Paging File | 1,01 Gb Available in Paging File | 51,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,59 Gb Total Space | 185,78 Gb Free Space | 83,84% Space Free | Partition Type: NTFS Computer Name: PCSEKVORN-PC | User Name: Verwaltung | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.29 16:08:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\PC Sek Vorn\Desktop\OTL.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.03.19 13:38:47 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer.exe PRC - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.03.19 13:29:38 | 000,106,368 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\tv_w32.exe PRC - [2011.07.31 15:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Programme\Common Files\Lexware\Update Manager\LxUpdateManager.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2010.08.25 21:27:30 | 002,075,480 | ---- | M] (Dell, Inc.) -- C:\Programme\Dell\Dell Datasafe Online\NOBuAgent.exe PRC - [2009.08.17 17:40:54 | 000,079,168 | ---- | M] (Broadcom Corp.) -- C:\Programme\Broadcom\BPowMon\BPowMon.exe PRC - [2009.04.01 00:01:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\Realtek\Audio\HDA\AERTSrv.exe ========== Modules (No Company Name) ========== MOD - [2012.06.13 13:05:58 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll MOD - [2012.06.13 13:00:00 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll MOD - [2012.05.14 13:00:54 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll MOD - [2012.05.14 13:00:48 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll MOD - [2012.05.14 13:00:30 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll MOD - [2012.05.14 13:00:21 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ========== Win32 Services (SafeList) ========== SRV - [2012.06.26 16:30:23 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.02.28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 14:01:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.09.22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.08.25 21:27:30 | 002,075,480 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.08.17 17:40:54 | 000,079,168 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\Programme\Broadcom\BPowMon\BPowMon.exe -- (BPowMon) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.04.01 00:01:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\tmtdi.sys -- (tmtdi) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.08.21 22:50:48 | 000,273,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {9FBFBEB1-E0F9-4374-B2DC-A90E6BB5EB8F} IE - HKLM\..\SearchScopes\{9FBFBEB1-E0F9-4374-B2DC-A90E6BB5EB8F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1796371981-4189133533-1706291684-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8 IE - HKU\S-1-5-21-1796371981-4189133533-1706291684-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1796371981-4189133533-1706291684-1001\..\SearchScopes,DefaultScope = {9FBFBEB1-E0F9-4374-B2DC-A90E6BB5EB8F} IE - HKU\S-1-5-21-1796371981-4189133533-1706291684-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:5.82.0.1018 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010.12.09 09:28:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1045\FirefoxExtension FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.26 16:30:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.06 11:54:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.05.14 15:26:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.06.18 17:19:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.18 17:19:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.01.09 15:33:49 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\PC SEK VORN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C1X3CBYM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.06.26 16:30:24 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.26 16:30:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.26 16:30:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.26 16:30:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.26 16:30:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.26 16:30:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.26 16:30:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1045\TmIEPlg.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Programme\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1796371981-4189133533-1706291684-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\All Users\529C50840382271D03A908ABB4EB23C1 [2012.06.12 14:53:35 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Adobe [2010.12.09 09:16:41 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Anwendungsdaten [2010.12.31 15:07:54 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Application Data [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Avira [2012.06.12 15:34:08 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\BTrieve [2010.12.31 17:20:42 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Dell [2010.12.09 09:19:03 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Desktop [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Documents [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Dokumente [2010.12.31 15:07:54 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Favoriten [2010.12.31 15:07:54 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Favorites [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Lexware [2012.06.20 14:39:00 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Malwarebytes [2012.06.22 13:18:28 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\McAfee [2012.06.08 10:43:41 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Microsoft [2011.07.01 12:27:19 | 000,000,000 | --SD | M] O4 - Startup: C:\Users\All Users\Microsoft Help [2012.06.13 13:06:44 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Mozilla [2012.06.26 16:30:39 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\PCDr [2011.05.30 09:04:36 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Start Menu [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Startmenü [2010.12.31 15:07:54 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Sun [2010.12.09 09:13:08 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Templates [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Trend Micro [2011.04.30 10:09:44 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Vorlagen [2010.12.31 15:07:54 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Anwendungsdaten [2010.12.31 15:07:54 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\AppData [2009.07.14 04:37:05 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\Default\Application Data [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Cookies [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Desktop [2009.07.14 04:04:25 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Documents [2010.12.31 15:07:54 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Downloads [2009.07.14 04:04:25 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Druckumgebung [2010.12.31 15:07:54 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Eigene Dateien [2010.12.31 15:07:54 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Favorites [2009.07.14 04:04:25 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Links [2009.07.14 04:04:25 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Local Settings [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Lokale Einstellungen [2010.12.31 15:07:54 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Music [2009.07.14 04:04:25 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\My Documents [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\NetHood [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Netzwerkumgebung [2010.12.31 15:07:54 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\NTUSER.DAT () O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG () O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 () O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 () O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf () O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\Default\Pictures [2009.07.14 04:04:25 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\PrintHood [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Recent [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Saved Games [2009.07.14 04:04:25 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Default\SendTo [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Start Menu [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Startmenü [2010.12.31 15:07:54 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Templates [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Videos [2009.07.14 04:04:25 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Vorlagen [2010.12.31 15:07:54 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\PC Sek Vorn\(SYS)BH1700_120203_110046.zip () O4 - Startup: C:\Users\PC Sek Vorn\Anwendungsdaten [2010.12.31 15:08:11 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\PC Sek Vorn\AppData [2010.12.31 15:08:11 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\PC Sek Vorn\BH1700_120229_095506.zip () O4 - Startup: C:\Users\PC Sek Vorn\BH1700_120314_111157.zip () O4 - Startup: C:\Users\PC Sek Vorn\BH1700_120321_102611.zip () O4 - Startup: C:\Users\PC Sek Vorn\BH1700_120404_092548.zip () O4 - Startup: C:\Users\PC Sek Vorn\BH1700_120426_170329.zip () O4 - Startup: C:\Users\PC Sek Vorn\BH1700_120507_174719.zip () O4 - Startup: C:\Users\PC Sek Vorn\BH1700_120518_104558.zip () O4 - Startup: C:\Users\PC Sek Vorn\BH1700_120523_110504.zip () O4 - Startup: C:\Users\PC Sek Vorn\BH1700_120613_090633.zip () O4 - Startup: C:\Users\PC Sek Vorn\BH1700_120620_092527.zip () O4 - Startup: C:\Users\PC Sek Vorn\Contacts [2012.02.17 09:33:08 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\PC Sek Vorn\Cookies [2010.12.31 15:08:11 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\PC Sek Vorn\defogger_reenable () O4 - Startup: C:\Users\PC Sek Vorn\Desktop [2012.06.29 16:08:04 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\PC Sek Vorn\Documents [2012.03.12 13:04:47 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\PC Sek Vorn\Downloads [2012.06.22 11:38:21 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\PC Sek Vorn\Druckumgebung [2010.12.31 15:08:11 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\PC Sek Vorn\Eigene Dateien [2010.12.31 15:08:11 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\PC Sek Vorn\Favorites [2012.03.30 10:31:05 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\PC Sek Vorn\Links [2012.02.17 09:33:09 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\PC Sek Vorn\Lokale Einstellungen [2010.12.31 15:08:11 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\PC Sek Vorn\Music [2012.02.17 09:33:08 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\PC Sek Vorn\Netzwerkumgebung [2010.12.31 15:08:11 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\PC Sek Vorn\NTUSER.DAT () O4 - Startup: C:\Users\PC Sek Vorn\ntuser.dat.LOG1 () O4 - Startup: C:\Users\PC Sek Vorn\ntuser.dat.LOG2 () O4 - Startup: C:\Users\PC Sek Vorn\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf () O4 - Startup: C:\Users\PC Sek Vorn\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\PC Sek Vorn\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\PC Sek Vorn\ntuser.ini () O4 - Startup: C:\Users\PC Sek Vorn\Pictures [2012.02.17 09:33:08 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\PC Sek Vorn\Recent [2010.12.31 15:08:11 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\PC Sek Vorn\Saved Games [2012.02.17 09:33:09 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\PC Sek Vorn\Searches [2012.02.17 09:33:08 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\PC Sek Vorn\SendTo [2010.12.31 15:08:11 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\PC Sek Vorn\Startmenü [2010.12.31 15:08:11 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\PC Sek Vorn\Videos [2012.02.17 09:33:08 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\PC Sek Vorn\Vorlagen [2010.12.31 15:08:11 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\PC Sek Vorn\X16-32587.exe (Microsoft Corporation) O4 - Startup: C:\Users\Public\Desktop [2012.06.26 17:34:25 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Documents [2010.12.31 15:07:54 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Downloads [2009.07.14 06:41:57 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Favorites [2009.07.14 04:04:25 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Libraries [2010.12.31 15:07:53 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Music [2009.07.14 06:41:57 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Pictures [2009.07.14 06:41:57 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Recorded TV [2009.07.14 10:56:41 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Videos [2009.07.14 06:41:57 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Verwaltung\Anwendungsdaten [2012.06.27 16:51:14 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Verwaltung\AppData [2012.06.27 16:51:16 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\Verwaltung\Cookies [2012.06.27 16:51:14 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Verwaltung\Desktop [2009.07.14 04:04:25 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Verwaltung\Documents [2012.06.27 16:51:14 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Verwaltung\Downloads [2009.07.14 04:04:25 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Verwaltung\Druckumgebung [2012.06.27 16:51:14 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Verwaltung\Eigene Dateien [2012.06.27 16:51:14 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Verwaltung\Favorites [2009.07.14 04:04:25 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Verwaltung\Links [2009.07.14 04:04:25 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Verwaltung\Lokale Einstellungen [2012.06.27 16:51:16 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Verwaltung\Music [2009.07.14 04:04:25 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Verwaltung\Netzwerkumgebung [2012.06.27 16:51:14 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Verwaltung\NTUSER.DAT () O4 - Startup: C:\Users\Verwaltung\ntuser.dat.LOG1 () O4 - Startup: C:\Users\Verwaltung\ntuser.dat.LOG2 () O4 - Startup: C:\Users\Verwaltung\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf () O4 - Startup: C:\Users\Verwaltung\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\Verwaltung\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\Verwaltung\ntuser.ini () O4 - Startup: C:\Users\Verwaltung\Pictures [2009.07.14 04:04:25 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Verwaltung\Recent [2012.06.27 16:51:15 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Verwaltung\Saved Games [2009.07.14 04:04:25 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Verwaltung\SendTo [2012.06.27 16:51:15 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Verwaltung\Startmenü [2012.06.27 16:51:15 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Verwaltung\Videos [2009.07.14 04:04:25 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Verwaltung\Vorlagen [2012.06.27 16:51:16 | 000,000,000 | -HSD | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.57.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3282CAD0-1213-4EE2-B719-464A72364978}: DhcpNameServer = 192.168.57.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1045\TmIEPlg.dll File not found O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Sharedaccess - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: SharedAccess - File not found SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.27 16:51:16 | 000,000,000 | -HSD | C] -- C:\Users\Verwaltung\Vorlagen [2012.06.27 16:51:16 | 000,000,000 | -HSD | C] -- C:\Users\Verwaltung\Lokale Einstellungen [2012.06.27 16:51:15 | 000,000,000 | -HSD | C] -- C:\Users\Verwaltung\Startmenü [2012.06.27 16:51:15 | 000,000,000 | -HSD | C] -- C:\Users\Verwaltung\SendTo [2012.06.27 16:51:15 | 000,000,000 | -HSD | C] -- C:\Users\Verwaltung\Recent [2012.06.27 16:51:14 | 000,000,000 | -HSD | C] -- C:\Users\Verwaltung\Netzwerkumgebung [2012.06.27 16:51:14 | 000,000,000 | -HSD | C] -- C:\Users\Verwaltung\Eigene Dateien [2012.06.27 16:51:14 | 000,000,000 | -HSD | C] -- C:\Users\Verwaltung\Druckumgebung [2012.06.27 16:51:14 | 000,000,000 | -HSD | C] -- C:\Users\Verwaltung\Cookies [2012.06.27 16:51:14 | 000,000,000 | -HSD | C] -- C:\Users\Verwaltung\Anwendungsdaten [2012.06.27 16:51:09 | 000,000,000 | R--D | C] -- C:\Users\Verwaltung\Videos [2012.06.27 16:51:09 | 000,000,000 | R--D | C] -- C:\Users\Verwaltung\Pictures [2012.06.27 16:51:09 | 000,000,000 | R--D | C] -- C:\Users\Verwaltung\Music [2012.06.27 16:51:09 | 000,000,000 | R--D | C] -- C:\Users\Verwaltung\Links [2012.06.27 16:51:09 | 000,000,000 | R--D | C] -- C:\Users\Verwaltung\Favorites [2012.06.27 16:51:09 | 000,000,000 | R--D | C] -- C:\Users\Verwaltung\Downloads [2012.06.27 16:51:09 | 000,000,000 | R--D | C] -- C:\Users\Verwaltung\Documents [2012.06.27 16:51:09 | 000,000,000 | R--D | C] -- C:\Users\Verwaltung\Desktop [2012.06.27 16:51:09 | 000,000,000 | -H-D | C] -- C:\Users\Verwaltung\AppData [2012.06.27 16:51:09 | 000,000,000 | ---D | C] -- C:\Users\Verwaltung\Saved Games [2012.06.26 16:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.06.26 16:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.06.26 10:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.06.22 14:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.06.22 13:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.22 13:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.22 13:18:26 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.22 13:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.18 17:57:37 | 000,000,000 | ---D | C] -- C:\Logs [2012.06.18 17:57:37 | 000,000,000 | ---D | C] -- \Logs [2012.06.18 17:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.06.18 17:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.06.18 16:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2012.06.12 15:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.06.12 15:34:41 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.06.12 15:34:30 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.06.12 15:34:27 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.06.12 15:34:24 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.06.12 15:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.06.12 15:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.06.08 12:50:54 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2012.06.08 12:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\529C50840382271D03A908ABB4EB23C1 [2012.06.08 10:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee ========== Files - Modified Within 30 Days ========== [2012.06.29 07:49:28 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.29 07:49:28 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.29 07:44:15 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini [2012.06.29 07:40:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.29 07:40:30 | 777,625,600 | -HS- | M] () -- C:\hiberfil.sys [2012.06.26 17:34:25 | 000,002,771 | ---- | M] () -- C:\Users\Public\Desktop\Lexware lohn+gehalt.lnk [2012.06.26 16:58:39 | 000,002,759 | ---- | M] () -- C:\Users\Public\Desktop\Lexware buchhalter.lnk [2012.06.18 16:37:55 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012.06.14 08:30:34 | 000,314,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.13 13:04:51 | 000,808,372 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.13 13:04:51 | 000,770,254 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.13 13:04:51 | 000,179,076 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.13 13:04:51 | 000,155,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.12 15:35:27 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk ========== Files Created - No Company Name ========== [2012.06.26 10:28:57 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{59e74704-7a8c-b201-e149-d2fe65250c47}\U\800000cb.@ [2012.06.26 10:28:56 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{59e74704-7a8c-b201-e149-d2fe65250c47}\U\80000000.@ [2012.06.26 10:28:56 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{59e74704-7a8c-b201-e149-d2fe65250c47}\U\00000001.@ [2012.06.18 16:37:55 | 000,001,138 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2012.06.18 16:37:54 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012.06.13 10:32:33 | 000,002,771 | ---- | C] () -- C:\Users\Public\Desktop\Lexware lohn+gehalt.lnk [2012.06.12 15:35:27 | 000,002,018 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.04.17 15:58:12 | 000,207,728 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll [2012.04.17 15:58:12 | 000,138,608 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll [2012.04.17 15:58:10 | 000,074,608 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll [2012.04.17 15:58:08 | 000,309,616 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll [2012.01.11 09:27:28 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{59e74704-7a8c-b201-e149-d2fe65250c47}\@ [2012.01.11 09:27:28 | 000,002,048 | -HS- | C] () -- C:\Users\PC Sek Vorn\AppData\Local\{59e74704-7a8c-b201-e149-d2fe65250c47}\@ [2011.05.13 10:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2011.05.13 10:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2011.05.13 10:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2010.12.09 18:00:34 | 000,003,755 | RH-- | C] () -- \dell.sdr [2010.12.09 17:52:13 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.12.09 17:52:13 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2010.12.09 17:52:11 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010.12.09 09:32:37 | 000,000,031 | ---- | C] () -- \tmuninst.ini [2010.12.09 09:06:50 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2010.12.09 09:06:50 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2010.12.09 09:04:19 | 777,625,600 | -HS- | C] () -- \hiberfil.sys [2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2009.07.14 04:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat [2009.07.14 04:04:04 | 000,000,010 | ---- | C] () -- \config.sys ========== LOP Check ========== [2012.06.12 14:53:35 | 000,000,000 | ---D | M] -- C:\Users\All Users\529C50840382271D03A908ABB4EB23C1 [2010.12.31 15:07:54 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data [2010.12.31 17:20:42 | 000,000,000 | ---D | M] -- C:\Users\All Users\BTrieve [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents [2010.12.31 15:07:54 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente [2010.12.31 15:07:54 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites [2012.06.20 14:39:00 | 000,000,000 | ---D | M] -- C:\Users\All Users\Lexware [2011.05.30 09:04:36 | 000,000,000 | ---D | M] -- C:\Users\All Users\PCDr [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu [2010.12.31 15:07:54 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates [2010.12.31 15:07:54 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen [2010.12.31 15:07:54 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten [2009.07.14 04:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies [2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop [2010.12.31 15:07:54 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents [2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads [2010.12.31 15:07:54 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung [2010.12.31 15:07:54 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien [2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites [2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Links [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings [2010.12.31 15:07:54 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen [2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Music [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood [2010.12.31 15:07:54 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung [2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent [2009.07.14 04:04:25 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu [2010.12.31 15:07:54 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates [2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos [2010.12.31 15:07:54 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen [2010.12.31 15:08:11 | 000,000,000 | -HSD | M] -- C:\Users\PC Sek Vorn\Anwendungsdaten [2010.12.31 15:08:11 | 000,000,000 | -H-D | M] -- C:\Users\PC Sek Vorn\AppData [2012.02.17 09:33:08 | 000,000,000 | R--D | M] -- C:\Users\PC Sek Vorn\Contacts [2010.12.31 15:08:11 | 000,000,000 | -HSD | M] -- C:\Users\PC Sek Vorn\Cookies [2012.06.29 16:08:04 | 000,000,000 | R--D | M] -- C:\Users\PC Sek Vorn\Desktop [2012.03.12 13:04:47 | 000,000,000 | R--D | M] -- C:\Users\PC Sek Vorn\Documents [2012.06.22 11:38:21 | 000,000,000 | R--D | M] -- C:\Users\PC Sek Vorn\Downloads [2010.12.31 15:08:11 | 000,000,000 | -HSD | M] -- C:\Users\PC Sek Vorn\Druckumgebung [2010.12.31 15:08:11 | 000,000,000 | -HSD | M] -- C:\Users\PC Sek Vorn\Eigene Dateien [2012.03.30 10:31:05 | 000,000,000 | R--D | M] -- C:\Users\PC Sek Vorn\Favorites [2012.02.17 09:33:09 | 000,000,000 | R--D | M] -- C:\Users\PC Sek Vorn\Links [2010.12.31 15:08:11 | 000,000,000 | -HSD | M] -- C:\Users\PC Sek Vorn\Lokale Einstellungen [2012.02.17 09:33:08 | 000,000,000 | R--D | M] -- C:\Users\PC Sek Vorn\Music [2010.12.31 15:08:11 | 000,000,000 | -HSD | M] -- C:\Users\PC Sek Vorn\Netzwerkumgebung [2012.02.17 09:33:08 | 000,000,000 | R--D | M] -- C:\Users\PC Sek Vorn\Pictures [2010.12.31 15:08:11 | 000,000,000 | -HSD | M] -- C:\Users\PC Sek Vorn\Recent [2012.02.17 09:33:09 | 000,000,000 | R--D | M] -- C:\Users\PC Sek Vorn\Saved Games [2012.02.17 09:33:08 | 000,000,000 | R--D | M] -- C:\Users\PC Sek Vorn\Searches [2010.12.31 15:08:11 | 000,000,000 | -HSD | M] -- C:\Users\PC Sek Vorn\SendTo [2010.12.31 15:08:11 | 000,000,000 | -HSD | M] -- C:\Users\PC Sek Vorn\Startmenü [2012.02.17 09:33:08 | 000,000,000 | R--D | M] -- C:\Users\PC Sek Vorn\Videos [2010.12.31 15:08:11 | 000,000,000 | -HSD | M] -- C:\Users\PC Sek Vorn\Vorlagen [2012.06.26 17:34:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop [2010.12.31 15:07:54 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents [2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads [2009.07.14 04:04:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites [2010.12.31 15:07:53 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries [2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Music [2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures [2009.07.14 10:56:41 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV [2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos [2012.06.27 16:51:14 | 000,000,000 | -HSD | M] -- C:\Users\Verwaltung\Anwendungsdaten [2012.06.27 16:51:16 | 000,000,000 | -H-D | M] -- C:\Users\Verwaltung\AppData [2012.06.27 16:51:14 | 000,000,000 | -HSD | M] -- C:\Users\Verwaltung\Cookies [2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Verwaltung\Desktop [2012.06.27 16:51:14 | 000,000,000 | R--D | M] -- C:\Users\Verwaltung\Documents [2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Verwaltung\Downloads [2012.06.27 16:51:14 | 000,000,000 | -HSD | M] -- C:\Users\Verwaltung\Druckumgebung [2012.06.27 16:51:14 | 000,000,000 | -HSD | M] -- C:\Users\Verwaltung\Eigene Dateien [2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Verwaltung\Favorites [2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Verwaltung\Links [2012.06.27 16:51:16 | 000,000,000 | -HSD | M] -- C:\Users\Verwaltung\Lokale Einstellungen [2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Verwaltung\Music [2012.06.27 16:51:14 | 000,000,000 | -HSD | M] -- C:\Users\Verwaltung\Netzwerkumgebung [2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Verwaltung\Pictures [2012.06.27 16:51:15 | 000,000,000 | -HSD | M] -- C:\Users\Verwaltung\Recent [2009.07.14 04:04:25 | 000,000,000 | ---D | M] -- C:\Users\Verwaltung\Saved Games [2012.06.27 16:51:15 | 000,000,000 | -HSD | M] -- C:\Users\Verwaltung\SendTo [2012.06.27 16:51:15 | 000,000,000 | -HSD | M] -- C:\Users\Verwaltung\Startmenü [2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Verwaltung\Videos [2012.06.27 16:51:16 | 000,000,000 | -HSD | M] -- C:\Users\Verwaltung\Vorlagen [2012.05.29 08:20:24 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Verwaltung\AppData\Roaming\Media Center Programs [2012.06.27 16:51:17 | 000,000,000 | --SD | M] -- C:\Users\Verwaltung\AppData\Roaming\Microsoft < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_dda2ecda9bf2e50d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.12.09 17:58:47 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2010.12.09 17:58:47 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > [/code] Vielen Dank! |
|
01.07.2012, 14:01
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Small.FI und TR/ATRAPS.Gen2 Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Files
C:\Users\All Users\529C50840382271D03A908ABB4EB23C1
C:\Windows\Installer\{59e74704-7a8c-b201-e149-d2fe65250c47}\U
C:\Windows\Installer\{59e74704-7a8c-b201-e149-d2fe65250c47}\@
C:\Users\PC Sek Vorn\AppData\Local\{59e74704-7a8c-b201-e149-d2fe65250c47}\@
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.07.2012, 16:35
| #23 |
| | TR/Small.FI und TR/ATRAPS.Gen2 Hallo Arne, hier folgt jetzt das Log, nachdem ich den o.g. OTL-Fix durchgeführt habe: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== FILES ==========
C:\Users\All Users\529C50840382271D03A908ABB4EB23C1 folder moved successfully.
C:\Windows\Installer\{59e74704-7a8c-b201-e149-d2fe65250c47}\U folder moved successfully.
C:\Windows\Installer\{59e74704-7a8c-b201-e149-d2fe65250c47}\@ moved successfully.
C:\Users\PC Sek Vorn\AppData\Local\{59e74704-7a8c-b201-e149-d2fe65250c47}\@ moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
-> No Temporary Internet Files cache folder defined!
User: Default
-> No Temporary Internet Files cache folder defined!
User: Default User
-> No Temporary Internet Files cache folder defined!
User: PC Sek Vorn
-> No Temporary Internet Files cache folder defined!
User: Public
-> No Temporary Internet Files cache folder defined!
User: Verwaltung
-> No Temporary Internet Files cache folder defined!
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49632 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 0,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: PC Sek Vorn
User: Public
User: Verwaltung
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.53.1 log created on 07022012_172506
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Edit: Ich weiss nicht, ob es irgendeinen Unterschied macht, Avira warnt vor "W32/Patched.ZA" . Die Warnung ist mir gerade aufgefallen, während ich versuche verschiedene Software auf den aktuellsten Stand zu bringen. Geändert von jogspr (02.07.2012 um 17:21 Uhr) |
|
03.07.2012, 10:35
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Small.FI und TR/ATRAPS.Gen2 Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.07.2012, 20:31
| #25 |
| | TR/Small.FI und TR/ATRAPS.Gen2 Hallo Arne, hier kommt das TDSS-Killer Log: Code:
ATTFilter 21:28:04.0243 3504 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
21:28:05.0678 3504 ============================================================
21:28:05.0678 3504 Current date / time: 2012/07/03 21:28:05.0678
21:28:05.0678 3504 SystemInfo:
21:28:05.0678 3504
21:28:05.0693 3504 OS Version: 6.1.7601 ServicePack: 1.0
21:28:05.0693 3504 Product type: Workstation
21:28:05.0693 3504 ComputerName: PCSEKVORN-PC
21:28:05.0693 3504 UserName: Verwaltung
21:28:05.0693 3504 Windows directory: C:\Windows
21:28:05.0693 3504 System windows directory: C:\Windows
21:28:05.0693 3504 Processor architecture: Intel x86
21:28:05.0693 3504 Number of processors: 1
21:28:05.0693 3504 Page size: 0x1000
21:28:05.0693 3504 Boot type: Normal boot
21:28:05.0693 3504 ============================================================
21:28:07.0207 3504 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:28:07.0238 3504 ============================================================
21:28:07.0238 3504 \Device\Harddisk0\DR0:
21:28:07.0238 3504 MBR partitions:
21:28:07.0238 3504 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B800, BlocksNum 0x164D000
21:28:07.0238 3504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1678800, BlocksNum 0x1BB30000
21:28:07.0238 3504 ============================================================
21:28:07.0285 3504 C: <-> \Device\Harddisk0\DR0\Partition1
21:28:07.0331 3504 ============================================================
21:28:07.0331 3504 Initialize success
21:28:07.0331 3504 ============================================================
21:29:00.0637 2296 ============================================================
21:29:00.0637 2296 Scan started
21:29:00.0637 2296 Mode: Manual; SigCheck; TDLFS;
21:29:00.0637 2296 ============================================================
21:29:01.0947 2296 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:29:02.0150 2296 1394ohci - ok
21:29:02.0228 2296 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:29:02.0259 2296 ACPI - ok
21:29:02.0290 2296 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:29:02.0368 2296 AcpiPmi - ok
21:29:02.0478 2296 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:29:02.0493 2296 AdobeARMservice - ok
21:29:02.0571 2296 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:29:02.0602 2296 AdobeFlashPlayerUpdateSvc - ok
21:29:02.0665 2296 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:29:02.0696 2296 adp94xx - ok
21:29:02.0727 2296 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:29:02.0758 2296 adpahci - ok
21:29:02.0790 2296 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:29:02.0805 2296 adpu320 - ok
21:29:02.0914 2296 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:29:03.0024 2296 AeLookupSvc - ok
21:29:03.0086 2296 AERTFilters (7a841462ad4749f8a07b27ae8e8947b8) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
21:29:03.0258 2296 AERTFilters - ok
21:29:03.0336 2296 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:29:03.0414 2296 AFD - ok
21:29:03.0460 2296 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:29:03.0476 2296 agp440 - ok
21:29:03.0507 2296 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:29:03.0523 2296 aic78xx - ok
21:29:03.0585 2296 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:29:03.0648 2296 ALG - ok
21:29:03.0694 2296 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:29:03.0710 2296 aliide - ok
21:29:03.0741 2296 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:29:03.0757 2296 amdagp - ok
21:29:03.0772 2296 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:29:03.0788 2296 amdide - ok
21:29:03.0835 2296 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:29:03.0882 2296 AmdK8 - ok
21:29:03.0897 2296 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:29:03.0944 2296 AmdPPM - ok
21:29:03.0991 2296 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:29:04.0006 2296 amdsata - ok
21:29:04.0053 2296 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:29:04.0069 2296 amdsbs - ok
21:29:04.0100 2296 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:29:04.0116 2296 amdxata - ok
21:29:04.0209 2296 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:29:04.0225 2296 AntiVirSchedulerService - ok
21:29:04.0256 2296 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:29:04.0272 2296 AntiVirService - ok
21:29:04.0318 2296 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:29:04.0412 2296 AppID - ok
21:29:04.0459 2296 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:29:04.0521 2296 AppIDSvc - ok
21:29:04.0552 2296 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
21:29:04.0615 2296 Appinfo - ok
21:29:04.0662 2296 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:29:04.0677 2296 arc - ok
21:29:04.0693 2296 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:29:04.0724 2296 arcsas - ok
21:29:04.0755 2296 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:29:04.0849 2296 AsyncMac - ok
21:29:04.0880 2296 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:29:04.0896 2296 atapi - ok
21:29:04.0974 2296 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:29:05.0020 2296 AudioEndpointBuilder - ok
21:29:05.0036 2296 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:29:05.0067 2296 Audiosrv - ok
21:29:05.0114 2296 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
21:29:05.0145 2296 avgntflt - ok
21:29:05.0176 2296 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
21:29:05.0192 2296 avipbb - ok
21:29:05.0223 2296 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\Windows\system32\DRIVERS\avkmgr.sys
21:29:05.0239 2296 avkmgr - ok
21:29:05.0286 2296 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
21:29:05.0364 2296 AxInstSV - ok
21:29:05.0426 2296 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:29:05.0504 2296 b06bdrv - ok
21:29:05.0551 2296 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:29:05.0598 2296 b57nd60x - ok
21:29:05.0660 2296 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:29:05.0738 2296 BDESVC - ok
21:29:05.0754 2296 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:29:05.0816 2296 Beep - ok
21:29:05.0878 2296 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
21:29:05.0941 2296 BFE - ok
21:29:05.0956 2296 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:29:06.0003 2296 blbdrive - ok
21:29:06.0034 2296 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:29:06.0097 2296 bowser - ok
21:29:06.0175 2296 BPowMon (104c980400850ea84f86cd31ae2eeece) C:\Program Files\Broadcom\BPowMon\BPowMon.exe
21:29:06.0190 2296 BPowMon - ok
21:29:06.0237 2296 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:29:06.0300 2296 BrFiltLo - ok
21:29:06.0315 2296 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:29:06.0378 2296 BrFiltUp - ok
21:29:06.0409 2296 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
21:29:06.0471 2296 Browser - ok
21:29:06.0502 2296 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:29:06.0565 2296 Brserid - ok
21:29:06.0596 2296 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:29:06.0627 2296 BrSerWdm - ok
21:29:06.0674 2296 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:29:06.0736 2296 BrUsbMdm - ok
21:29:06.0752 2296 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:29:06.0799 2296 BrUsbSer - ok
21:29:06.0830 2296 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:29:06.0861 2296 BTHMODEM - ok
21:29:06.0908 2296 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:29:06.0970 2296 bthserv - ok
21:29:07.0002 2296 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:29:07.0064 2296 cdfs - ok
21:29:07.0111 2296 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
21:29:07.0142 2296 cdrom - ok
21:29:07.0204 2296 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:29:07.0236 2296 CertPropSvc - ok
21:29:07.0282 2296 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:29:07.0329 2296 circlass - ok
21:29:07.0407 2296 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:29:07.0423 2296 CLFS - ok
21:29:07.0501 2296 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:29:07.0532 2296 clr_optimization_v2.0.50727_32 - ok
21:29:07.0594 2296 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:29:07.0626 2296 clr_optimization_v4.0.30319_32 - ok
21:29:07.0657 2296 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:29:07.0672 2296 CmBatt - ok
21:29:07.0704 2296 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:29:07.0719 2296 cmdide - ok
21:29:07.0766 2296 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
21:29:07.0813 2296 CNG - ok
21:29:07.0860 2296 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:29:07.0875 2296 Compbatt - ok
21:29:07.0922 2296 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:29:07.0984 2296 CompositeBus - ok
21:29:08.0016 2296 COMSysApp - ok
21:29:08.0078 2296 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:29:08.0125 2296 crcdisk - ok
21:29:08.0187 2296 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
21:29:08.0250 2296 CryptSvc - ok
21:29:08.0312 2296 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:29:08.0374 2296 DcomLaunch - ok
21:29:08.0421 2296 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:29:08.0546 2296 defragsvc - ok
21:29:08.0593 2296 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:29:08.0655 2296 DfsC - ok
21:29:08.0718 2296 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
21:29:08.0764 2296 Dhcp - ok
21:29:08.0796 2296 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:29:08.0858 2296 discache - ok
21:29:08.0889 2296 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:29:08.0905 2296 Disk - ok
21:29:08.0952 2296 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
21:29:09.0030 2296 Dnscache - ok
21:29:09.0076 2296 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
21:29:09.0139 2296 dot3svc - ok
21:29:09.0186 2296 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
21:29:09.0248 2296 DPS - ok
21:29:09.0279 2296 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:29:09.0326 2296 drmkaud - ok
21:29:09.0404 2296 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:29:09.0451 2296 DXGKrnl - ok
21:29:09.0482 2296 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:29:09.0529 2296 EapHost - ok
21:29:09.0700 2296 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:29:09.0841 2296 ebdrv - ok
21:29:09.0950 2296 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
21:29:09.0997 2296 EFS - ok
21:29:10.0059 2296 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
21:29:10.0153 2296 ehRecvr - ok
21:29:10.0184 2296 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
21:29:10.0309 2296 ehSched - ok
21:29:10.0402 2296 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:29:10.0434 2296 elxstor - ok
21:29:10.0465 2296 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:29:10.0496 2296 ErrDev - ok
21:29:10.0558 2296 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:29:10.0652 2296 EventSystem - ok
21:29:10.0683 2296 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:29:10.0746 2296 exfat - ok
21:29:10.0777 2296 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:29:10.0839 2296 fastfat - ok
21:29:10.0917 2296 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
21:29:10.0980 2296 Fax - ok
21:29:10.0995 2296 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:29:11.0026 2296 fdc - ok
21:29:11.0058 2296 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:29:11.0120 2296 fdPHost - ok
21:29:11.0151 2296 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:29:11.0214 2296 FDResPub - ok
21:29:11.0245 2296 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:29:11.0260 2296 FileInfo - ok
21:29:11.0292 2296 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:29:11.0323 2296 Filetrace - ok
21:29:11.0338 2296 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:29:11.0370 2296 flpydisk - ok
21:29:11.0416 2296 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:29:11.0448 2296 FltMgr - ok
21:29:11.0526 2296 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
21:29:11.0619 2296 FontCache - ok
21:29:11.0682 2296 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:29:11.0697 2296 FontCache3.0.0.0 - ok
21:29:11.0728 2296 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:29:11.0744 2296 FsDepends - ok
21:29:11.0775 2296 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
21:29:11.0791 2296 Fs_Rec - ok
21:29:11.0853 2296 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:29:11.0884 2296 fvevol - ok
21:29:11.0931 2296 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:29:11.0947 2296 gagp30kx - ok
21:29:12.0009 2296 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
21:29:12.0118 2296 gpsvc - ok
21:29:12.0150 2296 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:29:12.0228 2296 hcw85cir - ok
21:29:12.0274 2296 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:29:12.0321 2296 HDAudBus - ok
21:29:12.0352 2296 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:29:12.0384 2296 HidBatt - ok
21:29:12.0415 2296 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:29:12.0446 2296 HidBth - ok
21:29:12.0477 2296 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:29:12.0508 2296 HidIr - ok
21:29:12.0540 2296 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
21:29:12.0602 2296 hidserv - ok
21:29:12.0664 2296 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
21:29:12.0696 2296 HidUsb - ok
21:29:12.0727 2296 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
21:29:12.0774 2296 hkmsvc - ok
21:29:12.0805 2296 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
21:29:12.0883 2296 HomeGroupListener - ok
21:29:12.0930 2296 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
21:29:12.0976 2296 HomeGroupProvider - ok
21:29:13.0023 2296 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:29:13.0039 2296 HpSAMD - ok
21:29:13.0132 2296 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:29:13.0179 2296 HTTP - ok
21:29:13.0210 2296 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:29:13.0226 2296 hwpolicy - ok
21:29:13.0273 2296 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:29:13.0304 2296 i8042prt - ok
21:29:13.0351 2296 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:29:13.0382 2296 iaStorV - ok
21:29:13.0507 2296 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:29:13.0538 2296 idsvc - ok
21:29:14.0100 2296 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:29:14.0349 2296 igfx - ok
21:29:14.0521 2296 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:29:14.0536 2296 iirsp - ok
21:29:14.0614 2296 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
21:29:14.0677 2296 IKEEXT - ok
21:29:14.0880 2296 IntcAzAudAddService (94b1ff5d243d34b31380a2f79fc48959) C:\Windows\system32\drivers\RTKVHDA.sys
21:29:14.0973 2296 IntcAzAudAddService - ok
21:29:15.0114 2296 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:29:15.0129 2296 intelide - ok
21:29:15.0176 2296 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:29:15.0207 2296 intelppm - ok
21:29:15.0254 2296 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:29:15.0285 2296 IPBusEnum - ok
21:29:15.0316 2296 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:29:15.0348 2296 IpFilterDriver - ok
21:29:15.0394 2296 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:29:15.0426 2296 IPMIDRV - ok
21:29:15.0441 2296 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:29:15.0504 2296 IPNAT - ok
21:29:15.0535 2296 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:29:15.0597 2296 IRENUM - ok
21:29:15.0613 2296 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:29:15.0628 2296 isapnp - ok
21:29:15.0675 2296 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:29:15.0706 2296 iScsiPrt - ok
21:29:15.0769 2296 k57nd60x (7ea81534e80570bdf6ee4a4248bba4d6) C:\Windows\system32\DRIVERS\k57nd60x.sys
21:29:15.0800 2296 k57nd60x - ok
21:29:15.0831 2296 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
21:29:15.0862 2296 kbdclass - ok
21:29:15.0909 2296 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
21:29:15.0940 2296 kbdhid - ok
21:29:15.0972 2296 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:29:16.0018 2296 KeyIso - ok
21:29:16.0034 2296 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
21:29:16.0050 2296 KSecDD - ok
21:29:16.0081 2296 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
21:29:16.0096 2296 KSecPkg - ok
21:29:16.0143 2296 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:29:16.0206 2296 KtmRm - ok
21:29:16.0252 2296 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
21:29:16.0315 2296 LanmanServer - ok
21:29:16.0346 2296 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
21:29:16.0408 2296 LanmanWorkstation - ok
21:29:16.0455 2296 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:29:16.0518 2296 lltdio - ok
21:29:16.0564 2296 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:29:16.0611 2296 lltdsvc - ok
21:29:16.0642 2296 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:29:16.0674 2296 lmhosts - ok
21:29:16.0720 2296 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:29:16.0736 2296 LSI_FC - ok
21:29:16.0767 2296 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:29:16.0783 2296 LSI_SAS - ok
21:29:16.0814 2296 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:29:16.0830 2296 LSI_SAS2 - ok
21:29:16.0845 2296 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:29:16.0876 2296 LSI_SCSI - ok
21:29:16.0908 2296 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:29:16.0954 2296 luafv - ok
21:29:17.0017 2296 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
21:29:17.0064 2296 Mcx2Svc - ok
21:29:17.0079 2296 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:29:17.0095 2296 megasas - ok
21:29:17.0126 2296 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:29:17.0157 2296 MegaSR - ok
21:29:17.0188 2296 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:29:17.0235 2296 MMCSS - ok
21:29:17.0251 2296 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:29:17.0298 2296 Modem - ok
21:29:17.0329 2296 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:29:17.0360 2296 monitor - ok
21:29:17.0407 2296 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
21:29:17.0454 2296 mouclass - ok
21:29:17.0485 2296 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:29:17.0547 2296 mouhid - ok
21:29:17.0594 2296 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:29:17.0610 2296 mountmgr - ok
21:29:17.0688 2296 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:29:17.0703 2296 MozillaMaintenance - ok
21:29:17.0750 2296 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:29:17.0766 2296 mpio - ok
21:29:17.0812 2296 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:29:17.0859 2296 mpsdrv - ok
21:29:17.0937 2296 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
21:29:18.0031 2296 MpsSvc - ok
21:29:18.0078 2296 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:29:18.0124 2296 MRxDAV - ok
21:29:18.0187 2296 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:29:18.0234 2296 mrxsmb - ok
21:29:18.0265 2296 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:29:18.0312 2296 mrxsmb10 - ok
21:29:18.0343 2296 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:29:18.0374 2296 mrxsmb20 - ok
21:29:18.0421 2296 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:29:18.0436 2296 msahci - ok
21:29:18.0468 2296 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:29:18.0499 2296 msdsm - ok
21:29:18.0546 2296 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:29:18.0592 2296 MSDTC - ok
21:29:18.0639 2296 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:29:18.0686 2296 Msfs - ok
21:29:18.0702 2296 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:29:18.0748 2296 mshidkmdf - ok
21:29:18.0764 2296 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:29:18.0780 2296 msisadrv - ok
21:29:18.0826 2296 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:29:18.0873 2296 MSiSCSI - ok
21:29:18.0873 2296 msiserver - ok
21:29:18.0920 2296 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:29:18.0982 2296 MSKSSRV - ok
21:29:18.0998 2296 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:29:19.0045 2296 MSPCLOCK - ok
21:29:19.0045 2296 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:29:19.0123 2296 MSPQM - ok
21:29:19.0170 2296 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:29:19.0185 2296 MsRPC - ok
21:29:19.0232 2296 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:29:19.0248 2296 mssmbios - ok
21:29:19.0279 2296 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:29:19.0326 2296 MSTEE - ok
21:29:19.0357 2296 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:29:19.0435 2296 MTConfig - ok
21:29:19.0450 2296 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:29:19.0466 2296 Mup - ok
21:29:19.0513 2296 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
21:29:19.0591 2296 napagent - ok
21:29:19.0653 2296 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:29:19.0684 2296 NativeWifiP - ok
21:29:19.0778 2296 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:29:19.0809 2296 NDIS - ok
21:29:19.0840 2296 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:29:19.0903 2296 NdisCap - ok
21:29:19.0934 2296 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:29:19.0996 2296 NdisTapi - ok
21:29:20.0028 2296 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:29:20.0090 2296 Ndisuio - ok
21:29:20.0137 2296 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:29:20.0199 2296 NdisWan - ok
21:29:20.0215 2296 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:29:20.0277 2296 NDProxy - ok
21:29:20.0308 2296 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:29:20.0355 2296 NetBIOS - ok
21:29:20.0386 2296 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:29:20.0433 2296 NetBT - ok
21:29:20.0480 2296 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:29:20.0511 2296 Netlogon - ok
21:29:20.0558 2296 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:29:20.0620 2296 Netman - ok
21:29:20.0652 2296 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:29:20.0714 2296 netprofm - ok
21:29:20.0792 2296 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:29:20.0823 2296 NetTcpPortSharing - ok
21:29:20.0854 2296 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:29:20.0886 2296 nfrd960 - ok
21:29:20.0932 2296 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
21:29:20.0979 2296 NlaSvc - ok
21:29:21.0198 2296 NOBU (5515e0cf93b8c726385f49d5b10fecef) C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe
21:29:21.0260 2296 NOBU - ok
21:29:21.0400 2296 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:29:21.0447 2296 Npfs - ok
21:29:21.0478 2296 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:29:21.0525 2296 nsi - ok
21:29:21.0556 2296 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:29:21.0603 2296 nsiproxy - ok
21:29:21.0728 2296 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:29:21.0775 2296 Ntfs - ok
21:29:21.0806 2296 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:29:21.0837 2296 Null - ok
21:29:21.0868 2296 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:29:21.0900 2296 nvraid - ok
21:29:21.0931 2296 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:29:21.0962 2296 nvstor - ok
21:29:21.0993 2296 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:29:22.0009 2296 nv_agp - ok
21:29:22.0118 2296 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:29:22.0149 2296 odserv - ok
21:29:22.0196 2296 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:29:22.0243 2296 ohci1394 - ok
21:29:22.0305 2296 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:29:22.0321 2296 ose - ok
21:29:22.0570 2296 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:29:22.0726 2296 osppsvc - ok
21:29:22.0851 2296 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:29:22.0960 2296 p2pimsvc - ok
21:29:23.0007 2296 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:29:23.0070 2296 p2psvc - ok
21:29:23.0132 2296 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:29:23.0163 2296 Parport - ok
21:29:23.0194 2296 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
21:29:23.0210 2296 partmgr - ok
21:29:23.0241 2296 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:29:23.0272 2296 Parvdm - ok
21:29:23.0319 2296 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:29:23.0366 2296 PcaSvc - ok
21:29:23.0397 2296 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:29:23.0428 2296 pci - ok
21:29:23.0460 2296 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:29:23.0475 2296 pciide - ok
21:29:23.0506 2296 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:29:23.0538 2296 pcmcia - ok
21:29:23.0569 2296 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:29:23.0584 2296 pcw - ok
21:29:23.0647 2296 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:29:23.0725 2296 PEAUTH - ok
21:29:23.0881 2296 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
21:29:23.0943 2296 pla - ok
21:29:24.0084 2296 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
21:29:24.0146 2296 PlugPlay - ok
21:29:24.0177 2296 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:29:24.0208 2296 PNRPAutoReg - ok
21:29:24.0255 2296 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:29:24.0286 2296 PNRPsvc - ok
21:29:24.0333 2296 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
21:29:24.0396 2296 PolicyAgent - ok
21:29:24.0442 2296 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
21:29:24.0474 2296 Power - ok
21:29:24.0552 2296 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:29:24.0598 2296 PptpMiniport - ok
21:29:24.0614 2296 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:29:24.0645 2296 Processor - ok
21:29:24.0692 2296 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
21:29:24.0832 2296 ProfSvc - ok
21:29:24.0879 2296 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:29:24.0895 2296 ProtectedStorage - ok
21:29:24.0926 2296 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:29:24.0973 2296 Psched - ok
21:29:25.0020 2296 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
21:29:25.0035 2296 PSI - ok
21:29:25.0144 2296 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:29:25.0207 2296 ql2300 - ok
21:29:25.0347 2296 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:29:25.0363 2296 ql40xx - ok
21:29:25.0410 2296 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:29:25.0456 2296 QWAVE - ok
21:29:25.0472 2296 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:29:25.0503 2296 QWAVEdrv - ok
21:29:25.0534 2296 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:29:25.0597 2296 RasAcd - ok
21:29:25.0644 2296 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:29:25.0690 2296 RasAgileVpn - ok
21:29:25.0722 2296 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:29:25.0768 2296 RasAuto - ok
21:29:25.0800 2296 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:29:25.0846 2296 Rasl2tp - ok
21:29:25.0893 2296 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
21:29:25.0971 2296 RasMan - ok
21:29:26.0002 2296 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:29:26.0049 2296 RasPppoe - ok
21:29:26.0080 2296 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:29:26.0127 2296 RasSstp - ok
21:29:26.0158 2296 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:29:26.0205 2296 rdbss - ok
21:29:26.0236 2296 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:29:26.0283 2296 rdpbus - ok
21:29:26.0314 2296 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:29:26.0377 2296 RDPCDD - ok
21:29:26.0424 2296 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:29:26.0517 2296 RDPENCDD - ok
21:29:26.0548 2296 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:29:26.0580 2296 RDPREFMP - ok
21:29:26.0626 2296 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
21:29:26.0704 2296 RDPWD - ok
21:29:26.0751 2296 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:29:26.0782 2296 rdyboost - ok
21:29:26.0814 2296 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:29:26.0876 2296 RemoteAccess - ok
21:29:26.0907 2296 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:29:26.0954 2296 RemoteRegistry - ok
21:29:26.0985 2296 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:29:27.0048 2296 RpcEptMapper - ok
21:29:27.0094 2296 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:29:27.0141 2296 RpcLocator - ok
21:29:27.0188 2296 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:29:27.0250 2296 RpcSs - ok
21:29:27.0282 2296 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:29:27.0344 2296 rspndr - ok
21:29:27.0375 2296 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:29:27.0391 2296 SamSs - ok
21:29:27.0438 2296 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:29:27.0453 2296 sbp2port - ok
21:29:27.0500 2296 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:29:27.0562 2296 SCardSvr - ok
21:29:27.0609 2296 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:29:27.0656 2296 scfilter - ok
21:29:27.0734 2296 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
21:29:27.0812 2296 Schedule - ok
21:29:27.0859 2296 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:29:27.0906 2296 SCPolicySvc - ok
21:29:27.0937 2296 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
21:29:27.0984 2296 SDRSVC - ok
21:29:28.0015 2296 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:29:28.0046 2296 secdrv - ok
21:29:28.0077 2296 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:29:28.0124 2296 seclogon - ok
21:29:28.0374 2296 Secunia PSI Agent (f70a51eb03ee7046784ef62efce9528e) C:\Program Files\Secunia\PSI\PSIA.exe
21:29:28.0467 2296 Secunia PSI Agent - ok
21:29:28.0576 2296 Secunia Update Agent (ad56ceb08eeb517332355fde9e5939c8) C:\Program Files\Secunia\PSI\sua.exe
21:29:28.0623 2296 Secunia Update Agent - ok
21:29:28.0764 2296 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
21:29:28.0810 2296 SENS - ok
21:29:28.0842 2296 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:29:28.0888 2296 SensrSvc - ok
21:29:28.0951 2296 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:29:28.0966 2296 Serenum - ok
21:29:28.0998 2296 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:29:29.0029 2296 Serial - ok
21:29:29.0060 2296 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:29:29.0107 2296 sermouse - ok
21:29:29.0169 2296 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
21:29:29.0232 2296 SessionEnv - ok
21:29:29.0278 2296 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:29:29.0341 2296 sffdisk - ok
21:29:29.0372 2296 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:29:29.0419 2296 sffp_mmc - ok
21:29:29.0419 2296 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:29:29.0450 2296 sffp_sd - ok
21:29:29.0497 2296 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:29:29.0528 2296 sfloppy - ok
21:29:29.0590 2296 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
21:29:29.0622 2296 ShellHWDetection - ok
21:29:29.0653 2296 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:29:29.0668 2296 sisagp - ok
21:29:29.0700 2296 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:29:29.0715 2296 SiSRaid2 - ok
21:29:29.0746 2296 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:29:29.0778 2296 SiSRaid4 - ok
21:29:29.0809 2296 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:29:29.0840 2296 Smb - ok
21:29:29.0887 2296 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:29:29.0918 2296 SNMPTRAP - ok
21:29:29.0934 2296 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:29:29.0949 2296 spldr - ok
21:29:30.0027 2296 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
21:29:30.0105 2296 Spooler - ok
21:29:30.0308 2296 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
21:29:30.0417 2296 sppsvc - ok
21:29:30.0526 2296 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
21:29:30.0573 2296 sppuinotify - ok
21:29:30.0636 2296 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:29:30.0698 2296 srv - ok
21:29:30.0729 2296 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:29:30.0792 2296 srv2 - ok
21:29:30.0807 2296 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:29:30.0838 2296 srvnet - ok
21:29:30.0885 2296 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:29:30.0932 2296 SSDPSRV - ok
21:29:30.0963 2296 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
21:29:30.0979 2296 ssmdrv - ok
21:29:31.0010 2296 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:29:31.0072 2296 SstpSvc - ok
21:29:31.0104 2296 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:29:31.0119 2296 stexstor - ok
21:29:31.0182 2296 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
21:29:31.0244 2296 StiSvc - ok
21:29:31.0275 2296 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:29:31.0291 2296 swenum - ok
21:29:31.0338 2296 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
21:29:31.0384 2296 swprv - ok
21:29:31.0478 2296 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
21:29:31.0540 2296 SysMain - ok
21:29:31.0572 2296 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
21:29:31.0618 2296 TabletInputService - ok
21:29:31.0665 2296 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
21:29:31.0728 2296 TapiSrv - ok
21:29:31.0759 2296 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
21:29:31.0884 2296 TBS - ok
21:29:31.0993 2296 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
21:29:32.0055 2296 Tcpip - ok
21:29:32.0258 2296 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
21:29:32.0289 2296 TCPIP6 - ok
21:29:32.0383 2296 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:29:32.0430 2296 tcpipreg - ok
21:29:32.0461 2296 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:29:32.0523 2296 TDPIPE - ok
21:29:32.0554 2296 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
21:29:32.0601 2296 TDTCP - ok
21:29:32.0648 2296 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:29:32.0710 2296 tdx - ok
21:29:32.0960 2296 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
21:29:33.0038 2296 TeamViewer7 - ok
21:29:33.0178 2296 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:29:33.0194 2296 TermDD - ok
21:29:33.0256 2296 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
21:29:33.0319 2296 TermService - ok
21:29:33.0334 2296 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
21:29:33.0381 2296 Themes - ok
21:29:33.0412 2296 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:29:33.0459 2296 THREADORDER - ok
21:29:33.0506 2296 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
21:29:33.0568 2296 TrkWks - ok
21:29:33.0631 2296 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
21:29:33.0678 2296 TrustedInstaller - ok
21:29:33.0709 2296 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:29:33.0740 2296 tssecsrv - ok
21:29:33.0787 2296 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:29:33.0834 2296 TsUsbFlt - ok
21:29:33.0896 2296 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:29:33.0943 2296 tunnel - ok
21:29:33.0974 2296 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:29:33.0990 2296 uagp35 - ok
21:29:34.0036 2296 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:29:34.0099 2296 udfs - ok
21:29:34.0146 2296 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
21:29:34.0177 2296 UI0Detect - ok
21:29:34.0224 2296 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:29:34.0239 2296 uliagpkx - ok
21:29:34.0302 2296 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
21:29:34.0317 2296 umbus - ok
21:29:34.0364 2296 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:29:34.0426 2296 UmPass - ok
21:29:34.0473 2296 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
21:29:34.0536 2296 upnphost - ok
21:29:34.0567 2296 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
21:29:34.0645 2296 usbccgp - ok
21:29:34.0692 2296 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:29:34.0738 2296 usbcir - ok
21:29:34.0754 2296 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
21:29:34.0770 2296 usbehci - ok
21:29:34.0816 2296 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:29:34.0863 2296 usbhub - ok
21:29:34.0879 2296 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
21:29:34.0926 2296 usbohci - ok
21:29:34.0972 2296 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:29:34.0988 2296 usbprint - ok
21:29:35.0019 2296 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:29:35.0082 2296 USBSTOR - ok
21:29:35.0113 2296 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
21:29:35.0128 2296 usbuhci - ok
21:29:35.0160 2296 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
21:29:35.0206 2296 UxSms - ok
21:29:35.0238 2296 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:29:35.0269 2296 VaultSvc - ok
21:29:35.0300 2296 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:29:35.0316 2296 vdrvroot - ok
21:29:35.0440 2296 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
21:29:35.0487 2296 vds - ok
21:29:35.0534 2296 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:29:35.0581 2296 vga - ok
21:29:35.0612 2296 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:29:35.0643 2296 VgaSave - ok
21:29:35.0690 2296 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:29:35.0721 2296 vhdmp - ok
21:29:35.0768 2296 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:29:35.0784 2296 viaagp - ok
21:29:35.0815 2296 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:29:35.0846 2296 ViaC7 - ok
21:29:35.0862 2296 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:29:35.0877 2296 viaide - ok
21:29:35.0924 2296 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:29:35.0940 2296 volmgr - ok
21:29:35.0971 2296 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:29:36.0002 2296 volmgrx - ok
21:29:36.0049 2296 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:29:36.0080 2296 volsnap - ok
21:29:36.0127 2296 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:29:36.0142 2296 vsmraid - ok
21:29:36.0252 2296 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
21:29:36.0314 2296 VSS - ok
21:29:36.0345 2296 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
21:29:36.0376 2296 vwifibus - ok
21:29:36.0423 2296 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
21:29:36.0486 2296 W32Time - ok
21:29:36.0517 2296 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:29:36.0548 2296 WacomPen - ok
21:29:36.0595 2296 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:29:36.0642 2296 WANARP - ok
21:29:36.0657 2296 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:29:36.0688 2296 Wanarpv6 - ok
21:29:36.0829 2296 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
21:29:36.0876 2296 WatAdminSvc - ok
21:29:37.0063 2296 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
21:29:37.0156 2296 wbengine - ok
21:29:37.0188 2296 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
21:29:37.0250 2296 WbioSrvc - ok
21:29:37.0297 2296 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
21:29:37.0344 2296 wcncsvc - ok
21:29:37.0375 2296 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
21:29:37.0437 2296 WcsPlugInService - ok
21:29:37.0500 2296 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:29:37.0515 2296 Wd - ok
21:29:37.0562 2296 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:29:37.0593 2296 Wdf01000 - ok
21:29:37.0624 2296 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:29:37.0734 2296 WdiServiceHost - ok
21:29:37.0749 2296 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:29:37.0780 2296 WdiSystemHost - ok
21:29:37.0843 2296 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
21:29:37.0890 2296 WebClient - ok
21:29:37.0905 2296 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
21:29:37.0952 2296 Wecsvc - ok
21:29:37.0983 2296 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
21:29:38.0030 2296 wercplsupport - ok
21:29:38.0061 2296 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
21:29:38.0124 2296 WerSvc - ok
21:29:38.0155 2296 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:29:38.0186 2296 WfpLwf - ok
21:29:38.0217 2296 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:29:38.0233 2296 WIMMount - ok
21:29:38.0264 2296 WinHttpAutoProxySvc - ok
21:29:38.0326 2296 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
21:29:38.0389 2296 Winmgmt - ok
21:29:38.0514 2296 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
21:29:38.0592 2296 WinRM - ok
21:29:38.0685 2296 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
21:29:38.0732 2296 Wlansvc - ok
21:29:38.0841 2296 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:29:38.0857 2296 wlcrasvc - ok
21:29:39.0028 2296 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:29:39.0106 2296 wlidsvc - ok
21:29:39.0247 2296 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:29:39.0262 2296 WmiAcpi - ok
21:29:39.0325 2296 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
21:29:39.0372 2296 wmiApSrv - ok
21:29:39.0528 2296 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:29:39.0621 2296 WMPNetworkSvc - ok
21:29:39.0730 2296 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
21:29:39.0793 2296 WPCSvc - ok
21:29:39.0824 2296 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
21:29:39.0902 2296 WPDBusEnum - ok
21:29:39.0964 2296 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:29:39.0996 2296 ws2ifsl - ok
21:29:40.0011 2296 WSearch - ok
21:29:40.0058 2296 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:29:40.0089 2296 WudfPf - ok
21:29:40.0152 2296 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:29:40.0183 2296 WUDFRd - ok
21:29:40.0230 2296 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
21:29:40.0292 2296 wudfsvc - ok
21:29:40.0323 2296 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
21:29:40.0370 2296 WwanSvc - ok
21:29:40.0417 2296 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:29:40.0713 2296 \Device\Harddisk0\DR0 - ok
21:29:40.0713 2296 Boot (0x1200) (59c27f2e11e634fb06124fc162134af6) \Device\Harddisk0\DR0\Partition0
21:29:40.0713 2296 \Device\Harddisk0\DR0\Partition0 - ok
21:29:40.0760 2296 Boot (0x1200) (b7419dc6caeee7a9e41dbc882c11b75c) \Device\Harddisk0\DR0\Partition1
21:29:40.0760 2296 \Device\Harddisk0\DR0\Partition1 - ok
21:29:40.0760 2296 ============================================================
21:29:40.0760 2296 Scan finished
21:29:40.0760 2296 ============================================================
21:29:40.0791 2100 Detected object count: 0
21:29:40.0791 2100 Actual detected object count: 0
|
|
04.07.2012, 16:31
| #26 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Small.FI und TR/ATRAPS.Gen2 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.07.2012, 09:37
| #27 |
| | TR/Small.FI und TR/ATRAPS.Gen2 Es gibt leider ein Problem bei der Ausführung von Combofix. Ich bin so vorgegangen wie beschrieben, habe das Programm heruntergeladen, alle anderen Programme beendet, Virenscanner deaktiviert und dann Combofix ausgeführt. Darauf hat Combofix gemeldet, dass er den bereits deinstallierten Virenscanner (TrendMicro) erkannt hat, und die Benutzung durch diesen Beeinträchtigt wird und ich den Scanner deaktivieren soll. Das übder die Windowsfunktion zum Software Deinstallieren kein Eintrag der Trendmicro-Software zu finden war, habe ich von TrendMicro ein removal Tool heruntergeladen und ausgeführt. Danach neugestartet und dann wieder Combofix ausgeführt. Das hat soweit funktioniert, bis der Computer irgendwann (während oder kurz nach der Wiederherstellungspunkterstellung) von selbst neu gestartet wurde. Darauf habe ich wieder das Benutzerprofil aufgerufen und seitdem blinkt im Rhythmus von Sekundenbruchteilen ein blaues Combofix-Fenster an nacheinander in der linken Bildschirmhälfte auf. Auch ein weiterer Neustart ändert daran nichts. Geändert von jogspr (05.07.2012 um 09:42 Uhr) |
|
05.07.2012, 11:34
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Small.FI und TR/ATRAPS.Gen2 Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.07.2012, 14:18
| #29 |
| | TR/Small.FI und TR/ATRAPS.Gen2 Hallo Arne, vielen Dank, es hat dieses Mal geklappt. Das Logfile kommt hier: Combofix Logfile: Code:
ATTFilter ComboFix 12-07-05.02 - Verwaltung 05.07.2012 15:02:20.2.1 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.989.403 [GMT 2:00]
ausgeführt von:: c:\users\PC Sek Vorn\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-- Vorheriger Suchlauf --
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe wurde wiederhergestellt
.
--------
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-05 bis 2012-07-05 ))))))))))))))))))))))))))))))
.
.
2012-07-02 18:06 . 2012-06-14 22:19 85472 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-07-02 17:40 . 2012-07-02 17:40 -------- d-----w- c:\windows\en
2012-07-02 17:35 . 2012-07-02 17:35 -------- d-----w- c:\windows\de
2012-07-02 17:30 . 2012-07-02 17:30 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-02 17:27 . 2012-07-02 17:27 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\1238b741cd587805\MeshBetaRemover.exe
2012-07-02 17:27 . 2012-07-02 17:27 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\f8c9f7be1cd587704\DSETUP.dll
2012-07-02 17:27 . 2012-07-02 17:27 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\f8c9f7be1cd587704\DXSETUP.exe
2012-07-02 17:27 . 2012-07-02 17:27 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\f8c9f7be1cd587704\dsetup32.dll
2012-07-02 17:07 . 2012-07-02 17:07 -------- d-----w- c:\program files\Common Files\Adobe
2012-07-02 16:59 . 2012-07-02 16:59 -------- d-----w- c:\program files\Common Files\Java
2012-07-02 16:04 . 2012-06-14 22:16 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-02 16:04 . 2012-06-14 22:16 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-07-02 16:04 . 2012-07-02 16:04 -------- d-----w- c:\program files\FileHippo.com
2012-07-02 15:56 . 2012-07-02 15:56 -------- d-----w- c:\program files\Secunia
2012-07-02 15:25 . 2012-07-02 15:25 -------- d-----w- C:\_OTL
2012-06-27 14:51 . 2012-07-04 12:23 -------- d-----w- c:\users\Verwaltung
2012-06-26 14:30 . 2012-07-03 12:26 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-26 14:30 . 2012-06-14 22:17 624608 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-06-26 14:30 . 2012-06-14 22:17 43488 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-06-26 14:30 . 2012-06-14 22:17 157608 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-26 14:30 . 2012-06-14 22:17 113120 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-06-26 08:34 . 2012-06-26 08:34 -------- d-----w- c:\program files\ESET
2012-06-22 11:19 . 2012-06-22 11:19 -------- d-----w- c:\users\PC Sek Vorn\AppData\Roaming\Malwarebytes
2012-06-22 11:18 . 2012-06-22 11:18 -------- d-----w- c:\programdata\Malwarebytes
2012-06-22 11:18 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-22 11:18 . 2012-06-22 11:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-22 06:28 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 06:28 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 06:28 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 06:28 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 06:28 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 06:28 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 06:28 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 06:27 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 06:27 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 15:57 . 2012-06-18 15:57 -------- d-----w- C:\Logs
2012-06-18 15:19 . 2012-07-02 16:58 772592 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-18 15:18 . 2012-07-02 16:58 -------- d-----w- c:\program files\Java
2012-06-18 14:37 . 2012-06-18 14:37 -------- d-----w- c:\program files\TeamViewer
2012-06-13 10:00 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 10:00 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 10:00 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 10:00 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 10:00 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 10:00 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 10:00 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 10:00 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 10:00 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 10:00 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 14:18 . 2012-06-12 14:18 -------- d-----w- c:\users\PC Sek Vorn\AppData\Local\Macromedia
2012-06-12 13:41 . 2012-06-12 13:41 -------- d-----w- c:\users\PC Sek Vorn\AppData\Roaming\Avira
2012-06-12 13:34 . 2012-04-16 19:17 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-12 13:34 . 2012-04-27 08:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-12 13:34 . 2012-04-24 22:32 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-12 13:34 . 2012-06-12 13:34 -------- d-----w- c:\programdata\Avira
2012-06-12 13:34 . 2012-06-12 13:34 -------- d-----w- c:\program files\Avira
2012-06-08 10:50 . 2012-06-08 10:50 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-08 08:43 . 2012-06-08 08:43 -------- d-----w- c:\programdata\McAfee
2012-06-08 08:43 . 2012-07-02 16:56 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-08 08:43 . 2012-07-02 16:56 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-02 16:58 . 2010-12-09 07:12 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-24 12:29 . 2012-04-24 12:29 4770160 ----a-w- c:\windows\system32\LxXtreme100.dll
2012-04-24 12:29 . 2012-04-24 12:29 104304 ----a-w- c:\windows\system32\LxUISettingsN100.dll
2012-04-24 12:29 . 2012-04-24 12:29 25968 ----a-w- c:\windows\system32\LxTPSW100.dll
2012-04-24 12:28 . 2012-04-24 12:28 1336688 ----a-w- c:\windows\system32\LxTool100.dll
2012-04-24 12:28 . 2012-04-24 12:28 63344 ----a-w- c:\windows\system32\LxPXTree100.dll
2012-04-24 12:28 . 2012-04-24 12:28 111472 ----a-w- c:\windows\system32\LxODBC100.dll
2012-04-24 12:28 . 2012-04-24 12:28 127344 ----a-w- c:\windows\system32\LxMail100.dll
2012-04-24 12:28 . 2012-04-24 12:28 200048 ----a-w- c:\windows\system32\LxDBAL100.dll
2012-04-24 12:28 . 2012-04-24 12:28 76656 ----a-w- c:\windows\system32\LxDAO100.dll
2012-04-24 12:28 . 2012-04-24 12:28 205168 ----a-w- c:\windows\system32\LxBasics100.dll
2012-04-17 13:58 . 2012-04-17 13:58 139120 ----a-w- c:\windows\system32\LXReportManage.ocx
2012-04-17 13:58 . 2012-04-17 13:58 207728 ----a-w- c:\windows\system32\LXPrnUtil10.dll
2012-04-17 13:58 . 2012-04-17 13:58 138608 ----a-w- c:\windows\system32\LxDNTvmc100.dll
2012-04-17 13:58 . 2012-04-17 13:58 74608 ----a-w- c:\windows\system32\LxDNTvm100.dll
2012-04-17 13:58 . 2012-04-17 13:58 309616 ----a-w- c:\windows\system32\LxDNT100.dll
2012-06-14 22:19 . 2012-07-02 18:06 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-12 7739936]
"Dell DataSafe Online"="c:\program files\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-25 927576]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\users\PC Sek Vorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TeamViewer 7.lnk - c:\program files\TeamViewer\Version7\TeamViewer.exe [2012-6-18 7357824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-6-27 572000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"77.76.214.0,255.255.254.0,192.168.57.182,1"=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-08 16:56]
.
.
------- Zusätzlicher Suchlauf -------
.
TCP: DhcpNameServer = 192.168.57.1
FF - ProfilePath - c:\users\Verwaltung\AppData\Roaming\Mozilla\Firefox\Profiles\di6kd9e6.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-05 15:15:04
ComboFix-quarantined-files.txt 2012-07-05 13:15
.
Vor Suchlauf: 15 Verzeichnis(se), 198.646.444.032 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 198.554.660.864 Bytes frei
.
- - End Of File - - 3467729CDCD98A7B634D55D0AEC45C4C
Geändert von jogspr (05.07.2012 um 14:24 Uhr) |
|
05.07.2012, 16:05
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Small.FI und TR/ATRAPS.Gen2 Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu TR/Small.FI und TR/ATRAPS.Gen2 |
| antivirus, autorun, avira, bho, bingbar, document, entfernen, error, explorer, fehler, firefox, flash player, format, helper, heuristiks/extra, heuristiks/shuriken, home, install.exe, locker, logfile, microsoft office word, monitor, office 2007, opera, plug-in, realtek, registry, rundll, searchscopes, security, senden, server, services.exe, trojaner-board, udp, version=1.0, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
