Live Security Platinum, Programme ausführen nicht möglich

che · 18.07.2012, 00:35

Ich habe mir vor ein paar Stunden Malware eingefangen, die eine Benützung des PCs unmöglich macht: Programme sind nicht ausführbar, Browser nur beschränkt benützbar, ständige Weiterleitungen und Aufforderungen die Live Security Platinum Software zu kaufen...
In den abgesicherten Modud komme ich auch nicht mehr.
Die MS-Wiederherstellungskonsole ist installiert.

Leider kann ich keine Logfiles erstellen da die Programme nicht ausführbar sind.
Gibt es überhaupt noch etwas was ich tun kann ausser neu aufsetzen?

LG che

EDIT: Konnte jetzt über ein anderes (eingeschränktes) Konto alle Programme ausführen ausser GMER (dieses benötigt Adminrechte). Defogger hat einen Fehler festgestellt.

Code:

ATTFilter

OTL logfile created on: 18.07.2012 01:53:26 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Dokumente und Einstellungen\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,48 Mb Total Physical Memory | 686,28 Mb Available Physical Memory | 67,05% Memory free
3,90 Gb Paging File | 3,56 Gb Available in Paging File | 91,33% Paging File free
Paging file location(s): E:\pagefile.sys 3070 3070 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 78,13 Gb Total Space | 15,62 Gb Free Space | 20% Space Free | Partition Type: NTFS
Drive E: | 4,50 Gb Total Space | 1,48 Gb Free Space | 32,88% Space Free | Partition Type: NTFS
 
Computer Name: MEDION-PC | User Name: User | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.18 01:48:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.03.30 15:13:06 | 000,389,120 | R--- | M] (Teleca) -- C:\Programme\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2010.03.17 16:22:52 | 001,019,904 | R--- | M] (Teleca Sweden AB) -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2010.03.17 16:08:22 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2010.03.17 16:08:04 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2009.12.11 15:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
PRC - [2009.06.03 10:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Programme\Gemeinsame Dateien\Teleca Shared\logger.exe
PRC - [2009.04.14 13:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
PRC - [2008.06.24 17:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.05.01 00:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003.08.04 15:54:52 | 000,215,552 | ---- | M] (Intersil Americas Inc.) -- C:\WINDOWS\system32\PRISMSTA.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2010.03.31 10:08:50 | 000,240,552 | R--- | M] () -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll
MOD - [2010.03.31 10:08:50 | 000,240,552 | R--- | M] () -- C:\Programme\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll
MOD - [2010.03.17 16:20:30 | 000,139,264 | R--- | M] () -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll
MOD - [2006.10.22 12:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.11 19:17:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Unknown] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.19 14:33:33 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Unknown] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Unknown] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Unknown] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Unknown] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011.12.30 21:32:20 | 000,218,624 | ---- | M] () [Auto | Unknown] -- C:\Programme\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2010.11.16 15:37:38 | 000,264,704 | ---- | M] () [Auto | Unknown] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2009.11.12 00:09:33 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Unknown] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.09.30 11:15:52 | 000,065,024 | ---- | M] (tzuk) [Auto | Unknown] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2008.06.24 17:05:56 | 000,537,896 | ---- | M] (Nero AG) [On_Demand | Unknown] -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008.05.01 00:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl)
SRV - [2007.03.06 11:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Unknown] -- C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\usbser.sys -- (usbser)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Unknown] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\2D.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\lgvmodem.sys -- (LGVMODEM)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\lgbtbus.sys -- (lgbusenum)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\lgbtport.sys -- (LgBttPort)
DRV - File not found [Kernel | System | Unknown] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Unknown] -- System32\Drivers\iiusbisp.sys -- (IIUSBISP)
DRV - File not found [Kernel | System | Unknown] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Unknown] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (alye2joa)
DRV - [2012.07.18 01:15:52 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Unknown] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.12.30 21:32:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011.12.30 21:32:26 | 000,106,496 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011.12.30 21:32:26 | 000,072,576 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.12 13:53:27 | 000,717,296 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009.09.30 11:15:52 | 000,116,736 | ---- | M] (tzuk) [Kernel | On_Demand | Unknown] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009.06.10 16:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008.05.01 00:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl)
DRV - [2007.09.19 22:37:48 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Unknown] -- C:\Programme\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2006.12.14 01:39:28 | 000,040,832 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2006.12.13 18:52:50 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2003.08.07 16:36:48 | 000,362,688 | ---- | M] (Intersil Americas Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\PRISMA00.sys -- (PRISM_A00)
DRV - [2001.08.17 13:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001.06.07 11:56:38 | 000,018,120 | R--- | M] (   ) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\GT680x.sys -- (SampleScanner)
DRV - [2001.06.07 11:56:38 | 000,018,120 | R--- | M] (   ) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\GT680x.sys -- (GT680x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = hxxp://www.google.com/search?q=%s
IE - HKCU\..\SearchScopes,DefaultScope = {9230B84B-BC4E-4C78-9E08-FF679546EFA9}
IE - HKCU\..\SearchScopes\{9230B84B-BC4E-4C78-9E08-FF679546EFA9}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLG
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\2.0.40115.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.19 14:33:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.06.06 14:46:37 | 000,000,000 | ---D | M]
 
[2012.02.03 09:16:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions
[2012.02.03 09:18:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\wg6tn4pd.default\extensions
[2012.02.03 09:18:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\User


\Anwendungsdaten\Mozilla\Firefox\Profiles\wg6tn4pd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.07 23:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.19 14:33:33 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.04.20 11:29:10 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.20 11:29:10 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.04.20 11:29:10 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.20 11:29:10 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.20 11:29:10 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.20 11:29:10 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.06.04 17:41:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Programme\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PRISMSTA.EXE] C:\WINDOWS\System32\PRISMSTA.exe (Intersil Americas Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2744F42-6589-459A-BFEA-55179D4FA142}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Antiwpa: DllName - (antiwpa.dll) - C:\WINDOWS\System32\antiwpa.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.11.07 20:07:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.18 01:48:42 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe
[2012.07.18 01:44:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\CyberLink PowerDVD
[2012.07.18 00:47:09 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.07.18 00:34:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036E19080000E340DBAE907C7B07D287
[2012.07.10 01:23:59 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
[2012.07.10 01:23:59 | 000,369,152 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll
[2012.07.10 01:23:59 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2012.07.10 01:23:59 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2012.07.10 01:23:52 | 000,000,000 | ---D | C] -- C:\Programme\AviSynth 2.5
[2012.07.10 01:07:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SUPER
[2012.07.10 01:07:37 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2012.07.10 01:07:37 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2012.07.10 01:07:37 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2012.07.10 01:07:37 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2012.07.10 01:07:37 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2012.07.10 01:07:37 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2012.07.10 01:07:37 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2012.07.10 01:07:37 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2012.07.10 01:07:37 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2012.07.10 01:07:37 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2012.07.10 01:07:37 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2012.07.10 01:07:30 | 000,000,000 | ---D | C] -- C:\Programme\SUPER
[2012.07.10 01:02:00 | 000,000,000 | ---D | C] -- C:\Programme\eRightSoft
[2012.07.03 14:07:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.07.01 02:46:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YTD Video Downloader
[2012.07.01 02:46:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\YTD Video Downloader
[2012.07.01 02:46:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YTD YouTube Downloader & Converter
[2012.07.01 02:45:54 | 000,000,000 | ---D | C] -- C:\Programme\YTD YouTube Downloader & Converter
[2012.06.22 11:32:10 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\User\Recent
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.18 01:49:03 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\User\defogger_reenable
[2012.07.18 01:48:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe
[2012.07.18 01:48:24 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Defogger.exe
[2012.07.18 01:44:32 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.18 01:44:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.18 01:44:09 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.18 01:23:11 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.07.18 01:18:15 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.18 01:15:52 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.07.18 00:56:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.18 00:17:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.07.10 01:55:25 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.07.10 01:07:39 | 000,000,610 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPER ©.lnk
[2012.07.01 02:46:45 | 000,000,805 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\YTD Video Downloader.lnk
[2012.06.22 11:25:18 | 001,510,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.22 11:20:56 | 000,456,474 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.06.22 11:20:56 | 000,441,112 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.22 11:20:56 | 000,084,928 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.06.22 11:20:56 | 000,071,430 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.22 11:15:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.18 01:49:03 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\defogger_reenable
[2012.07.18 01:48:24 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Defogger.exe
[2012.07.18 01:44:09 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.10 01:23:59 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2012.07.10 01:07:39 | 000,000,610 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPER ©.lnk
[2012.07.10 01:07:37 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2012.07.10 01:07:37 | 000,195,584 | RHS- | C] () -- C:\WINDOWS\System32\MatroskaDX.ax
[2012.07.10 01:07:37 | 000,121,344 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.ax
[2012.07.10 01:07:37 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2012.07.10 01:07:37 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2012.07.10 01:07:37 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2012.07.10 01:07:37 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2012.07.10 01:07:36 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2012.07.01 02:46:45 | 000,000,805 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\YTD Video Downloader.lnk
[2012.05.30 15:39:36 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012.05.30 15:39:36 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2012.02.29 16:01:59 | 000,000,488 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2012.02.29 14:02:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010.12.27 02:04:17 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.10.11 13:32:42 | 000,030,720 | ---- | C] () -- C:\WINDOWS\EWhiteu12.dat
[2010.10.11 13:32:42 | 000,000,004 | ---- | C] () -- C:\WINDOWS\AErroru3.dat
[2010.10.11 13:32:39 | 000,030,720 | ---- | C] () -- C:\WINDOWS\EDarku12.dat
[2010.10.11 13:32:37 | 000,000,006 | ---- | C] () -- C:\WINDOWS\EExpou.dat
[2010.10.11 13:32:37 | 000,000,003 | ---- | C] () -- C:\WINDOWS\EOffsetu.dat
[2010.10.11 13:32:37 | 000,000,003 | ---- | C] () -- C:\WINDOWS\EGain6.dat
[2010.10.11 13:32:02 | 000,000,275 | R--- | C] () -- C:\WINDOWS\System32\Arsetup.ini
[2010.10.11 13:30:00 | 000,200,704 | ---- | C] () -- C:\WINDOWS\Ausba3.dll
[2010.10.11 13:30:00 | 000,011,542 | ---- | C] () -- C:\WINDOWS\Dusb3ar.ini
[2010.10.11 13:30:00 | 000,002,685 | ---- | C] () -- C:\WINDOWS\Ausba3.INI
[2010.10.11 13:30:00 | 000,000,863 | ---- | C] () -- C:\WINDOWS\ScnPanel.ini
[2010.10.11 13:29:58 | 000,018,120 | R--- | C] (   ) -- C:\WINDOWS\System32\drivers\GT680x.sys
[2010.10.11 13:29:55 | 000,001,674 | ---- | C] () -- C:\WINDOWS\Flachbett.ini
[2008.05.01 00:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{86d44e12-40ad-65a0-3f37-d9e36790f914}\@
 
========== LOP Check ==========
 
[2012.07.18 00:36:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036E19080000E340DBAE907C7B07D287
[2009.12.22 02:16:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2010.01.12 12:52:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2011.11.09 03:57:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cypheros
[2009.11.12 13:56:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2011.12.30 21:34:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService
[2011.11.09 01:01:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fontconfig
[2010.09.11 03:28:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HTC
[2011.09.18 00:07:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LGMOBILEAX
[2011.12.30 21:34:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner
[2010.01.12 00:46:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel
[2010.01.12 00:46:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SPSS
[2010.09.11 03:28:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
[2011.11.20 02:35:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2012.07.01 02:46:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YTD Video Downloader
[2012.07.01 02:46:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YTD YouTube Downloader & Converter
[2012.02.03 09:15:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Teleca
 
========== Purity Check ==========
 
 

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 18.07.2012 01:53:27 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Dokumente und Einstellungen\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,48 Mb Total Physical Memory | 686,28 Mb Available Physical Memory | 67,05% Memory free
3,90 Gb Paging File | 3,56 Gb Available in Paging File | 91,33% Paging File free
Paging file location(s): E:\pagefile.sys 3070 3070 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 78,13 Gb Total Space | 15,62 Gb Free Space | 20% Space Free | Partition Type: NTFS
Drive E: | 4,50 Gb Total Space | 1,48 Gb Free Space | 32,88% Space Free | Partition Type: NTFS
 
Computer Name: MEDION-PC | User Name: User | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Programme\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Java\jre7\bin\javaw.exe" = C:\Programme\Java\jre7\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary -- (Oracle Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9
"{1CC70590-9737-48B0-BA7E-C8DBF0F890C3}" = Flachbettscanner
"{211E8730-5681-49ED-BC6A-78C9F88E95F5}" = Adobe Shockwave Player
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Foto-Manager 2009
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F311E2E-C275-4CF0-8154-B63991832668}_is1" = SUPER © v2012.build.52 (July 7, 2012) Version v2012.build.52
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{9782762F-639B-499B-A23D-5EBEAFC160E6}" = Microsoft Tool Web Package:diskpart.exe
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4174D1-7970-40E6-AC57-F095F961FB08}" = HTC Sync
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8 Ultra Edition HD
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA1CB7AC-E221-4822-A789-0ADB051DC498}" = Medion Flash XL
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"AdobeFlashFiles" = Adobe Flash Player
"Avira AntiVir Desktop" = Avira Free Antivirus
"Avira NTFS4DOS" = Avira NTFS4DOS 1.9
"CCleaner" = CCleaner
"C-Media Audio" = C-Media 3D Audio
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DXAddon" = DirectX 9.0c Zusatzdateien
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00
"Foxit Reader_is1" = Foxit Reader 5.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.18.403
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HaaliMkx" = Haali Media Splitter
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"ImgBurn" = ImgBurn
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD Ultra
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MKVtoolnix" = MKVtoolnix 5.0.1
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Runtimes" = Allgemeine Runtime Dateien
"Sandboxie" = Sandboxie 3.40
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Totalcmd" = Total Commander (Remove or Repair)
"TsRemux_is1" = TsRemux 0.23.2
"Unlocker" = Unlocker 1.8.7
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WinRAR archiver" = WinRAR
"XP Codec Pack" = XP Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
Error: Unable to start EventLog service!
 
< End of report >

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 01:53 on 18/07/2012 (Mama)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
Error opening service: SPTD (5)


-=E.O.F=-

markusg · 19.07.2012, 19:59

hi
bekommen wir auch die Malwarebytes logs mit funden?
unter Malwarebytes logdateien zu finden

che · 20.07.2012, 10:56

Habe jetzt herausgefunden, dass der abgesicherte Modus (OHNE Netzwerktreiber) funktioniert! Habe hier gleich einen MBAM Scan durchgefühert. Es wurde auch die LiveSecurityPlatinum Malware gefunden. Eine Bereinigung brachte allerdings keinen Erfolg.

Hier der log:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.30.07

Windows XP Service Pack 3 x86 NTFS (Abgesichertenmodus)
Internet Explorer 7.0.5730.13
Che :: MEDION-PC [Administrator]

18.07.2012 12:40:58
mbam-log-2012-07-18 (12-40-58).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 332841
Laufzeit: 45 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Dokumente und Einstellungen\Che\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg · 25.07.2012, 20:48

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

che · 26.07.2012, 19:40

OK Combofix ist jetzt durch. Der PC scheint keine Probleme mehr zu haben.

hier das logfile:

Code:

ATTFilter

ComboFix 12-07-27.02 - Che 26.07.2012  19:37:55.3.2 - x86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1023.701 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\User\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\036E19080000E340DBAE907C7B07D287
c:\dokumente und einstellungen\All Users\Anwendungsdaten\036E19080000E340DBAE907C7B07D287\036E19080000E340DBAE907C7B07D287
c:\dokumente und einstellungen\All Users\Anwendungsdaten\036E19080000E340DBAE907C7B07D287\036E19080000E340DBAE907C7B07D287.exe
c:\dokumente und einstellungen\All Users\Anwendungsdaten\036E19080000E340DBAE907C7B07D287\036E19080000E340DBAE907C7B07D287.ico
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-26 bis 2012-07-26  ))))))))))))))))))))))))))))))
.
.
2012-07-26 07:39 . 2012-07-26 07:39	--------	d-----w-	c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Sun
2012-07-20 11:40 . 2012-07-20 11:40	--------	d-----w-	c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Identities
2012-07-18 07:37 . 2012-07-18 07:37	--------	d-----w-	c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Temp
2012-07-18 07:37 . 2012-07-18 07:37	--------	d-----w-	c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Adobe
2012-07-09 23:23 . 2009-09-27 07:39	369152	----a-w-	c:\windows\system32\avisynth.dll
2012-07-09 23:23 . 2005-07-14 10:31	32256	----a-w-	c:\windows\system32\AVSredirect.dll
2012-07-09 23:23 . 2004-02-22 08:11	719872	----a-w-	c:\windows\system32\devil.dll
2012-07-09 23:23 . 2004-01-24 22:00	70656	----a-w-	c:\windows\system32\yv12vfw.dll
2012-07-09 23:23 . 2004-01-24 22:00	70656	----a-w-	c:\windows\system32\i420vfw.dll
2012-07-09 23:23 . 2012-07-09 23:23	--------	d-----w-	c:\programme\AviSynth 2.5
2012-07-09 23:02 . 2012-07-09 23:02	--------	d-----w-	c:\programme\eRightSoft
2012-07-01 00:46 . 2012-07-01 00:46	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\YTD Video Downloader
2012-07-01 00:46 . 2012-07-01 00:46	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\YTD YouTube Downloader & Converter
2012-07-01 00:45 . 2012-07-01 00:45	--------	d-----w-	c:\programme\YTD YouTube Downloader & Converter
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 17:17 . 2012-03-30 19:36	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-11 17:17 . 2011-07-10 17:43	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-06 12:29 . 2009-11-07 18:13	143872	----a-w-	c:\windows\system32\javacpl.cpl
2012-06-02 13:19 . 2009-11-07 18:14	18456	----a-w-	c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-11-07 18:14	15896	----a-w-	c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2009-11-07 18:05	329240	----a-w-	c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2009-11-07 18:05	210968	----a-w-	c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-11-07 18:05	219160	----a-w-	c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-11-07 18:14	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-11-07 18:14	15896	----a-w-	c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2009-11-07 18:05	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2009-11-07 18:05	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-04-30 22:00	97304	----a-w-	c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-11-07 18:14	23576	----a-w-	c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-11-07 18:05	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-11-07 18:05	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2008-04-30 22:00	604160	----a-w-	c:\windows\system32\crypt32.dll
2012-05-15 15:37 . 2008-03-01 12:54	832512	----a-w-	c:\windows\system32\wininet.dll
2012-05-15 13:56 . 2008-04-30 22:00	1863296	----a-w-	c:\windows\system32\win32k.sys
2012-05-05 03:14 . 2008-04-30 22:00	2150912	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2008-04-14 05:30	2029056	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2009-11-07 18:03	139656	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2009-09-25 16:41 . 2009-09-25 16:41	1044480	----a-w-	c:\programme\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41	200704	----a-w-	c:\programme\mozilla firefox\plugins\ssldivx.dll
2012-06-19 12:33 . 2012-04-20 09:29	85472	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06	163328	--sha-r-	c:\windows\system32\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\system32\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\system32\nbDX.dll
2010-01-06 22:00	107520	--sha-r-	c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRISMSTA.EXE"="PRISMSTA.EXE START" [X]
" Malwarebytes Anti-Malware  (reboot)"="c:\programme\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\programme\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 54832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"Mobile Connectivity Suite"="c:\programme\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-30 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2012-04-23 124928]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-30 22:00	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
2002-08-28 12:43	73728	----a-w-	c:\windows\Dit.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Java\\jre7\\bin\\javaw.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.11.2009 13:53 717296]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [30.12.2011 21:32 72576]
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [12.06.2012 01:25 36000]
S2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [12.06.2012 01:25 86224]
S2 gupdate;Google Update-Dienst (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [20.11.2011 02:36 136176]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\dokumente und einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe -/service --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe -/service [?]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\programme\Mobile Partner\UpdateDog\ouc.exe [30.12.2011 21:32 218624]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30.03.2012 21:36 250056]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [30.12.2011 21:32 117504]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [20.11.2011 02:36 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [11.09.2010 03:27 24576]
S3 IIUSBISP;USB Mass Storage for USB ISP;c:\windows\system32\Drivers\iiusbisp.sys --> c:\windows\system32\Drivers\iiusbisp.sys [?]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys --> c:\windows\system32\DRIVERS\lgbtport.sys [?]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys --> c:\windows\system32\DRIVERS\lgbtbus.sys [?]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys --> c:\windows\system32\DRIVERS\lgvmodem.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2D.tmp --> c:\windows\system32\2D.tmp [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [28.01.2011 14:55 40832]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [25.04.2012 03:38 113120]
S3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [07.11.2009 23:55 362688]
S3 SampleScanner;USB Flatbed Scanner ;c:\windows\system32\drivers\GT680x.sys [11.10.2010 13:29 18120]
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:17]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-11-20 00:36]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-11-20 00:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Che\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
FF - ProfilePath - c:\dokumente und einstellungen\Che\Anwendungsdaten\Mozilla\Firefox\Profiles\0txjmau0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - prefs.js: network.proxy.http - 109.234.27.84
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-26 19:45
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2D.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\programme\CyberLink\PowerDVD\000.fcl"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
Zeit der Fertigstellung: 2012-07-26  19:47:45
ComboFix-quarantined-files.txt  2012-07-26 17:47
.
Vor Suchlauf: 8.395.141.120 Bytes frei
Nach Suchlauf: 8.447.287.296 Bytes frei
.
- - End Of File - - EBF177313CEE5FD619CF2EA768A8750A

markusg · 27.07.2012, 22:26

hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

che · 28.07.2012, 11:44

ok, sieht gut aus!

Code:

ATTFilter

12:35:53.0390 3688	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
12:35:53.0421 3688	============================================================
12:35:53.0421 3688	Current date / time: 2012/07/28 12:35:53.0421
12:35:53.0421 3688	SystemInfo:
12:35:53.0421 3688	
12:35:53.0421 3688	OS Version: 5.1.2600 ServicePack: 3.0
12:35:53.0421 3688	Product type: Workstation
12:35:53.0421 3688	ComputerName: MEDION-PC
12:35:53.0421 3688	UserName: User
12:35:53.0421 3688	Windows directory: C:\WINDOWS
12:35:53.0421 3688	System windows directory: C:\WINDOWS
12:35:53.0421 3688	Processor architecture: Intel x86
12:35:53.0421 3688	Number of processors: 2
12:35:53.0421 3688	Page size: 0x1000
12:35:53.0421 3688	Boot type: Normal boot
12:35:53.0421 3688	============================================================
12:35:55.0515 3688	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:35:55.0625 3688	============================================================
12:35:55.0625 3688	\Device\Harddisk0\DR0:
12:35:55.0625 3688	MBR partitions:
12:35:55.0625 3688	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C41AD8
12:35:55.0640 3688	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9C41B56, BlocksNum 0x84D0D5E
12:35:55.0656 3688	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x121128F3, BlocksNum 0x90230D
12:35:55.0656 3688	============================================================
12:35:55.0703 3688	D: <-> \Device\Harddisk0\DR0\Partition1
12:35:55.0750 3688	E: <-> \Device\Harddisk0\DR0\Partition2
12:35:55.0781 3688	C: <-> \Device\Harddisk0\DR0\Partition0
12:35:55.0796 3688	============================================================
12:35:55.0796 3688	Initialize success
12:35:55.0796 3688	============================================================
12:36:12.0281 3792	============================================================
12:36:12.0281 3792	Scan started
12:36:12.0281 3792	Mode: Manual; SigCheck; TDLFS; 
12:36:12.0281 3792	============================================================
12:36:12.0734 3792	Abiosdsk - ok
12:36:12.0734 3792	abp480n5 - ok
12:36:12.0781 3792	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:36:13.0062 3792	ACPI - ok
12:36:13.0093 3792	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:36:13.0203 3792	ACPIEC - ok
12:36:13.0218 3792	adpu160m - ok
12:36:13.0250 3792	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:36:13.0375 3792	aec - ok
12:36:13.0421 3792	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:36:13.0468 3792	AFD - ok
12:36:13.0500 3792	agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
12:36:13.0640 3792	agp440 - ok
12:36:13.0656 3792	Aha154x - ok
12:36:13.0656 3792	aic78u2 - ok
12:36:13.0671 3792	aic78xx - ok
12:36:13.0703 3792	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
12:36:13.0843 3792	Alerter - ok
12:36:13.0875 3792	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
12:36:13.0937 3792	ALG - ok
12:36:13.0937 3792	AliIde - ok
12:36:13.0953 3792	amsint - ok
12:36:14.0046 3792	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe
12:36:14.0062 3792	AntiVirSchedulerService - ok
12:36:14.0093 3792	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe
12:36:14.0109 3792	AntiVirService - ok
12:36:14.0156 3792	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
12:36:14.0218 3792	AppMgmt - ok
12:36:14.0234 3792	asc - ok
12:36:14.0234 3792	asc3350p - ok
12:36:14.0250 3792	asc3550 - ok
12:36:14.0343 3792	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:36:14.0406 3792	aspnet_state - ok
12:36:14.0421 3792	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:36:14.0562 3792	AsyncMac - ok
12:36:14.0593 3792	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:36:14.0718 3792	atapi - ok
12:36:14.0734 3792	Atdisk - ok
12:36:14.0765 3792	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:36:14.0906 3792	Atmarpc - ok
12:36:14.0937 3792	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
12:36:15.0093 3792	AudioSrv - ok
12:36:15.0125 3792	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:36:15.0250 3792	audstub - ok
12:36:15.0265 3792	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
12:36:15.0281 3792	avgntflt - ok
12:36:15.0312 3792	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
12:36:15.0328 3792	avipbb - ok
12:36:15.0343 3792	avkmgr          (53e56450da16a1a7f0d002f511113f67) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
12:36:15.0375 3792	avkmgr - ok
12:36:15.0390 3792	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:36:15.0546 3792	Beep - ok
12:36:15.0593 3792	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
12:36:15.0781 3792	BITS - ok
12:36:15.0859 3792	Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Programme\Bonjour\mDNSResponder.exe
12:36:15.0875 3792	Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
12:36:15.0875 3792	Bonjour Service - detected UnsignedFile.Multi.Generic (1)
12:36:15.0921 3792	Bridge          (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
12:36:16.0000 3792	Bridge - ok
12:36:16.0015 3792	BridgeMP        (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
12:36:16.0078 3792	BridgeMP - ok
12:36:16.0109 3792	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
12:36:16.0250 3792	Browser - ok
12:36:16.0296 3792	BrScnUsb        (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
12:36:16.0343 3792	BrScnUsb - ok
12:36:16.0453 3792	Capture Device Service (1778eba872274c1226d869cd9486847e) C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
12:36:16.0468 3792	Capture Device Service - ok
12:36:16.0578 3792	catchme - ok
12:36:16.0609 3792	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:36:16.0750 3792	cbidf2k - ok
12:36:16.0765 3792	cd20xrnt - ok
12:36:16.0781 3792	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:36:16.0921 3792	Cdaudio - ok
12:36:16.0953 3792	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:36:17.0109 3792	Cdfs - ok
12:36:17.0125 3792	Cdrom           (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:36:17.0187 3792	Cdrom - ok
12:36:17.0203 3792	Changer - ok
12:36:17.0234 3792	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
12:36:17.0375 3792	CiSvc - ok
12:36:17.0390 3792	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
12:36:17.0531 3792	ClipSrv - ok
12:36:17.0609 3792	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:36:17.0640 3792	clr_optimization_v2.0.50727_32 - ok
12:36:17.0640 3792	CmdIde - ok
12:36:17.0718 3792	cmuda           (b7d9e7d64c1fd830856807e63356178d) C:\WINDOWS\system32\drivers\cmuda.sys
12:36:17.0828 3792	cmuda - ok
12:36:17.0843 3792	COMSysApp - ok
12:36:17.0843 3792	Cpqarray - ok
12:36:17.0875 3792	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
12:36:18.0031 3792	CryptSvc - ok
12:36:18.0031 3792	dac2w2k - ok
12:36:18.0046 3792	dac960nt - ok
12:36:18.0093 3792	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
12:36:18.0171 3792	DcomLaunch - ok
12:36:18.0218 3792	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
12:36:18.0359 3792	Dhcp - ok
12:36:18.0390 3792	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:36:18.0546 3792	Disk - ok
12:36:18.0546 3792	dmadmin - ok
12:36:18.0640 3792	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
12:36:18.0828 3792	dmboot - ok
12:36:18.0859 3792	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
12:36:19.0015 3792	dmio - ok
12:36:19.0031 3792	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:36:19.0187 3792	dmload - ok
12:36:19.0203 3792	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
12:36:19.0484 3792	dmserver - ok
12:36:19.0515 3792	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:36:19.0640 3792	DMusic - ok
12:36:19.0687 3792	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
12:36:19.0765 3792	Dnscache - ok
12:36:19.0796 3792	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
12:36:19.0968 3792	Dot3svc - ok
12:36:19.0968 3792	dpti2o - ok
12:36:19.0984 3792	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:36:20.0140 3792	drmkaud - ok
12:36:20.0156 3792	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
12:36:20.0296 3792	EapHost - ok
12:36:20.0328 3792	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
12:36:20.0468 3792	ERSvc - ok
12:36:20.0515 3792	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
12:36:20.0531 3792	Eventlog - ok
12:36:20.0578 3792	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
12:36:20.0625 3792	EventSystem - ok
12:36:20.0656 3792	ewusbnet        (a52794c010c6df5b4bc70c4ab5e04088) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
12:36:20.0671 3792	ewusbnet ( UnsignedFile.Multi.Generic ) - warning
12:36:20.0671 3792	ewusbnet - detected UnsignedFile.Multi.Generic (1)
12:36:20.0718 3792	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:36:20.0859 3792	Fastfat - ok
12:36:20.0906 3792	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:36:20.0937 3792	FastUserSwitchingCompatibility - ok
12:36:20.0953 3792	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:36:21.0093 3792	Fdc - ok
12:36:21.0140 3792	FETNDISB        (cc6b6df3c35c20531492e1b700f700fa) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
12:36:21.0171 3792	FETNDISB - ok
12:36:21.0203 3792	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
12:36:21.0359 3792	Fips - ok
12:36:21.0453 3792	FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:36:21.0546 3792	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
12:36:21.0546 3792	FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
12:36:21.0578 3792	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:36:21.0718 3792	Flpydisk - ok
12:36:21.0750 3792	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:36:21.0890 3792	FltMgr - ok
12:36:21.0984 3792	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:36:22.0015 3792	FontCache3.0.0.0 - ok
12:36:22.0031 3792	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:36:22.0187 3792	Fs_Rec - ok
12:36:22.0203 3792	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:36:22.0328 3792	Ftdisk - ok
12:36:22.0375 3792	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:36:22.0515 3792	Gpc - ok
12:36:22.0546 3792	GT680x          (9d68bbedac2c3744724f6a99cc42d8e1) C:\WINDOWS\system32\Drivers\GT680x.SYS
12:36:22.0562 3792	GT680x ( UnsignedFile.Multi.Generic ) - warning
12:36:22.0562 3792	GT680x - detected UnsignedFile.Multi.Generic (1)
12:36:22.0625 3792	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
12:36:22.0640 3792	gupdate - ok
12:36:22.0656 3792	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
12:36:22.0671 3792	gupdatem - ok
12:36:22.0718 3792	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:36:22.0859 3792	helpsvc - ok
12:36:22.0890 3792	HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
12:36:23.0031 3792	HidServ - ok
12:36:23.0062 3792	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:36:23.0203 3792	HidUsb - ok
12:36:23.0234 3792	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
12:36:23.0375 3792	hkmsvc - ok
12:36:23.0375 3792	hpn - ok
12:36:23.0406 3792	HTCAND32        (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
12:36:23.0453 3792	HTCAND32 - ok
12:36:23.0484 3792	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:36:23.0531 3792	HTTP - ok
12:36:23.0562 3792	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
12:36:23.0703 3792	HTTPFilter - ok
12:36:23.0734 3792	huawei_enumerator (bed3a9f86a637cc6c2c5296cd82423d8) C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
12:36:23.0781 3792	huawei_enumerator - ok
12:36:23.0843 3792	hwdatacard      (1f40368dc40b17de3fa0fbe8a9d82f9e) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
12:36:23.0859 3792	hwdatacard ( UnsignedFile.Multi.Generic ) - warning
12:36:23.0859 3792	hwdatacard - detected UnsignedFile.Multi.Generic (1)
12:36:23.0953 3792	HWDeviceService.exe - ok
12:36:23.0953 3792	i2omgmt - ok
12:36:23.0968 3792	i2omp - ok
12:36:24.0000 3792	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:36:24.0140 3792	i8042prt - ok
12:36:24.0234 3792	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:36:24.0328 3792	idsvc - ok
12:36:24.0328 3792	IIUSBISP - ok
12:36:24.0359 3792	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:36:24.0500 3792	Imapi - ok
12:36:24.0546 3792	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
12:36:24.0687 3792	ImapiService - ok
12:36:24.0687 3792	ini910u - ok
12:36:24.0703 3792	IntelIde - ok
12:36:24.0718 3792	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:36:24.0875 3792	intelppm - ok
12:36:24.0890 3792	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:36:25.0031 3792	Ip6Fw - ok
12:36:25.0062 3792	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:36:25.0218 3792	IpFilterDriver - ok
12:36:25.0250 3792	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:36:25.0390 3792	IpInIp - ok
12:36:25.0406 3792	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:36:25.0546 3792	IpNat - ok
12:36:25.0578 3792	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:36:25.0718 3792	IPSec - ok
12:36:25.0750 3792	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:36:25.0828 3792	IRENUM - ok
12:36:25.0859 3792	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:36:26.0000 3792	isapnp - ok
12:36:26.0109 3792	JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
12:36:26.0125 3792	JavaQuickStarterService - ok
12:36:26.0156 3792	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:36:26.0296 3792	Kbdclass - ok
12:36:26.0343 3792	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:36:26.0484 3792	kbdhid - ok
12:36:26.0531 3792	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:36:26.0656 3792	kmixer - ok
12:36:26.0703 3792	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:36:26.0765 3792	KSecDD - ok
12:36:26.0796 3792	LanmanServer    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
12:36:26.0859 3792	LanmanServer - ok
12:36:26.0906 3792	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
12:36:26.0953 3792	lanmanworkstation - ok
12:36:26.0953 3792	lbrtfdc - ok
12:36:26.0968 3792	LgBttPort - ok
12:36:26.0984 3792	lgbusenum - ok
12:36:27.0000 3792	LGVMODEM - ok
12:36:27.0031 3792	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
12:36:27.0187 3792	LmHosts - ok
12:36:27.0187 3792	MEMSWEEP2 - ok
12:36:27.0218 3792	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
12:36:27.0375 3792	Messenger - ok
12:36:27.0406 3792	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:36:27.0531 3792	mnmdd - ok
12:36:27.0562 3792	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
12:36:27.0703 3792	mnmsrvc - ok
12:36:27.0796 3792	Mobile Partner. RunOuc (38106c7bd34eae89d2769ac0ba2e846b) C:\Programme\Mobile Partner\UpdateDog\ouc.exe
12:36:27.0828 3792	Mobile Partner. RunOuc ( UnsignedFile.Multi.Generic ) - warning
12:36:27.0828 3792	Mobile Partner. RunOuc - detected UnsignedFile.Multi.Generic (1)
12:36:27.0875 3792	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
12:36:28.0015 3792	Modem - ok
12:36:28.0046 3792	MotDev          (a54abbda4ee2fdae15d4e1ee7ab788a1) C:\WINDOWS\system32\DRIVERS\motodrv.sys
12:36:28.0093 3792	MotDev - ok
12:36:28.0109 3792	motmodem        (37e5a8c7f9a3b38f113b71ec7ce34f92) C:\WINDOWS\system32\DRIVERS\motmodem.sys
12:36:28.0156 3792	motmodem - ok
12:36:28.0187 3792	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:36:28.0312 3792	Mouclass - ok
12:36:28.0359 3792	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:36:28.0500 3792	mouhid - ok
12:36:28.0531 3792	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:36:28.0687 3792	MountMgr - ok
12:36:28.0734 3792	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
12:36:28.0765 3792	MozillaMaintenance - ok
12:36:28.0765 3792	mraid35x - ok
12:36:28.0812 3792	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:36:28.0968 3792	MRxDAV - ok
12:36:29.0031 3792	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:36:29.0093 3792	MRxSmb - ok
12:36:29.0140 3792	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
12:36:29.0296 3792	MSDTC - ok
12:36:29.0343 3792	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:36:29.0531 3792	Msfs - ok
12:36:29.0546 3792	MSIServer - ok
12:36:29.0578 3792	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:36:29.0718 3792	MSKSSRV - ok
12:36:29.0734 3792	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:36:29.0859 3792	MSPCLOCK - ok
12:36:29.0875 3792	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:36:30.0015 3792	MSPQM - ok
12:36:30.0046 3792	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:36:30.0187 3792	mssmbios - ok
12:36:30.0218 3792	ms_mpu401       (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
12:36:30.0359 3792	ms_mpu401 - ok
12:36:30.0390 3792	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:36:30.0421 3792	Mup - ok
12:36:30.0468 3792	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
12:36:30.0625 3792	napagent - ok
12:36:30.0671 3792	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:36:30.0796 3792	NDIS - ok
12:36:30.0843 3792	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:36:30.0875 3792	NdisTapi - ok
12:36:30.0906 3792	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:36:31.0046 3792	Ndisuio - ok
12:36:31.0062 3792	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:36:31.0187 3792	NdisWan - ok
12:36:31.0218 3792	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:36:31.0250 3792	NDProxy - ok
12:36:31.0281 3792	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:36:31.0421 3792	NetBIOS - ok
12:36:31.0453 3792	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:36:31.0578 3792	NetBT - ok
12:36:31.0609 3792	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
12:36:31.0750 3792	NetDDE - ok
12:36:31.0765 3792	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
12:36:31.0890 3792	NetDDEdsdm - ok
12:36:31.0921 3792	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:36:32.0046 3792	Netlogon - ok
12:36:32.0093 3792	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
12:36:32.0218 3792	Netman - ok
12:36:32.0343 3792	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:36:32.0359 3792	NetTcpPortSharing - ok
12:36:32.0421 3792	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
12:36:32.0453 3792	Nla - ok
12:36:32.0578 3792	NMIndexingService (cb992ae1506985d9167e85883b4c3240) C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
12:36:32.0609 3792	NMIndexingService - ok
12:36:32.0671 3792	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:36:32.0812 3792	Npfs - ok
12:36:32.0859 3792	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:36:33.0031 3792	Ntfs - ok
12:36:33.0062 3792	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:36:33.0203 3792	NtLmSsp - ok
12:36:33.0250 3792	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
12:36:33.0437 3792	NtmsSvc - ok
12:36:33.0468 3792	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:36:33.0609 3792	Null - ok
12:36:33.0812 3792	nv              (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:36:34.0078 3792	nv - ok
12:36:34.0171 3792	NVSvc           (0febe37db6650faa5965c00545009d1d) C:\WINDOWS\system32\nvsvc32.exe
12:36:34.0203 3792	NVSvc - ok
12:36:34.0250 3792	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:36:34.0421 3792	NwlnkFlt - ok
12:36:34.0421 3792	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:36:34.0562 3792	NwlnkFwd - ok
12:36:34.0718 3792	odserv          (84de1dd996b48b05ace31ad015fa108a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
12:36:34.0750 3792	odserv - ok
12:36:34.0812 3792	ose             (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
12:36:34.0843 3792	ose - ok
12:36:34.0875 3792	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
12:36:35.0000 3792	Parport - ok
12:36:35.0015 3792	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:36:35.0156 3792	PartMgr - ok
12:36:35.0187 3792	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
12:36:35.0328 3792	ParVdm - ok
12:36:35.0359 3792	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
12:36:35.0500 3792	PCI - ok
12:36:35.0500 3792	PCIDump - ok
12:36:35.0531 3792	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:36:35.0671 3792	PCIIde - ok
12:36:35.0703 3792	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:36:35.0859 3792	Pcmcia - ok
12:36:35.0875 3792	PDCOMP - ok
12:36:35.0875 3792	PDFRAME - ok
12:36:35.0890 3792	PDRELI - ok
12:36:35.0890 3792	PDRFRAME - ok
12:36:35.0906 3792	perc2 - ok
12:36:35.0906 3792	perc2hib - ok
12:36:35.0953 3792	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
12:36:35.0984 3792	PlugPlay - ok
12:36:36.0015 3792	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:36:36.0140 3792	PolicyAgent - ok
12:36:36.0171 3792	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:36:36.0312 3792	PptpMiniport - ok
12:36:36.0359 3792	PRISM_A00       (621848f689066206d710c468ef145cde) C:\WINDOWS\system32\DRIVERS\PRISMA00.sys
12:36:36.0421 3792	PRISM_A00 - ok
12:36:36.0421 3792	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:36:36.0546 3792	ProtectedStorage - ok
12:36:36.0578 3792	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:36:36.0718 3792	PSched - ok
12:36:36.0750 3792	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:36:36.0875 3792	Ptilink - ok
12:36:36.0921 3792	PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:36:36.0937 3792	PxHelp20 - ok
12:36:36.0937 3792	ql1080 - ok
12:36:36.0937 3792	Ql10wnt - ok
12:36:36.0953 3792	ql12160 - ok
12:36:36.0953 3792	ql1240 - ok
12:36:36.0968 3792	ql1280 - ok
12:36:37.0000 3792	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:36:37.0140 3792	RasAcd - ok
12:36:37.0171 3792	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
12:36:37.0296 3792	RasAuto - ok
12:36:37.0328 3792	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:36:37.0453 3792	Rasl2tp - ok
12:36:37.0484 3792	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
12:36:37.0625 3792	RasMan - ok
12:36:37.0640 3792	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:36:37.0781 3792	RasPppoe - ok
12:36:37.0812 3792	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:36:37.0937 3792	Raspti - ok
12:36:37.0968 3792	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:36:38.0109 3792	Rdbss - ok
12:36:38.0140 3792	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:36:38.0265 3792	RDPCDD - ok
12:36:38.0312 3792	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:36:38.0453 3792	rdpdr - ok
12:36:38.0500 3792	RDPWD           (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
12:36:38.0546 3792	RDPWD - ok
12:36:38.0593 3792	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
12:36:38.0781 3792	RDSessMgr - ok
12:36:38.0812 3792	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:36:38.0937 3792	redbook - ok
12:36:38.0968 3792	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
12:36:39.0093 3792	RemoteAccess - ok
12:36:39.0125 3792	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
12:36:39.0250 3792	RemoteRegistry - ok
12:36:39.0500 3792	RichVideo       (06a49b7bdc36cfbf97dd90804f833369) C:\Programme\CyberLink\Shared files\RichVideo.exe
12:36:39.0531 3792	RichVideo - ok
12:36:39.0562 3792	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
12:36:39.0703 3792	RpcLocator - ok
12:36:39.0750 3792	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll
12:36:39.0796 3792	RpcSs - ok
12:36:39.0843 3792	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
12:36:39.0984 3792	RSVP - ok
12:36:40.0031 3792	SampleScanner   (9d68bbedac2c3744724f6a99cc42d8e1) C:\WINDOWS\system32\DRIVERS\GT680x.sys
12:36:40.0031 3792	SampleScanner ( UnsignedFile.Multi.Generic ) - warning
12:36:40.0031 3792	SampleScanner - detected UnsignedFile.Multi.Generic (1)
12:36:40.0062 3792	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:36:40.0187 3792	SamSs - ok
12:36:40.0234 3792	SbieDrv         (d5223bb45782b35407148a47255497c7) C:\Programme\Sandboxie\SbieDrv.sys
12:36:40.0250 3792	SbieDrv ( UnsignedFile.Multi.Generic ) - warning
12:36:40.0250 3792	SbieDrv - detected UnsignedFile.Multi.Generic (1)
12:36:40.0265 3792	SbieSvc         (de88a8d417bb530003d84fce6774c0f6) C:\Programme\Sandboxie\SbieSvc.exe
12:36:40.0265 3792	SbieSvc ( UnsignedFile.Multi.Generic ) - warning
12:36:40.0265 3792	SbieSvc - detected UnsignedFile.Multi.Generic (1)
12:36:40.0296 3792	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
12:36:40.0437 3792	SCardSvr - ok
12:36:40.0484 3792	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
12:36:40.0640 3792	Schedule - ok
12:36:40.0671 3792	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:36:40.0734 3792	Secdrv - ok
12:36:40.0750 3792	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
12:36:40.0890 3792	seclogon - ok
12:36:40.0906 3792	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
12:36:41.0046 3792	SENS - ok
12:36:41.0062 3792	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:36:41.0187 3792	serenum - ok
12:36:41.0203 3792	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
12:36:41.0312 3792	Serial - ok
12:36:41.0343 3792	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:36:41.0468 3792	Sfloppy - ok
12:36:41.0531 3792	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
12:36:41.0671 3792	SharedAccess - ok
12:36:41.0718 3792	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:36:41.0734 3792	ShellHWDetection - ok
12:36:41.0750 3792	Simbad - ok
12:36:41.0750 3792	Sparrow - ok
12:36:41.0781 3792	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:36:41.0906 3792	splitter - ok
12:36:41.0953 3792	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:36:42.0000 3792	Spooler - ok
12:36:42.0062 3792	sptd            (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
12:36:42.0062 3792	Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
12:36:42.0062 3792	sptd ( LockedFile.Multi.Generic ) - warning
12:36:42.0062 3792	sptd - detected LockedFile.Multi.Generic (1)
12:36:42.0093 3792	Sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
12:36:42.0156 3792	Sr - ok
12:36:42.0187 3792	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
12:36:42.0250 3792	srservice - ok
12:36:42.0296 3792	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:36:42.0359 3792	Srv - ok
12:36:42.0406 3792	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
12:36:42.0468 3792	SSDPSRV - ok
12:36:42.0500 3792	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
12:36:42.0515 3792	ssmdrv - ok
12:36:42.0562 3792	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
12:36:42.0703 3792	stisvc - ok
12:36:42.0718 3792	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:36:42.0859 3792	swenum - ok
12:36:42.0890 3792	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:36:43.0015 3792	swmidi - ok
12:36:43.0031 3792	SwPrv - ok
12:36:43.0031 3792	symc810 - ok
12:36:43.0046 3792	symc8xx - ok
12:36:43.0046 3792	sym_hi - ok
12:36:43.0062 3792	sym_u3 - ok
12:36:43.0078 3792	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:36:43.0203 3792	sysaudio - ok
12:36:43.0250 3792	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
12:36:43.0375 3792	SysmonLog - ok
12:36:43.0421 3792	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
12:36:43.0562 3792	TapiSrv - ok
12:36:43.0609 3792	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:36:43.0687 3792	Tcpip - ok
12:36:43.0718 3792	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:36:43.0828 3792	TDPIPE - ok
12:36:43.0859 3792	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:36:43.0984 3792	TDTCP - ok
12:36:44.0015 3792	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:36:44.0140 3792	TermDD - ok
12:36:44.0218 3792	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
12:36:44.0390 3792	TermService - ok
12:36:44.0437 3792	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:36:44.0453 3792	Themes - ok
12:36:44.0484 3792	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
12:36:44.0562 3792	TlntSvr - ok
12:36:44.0562 3792	TosIde - ok
12:36:44.0578 3792	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
12:36:44.0718 3792	TrkWks - ok
12:36:44.0750 3792	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:36:44.0890 3792	Udfs - ok
12:36:44.0906 3792	ultra - ok
12:36:44.0953 3792	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:36:45.0125 3792	Update - ok
12:36:45.0171 3792	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
12:36:45.0234 3792	upnphost - ok
12:36:45.0265 3792	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
12:36:45.0390 3792	UPS - ok
12:36:45.0406 3792	usbbus - ok
12:36:45.0421 3792	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:36:45.0562 3792	usbccgp - ok
12:36:45.0562 3792	UsbDiag - ok
12:36:45.0609 3792	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:36:45.0750 3792	usbehci - ok
12:36:45.0781 3792	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:36:45.0906 3792	usbhub - ok
12:36:45.0921 3792	USBModem - ok
12:36:45.0953 3792	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:36:46.0109 3792	usbprint - ok
12:36:46.0125 3792	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:36:46.0250 3792	usbscan - ok
12:36:46.0265 3792	usbser - ok
12:36:46.0296 3792	usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:36:46.0437 3792	usbstor - ok
12:36:46.0453 3792	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:36:46.0578 3792	usbuhci - ok
12:36:46.0609 3792	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:36:46.0734 3792	VgaSave - ok
12:36:46.0750 3792	ViaIde - ok
12:36:46.0765 3792	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
12:36:46.0890 3792	VolSnap - ok
12:36:46.0921 3792	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
12:36:47.0000 3792	VSS - ok
12:36:47.0046 3792	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
12:36:47.0187 3792	W32Time - ok
12:36:47.0203 3792	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:36:47.0328 3792	Wanarp - ok
12:36:47.0390 3792	Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
12:36:47.0437 3792	Wdf01000 - ok
12:36:47.0437 3792	WDICA - ok
12:36:47.0468 3792	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:36:47.0609 3792	wdmaud - ok
12:36:47.0640 3792	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
12:36:47.0781 3792	WebClient - ok
12:36:47.0843 3792	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:36:47.0984 3792	winmgmt - ok
12:36:48.0015 3792	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
12:36:48.0062 3792	WmdmPmSN - ok
12:36:48.0140 3792	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
12:36:48.0218 3792	Wmi - ok
12:36:48.0250 3792	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:36:48.0390 3792	WmiApSrv - ok
12:36:48.0437 3792	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:36:48.0468 3792	WpdUsb - ok
12:36:48.0484 3792	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:36:48.0625 3792	WS2IFSL - ok
12:36:48.0671 3792	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
12:36:48.0796 3792	wscsvc - ok
12:36:48.0828 3792	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
12:36:48.0953 3792	wuauserv - ok
12:36:49.0000 3792	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:36:49.0046 3792	WudfPf - ok
12:36:49.0078 3792	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:36:49.0109 3792	WudfRd - ok
12:36:49.0125 3792	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:36:49.0156 3792	WudfSvc - ok
12:36:49.0218 3792	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
12:36:49.0546 3792	WZCSVC - ok
12:36:49.0562 3792	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
12:36:49.0718 3792	xmlprov - ok
12:36:49.0781 3792	{95808DC4-FA4A-4C74-92FE-5B863F82066B} (560bf4bd85bf11608ee85d6cf87c02da) C:\Programme\CyberLink\PowerDVD\000.fcl
12:36:49.0796 3792	{95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok
12:36:49.0828 3792	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
12:36:50.0390 3792	\Device\Harddisk0\DR0 - ok
12:36:50.0406 3792	Boot (0x1200)   (6332e952af096fef9038bd2f7c3e89b0) \Device\Harddisk0\DR0\Partition0
12:36:50.0421 3792	\Device\Harddisk0\DR0\Partition0 - ok
12:36:50.0437 3792	Boot (0x1200)   (b341a24cea3da209bd255639801f1507) \Device\Harddisk0\DR0\Partition1
12:36:50.0437 3792	\Device\Harddisk0\DR0\Partition1 - ok
12:36:50.0468 3792	Boot (0x1200)   (ce1e35c942b14ac498d758d569358bec) \Device\Harddisk0\DR0\Partition2
12:36:50.0468 3792	\Device\Harddisk0\DR0\Partition2 - ok
12:36:50.0468 3792	============================================================
12:36:50.0468 3792	Scan finished
12:36:50.0468 3792	============================================================
12:36:50.0578 3744	Detected object count: 10
12:36:50.0578 3744	Actual detected object count: 10
12:38:30.0406 3744	Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:30.0406 3744	Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:38:30.0406 3744	ewusbnet ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:30.0406 3744	ewusbnet ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:38:30.0406 3744	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:30.0406 3744	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:38:30.0421 3744	GT680x ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:30.0421 3744	GT680x ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:38:30.0421 3744	hwdatacard ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:30.0421 3744	hwdatacard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:38:30.0421 3744	Mobile Partner. RunOuc ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:30.0421 3744	Mobile Partner. RunOuc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:38:30.0421 3744	SampleScanner ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:30.0421 3744	SampleScanner ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:38:30.0421 3744	SbieDrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:30.0421 3744	SbieDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:38:30.0421 3744	SbieSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:30.0421 3744	SbieSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:38:30.0421 3744	sptd ( LockedFile.Multi.Generic ) - skipped by user
12:38:30.0437 3744	sptd ( LockedFile.Multi.Generic ) - User select action: Skip

markusg · 30.07.2012, 21:39

ja, siehts tatsächlich.
lade den CCleaner standard:
CCleaner Download - CCleaner 3.21.1767
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

che · 31.07.2012, 13:37

Code:

ATTFilter

Adobe Flash Player                      		notwendig
Adobe Flash Player 11 Plugin				unebkannt
Adobe Reader X (10.1.3) - Deutsch			notwendig	
Adobe Shockwave Player					notwendig
Allgemeine Runtime Dateien				unbekannt
Avira Free Antivirus					notwendig	
Avira NTFS4DOS 1.9					unbekannt
C-Media 3D Audio					notwendig
CCleaner						unnötig
CoreAVC Professional Edition (remove only)		notwendig
DirectX 9.0c Zusatzdateien				unbekannt
DivX Codec						notwendig
DivX Player						unnötig
DivX Plus DirectShow Filters				unbekannt
DivX Web Player						notwendig
EVEREST Ultimate Edition v5.00				notwendig
Flachbettscanner					unnötig
Foxit Reader 5.1					notwendig
Free YouTube to MP3 Converter version 3.11.18.403	notwendig
Google Earth						notwendig
Haali Media Splitter					notwendig
HD Tune 2.55						notwendig
HijackThis 2.0.2					unnötig
HTC Driver Installer					unnötig
HTC Sync						notwendig
HxD Hex Editor Version 1.7.7.0				notwendig
ImgBurn							notwendig
InterVideo DeviceService				unnötig
Java(TM) 7 Update 4					notwendig
JavaFX 2.1.0						unbekannt
Malwarebytes Anti-Malware Version 1.61.0.1400		notwendig
Medion Flash XL						unbekannt
Microsoft .NET Framework 1.1						unbekannt					
Microsoft .NET Framework 1.1 German Language Pack      			unbekannt
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU		unbekannt
Microsoft .NET Framework 2.0 Service Pack 2				unbekannt
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU		unbekannt
Microsoft .NET Framework 3.0 Service Pack 2				unbekannt
Microsoft .NET Framework 3.5 SP1					unbekannt
Microsoft Office Enterprise 2007			notwendig
Microsoft Silverlight					unbekannt
Microsoft Tool Web Package:diskpart.exe			unnötig
Microsoft Visual C++ 2005 Redistributable				unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219		unbekannt
Mobile Partner						notwendig
Mozilla Firefox 14.0.1 (x86 de)				notwendig
Mozilla Maintenance Service				unbekannt
MSXML 4.0 SP2 (KB954430)				unbekannt
MSXML 4.0 SP2 (KB973688)				unbekannt
NVIDIA Drivers						notwendig
Sandboxie 3.40						notwendig
Sophos Anti-Rootkit 1.5.0				unnötig
SUPER © v2012.build.52 (July 7, 2012) Version v2012.build.52		notwendig
Total Commander (Remove or Repair)			unbekannt
Unlocker 1.8.7						ubekannt
XP Codec Pack						unnötig	
YTD Video Downloader 3.9				notwendig

markusg · 01.08.2012, 20:28

deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Avira NTFS4DOS
Flachbettscanner
HijackThis
InterVideo
Microsoft Silverlight
Sophos
Total Commander
Unlocker
XP Codec

öffne CCleaner analysieren starten
öffne otl bereinigen, pc startet neu, testen wie er läuft

che · 02.08.2012, 20:07

Habe alles erledigt. Der PC arbeitet subjektiv so wie vor der Infizierung. Es gibt keine Probleme mehr.
MBAM startet aber nach jedem Systemstart automatisch, kann man das deaktivieren?

Sind wird jetzt durch oder muss ich noch etwas machen (Combofix deinstallieren, defogger re-enable etc.)

LG

che · 07.08.2012, 17:21

Kümmert sich da noch jemand drum oder sind wir fertig? Habe schon seit fast einer Woche keine Antwort erhalten trotz Aktivität des Helfers...

markusg · 08.08.2012, 19:35

hi
ccleaner öffnen, extras, autostart liste und deren inhalt mal posten bitte

che · 09.08.2012, 14:19

Habe den MBAM Eintrag entfernt.

markusg · 09.08.2012, 16:18

ich möchte die liste als text datei. bzw eingefügt als text

19.07.2012, 19:59	#2
markusg /// Malware-holic	Live Security Platinum, Programme ausführen nicht möglich hi bekommen wir auch die Malwarebytes logs mit funden? unter Malwarebytes logdateien zu finden __________________ __________________

Live Security Platinum, Programme ausführen nicht möglich

Plagegeister aller Art und deren Bekämpfung: Live Security Platinum, Programme ausführen nicht möglich