Trojaner TR/Atraps.gen2/TR, Crypt.ULPM.Gen, TR/Nedsym.G.400 und Rootkits

cosinus · 27.07.2012, 23:44

Probier es mit dem Button Scan, nicht Quickscan

Riddle · 28.07.2012, 10:05

Habe den normalen Scan mit 180 Tagen bereits gemacht, s. Log in Post #15

cosinus · 28.07.2012, 23:07

Ja, aber das als CustomScan bitte noch probieren

Sry war etwas missverständlich von mir

Riddle · 29.07.2012, 16:32

Hier nun der CustomScan.

:OTL 180 Tage:

Code:

ATTFilter

OTL logfile created on: 29.07.2012 16:18:13 - Run 5
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Dokumente und Einstellungen\test\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
502,98 Mb Total Physical Memory | 270,95 Mb Available Physical Memory | 53,87% Memory free
1,20 Gb Paging File | 0,98 Gb Available in Paging File | 81,34% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,27 Gb Total Space | 24,04 Gb Free Space | 64,51% Space Free | Partition Type: NTFS
 
Computer Name: PC3 | User Name: test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.29 16:11:10 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\test\Desktop\OTL.exe
PRC - [2012.07.17 14:57:12 | 000,469,136 | ---- | M] () -- C:\Programme\Comodo\Dragon\dragon_updater.exe
PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe
PRC - [2011.04.19 08:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.06.01 21:06:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003.05.05 08:57:30 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.29 08:39:06 | 001,789,440 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12072900\algo.dll
MOD - [2012.07.17 14:57:12 | 000,469,136 | ---- | M] () -- C:\Programme\Comodo\Dragon\dragon_updater.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.27 14:58:50 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.17 14:57:12 | 000,469,136 | ---- | M] () [Auto | Running] -- C:\Programme\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012.07.14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2006.06.01 21:06:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2006.06.01 21:06:00 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.07.03 18:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.07.03 18:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.08.17 19:17:50 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.08.17 19:17:50 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.09.01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1229272821-682003330-258243431-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1229272821-682003330-258243431-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1229272821-682003330-258243431-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1229272821-682003330-258243431-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1229272821-682003330-258243431-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\S-1-5-21-1229272821-682003330-258243431-1003\..\SearchScopes,DefaultScope = {60787F68-79A0-482F-814A-3827825E7638}
IE - HKU\S-1-5-21-1229272821-682003330-258243431-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1229272821-682003330-258243431-1003\..\SearchScopes\{60787F68-79A0-482F-814A-3827825E7638}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1229272821-682003330-258243431-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.07.20 14:47:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.19 13:41:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.07.19 15:49:28 | 000,000,000 | ---D | M]
 
[2008.11.23 11:49:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Mozilla\Extensions
[2008.11.23 11:49:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Mozilla\Firefox\Profiles\tg4brzqz.default\extensions
[2012.07.19 13:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.20 14:47:45 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAMME\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.07.17 20:00:14 | 000,170,624 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk = C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Dokumente und Einstellungen\Kurs\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1229272821-682003330-258243431-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O15 - HKU\S-1-5-21-1229272821-682003330-258243431-1003\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1229272821-682003330-258243431-1003\..Trusted Domains: microsoft.com ([*.update] * in Trusted sites)
O15 - HKU\S-1-5-21-1229272821-682003330-258243431-1003\..Trusted Domains: microsoft.com ([*.windowsupdate] * in Trusted sites)
O15 - HKU\S-1-5-21-1229272821-682003330-258243431-1003\..Trusted Domains: windowsupdate.com ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342699230156 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342699204468 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8C6F939-3239-446F-B722-BAAE46591BDB}: NameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\test\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\test\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.21 15:41:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d6b9c302-2bbb-11df-a153-0030056a97ed}\Shell\AutoRun\command - "" = D:\
O33 - MountPoints2\{d6b9c302-2bbb-11df-a153-0030056a97ed}\Shell\ubuntustick2\command - "" = D:\tools\casper-rw\casper-rw.exe
O33 - MountPoints2\{d6b9c302-2bbb-11df-a153-0030056a97ed}\Shell\ubuntustick3\command - "" = D:\tools\explore2fsPE\explore2fsPE.exe
O33 - MountPoints2\{e9e3cc48-ce13-11df-a16c-0030056a97ed}\Shell\AutoRun\command - "" = D:\StartPortableApps.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "AntiVirService"
MsConfig - Services: "AntiVirSchedulerService"
MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= -  File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 180 Days ==========
 
[2012.07.26 12:29:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\test\Eigene Dateien\Club
[2012.07.20 19:03:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Auslogics
[2012.07.20 19:03:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Auslogics
[2012.07.20 19:03:23 | 000,000,000 | ---D | C] -- C:\Programme\Auslogics
[2012.07.20 17:52:16 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\test\IECompatCache
[2012.07.20 17:19:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\test\Desktop\antivir
[2012.07.20 16:36:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012.07.20 16:29:58 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\test\Recent
[2012.07.20 14:46:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\OpenOffice.org
[2012.07.20 14:35:32 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012.07.20 14:35:31 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012.07.20 14:35:31 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012.07.20 14:35:30 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012.07.20 14:14:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
[2012.07.20 13:53:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
[2012.07.20 13:53:13 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.07.20 13:53:12 | 000,353,688 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.07.20 13:52:59 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.07.20 13:52:57 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.07.20 13:52:55 | 000,721,000 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.07.20 13:52:49 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.07.20 13:52:48 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.07.20 13:52:48 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.07.20 13:51:28 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.07.20 13:51:26 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012.07.20 13:50:43 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software
[2012.07.20 13:50:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2012.07.20 13:42:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\test\Lokale Einstellungen\Anwendungsdaten\Sun
[2012.07.20 12:54:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\test\Startmenü\Programme\Revo Uninstaller
[2012.07.20 12:54:52 | 000,000,000 | ---D | C] -- C:\Programme\VS Revo Group
[2012.07.20 12:31:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2012.07.20 12:02:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012.07.20 11:16:30 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012.07.20 11:16:29 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012.07.19 21:37:21 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\test\Desktop\OTL.exe
[2012.07.19 20:01:40 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.07.19 20:01:15 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\test\Desktop\esetsmartinstaller_enu.exe
[2012.07.19 19:41:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\COMODO
[2012.07.19 19:40:26 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\test\IETldCache
[2012.07.19 17:52:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Malwarebytes
[2012.07.19 17:51:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.07.19 17:51:41 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.07.19 17:51:40 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.07.19 17:45:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012.07.19 15:49:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PDF-XChange PDF Viewer
[2012.07.19 15:49:09 | 000,000,000 | ---D | C] -- C:\Programme\Tracker Software
[2012.07.19 14:28:02 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2012.07.19 14:21:29 | 000,000,000 | ---D | C] -- C:\Programme\Oracle
[2012.07.19 14:19:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Oracle
[2012.07.19 14:19:19 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012.07.19 14:10:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\COMODO
[2012.07.19 14:01:01 | 000,015,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012.07.19 13:41:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla
[2012.07.19 13:41:16 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service
[2012.07.19 13:34:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Comodo
[2012.07.19 13:33:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\test\Lokale Einstellungen\Anwendungsdaten\COMODO
[2012.07.19 13:33:53 | 000,045,320 | ---- | C] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll
[2012.07.19 13:33:34 | 000,000,000 | ---D | C] -- C:\Programme\Comodo
[2012.07.19 13:31:53 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71.dll
[2012.07.19 13:31:52 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2012.07.19 12:39:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in
[2012.05.23 20:12:51 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.02.29 16:09:48 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imagehlp.dll
[2012.02.22 21:49:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\test\Application Data
[33 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 180 Days ==========
 
[2012.07.29 16:19:04 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.29 16:13:01 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.07.29 16:12:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.29 16:12:41 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.29 16:11:10 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\test\Desktop\OTL.exe
[2012.07.29 15:58:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.07.29 12:38:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.27 14:58:49 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.07.27 14:58:49 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.07.26 14:33:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.07.26 11:24:54 | 000,632,049 | ---- | M] () -- C:\Dokumente und Einstellungen\test\Desktop\adwcleaner.exe
[2012.07.25 11:52:26 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.07.20 17:09:04 | 000,000,210 | -HS- | M] () -- C:\boot.ini
[2012.07.20 16:37:58 | 000,001,601 | ---- | M] () -- C:\Dokumente und Einstellungen\test\Desktop\Dragon Internet Browser.lnk
[2012.07.20 15:54:59 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\test\Desktop\CCleaner.lnk
[2012.07.20 15:13:38 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.20 13:53:14 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2012.07.20 12:54:53 | 000,000,889 | ---- | M] () -- C:\Dokumente und Einstellungen\test\Desktop\Revo Uninstaller.lnk
[2012.07.19 20:01:24 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\test\Desktop\esetsmartinstaller_enu.exe
[2012.07.19 17:51:52 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.19 15:49:24 | 000,000,838 | ---- | M] () -- C:\Dokumente und Einstellungen\test\Desktop\PDF-Viewer.lnk
[2012.07.19 14:15:57 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012.07.19 14:15:57 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012.07.19 14:15:56 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012.07.19 14:15:56 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012.07.19 13:35:51 | 000,045,320 | ---- | M] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll
[2012.07.19 13:31:53 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71.dll
[2012.07.19 13:31:52 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2012.07.05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012.07.05 22:06:20 | 000,687,544 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.07.03 18:21:53 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.07.03 18:21:53 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.07.03 18:21:52 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.06.13 15:55:13 | 001,866,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2012.06.13 15:55:13 | 001,866,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2012.06.08 16:25:14 | 008,503,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2012.06.05 17:49:29 | 001,372,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2012.06.05 17:49:29 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2012.06.04 17:35:32 | 000,210,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2012.06.04 06:32:07 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2012.06.02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2012.06.02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2012.06.02 15:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2012.06.02 15:19:38 | 000,015,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012.06.02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2012.06.02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2012.06.02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2012.06.02 15:19:34 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2012.06.02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2012.06.02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2012.06.02 15:19:28 | 000,023,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2012.06.02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2012.06.02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2012.06.02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2012.06.02 15:18:58 | 000,275,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012.06.02 15:18:58 | 000,018,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012.05.31 15:22:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012.05.28 20:16:36 | 000,536,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2012.05.16 17:07:03 | 000,916,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2012.05.11 20:10:22 | 011,111,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2012.05.11 16:40:25 | 001,212,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2012.05.11 16:40:25 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2012.05.11 16:40:25 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2012.05.11 16:40:25 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2012.05.11 16:40:25 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2012.05.11 16:40:25 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2012.05.11 16:40:25 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2012.05.11 16:40:24 | 006,007,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2012.05.11 16:40:24 | 002,000,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2012.05.11 16:40:24 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2012.05.11 16:40:24 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2012.05.11 16:40:24 | 000,629,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2012.05.11 16:40:24 | 000,629,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2012.05.11 16:40:24 | 000,521,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012.05.11 16:40:24 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2012.05.11 16:40:24 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2012.05.11 16:40:24 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2012.05.11 16:40:24 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2012.05.11 16:40:24 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2012.05.11 16:40:24 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2012.05.11 16:40:21 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2012.05.11 16:40:21 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2012.05.11 16:40:19 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012.05.11 16:40:19 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2012.05.11 16:40:19 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2012.05.11 13:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2012.05.11 13:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2012.05.11 13:38:02 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2012.05.05 05:14:34 | 002,194,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2012.05.05 05:14:34 | 002,194,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2012.05.05 05:14:34 | 002,071,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2012.05.05 05:14:34 | 002,071,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2012.05.05 05:14:31 | 002,150,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2012.05.05 05:14:31 | 002,029,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2012.05.02 15:46:30 | 000,139,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012.04.02 19:55:31 | 000,316,594 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.04.02 19:55:31 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.04.02 19:55:31 | 000,048,156 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.04.02 19:55:31 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.03.01 03:15:29 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2012.02.29 16:09:48 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll
[2012.02.29 16:09:48 | 000,148,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imagehlp.dll
[2012.02.29 14:16:50 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[33 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.26 14:32:33 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012.07.26 14:30:45 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2012.07.26 11:24:45 | 000,632,049 | ---- | C] () -- C:\Dokumente und Einstellungen\test\Desktop\adwcleaner.exe
[2012.07.20 16:37:58 | 000,001,601 | ---- | C] () -- C:\Dokumente und Einstellungen\test\Desktop\Dragon Internet Browser.lnk
[2012.07.20 14:47:48 | 000,000,308 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.07.20 14:20:53 | 000,000,849 | ---- | C] () -- C:\Dokumente und Einstellungen\test\Desktop\OpenOffice.org Calc.lnk
[2012.07.20 14:20:31 | 000,000,885 | ---- | C] () -- C:\Dokumente und Einstellungen\test\Desktop\OpenOffice.org Writer.lnk
[2012.07.20 14:08:42 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.20 14:08:41 | 000,001,082 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.20 13:53:14 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2012.07.20 12:54:53 | 000,000,889 | ---- | C] () -- C:\Dokumente und Einstellungen\test\Desktop\Revo Uninstaller.lnk
[2012.07.19 19:41:22 | 000,000,783 | ---- | C] () -- C:\Dokumente und Einstellungen\test\Startmenü\Programme\Internet Explorer.lnk
[2012.07.19 17:51:52 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.19 15:49:24 | 000,000,838 | ---- | C] () -- C:\Dokumente und Einstellungen\test\Desktop\PDF-Viewer.lnk
[2012.07.19 13:41:18 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2012.07.19 13:31:16 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.03.05 21:35:43 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\Mitglied\Lokale Einstellungen\Anwendungsdaten\1c638a4f\@
[2012.02.22 21:35:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.22 21:35:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2008.07.21 16:12:10 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\test\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== LOP Check ==========
 
[2012.07.20 13:50:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2011.01.14 19:17:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kurs\Anwendungsdaten\OpenOffice.org
[2012.07.20 19:03:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Auslogics
[2012.07.20 14:46:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\OpenOffice.org
[2012.07.19 14:19:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Oracle
[2012.07.29 16:13:01 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.08.17 11:51:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Adobe
[2012.07.20 19:03:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Auslogics
[2008.07.22 10:07:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Google
[2008.07.21 16:13:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Identities
[2008.07.22 10:06:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Macromedia
[2012.07.19 17:52:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Malwarebytes
[2012.02.22 21:50:58 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Microsoft
[2008.11.23 11:49:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Mozilla
[2012.07.20 14:46:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\OpenOffice.org
[2011.01.11 21:55:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\OpenOffice.org2
[2012.07.19 14:19:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Oracle
[2008.07.30 09:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Sun
[2008.08.16 20:02:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\U3
 
< %APPDATA%\*.exe /s >
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\U3\temp\cleanup.exe
[2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.07.22 08:57:33 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.07.22 08:57:33 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.07.22 08:57:33 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.07.22 08:57:33 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2005.10.12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: NVATABUS.SYS  >
[2005.08.18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\drivers\nvatabus.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: VIAMRAID.SYS  >
[2005.04.08 11:43:26 | 000,060,928 | ---- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\WINDOWS\system32\drivers\viamraid.sys
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.07.21 17:14:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.07.21 17:14:58 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.07.21 17:14:58 | 000,421,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

cosinus · 29.07.2012, 19:21

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - user.js - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1229272821-682003330-258243431-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.21 15:41:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d6b9c302-2bbb-11df-a153-0030056a97ed}\Shell\AutoRun\command - "" = D:\
O33 - MountPoints2\{d6b9c302-2bbb-11df-a153-0030056a97ed}\Shell\ubuntustick2\command - "" = D:\tools\casper-rw\casper-rw.exe
O33 - MountPoints2\{d6b9c302-2bbb-11df-a153-0030056a97ed}\Shell\ubuntustick3\command - "" = D:\tools\explore2fsPE\explore2fsPE.exe
O33 - MountPoints2\{e9e3cc48-ce13-11df-a16c-0030056a97ed}\Shell\AutoRun\command - "" = D:\StartPortableApps.exe
:Files
C:\Dokumente und Einstellungen\Mitglied\Lokale Einstellungen\Anwendungsdaten\1c638a4f
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Riddle · 29.07.2012, 20:49

Warum wird eigentlich der Registry-Eintrag "NoDriveTypeAutoRun=145" entfernt? Ist das nicht der Standard-Wert, bzw. eine gebräuchliche Einstellung?

:OTL FIX:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1229272821-682003330-258243431-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6b9c302-2bbb-11df-a153-0030056a97ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6b9c302-2bbb-11df-a153-0030056a97ed}\ not found.
File D:\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6b9c302-2bbb-11df-a153-0030056a97ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6b9c302-2bbb-11df-a153-0030056a97ed}\ not found.
File D:\tools\casper-rw\casper-rw.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6b9c302-2bbb-11df-a153-0030056a97ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6b9c302-2bbb-11df-a153-0030056a97ed}\ not found.
File D:\tools\explore2fsPE\explore2fsPE.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9e3cc48-ce13-11df-a16c-0030056a97ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9e3cc48-ce13-11df-a16c-0030056a97ed}\ not found.
File D:\StartPortableApps.exe not found.
========== FILES ==========
C:\Dokumente und Einstellungen\Mitglied\Lokale Einstellungen\Anwendungsdaten\1c638a4f\U folder moved successfully.
C:\Dokumente und Einstellungen\Mitglied\Lokale Einstellungen\Anwendungsdaten\1c638a4f folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 19863 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Gast
->Temp folder emptied: 490159 bytes
->Temporary Internet Files folder emptied: 8190142 bytes
->FireFox cache emptied: 40097357 bytes
->Flash cache emptied: 971 bytes
 
User: Kurs
->Temp folder emptied: 302545 bytes
->Temporary Internet Files folder emptied: 58250152 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 675 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 279610 bytes
 
User: Mitglied
->Temp folder emptied: 8049803 bytes
->Temporary Internet Files folder emptied: 82303242 bytes
->Java cache emptied: 5091101 bytes
->FireFox cache emptied: 43360597 bytes
->Flash cache emptied: 3438 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: test
->Temp folder emptied: 258714135 bytes
->Temporary Internet Files folder emptied: 5520761 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 11930305 bytes
->Flash cache emptied: 14293 bytes
 
%systemdrive% .tmp files removed: 74128861 bytes
%systemroot% .tmp files removed: 2503692 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 904020 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 573,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
 
User: Gast
->Flash cache emptied: 0 bytes
 
User: Kurs
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: Mitglied
->Flash cache emptied: 0 bytes
 
User: NetworkService
 
User: test
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.55.0 log created on 07292012_210450

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 29.07.2012, 21:05

Manche Einträge fixe ich so um sicherzugehen - und diesen dämlichen Autorun sollte IMHO immer grundsätzlich komplett deaktivieren!

Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Riddle · 29.07.2012, 21:22

Zip hochgeladen.

cosinus · 30.07.2012, 08:33

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Riddle · 30.07.2012, 11:05

Sieht doch gut aus, oder?

:TDSS:

Code:

ATTFilter

11:54:56.0359 2284	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
11:54:56.0859 2284	============================================================
11:54:56.0859 2284	Current date / time: 2012/07/30 11:54:56.0859
11:54:56.0859 2284	SystemInfo:
11:54:56.0859 2284	
11:54:56.0859 2284	OS Version: 5.1.2600 ServicePack: 3.0
11:54:56.0859 2284	Product type: Workstation
11:54:56.0859 2284	ComputerName: PC3
11:54:56.0859 2284	UserName: test
11:54:56.0859 2284	Windows directory: C:\WINDOWS
11:54:56.0859 2284	System windows directory: C:\WINDOWS
11:54:56.0859 2284	Processor architecture: Intel x86
11:54:56.0859 2284	Number of processors: 1
11:54:56.0859 2284	Page size: 0x1000
11:54:56.0859 2284	Boot type: Normal boot
11:54:56.0859 2284	============================================================
11:54:59.0781 2284	Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:54:59.0796 2284	============================================================
11:54:59.0796 2284	\Device\Harddisk0\DR0:
11:54:59.0796 2284	MBR partitions:
11:54:59.0796 2284	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A89182
11:54:59.0796 2284	============================================================
11:54:59.0843 2284	C: <-> \Device\Harddisk0\DR0\Partition0
11:54:59.0843 2284	============================================================
11:54:59.0843 2284	Initialize success
11:54:59.0843 2284	============================================================
11:56:36.0687 3612	============================================================
11:56:36.0687 3612	Scan started
11:56:36.0687 3612	Mode: Manual; SigCheck; TDLFS; 
11:56:36.0687 3612	============================================================
11:56:37.0015 3612	Aavmker4        (0b27ae82c113d3687024d18459440426) C:\WINDOWS\system32\drivers\Aavmker4.sys
11:56:37.0359 3612	Aavmker4 - ok
11:56:37.0375 3612	Abiosdsk - ok
11:56:37.0390 3612	abp480n5 - ok
11:56:37.0468 3612	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:56:37.0781 3612	ACPI - ok
11:56:37.0796 3612	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:56:38.0015 3612	ACPIEC - ok
11:56:38.0140 3612	AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:56:38.0187 3612	AdobeFlashPlayerUpdateSvc - ok
11:56:38.0218 3612	adpu160m - ok
11:56:38.0265 3612	aeaudio         (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
11:56:38.0343 3612	aeaudio - ok
11:56:38.0375 3612	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:56:38.0578 3612	aec - ok
11:56:38.0656 3612	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:56:38.0765 3612	AFD - ok
11:56:38.0781 3612	Aha154x - ok
11:56:38.0796 3612	aic78u2 - ok
11:56:38.0812 3612	aic78xx - ok
11:56:38.0875 3612	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
11:56:39.0109 3612	Alerter - ok
11:56:39.0156 3612	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
11:56:39.0312 3612	ALG - ok
11:56:39.0328 3612	AliIde - ok
11:56:39.0343 3612	amsint - ok
11:56:39.0390 3612	AntiVirSchedulerService - ok
11:56:39.0406 3612	AntiVirService - ok
11:56:39.0468 3612	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
11:56:39.0625 3612	AppMgmt - ok
11:56:39.0625 3612	asc - ok
11:56:39.0656 3612	asc3350p - ok
11:56:39.0671 3612	asc3550 - ok
11:56:39.0718 3612	aswFsBlk        (1c1f3d6dddc046c920c493a779649f66) C:\WINDOWS\system32\drivers\aswFsBlk.sys
11:56:39.0750 3612	aswFsBlk - ok
11:56:39.0781 3612	aswMon2         (9e912fe7b41650701ef2b227aca440f3) C:\WINDOWS\system32\drivers\aswMon2.sys
11:56:39.0828 3612	aswMon2 - ok
11:56:39.0843 3612	AswRdr          (982e275d1c5801042fe94209fb0160fb) C:\WINDOWS\system32\drivers\AswRdr.sys
11:56:39.0890 3612	AswRdr - ok
11:56:39.0984 3612	aswSnx          (73dbcf808e00580f2a47f93dd9b03876) C:\WINDOWS\system32\drivers\aswSnx.sys
11:56:40.0093 3612	aswSnx - ok
11:56:40.0203 3612	aswSP           (6cbd7d3a33f498d09c831cdd732da2e0) C:\WINDOWS\system32\drivers\aswSP.sys
11:56:40.0296 3612	aswSP - ok
11:56:40.0343 3612	aswTdi          (7109a9aa551f37cd168c02368465957e) C:\WINDOWS\system32\drivers\aswTdi.sys
11:56:40.0390 3612	aswTdi - ok
11:56:40.0437 3612	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:56:40.0671 3612	AsyncMac - ok
11:56:40.0703 3612	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:56:40.0937 3612	atapi - ok
11:56:40.0968 3612	Atdisk - ok
11:56:41.0015 3612	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:56:41.0281 3612	Atmarpc - ok
11:56:41.0328 3612	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
11:56:41.0593 3612	AudioSrv - ok
11:56:41.0656 3612	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:56:41.0890 3612	audstub - ok
11:56:42.0015 3612	avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Programme\AVAST Software\Avast\AvastSvc.exe
11:56:42.0062 3612	avast! Antivirus - ok
11:56:42.0140 3612	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
11:56:42.0187 3612	avgntflt - ok
11:56:42.0234 3612	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
11:56:42.0265 3612	avipbb - ok
11:56:42.0343 3612	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:56:42.0578 3612	Beep - ok
11:56:42.0671 3612	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
11:56:43.0000 3612	BITS - ok
11:56:43.0046 3612	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
11:56:43.0312 3612	Browser - ok
11:56:43.0375 3612	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:56:43.0625 3612	cbidf2k - ok
11:56:43.0640 3612	cd20xrnt - ok
11:56:43.0671 3612	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:56:43.0937 3612	Cdaudio - ok
11:56:43.0984 3612	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:56:44.0250 3612	Cdfs - ok
11:56:44.0296 3612	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:56:44.0546 3612	Cdrom - ok
11:56:44.0562 3612	Changer - ok
11:56:44.0625 3612	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
11:56:44.0875 3612	CiSvc - ok
11:56:44.0921 3612	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
11:56:45.0187 3612	ClipSrv - ok
11:56:45.0203 3612	CmdIde - ok
11:56:45.0218 3612	COMSysApp - ok
11:56:45.0250 3612	Cpqarray - ok
11:56:45.0296 3612	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
11:56:45.0546 3612	CryptSvc - ok
11:56:45.0578 3612	dac2w2k - ok
11:56:45.0593 3612	dac960nt - ok
11:56:45.0671 3612	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
11:56:45.0828 3612	DcomLaunch - ok
11:56:45.0890 3612	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
11:56:46.0140 3612	Dhcp - ok
11:56:46.0187 3612	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:56:46.0453 3612	Disk - ok
11:56:46.0484 3612	dmadmin - ok
11:56:46.0625 3612	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
11:56:46.0984 3612	dmboot - ok
11:56:47.0015 3612	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
11:56:47.0328 3612	dmio - ok
11:56:47.0359 3612	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:56:47.0609 3612	dmload - ok
11:56:47.0656 3612	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
11:56:47.0921 3612	dmserver - ok
11:56:47.0953 3612	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:56:48.0203 3612	DMusic - ok
11:56:48.0250 3612	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
11:56:48.0359 3612	Dnscache - ok
11:56:48.0421 3612	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
11:56:48.0671 3612	Dot3svc - ok
11:56:48.0687 3612	dpti2o - ok
11:56:48.0843 3612	DragonUpdater   (7b8ba06b85ae250df996dcee2b31dd74) C:\Programme\Comodo\Dragon\dragon_updater.exe
11:56:48.0921 3612	DragonUpdater - ok
11:56:48.0968 3612	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:56:49.0218 3612	drmkaud - ok
11:56:49.0265 3612	E1000           (4beb6f44b0dc94af9fb20e97ab7ad47c) C:\WINDOWS\system32\DRIVERS\e1000325.sys
11:56:49.0343 3612	E1000 - ok
11:56:49.0390 3612	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
11:56:49.0656 3612	EapHost - ok
11:56:49.0734 3612	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
11:56:49.0984 3612	ERSvc - ok
11:56:50.0062 3612	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
11:56:50.0171 3612	Eventlog - ok
11:56:50.0250 3612	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
11:56:50.0343 3612	EventSystem - ok
11:56:50.0375 3612	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:56:50.0625 3612	Fastfat - ok
11:56:50.0703 3612	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
11:56:50.0812 3612	FastUserSwitchingCompatibility - ok
11:56:50.0859 3612	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:56:51.0125 3612	Fdc - ok
11:56:51.0171 3612	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
11:56:51.0421 3612	Fips - ok
11:56:51.0453 3612	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:56:51.0718 3612	Flpydisk - ok
11:56:51.0781 3612	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:56:52.0015 3612	FltMgr - ok
11:56:52.0078 3612	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:56:52.0343 3612	Fs_Rec - ok
11:56:52.0406 3612	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:56:52.0640 3612	Ftdisk - ok
11:56:52.0718 3612	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:56:52.0953 3612	Gpc - ok
11:56:53.0093 3612	gupdate         (506708142bc63daba64f2d3ad1dcd5bf) C:\Programme\Google\Update\GoogleUpdate.exe
11:56:53.0140 3612	gupdate - ok
11:56:53.0156 3612	gupdatem        (506708142bc63daba64f2d3ad1dcd5bf) C:\Programme\Google\Update\GoogleUpdate.exe
11:56:53.0203 3612	gupdatem - ok
11:56:53.0265 3612	gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
11:56:53.0296 3612	gusvc - ok
11:56:53.0390 3612	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:56:53.0640 3612	helpsvc - ok
11:56:53.0718 3612	HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
11:56:53.0968 3612	HidServ - ok
11:56:54.0000 3612	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:56:54.0250 3612	HidUsb - ok
11:56:54.0296 3612	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
11:56:54.0546 3612	hkmsvc - ok
11:56:54.0562 3612	hpn - ok
11:56:54.0640 3612	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:56:54.0718 3612	HTTP - ok
11:56:54.0765 3612	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
11:56:55.0046 3612	HTTPFilter - ok
11:56:55.0078 3612	i2omgmt - ok
11:56:55.0093 3612	i2omp - ok
11:56:55.0156 3612	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:56:55.0406 3612	i8042prt - ok
11:56:55.0546 3612	ialm            (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
11:56:55.0718 3612	ialm - ok
11:56:55.0750 3612	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:56:56.0000 3612	Imapi - ok
11:56:56.0062 3612	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
11:56:56.0296 3612	ImapiService - ok
11:56:56.0328 3612	ini910u - ok
11:56:56.0375 3612	IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:56:56.0609 3612	IntelIde - ok
11:56:56.0656 3612	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:56:56.0906 3612	intelppm - ok
11:56:56.0953 3612	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:56:57.0203 3612	Ip6Fw - ok
11:56:57.0234 3612	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:56:57.0500 3612	IpFilterDriver - ok
11:56:57.0562 3612	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:56:57.0796 3612	IpInIp - ok
11:56:57.0843 3612	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:56:58.0078 3612	IpNat - ok
11:56:58.0140 3612	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:56:58.0390 3612	IPSec - ok
11:56:58.0421 3612	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:56:58.0562 3612	IRENUM - ok
11:56:58.0609 3612	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:56:58.0859 3612	isapnp - ok
11:56:58.0875 3612	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:56:59.0140 3612	Kbdclass - ok
11:56:59.0171 3612	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:56:59.0421 3612	kmixer - ok
11:56:59.0484 3612	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:56:59.0578 3612	KSecDD - ok
11:56:59.0625 3612	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
11:56:59.0750 3612	lanmanserver - ok
11:56:59.0812 3612	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
11:56:59.0906 3612	lanmanworkstation - ok
11:56:59.0921 3612	lbrtfdc - ok
11:57:00.0000 3612	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
11:57:00.0265 3612	LmHosts - ok
11:57:00.0390 3612	MDM             (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
11:57:00.0437 3612	MDM - ok
11:57:00.0500 3612	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
11:57:00.0781 3612	Messenger - ok
11:57:00.0843 3612	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:57:01.0078 3612	mnmdd - ok
11:57:01.0156 3612	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
11:57:01.0406 3612	mnmsrvc - ok
11:57:01.0453 3612	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
11:57:01.0671 3612	Modem - ok
11:57:01.0703 3612	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:57:01.0937 3612	Mouclass - ok
11:57:02.0000 3612	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:57:02.0250 3612	MountMgr - ok
11:57:02.0343 3612	MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
11:57:02.0390 3612	MozillaMaintenance - ok
11:57:02.0406 3612	mraid35x - ok
11:57:02.0468 3612	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:57:02.0703 3612	MRxDAV - ok
11:57:02.0796 3612	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:57:02.0937 3612	MRxSmb - ok
11:57:03.0000 3612	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
11:57:03.0250 3612	MSDTC - ok
11:57:03.0281 3612	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:57:03.0531 3612	Msfs - ok
11:57:03.0546 3612	MSIServer - ok
11:57:03.0609 3612	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:57:03.0843 3612	MSKSSRV - ok
11:57:03.0859 3612	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:57:04.0078 3612	MSPCLOCK - ok
11:57:04.0093 3612	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:57:04.0359 3612	MSPQM - ok
11:57:04.0390 3612	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:57:04.0625 3612	mssmbios - ok
11:57:04.0687 3612	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:57:04.0750 3612	Mup - ok
11:57:04.0828 3612	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
11:57:05.0109 3612	napagent - ok
11:57:05.0171 3612	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:57:05.0453 3612	NDIS - ok
11:57:05.0500 3612	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:57:05.0562 3612	NdisTapi - ok
11:57:05.0593 3612	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:57:05.0828 3612	Ndisuio - ok
11:57:05.0906 3612	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:57:06.0156 3612	NdisWan - ok
11:57:06.0218 3612	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:57:06.0281 3612	NDProxy - ok
11:57:06.0312 3612	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:57:06.0546 3612	NetBIOS - ok
11:57:06.0593 3612	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:57:06.0828 3612	NetBT - ok
11:57:06.0875 3612	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
11:57:07.0140 3612	NetDDE - ok
11:57:07.0156 3612	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
11:57:07.0406 3612	NetDDEdsdm - ok
11:57:07.0453 3612	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:57:07.0687 3612	Netlogon - ok
11:57:07.0765 3612	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
11:57:08.0015 3612	Netman - ok
11:57:08.0140 3612	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
11:57:08.0218 3612	Nla - ok
11:57:08.0281 3612	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:57:08.0515 3612	Npfs - ok
11:57:08.0578 3612	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:57:08.0890 3612	Ntfs - ok
11:57:08.0906 3612	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:57:09.0140 3612	NtLmSsp - ok
11:57:09.0203 3612	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
11:57:09.0500 3612	NtmsSvc - ok
11:57:09.0546 3612	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:57:09.0781 3612	Null - ok
11:57:09.0843 3612	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:57:10.0109 3612	NwlnkFlt - ok
11:57:10.0125 3612	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:57:10.0359 3612	NwlnkFwd - ok
11:57:10.0437 3612	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
11:57:10.0468 3612	ose - ok
11:57:10.0546 3612	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
11:57:10.0781 3612	Parport - ok
11:57:10.0812 3612	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:57:11.0031 3612	PartMgr - ok
11:57:11.0078 3612	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
11:57:11.0484 3612	ParVdm - ok
11:57:11.0546 3612	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
11:57:11.0796 3612	PCI - ok
11:57:11.0796 3612	PCIDump - ok
11:57:11.0843 3612	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:57:12.0078 3612	PCIIde - ok
11:57:12.0109 3612	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:57:12.0343 3612	Pcmcia - ok
11:57:12.0375 3612	PDCOMP - ok
11:57:12.0406 3612	PDFRAME - ok
11:57:12.0421 3612	PDRELI - ok
11:57:12.0437 3612	PDRFRAME - ok
11:57:12.0453 3612	perc2 - ok
11:57:12.0484 3612	perc2hib - ok
11:57:12.0578 3612	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
11:57:12.0671 3612	PlugPlay - ok
11:57:12.0687 3612	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:57:12.0937 3612	PolicyAgent - ok
11:57:13.0000 3612	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:57:13.0234 3612	PptpMiniport - ok
11:57:13.0250 3612	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:57:13.0500 3612	ProtectedStorage - ok
11:57:13.0531 3612	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:57:13.0765 3612	PSched - ok
11:57:13.0828 3612	PSI             (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
11:57:13.0875 3612	PSI - ok
11:57:13.0937 3612	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:57:14.0171 3612	Ptilink - ok
11:57:14.0187 3612	ql1080 - ok
11:57:14.0218 3612	Ql10wnt - ok
11:57:14.0234 3612	ql12160 - ok
11:57:14.0250 3612	ql1240 - ok
11:57:14.0281 3612	ql1280 - ok
11:57:14.0312 3612	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:57:14.0546 3612	RasAcd - ok
11:57:14.0609 3612	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
11:57:14.0875 3612	RasAuto - ok
11:57:14.0906 3612	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:57:15.0156 3612	Rasl2tp - ok
11:57:15.0218 3612	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
11:57:15.0484 3612	RasMan - ok
11:57:15.0500 3612	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:57:15.0750 3612	RasPppoe - ok
11:57:15.0765 3612	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:57:15.0984 3612	Raspti - ok
11:57:16.0015 3612	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:57:16.0250 3612	Rdbss - ok
11:57:16.0296 3612	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:57:16.0515 3612	RDPCDD - ok
11:57:16.0578 3612	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:57:16.0812 3612	rdpdr - ok
11:57:16.0890 3612	RDPWD           (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
11:57:16.0984 3612	RDPWD - ok
11:57:17.0062 3612	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
11:57:17.0328 3612	RDSessMgr - ok
11:57:17.0359 3612	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:57:17.0593 3612	redbook - ok
11:57:17.0656 3612	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
11:57:17.0890 3612	RemoteAccess - ok
11:57:17.0968 3612	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
11:57:18.0218 3612	RemoteRegistry - ok
11:57:18.0281 3612	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
11:57:18.0515 3612	RpcLocator - ok
11:57:18.0593 3612	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
11:57:18.0718 3612	RpcSs - ok
11:57:18.0781 3612	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
11:57:19.0046 3612	RSVP - ok
11:57:19.0109 3612	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:57:19.0343 3612	SamSs - ok
11:57:19.0406 3612	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
11:57:19.0656 3612	SCardSvr - ok
11:57:19.0734 3612	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
11:57:19.0984 3612	Schedule - ok
11:57:20.0062 3612	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:57:20.0171 3612	Secdrv - ok
11:57:20.0218 3612	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
11:57:20.0468 3612	seclogon - ok
11:57:20.0562 3612	Secunia PSI Agent - ok
11:57:20.0578 3612	Secunia Update Agent - ok
11:57:20.0640 3612	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
11:57:20.0890 3612	SENS - ok
11:57:20.0921 3612	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:57:21.0140 3612	serenum - ok
11:57:21.0156 3612	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
11:57:21.0406 3612	Serial - ok
11:57:21.0421 3612	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:57:21.0656 3612	Sfloppy - ok
11:57:21.0734 3612	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
11:57:22.0015 3612	SharedAccess - ok
11:57:22.0078 3612	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
11:57:22.0171 3612	ShellHWDetection - ok
11:57:22.0187 3612	Simbad - ok
11:57:22.0296 3612	smwdm           (5ac51dba9b3a75d6ca79583edbf23001) C:\WINDOWS\system32\drivers\smwdm.sys
11:57:22.0421 3612	smwdm - ok
11:57:22.0531 3612	SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
11:57:22.0546 3612	SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - warning
11:57:22.0546 3612	SoundMAX Agent Service (default) - detected UnsignedFile.Multi.Generic (1)
11:57:22.0562 3612	Sparrow - ok
11:57:22.0625 3612	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:57:22.0859 3612	splitter - ok
11:57:22.0921 3612	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:57:23.0015 3612	Spooler - ok
11:57:23.0062 3612	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
11:57:23.0203 3612	sr - ok
11:57:23.0265 3612	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
11:57:23.0421 3612	srservice - ok
11:57:23.0500 3612	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:57:23.0640 3612	Srv - ok
11:57:23.0703 3612	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
11:57:23.0859 3612	SSDPSRV - ok
11:57:23.0921 3612	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
11:57:24.0218 3612	stisvc - ok
11:57:24.0265 3612	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:57:24.0500 3612	swenum - ok
11:57:24.0531 3612	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:57:24.0765 3612	swmidi - ok
11:57:24.0781 3612	SwPrv - ok
11:57:24.0828 3612	symc810 - ok
11:57:24.0843 3612	symc8xx - ok
11:57:24.0859 3612	sym_hi - ok
11:57:24.0890 3612	sym_u3 - ok
11:57:24.0921 3612	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:57:25.0156 3612	sysaudio - ok
11:57:25.0218 3612	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
11:57:25.0484 3612	SysmonLog - ok
11:57:25.0546 3612	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
11:57:25.0812 3612	TapiSrv - ok
11:57:25.0890 3612	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:57:26.0000 3612	Tcpip - ok
11:57:26.0078 3612	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:57:26.0328 3612	TDPIPE - ok
11:57:26.0343 3612	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:57:26.0578 3612	TDTCP - ok
11:57:26.0625 3612	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:57:26.0859 3612	TermDD - ok
11:57:26.0953 3612	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
11:57:27.0218 3612	TermService - ok
11:57:27.0281 3612	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
11:57:27.0359 3612	Themes - ok
11:57:27.0421 3612	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
11:57:27.0593 3612	TlntSvr - ok
11:57:27.0625 3612	TosIde - ok
11:57:27.0687 3612	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
11:57:27.0968 3612	TrkWks - ok
11:57:28.0000 3612	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:57:28.0234 3612	Udfs - ok
11:57:28.0250 3612	ultra - ok
11:57:28.0343 3612	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:57:28.0640 3612	Update - ok
11:57:28.0703 3612	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
11:57:28.0859 3612	upnphost - ok
11:57:28.0906 3612	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
11:57:29.0156 3612	UPS - ok
11:57:29.0203 3612	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:57:29.0468 3612	usbccgp - ok
11:57:29.0515 3612	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:57:29.0750 3612	usbehci - ok
11:57:29.0812 3612	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:57:30.0031 3612	usbhub - ok
11:57:30.0093 3612	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:57:30.0343 3612	USBSTOR - ok
11:57:30.0406 3612	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:57:30.0625 3612	usbuhci - ok
11:57:30.0687 3612	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:57:30.0906 3612	VgaSave - ok
11:57:30.0937 3612	ViaIde - ok
11:57:30.0968 3612	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
11:57:31.0203 3612	VolSnap - ok
11:57:31.0281 3612	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
11:57:31.0437 3612	VSS - ok
11:57:31.0515 3612	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
11:57:31.0765 3612	W32Time - ok
11:57:31.0843 3612	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:57:32.0062 3612	Wanarp - ok
11:57:32.0078 3612	WDICA - ok
11:57:32.0140 3612	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:57:32.0375 3612	wdmaud - ok
11:57:32.0421 3612	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
11:57:32.0671 3612	WebClient - ok
11:57:32.0781 3612	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:57:33.0015 3612	winmgmt - ok
11:57:33.0093 3612	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
11:57:33.0187 3612	WmdmPmSN - ok
11:57:33.0281 3612	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
11:57:33.0453 3612	Wmi - ok
11:57:33.0531 3612	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:57:33.0765 3612	WmiApSrv - ok
11:57:33.0953 3612	WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
11:57:34.0078 3612	WMPNetworkSvc - ok
11:57:34.0156 3612	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
11:57:34.0406 3612	wscsvc - ok
11:57:34.0437 3612	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
11:57:34.0703 3612	wuauserv - ok
11:57:34.0796 3612	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
11:57:35.0109 3612	WZCSVC - ok
11:57:35.0171 3612	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
11:57:35.0437 3612	xmlprov - ok
11:57:35.0468 3612	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
11:57:36.0250 3612	\Device\Harddisk0\DR0 - ok
11:57:36.0281 3612	Boot (0x1200)   (b5cdc5b09e495f2c2b0a690b7e209642) \Device\Harddisk0\DR0\Partition0
11:57:36.0296 3612	\Device\Harddisk0\DR0\Partition0 - ok
11:57:36.0296 3612	============================================================
11:57:36.0296 3612	Scan finished
11:57:36.0296 3612	============================================================
11:57:36.0437 3604	Detected object count: 1
11:57:36.0437 3604	Actual detected object count: 1
11:57:56.0156 3604	SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:56.0156 3604	SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 30.07.2012, 16:09

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Riddle · 30.07.2012, 20:15

Leider lässt sich CF nicht dazu bewegen durchzulaufen. Beim 1. Start wurde die WH-Konsole installiert, die Registry gesichert und ein Wiederherstellungspunkt erstellt, aber danach bleibt CF an der Stelle mit dem Hinweis auf die voraussichtlichen 10 Minuten (oder länger) stehen - es passiert einfach nichts mehr. Auch ein 2. und ein 3. Versuch, jeweils nach Neustart, blieb ohne Erfolg.
Folgende Auffälligkeit: Obwohl ich Avira deinstalliert habe, zeigt CF an, dass der Echtzeitschutz noch aktiv sei. Ich habe in der Registry noch Einträge von Avira gefunden und diese gelöscht. Nun finde ich auf dem gesamten PC keine Dateien oder Hinweise mehr auf Avira - nur CF meckert immer noch ...???

Wie soll ich weiter vorgehen?

Gruß Riddle

cosinus · 30.07.2012, 21:20

Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.

Riddle · 30.07.2012, 22:12

Bin Deiner Anweisung gefolgt. CF streikt allerdings weiterhin. Nach wie vor erscheint auch die Meldung zu Antivir, Screenshot im Anhang. Ich habe keine Ahnung, wo sich die Reste von Antivir verstecken.

Ziemlich ratlos!

cosinus · 31.07.2012, 09:49

Wenn der Echtzeitschutz (Wächter auch als Guard bekannt) deaktiviert ist, kannst du diese Meldung eigentlich ignorieren - scheint irgendein Bug von AntiVir diese Probleme sind bei diesem Virenscanner schön öfter beobachtet worden

27.07.2012, 23:44	#16
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner TR/Atraps.gen2/TR, Crypt.ULPM.Gen, TR/Nedsym.G.400 und Rootkits Probier es mit dem Button Scan, nicht Quickscan __________________ Logfiles bitte immer in CODE-Tags posten

28.07.2012, 23:07	#18
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner TR/Atraps.gen2/TR, Crypt.ULPM.Gen, TR/Nedsym.G.400 und Rootkits Ja, aber das als CustomScan bitte noch probieren Sry war etwas missverständlich von mir __________________ __________________

30.07.2012, 21:20	#28
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner TR/Atraps.gen2/TR, Crypt.ULPM.Gen, TR/Nedsym.G.400 und Rootkits Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal. __________________ Logfiles bitte immer in CODE-Tags posten

31.07.2012, 09:49	#30
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner TR/Atraps.gen2/TR, Crypt.ULPM.Gen, TR/Nedsym.G.400 und Rootkits Wenn der Echtzeitschutz (Wächter auch als Guard bekannt) deaktiviert ist, kannst du diese Meldung eigentlich ignorieren - scheint irgendein Bug von AntiVir diese Probleme sind bei diesem Virenscanner schön öfter beobachtet worden __________________ Logfiles bitte immer in CODE-Tags posten

Trojaner TR/Atraps.gen2/TR, Crypt.ULPM.Gen, TR/Nedsym.G.400 und Rootkits

Plagegeister aller Art und deren Bekämpfung: Trojaner TR/Atraps.gen2/TR, Crypt.ULPM.Gen, TR/Nedsym.G.400 und Rootkits