Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Live Security Platinum, Programme ausführen nicht möglich (https://www.trojaner-board.de/119775-live-security-platinum-programme-ausfuehren-moeglich.html)

che 18.07.2012 00:35
Live Security Platinum, Programme ausführen nicht möglich
 
Ich habe mir vor ein paar Stunden Malware eingefangen, die eine Benützung des PCs unmöglich macht: Programme sind nicht ausführbar, Browser nur beschränkt benützbar, ständige Weiterleitungen und Aufforderungen die Live Security Platinum Software zu kaufen...
In den abgesicherten Modud komme ich auch nicht mehr.
Die MS-Wiederherstellungskonsole ist installiert.

Leider kann ich keine Logfiles erstellen da die Programme nicht ausführbar sind.
Gibt es überhaupt noch etwas was ich tun kann ausser neu aufsetzen?

LG che

EDIT: Konnte jetzt über ein anderes (eingeschränktes) Konto alle Programme ausführen ausser GMER (dieses benötigt Adminrechte). Defogger hat einen Fehler festgestellt.

Code:
OTL logfile created on: 18.07.2012 01:53:26 - Run 1
OTL by OldTimer - Version 3.2.54.0    Folder = C:\Dokumente und Einstellungen\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,48 Mb Total Physical Memory | 686,28 Mb Available Physical Memory | 67,05% Memory free
3,90 Gb Paging File | 3,56 Gb Available in Paging File | 91,33% Paging File free
Paging file location(s): E:\pagefile.sys 3070 3070 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 78,13 Gb Total Space | 15,62 Gb Free Space | 20% Space Free | Partition Type: NTFS
Drive E: | 4,50 Gb Total Space | 1,48 Gb Free Space | 32,88% Space Free | Partition Type: NTFS
 
Computer Name: MEDION-PC | User Name: User | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.18 01:48:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.03.30 15:13:06 | 000,389,120 | R--- | M] (Teleca) -- C:\Programme\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2010.03.17 16:22:52 | 001,019,904 | R--- | M] (Teleca Sweden AB) -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2010.03.17 16:08:22 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2010.03.17 16:08:04 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2009.12.11 15:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
PRC - [2009.06.03 10:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Programme\Gemeinsame Dateien\Teleca Shared\logger.exe
PRC - [2009.04.14 13:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
PRC - [2008.06.24 17:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.05.01 00:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003.08.04 15:54:52 | 000,215,552 | ---- | M] (Intersil Americas Inc.) -- C:\WINDOWS\system32\PRISMSTA.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2010.03.31 10:08:50 | 000,240,552 | R--- | M] () -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll
MOD - [2010.03.31 10:08:50 | 000,240,552 | R--- | M] () -- C:\Programme\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll
MOD - [2010.03.17 16:20:30 | 000,139,264 | R--- | M] () -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll
MOD - [2006.10.22 12:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.11 19:17:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Unknown] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.19 14:33:33 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Unknown] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Unknown] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Unknown] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Unknown] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011.12.30 21:32:20 | 000,218,624 | ---- | M] () [Auto | Unknown] -- C:\Programme\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2010.11.16 15:37:38 | 000,264,704 | ---- | M] () [Auto | Unknown] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2009.11.12 00:09:33 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Unknown] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.09.30 11:15:52 | 000,065,024 | ---- | M] (tzuk) [Auto | Unknown] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2008.06.24 17:05:56 | 000,537,896 | ---- | M] (Nero AG) [On_Demand | Unknown] -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008.05.01 00:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl)
SRV - [2007.03.06 11:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Unknown] -- C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\usbser.sys -- (usbser)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Unknown] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\2D.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\lgvmodem.sys -- (LGVMODEM)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\lgbtbus.sys -- (lgbusenum)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\lgbtport.sys -- (LgBttPort)
DRV - File not found [Kernel | System | Unknown] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Unknown] -- System32\Drivers\iiusbisp.sys -- (IIUSBISP)
DRV - File not found [Kernel | System | Unknown] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Unknown] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (alye2joa)
DRV - [2012.07.18 01:15:52 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Unknown] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.12.30 21:32:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011.12.30 21:32:26 | 000,106,496 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011.12.30 21:32:26 | 000,072,576 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.12 13:53:27 | 000,717,296 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009.09.30 11:15:52 | 000,116,736 | ---- | M] (tzuk) [Kernel | On_Demand | Unknown] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009.06.10 16:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008.05.01 00:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl)
DRV - [2007.09.19 22:37:48 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Unknown] -- C:\Programme\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2006.12.14 01:39:28 | 000,040,832 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2006.12.13 18:52:50 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2003.08.07 16:36:48 | 000,362,688 | ---- | M] (Intersil Americas Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\PRISMA00.sys -- (PRISM_A00)
DRV - [2001.08.17 13:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001.06.07 11:56:38 | 000,018,120 | R--- | M] (  ) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\GT680x.sys -- (SampleScanner)
DRV - [2001.06.07 11:56:38 | 000,018,120 | R--- | M] (  ) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\GT680x.sys -- (GT680x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = hxxp://www.google.com/search?q=%s
IE - HKCU\..\SearchScopes,DefaultScope = {9230B84B-BC4E-4C78-9E08-FF679546EFA9}
IE - HKCU\..\SearchScopes\{9230B84B-BC4E-4C78-9E08-FF679546EFA9}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLG
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\2.0.40115.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.19 14:33:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.06.06 14:46:37 | 000,000,000 | ---D | M]
 
[2012.02.03 09:16:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions
[2012.02.03 09:18:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\wg6tn4pd.default\extensions
[2012.02.03 09:18:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\User


\Anwendungsdaten\Mozilla\Firefox\Profiles\wg6tn4pd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.07 23:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.19 14:33:33 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.04.20 11:29:10 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.20 11:29:10 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.04.20 11:29:10 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.20 11:29:10 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.20 11:29:10 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.20 11:29:10 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.06.04 17:41:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Programme\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PRISMSTA.EXE] C:\WINDOWS\System32\PRISMSTA.exe (Intersil Americas Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2744F42-6589-459A-BFEA-55179D4FA142}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Antiwpa: DllName - (antiwpa.dll) - C:\WINDOWS\System32\antiwpa.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.11.07 20:07:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.18 01:48:42 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe
[2012.07.18 01:44:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\CyberLink PowerDVD
[2012.07.18 00:47:09 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.07.18 00:34:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036E19080000E340DBAE907C7B07D287
[2012.07.10 01:23:59 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
[2012.07.10 01:23:59 | 000,369,152 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll
[2012.07.10 01:23:59 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2012.07.10 01:23:59 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2012.07.10 01:23:52 | 000,000,000 | ---D | C] -- C:\Programme\AviSynth 2.5
[2012.07.10 01:07:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SUPER
[2012.07.10 01:07:37 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2012.07.10 01:07:37 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2012.07.10 01:07:37 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2012.07.10 01:07:37 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2012.07.10 01:07:37 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2012.07.10 01:07:37 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2012.07.10 01:07:37 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2012.07.10 01:07:37 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2012.07.10 01:07:37 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2012.07.10 01:07:37 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2012.07.10 01:07:37 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2012.07.10 01:07:30 | 000,000,000 | ---D | C] -- C:\Programme\SUPER
[2012.07.10 01:02:00 | 000,000,000 | ---D | C] -- C:\Programme\eRightSoft
[2012.07.03 14:07:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.07.01 02:46:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YTD Video Downloader
[2012.07.01 02:46:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\YTD Video Downloader
[2012.07.01 02:46:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YTD YouTube Downloader & Converter
[2012.07.01 02:45:54 | 000,000,000 | ---D | C] -- C:\Programme\YTD YouTube Downloader & Converter
[2012.06.22 11:32:10 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\User\Recent
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.18 01:49:03 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\User\defogger_reenable
[2012.07.18 01:48:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe
[2012.07.18 01:48:24 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Defogger.exe
[2012.07.18 01:44:32 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.18 01:44:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.18 01:44:09 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.18 01:23:11 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.07.18 01:18:15 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.18 01:15:52 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.07.18 00:56:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.18 00:17:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.07.10 01:55:25 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.07.10 01:07:39 | 000,000,610 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPER ©.lnk
[2012.07.01 02:46:45 | 000,000,805 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\YTD Video Downloader.lnk
[2012.06.22 11:25:18 | 001,510,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.22 11:20:56 | 000,456,474 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.06.22 11:20:56 | 000,441,112 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.22 11:20:56 | 000,084,928 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.06.22 11:20:56 | 000,071,430 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.22 11:15:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.18 01:49:03 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\defogger_reenable
[2012.07.18 01:48:24 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Defogger.exe
[2012.07.18 01:44:09 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.10 01:23:59 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2012.07.10 01:07:39 | 000,000,610 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPER ©.lnk
[2012.07.10 01:07:37 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2012.07.10 01:07:37 | 000,195,584 | RHS- | C] () -- C:\WINDOWS\System32\MatroskaDX.ax
[2012.07.10 01:07:37 | 000,121,344 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.ax
[2012.07.10 01:07:37 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2012.07.10 01:07:37 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2012.07.10 01:07:37 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2012.07.10 01:07:37 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2012.07.10 01:07:36 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2012.07.01 02:46:45 | 000,000,805 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\YTD Video Downloader.lnk
[2012.05.30 15:39:36 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012.05.30 15:39:36 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2012.02.29 16:01:59 | 000,000,488 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2012.02.29 14:02:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010.12.27 02:04:17 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.10.11 13:32:42 | 000,030,720 | ---- | C] () -- C:\WINDOWS\EWhiteu12.dat
[2010.10.11 13:32:42 | 000,000,004 | ---- | C] () -- C:\WINDOWS\AErroru3.dat
[2010.10.11 13:32:39 | 000,030,720 | ---- | C] () -- C:\WINDOWS\EDarku12.dat
[2010.10.11 13:32:37 | 000,000,006 | ---- | C] () -- C:\WINDOWS\EExpou.dat
[2010.10.11 13:32:37 | 000,000,003 | ---- | C] () -- C:\WINDOWS\EOffsetu.dat
[2010.10.11 13:32:37 | 000,000,003 | ---- | C] () -- C:\WINDOWS\EGain6.dat
[2010.10.11 13:32:02 | 000,000,275 | R--- | C] () -- C:\WINDOWS\System32\Arsetup.ini
[2010.10.11 13:30:00 | 000,200,704 | ---- | C] () -- C:\WINDOWS\Ausba3.dll
[2010.10.11 13:30:00 | 000,011,542 | ---- | C] () -- C:\WINDOWS\Dusb3ar.ini
[2010.10.11 13:30:00 | 000,002,685 | ---- | C] () -- C:\WINDOWS\Ausba3.INI
[2010.10.11 13:30:00 | 000,000,863 | ---- | C] () -- C:\WINDOWS\ScnPanel.ini
[2010.10.11 13:29:58 | 000,018,120 | R--- | C] (  ) -- C:\WINDOWS\System32\drivers\GT680x.sys
[2010.10.11 13:29:55 | 000,001,674 | ---- | C] () -- C:\WINDOWS\Flachbett.ini
[2008.05.01 00:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{86d44e12-40ad-65a0-3f37-d9e36790f914}\@
 
========== LOP Check ==========
 
[2012.07.18 00:36:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036E19080000E340DBAE907C7B07D287
[2009.12.22 02:16:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2010.01.12 12:52:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2011.11.09 03:57:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cypheros
[2009.11.12 13:56:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2011.12.30 21:34:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService
[2011.11.09 01:01:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fontconfig
[2010.09.11 03:28:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HTC
[2011.09.18 00:07:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LGMOBILEAX
[2011.12.30 21:34:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner
[2010.01.12 00:46:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel
[2010.01.12 00:46:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SPSS
[2010.09.11 03:28:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
[2011.11.20 02:35:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2012.07.01 02:46:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YTD Video Downloader
[2012.07.01 02:46:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YTD YouTube Downloader & Converter
[2012.02.03 09:15:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Teleca
 
========== Purity Check ==========
 
 

< End of report >

Code:
OTL Extras logfile created on: 18.07.2012 01:53:27 - Run 1
OTL by OldTimer - Version 3.2.54.0    Folder = C:\Dokumente und Einstellungen\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,48 Mb Total Physical Memory | 686,28 Mb Available Physical Memory | 67,05% Memory free
3,90 Gb Paging File | 3,56 Gb Available in Paging File | 91,33% Paging File free
Paging file location(s): E:\pagefile.sys 3070 3070 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 78,13 Gb Total Space | 15,62 Gb Free Space | 20% Space Free | Partition Type: NTFS
Drive E: | 4,50 Gb Total Space | 1,48 Gb Free Space | 32,88% Space Free | Partition Type: NTFS
 
Computer Name: MEDION-PC | User Name: User | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Programme\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Java\jre7\bin\javaw.exe" = C:\Programme\Java\jre7\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary -- (Oracle Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9
"{1CC70590-9737-48B0-BA7E-C8DBF0F890C3}" = Flachbettscanner
"{211E8730-5681-49ED-BC6A-78C9F88E95F5}" = Adobe Shockwave Player
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Foto-Manager 2009
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F311E2E-C275-4CF0-8154-B63991832668}_is1" = SUPER © v2012.build.52 (July 7, 2012) Version v2012.build.52
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{9782762F-639B-499B-A23D-5EBEAFC160E6}" = Microsoft Tool Web Package:diskpart.exe
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4174D1-7970-40E6-AC57-F095F961FB08}" = HTC Sync
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8 Ultra Edition HD
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA1CB7AC-E221-4822-A789-0ADB051DC498}" = Medion Flash XL
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"AdobeFlashFiles" = Adobe Flash Player
"Avira AntiVir Desktop" = Avira Free Antivirus
"Avira NTFS4DOS" = Avira NTFS4DOS 1.9
"CCleaner" = CCleaner
"C-Media Audio" = C-Media 3D Audio
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DXAddon" = DirectX 9.0c Zusatzdateien
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00
"Foxit Reader_is1" = Foxit Reader 5.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.18.403
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HaaliMkx" = Haali Media Splitter
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"ImgBurn" = ImgBurn
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD Ultra
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MKVtoolnix" = MKVtoolnix 5.0.1
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Runtimes" = Allgemeine Runtime Dateien
"Sandboxie" = Sandboxie 3.40
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Totalcmd" = Total Commander (Remove or Repair)
"TsRemux_is1" = TsRemux 0.23.2
"Unlocker" = Unlocker 1.8.7
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WinRAR archiver" = WinRAR
"XP Codec Pack" = XP Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
Error: Unable to start EventLog service!
 
< End of report >

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 01:53 on 18/07/2012 (Mama)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
Error opening service: SPTD (5)


-=E.O.F=-

markusg 19.07.2012 19:59
hi
bekommen wir auch die malwarebytes logs mit funden?
unter malwarebytes logdateien zu finden

che 20.07.2012 10:56
Habe jetzt herausgefunden, dass der abgesicherte Modus (OHNE Netzwerktreiber) funktioniert! Habe hier gleich einen MBAM Scan durchgefühert. Es wurde auch die LiveSecurityPlatinum Malware gefunden. Eine Bereinigung brachte allerdings keinen Erfolg.

Hier der log:

Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.30.07

Windows XP Service Pack 3 x86 NTFS (Abgesichertenmodus)
Internet Explorer 7.0.5730.13
Che :: MEDION-PC [Administrator]

18.07.2012 12:40:58
mbam-log-2012-07-18 (12-40-58).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 332841
Laufzeit: 45 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Dokumente und Einstellungen\Che\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg 25.07.2012 20:48
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

che 26.07.2012 19:40
OK Combofix ist jetzt durch. Der PC scheint keine Probleme mehr zu haben.

hier das logfile:

Code:
ComboFix 12-07-27.02 - Che 26.07.2012  19:37:55.3.2 - x86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1023.701 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\User\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\036E19080000E340DBAE907C7B07D287
c:\dokumente und einstellungen\All Users\Anwendungsdaten\036E19080000E340DBAE907C7B07D287\036E19080000E340DBAE907C7B07D287
c:\dokumente und einstellungen\All Users\Anwendungsdaten\036E19080000E340DBAE907C7B07D287\036E19080000E340DBAE907C7B07D287.exe
c:\dokumente und einstellungen\All Users\Anwendungsdaten\036E19080000E340DBAE907C7B07D287\036E19080000E340DBAE907C7B07D287.ico
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-26 bis 2012-07-26  ))))))))))))))))))))))))))))))
.
.
2012-07-26 07:39 . 2012-07-26 07:39        --------        d-----w-        c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Sun
2012-07-20 11:40 . 2012-07-20 11:40        --------        d-----w-        c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Identities
2012-07-18 07:37 . 2012-07-18 07:37        --------        d-----w-        c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Temp
2012-07-18 07:37 . 2012-07-18 07:37        --------        d-----w-        c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Adobe
2012-07-09 23:23 . 2009-09-27 07:39        369152        ----a-w-        c:\windows\system32\avisynth.dll
2012-07-09 23:23 . 2005-07-14 10:31        32256        ----a-w-        c:\windows\system32\AVSredirect.dll
2012-07-09 23:23 . 2004-02-22 08:11        719872        ----a-w-        c:\windows\system32\devil.dll
2012-07-09 23:23 . 2004-01-24 22:00        70656        ----a-w-        c:\windows\system32\yv12vfw.dll
2012-07-09 23:23 . 2004-01-24 22:00        70656        ----a-w-        c:\windows\system32\i420vfw.dll
2012-07-09 23:23 . 2012-07-09 23:23        --------        d-----w-        c:\programme\AviSynth 2.5
2012-07-09 23:02 . 2012-07-09 23:02        --------        d-----w-        c:\programme\eRightSoft
2012-07-01 00:46 . 2012-07-01 00:46        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\YTD Video Downloader
2012-07-01 00:46 . 2012-07-01 00:46        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\YTD YouTube Downloader & Converter
2012-07-01 00:45 . 2012-07-01 00:45        --------        d-----w-        c:\programme\YTD YouTube Downloader & Converter
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 17:17 . 2012-03-30 19:36        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-07-11 17:17 . 2011-07-10 17:43        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-06 12:29 . 2009-11-07 18:13        143872        ----a-w-        c:\windows\system32\javacpl.cpl
2012-06-02 13:19 . 2009-11-07 18:14        18456        ----a-w-        c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-11-07 18:14        15896        ----a-w-        c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2009-11-07 18:05        329240        ----a-w-        c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2009-11-07 18:05        210968        ----a-w-        c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-11-07 18:05        219160        ----a-w-        c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-11-07 18:14        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-11-07 18:14        15896        ----a-w-        c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2009-11-07 18:05        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2009-11-07 18:05        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-04-30 22:00        97304        ----a-w-        c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-11-07 18:14        23576        ----a-w-        c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-11-07 18:05        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-11-07 18:05        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2008-04-30 22:00        604160        ----a-w-        c:\windows\system32\crypt32.dll
2012-05-15 15:37 . 2008-03-01 12:54        832512        ----a-w-        c:\windows\system32\wininet.dll
2012-05-15 13:56 . 2008-04-30 22:00        1863296        ----a-w-        c:\windows\system32\win32k.sys
2012-05-05 03:14 . 2008-04-30 22:00        2150912        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2008-04-14 05:30        2029056        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2009-11-07 18:03        139656        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2009-09-25 16:41 . 2009-09-25 16:41        1044480        ----a-w-        c:\programme\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41        200704        ----a-w-        c:\programme\mozilla firefox\plugins\ssldivx.dll
2012-06-19 12:33 . 2012-04-20 09:29        85472        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06        163328        --sha-r-        c:\windows\system32\flvDX.dll
2007-02-21 11:47        31232        --sha-r-        c:\windows\system32\msfDX.dll
2008-03-16 13:30        216064        --sha-r-        c:\windows\system32\nbDX.dll
2010-01-06 22:00        107520        --sha-r-        c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRISMSTA.EXE"="PRISMSTA.EXE START" [X]
"Malwarebytes Anti-Malware (reboot)"="c:\programme\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\programme\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 54832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"Mobile Connectivity Suite"="c:\programme\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-30 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2012-04-23 124928]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-30 22:00        15360        ----a-w-        c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
2002-08-28 12:43        73728        ----a-w-        c:\windows\Dit.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Java\\jre7\\bin\\javaw.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.11.2009 13:53 717296]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [30.12.2011 21:32 72576]
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [12.06.2012 01:25 36000]
S2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [12.06.2012 01:25 86224]
S2 gupdate;Google Update-Dienst (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [20.11.2011 02:36 136176]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\dokumente und einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe -/service --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe -/service [?]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\programme\Mobile Partner\UpdateDog\ouc.exe [30.12.2011 21:32 218624]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30.03.2012 21:36 250056]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [30.12.2011 21:32 117504]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [20.11.2011 02:36 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [11.09.2010 03:27 24576]
S3 IIUSBISP;USB Mass Storage for USB ISP;c:\windows\system32\Drivers\iiusbisp.sys --> c:\windows\system32\Drivers\iiusbisp.sys [?]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys --> c:\windows\system32\DRIVERS\lgbtport.sys [?]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys --> c:\windows\system32\DRIVERS\lgbtbus.sys [?]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys --> c:\windows\system32\DRIVERS\lgvmodem.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2D.tmp --> c:\windows\system32\2D.tmp [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [28.01.2011 14:55 40832]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [25.04.2012 03:38 113120]
S3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [07.11.2009 23:55 362688]
S3 SampleScanner;USB Flatbed Scanner ;c:\windows\system32\drivers\GT680x.sys [11.10.2010 13:29 18120]
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:17]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-11-20 00:36]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-11-20 00:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Che\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
FF - ProfilePath - c:\dokumente und einstellungen\Che\Anwendungsdaten\Mozilla\Firefox\Profiles\0txjmau0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - prefs.js: network.proxy.http - 109.234.27.84
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-26 19:45
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2D.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\programme\CyberLink\PowerDVD\000.fcl"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
Zeit der Fertigstellung: 2012-07-26  19:47:45
ComboFix-quarantined-files.txt  2012-07-26 17:47
.
Vor Suchlauf: 8.395.141.120 Bytes frei
Nach Suchlauf: 8.447.287.296 Bytes frei
.
- - End Of File - - EBF177313CEE5FD619CF2EA768A8750A

markusg 27.07.2012 22:26
hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

che 28.07.2012 11:44
ok, sieht gut aus!

Code:
12:35:53.0390 3688        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
12:35:53.0421 3688        ============================================================
12:35:53.0421 3688        Current date / time: 2012/07/28 12:35:53.0421
12:35:53.0421 3688        SystemInfo:
12:35:53.0421 3688       
12:35:53.0421 3688        OS Version: 5.1.2600 ServicePack: 3.0
12:35:53.0421 3688        Product type: Workstation
12:35:53.0421 3688        ComputerName: MEDION-PC
12:35:53.0421 3688        UserName: User
12:35:53.0421 3688        Windows directory: C:\WINDOWS
12:35:53.0421 3688        System windows directory: C:\WINDOWS
12:35:53.0421 3688        Processor architecture: Intel x86
12:35:53.0421 3688        Number of processors: 2
12:35:53.0421 3688        Page size: 0x1000
12:35:53.0421 3688        Boot type: Normal boot
12:35:53.0421 3688        ============================================================
12:35:55.0515 3688        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:35:55.0625 3688        ============================================================
12:35:55.0625 3688        \Device\Harddisk0\DR0:
12:35:55.0625 3688        MBR partitions:
12:35:55.0625 3688        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C41AD8
12:35:55.0640 3688        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9C41B56, BlocksNum 0x84D0D5E
12:35:55.0656 3688        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x121128F3, BlocksNum 0x90230D
12:35:55.0656 3688        ============================================================
12:35:55.0703 3688        D: <-> \Device\Harddisk0\DR0\Partition1
12:35:55.0750 3688        E: <-> \Device\Harddisk0\DR0\Partition2
12:35:55.0781 3688        C: <-> \Device\Harddisk0\DR0\Partition0
12:35:55.0796 3688        ============================================================
12:35:55.0796 3688        Initialize success
12:35:55.0796 3688        ============================================================
12:36:12.0281 3792        ============================================================
12:36:12.0281 3792        Scan started
12:36:12.0281 3792        Mode: Manual; SigCheck; TDLFS;
12:36:12.0281 3792        ============================================================
12:36:12.0734 3792        Abiosdsk - ok
12:36:12.0734 3792        abp480n5 - ok
12:36:12.0781 3792        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:36:13.0062 3792        ACPI - ok
12:36:13.0093 3792        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:36:13.0203 3792        ACPIEC - ok
12:36:13.0218 3792        adpu160m - ok
12:36:13.0250 3792        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:36:13.0375 3792        aec - ok
12:36:13.0421 3792        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:36:13.0468 3792        AFD - ok
12:36:13.0500 3792        agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
12:36:13.0640 3792        agp440 - ok
12:36:13.0656 3792        Aha154x - ok
12:36:13.0656 3792        aic78u2 - ok
12:36:13.0671 3792        aic78xx - ok
12:36:13.0703 3792        Alerter        (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
12:36:13.0843 3792        Alerter - ok
12:36:13.0875 3792        ALG            (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
12:36:13.0937 3792        ALG - ok
12:36:13.0937 3792        AliIde - ok
12:36:13.0953 3792        amsint - ok
12:36:14.0046 3792        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe
12:36:14.0062 3792        AntiVirSchedulerService - ok
12:36:14.0093 3792        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe
12:36:14.0109 3792        AntiVirService - ok
12:36:14.0156 3792        AppMgmt        (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
12:36:14.0218 3792        AppMgmt - ok
12:36:14.0234 3792        asc - ok
12:36:14.0234 3792        asc3350p - ok
12:36:14.0250 3792        asc3550 - ok
12:36:14.0343 3792        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:36:14.0406 3792        aspnet_state - ok
12:36:14.0421 3792        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:36:14.0562 3792        AsyncMac - ok
12:36:14.0593 3792        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:36:14.0718 3792        atapi - ok
12:36:14.0734 3792        Atdisk - ok
12:36:14.0765 3792        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:36:14.0906 3792        Atmarpc - ok
12:36:14.0937 3792        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
12:36:15.0093 3792        AudioSrv - ok
12:36:15.0125 3792        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:36:15.0250 3792        audstub - ok
12:36:15.0265 3792        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
12:36:15.0281 3792        avgntflt - ok
12:36:15.0312 3792        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
12:36:15.0328 3792        avipbb - ok
12:36:15.0343 3792        avkmgr          (53e56450da16a1a7f0d002f511113f67) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
12:36:15.0375 3792        avkmgr - ok
12:36:15.0390 3792        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:36:15.0546 3792        Beep - ok
12:36:15.0593 3792        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
12:36:15.0781 3792        BITS - ok
12:36:15.0859 3792        Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Programme\Bonjour\mDNSResponder.exe
12:36:15.0875 3792        Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
12:36:15.0875 3792        Bonjour Service - detected UnsignedFile.Multi.Generic (1)
12:36:15.0921 3792        Bridge          (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
12:36:16.0000 3792        Bridge - ok
12:36:16.0015 3792        BridgeMP        (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
12:36:16.0078 3792        BridgeMP - ok
12:36:16.0109 3792        Browser        (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
12:36:16.0250 3792        Browser - ok
12:36:16.0296 3792        BrScnUsb        (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
12:36:16.0343 3792        BrScnUsb - ok
12:36:16.0453 3792        Capture Device Service (1778eba872274c1226d869cd9486847e) C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
12:36:16.0468 3792        Capture Device Service - ok
12:36:16.0578 3792        catchme - ok
12:36:16.0609 3792        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:36:16.0750 3792        cbidf2k - ok
12:36:16.0765 3792        cd20xrnt - ok
12:36:16.0781 3792        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:36:16.0921 3792        Cdaudio - ok
12:36:16.0953 3792        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:36:17.0109 3792        Cdfs - ok
12:36:17.0125 3792        Cdrom          (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:36:17.0187 3792        Cdrom - ok
12:36:17.0203 3792        Changer - ok
12:36:17.0234 3792        CiSvc          (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
12:36:17.0375 3792        CiSvc - ok
12:36:17.0390 3792        ClipSrv        (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
12:36:17.0531 3792        ClipSrv - ok
12:36:17.0609 3792        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:36:17.0640 3792        clr_optimization_v2.0.50727_32 - ok
12:36:17.0640 3792        CmdIde - ok
12:36:17.0718 3792        cmuda          (b7d9e7d64c1fd830856807e63356178d) C:\WINDOWS\system32\drivers\cmuda.sys
12:36:17.0828 3792        cmuda - ok
12:36:17.0843 3792        COMSysApp - ok
12:36:17.0843 3792        Cpqarray - ok
12:36:17.0875 3792        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
12:36:18.0031 3792        CryptSvc - ok
12:36:18.0031 3792        dac2w2k - ok
12:36:18.0046 3792        dac960nt - ok
12:36:18.0093 3792        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
12:36:18.0171 3792        DcomLaunch - ok
12:36:18.0218 3792        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
12:36:18.0359 3792        Dhcp - ok
12:36:18.0390 3792        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:36:18.0546 3792        Disk - ok
12:36:18.0546 3792        dmadmin - ok
12:36:18.0640 3792        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
12:36:18.0828 3792        dmboot - ok
12:36:18.0859 3792        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
12:36:19.0015 3792        dmio - ok
12:36:19.0031 3792        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:36:19.0187 3792        dmload - ok
12:36:19.0203 3792        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
12:36:19.0484 3792        dmserver - ok
12:36:19.0515 3792        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:36:19.0640 3792        DMusic - ok
12:36:19.0687 3792        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
12:36:19.0765 3792        Dnscache - ok
12:36:19.0796 3792        Dot3svc        (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
12:36:19.0968 3792        Dot3svc - ok
12:36:19.0968 3792        dpti2o - ok
12:36:19.0984 3792        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:36:20.0140 3792        drmkaud - ok
12:36:20.0156 3792        EapHost        (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
12:36:20.0296 3792        EapHost - ok
12:36:20.0328 3792        ERSvc          (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
12:36:20.0468 3792        ERSvc - ok
12:36:20.0515 3792        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
12:36:20.0531 3792        Eventlog - ok
12:36:20.0578 3792        EventSystem    (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
12:36:20.0625 3792        EventSystem - ok
12:36:20.0656 3792        ewusbnet        (a52794c010c6df5b4bc70c4ab5e04088) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
12:36:20.0671 3792        ewusbnet ( UnsignedFile.Multi.Generic ) - warning
12:36:20.0671 3792        ewusbnet - detected UnsignedFile.Multi.Generic (1)
12:36:20.0718 3792        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:36:20.0859 3792        Fastfat - ok
12:36:20.0906 3792        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:36:20.0937 3792        FastUserSwitchingCompatibility - ok
12:36:20.0953 3792        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:36:21.0093 3792        Fdc - ok
12:36:21.0140 3792        FETNDISB        (cc6b6df3c35c20531492e1b700f700fa) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
12:36:21.0171 3792        FETNDISB - ok
12:36:21.0203 3792        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
12:36:21.0359 3792        Fips - ok
12:36:21.0453 3792        FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:36:21.0546 3792        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
12:36:21.0546 3792        FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
12:36:21.0578 3792        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:36:21.0718 3792        Flpydisk - ok
12:36:21.0750 3792        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:36:21.0890 3792        FltMgr - ok
12:36:21.0984 3792        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:36:22.0015 3792        FontCache3.0.0.0 - ok
12:36:22.0031 3792        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:36:22.0187 3792        Fs_Rec - ok
12:36:22.0203 3792        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:36:22.0328 3792        Ftdisk - ok
12:36:22.0375 3792        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:36:22.0515 3792        Gpc - ok
12:36:22.0546 3792        GT680x          (9d68bbedac2c3744724f6a99cc42d8e1) C:\WINDOWS\system32\Drivers\GT680x.SYS
12:36:22.0562 3792        GT680x ( UnsignedFile.Multi.Generic ) - warning
12:36:22.0562 3792        GT680x - detected UnsignedFile.Multi.Generic (1)
12:36:22.0625 3792        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
12:36:22.0640 3792        gupdate - ok
12:36:22.0656 3792        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
12:36:22.0671 3792        gupdatem - ok
12:36:22.0718 3792        helpsvc        (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:36:22.0859 3792        helpsvc - ok
12:36:22.0890 3792        HidServ        (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
12:36:23.0031 3792        HidServ - ok
12:36:23.0062 3792        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:36:23.0203 3792        HidUsb - ok
12:36:23.0234 3792        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
12:36:23.0375 3792        hkmsvc - ok
12:36:23.0375 3792        hpn - ok
12:36:23.0406 3792        HTCAND32        (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
12:36:23.0453 3792        HTCAND32 - ok
12:36:23.0484 3792        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:36:23.0531 3792        HTTP - ok
12:36:23.0562 3792        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
12:36:23.0703 3792        HTTPFilter - ok
12:36:23.0734 3792        huawei_enumerator (bed3a9f86a637cc6c2c5296cd82423d8) C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
12:36:23.0781 3792        huawei_enumerator - ok
12:36:23.0843 3792        hwdatacard      (1f40368dc40b17de3fa0fbe8a9d82f9e) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
12:36:23.0859 3792        hwdatacard ( UnsignedFile.Multi.Generic ) - warning
12:36:23.0859 3792        hwdatacard - detected UnsignedFile.Multi.Generic (1)
12:36:23.0953 3792        HWDeviceService.exe - ok
12:36:23.0953 3792        i2omgmt - ok
12:36:23.0968 3792        i2omp - ok
12:36:24.0000 3792        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:36:24.0140 3792        i8042prt - ok
12:36:24.0234 3792        idsvc          (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:36:24.0328 3792        idsvc - ok
12:36:24.0328 3792        IIUSBISP - ok
12:36:24.0359 3792        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:36:24.0500 3792        Imapi - ok
12:36:24.0546 3792        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
12:36:24.0687 3792        ImapiService - ok
12:36:24.0687 3792        ini910u - ok
12:36:24.0703 3792        IntelIde - ok
12:36:24.0718 3792        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:36:24.0875 3792        intelppm - ok
12:36:24.0890 3792        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:36:25.0031 3792        Ip6Fw - ok
12:36:25.0062 3792        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:36:25.0218 3792        IpFilterDriver - ok
12:36:25.0250 3792        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:36:25.0390 3792        IpInIp - ok
12:36:25.0406 3792        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:36:25.0546 3792        IpNat - ok
12:36:25.0578 3792        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:36:25.0718 3792        IPSec - ok
12:36:25.0750 3792        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:36:25.0828 3792        IRENUM - ok
12:36:25.0859 3792        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:36:26.0000 3792        isapnp - ok
12:36:26.0109 3792        JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
12:36:26.0125 3792        JavaQuickStarterService - ok
12:36:26.0156 3792        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:36:26.0296 3792        Kbdclass - ok
12:36:26.0343 3792        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:36:26.0484 3792        kbdhid - ok
12:36:26.0531 3792        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:36:26.0656 3792        kmixer - ok
12:36:26.0703 3792        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:36:26.0765 3792        KSecDD - ok
12:36:26.0796 3792        LanmanServer    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
12:36:26.0859 3792        LanmanServer - ok
12:36:26.0906 3792        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
12:36:26.0953 3792        lanmanworkstation - ok
12:36:26.0953 3792        lbrtfdc - ok
12:36:26.0968 3792        LgBttPort - ok
12:36:26.0984 3792        lgbusenum - ok
12:36:27.0000 3792        LGVMODEM - ok
12:36:27.0031 3792        LmHosts        (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
12:36:27.0187 3792        LmHosts - ok
12:36:27.0187 3792        MEMSWEEP2 - ok
12:36:27.0218 3792        Messenger      (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
12:36:27.0375 3792        Messenger - ok
12:36:27.0406 3792        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:36:27.0531 3792        mnmdd - ok
12:36:27.0562 3792        mnmsrvc        (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
12:36:27.0703 3792        mnmsrvc - ok
12:36:27.0796 3792        Mobile Partner. RunOuc (38106c7bd34eae89d2769ac0ba2e846b) C:\Programme\Mobile Partner\UpdateDog\ouc.exe
12:36:27.0828 3792        Mobile Partner. RunOuc ( UnsignedFile.Multi.Generic ) - warning
12:36:27.0828 3792        Mobile Partner. RunOuc - detected UnsignedFile.Multi.Generic (1)
12:36:27.0875 3792        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
12:36:28.0015 3792        Modem - ok
12:36:28.0046 3792        MotDev          (a54abbda4ee2fdae15d4e1ee7ab788a1) C:\WINDOWS\system32\DRIVERS\motodrv.sys
12:36:28.0093 3792        MotDev - ok
12:36:28.0109 3792        motmodem        (37e5a8c7f9a3b38f113b71ec7ce34f92) C:\WINDOWS\system32\DRIVERS\motmodem.sys
12:36:28.0156 3792        motmodem - ok
12:36:28.0187 3792        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:36:28.0312 3792        Mouclass - ok
12:36:28.0359 3792        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:36:28.0500 3792        mouhid - ok
12:36:28.0531 3792        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:36:28.0687 3792        MountMgr - ok
12:36:28.0734 3792        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
12:36:28.0765 3792        MozillaMaintenance - ok
12:36:28.0765 3792        mraid35x - ok
12:36:28.0812 3792        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:36:28.0968 3792        MRxDAV - ok
12:36:29.0031 3792        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:36:29.0093 3792        MRxSmb - ok
12:36:29.0140 3792        MSDTC          (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
12:36:29.0296 3792        MSDTC - ok
12:36:29.0343 3792        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:36:29.0531 3792        Msfs - ok
12:36:29.0546 3792        MSIServer - ok
12:36:29.0578 3792        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:36:29.0718 3792        MSKSSRV - ok
12:36:29.0734 3792        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:36:29.0859 3792        MSPCLOCK - ok
12:36:29.0875 3792        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:36:30.0015 3792        MSPQM - ok
12:36:30.0046 3792        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:36:30.0187 3792        mssmbios - ok
12:36:30.0218 3792        ms_mpu401      (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
12:36:30.0359 3792        ms_mpu401 - ok
12:36:30.0390 3792        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:36:30.0421 3792        Mup - ok
12:36:30.0468 3792        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
12:36:30.0625 3792        napagent - ok
12:36:30.0671 3792        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:36:30.0796 3792        NDIS - ok
12:36:30.0843 3792        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:36:30.0875 3792        NdisTapi - ok
12:36:30.0906 3792        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:36:31.0046 3792        Ndisuio - ok
12:36:31.0062 3792        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:36:31.0187 3792        NdisWan - ok
12:36:31.0218 3792        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:36:31.0250 3792        NDProxy - ok
12:36:31.0281 3792        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:36:31.0421 3792        NetBIOS - ok
12:36:31.0453 3792        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:36:31.0578 3792        NetBT - ok
12:36:31.0609 3792        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
12:36:31.0750 3792        NetDDE - ok
12:36:31.0765 3792        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
12:36:31.0890 3792        NetDDEdsdm - ok
12:36:31.0921 3792        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:36:32.0046 3792        Netlogon - ok
12:36:32.0093 3792        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
12:36:32.0218 3792        Netman - ok
12:36:32.0343 3792        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:36:32.0359 3792        NetTcpPortSharing - ok
12:36:32.0421 3792        Nla            (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
12:36:32.0453 3792        Nla - ok
12:36:32.0578 3792        NMIndexingService (cb992ae1506985d9167e85883b4c3240) C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
12:36:32.0609 3792        NMIndexingService - ok
12:36:32.0671 3792        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:36:32.0812 3792        Npfs - ok
12:36:32.0859 3792        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:36:33.0031 3792        Ntfs - ok
12:36:33.0062 3792        NtLmSsp        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:36:33.0203 3792        NtLmSsp - ok
12:36:33.0250 3792        NtmsSvc        (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
12:36:33.0437 3792        NtmsSvc - ok
12:36:33.0468 3792        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:36:33.0609 3792        Null - ok
12:36:33.0812 3792        nv              (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:36:34.0078 3792        nv - ok
12:36:34.0171 3792        NVSvc          (0febe37db6650faa5965c00545009d1d) C:\WINDOWS\system32\nvsvc32.exe
12:36:34.0203 3792        NVSvc - ok
12:36:34.0250 3792        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:36:34.0421 3792        NwlnkFlt - ok
12:36:34.0421 3792        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:36:34.0562 3792        NwlnkFwd - ok
12:36:34.0718 3792        odserv          (84de1dd996b48b05ace31ad015fa108a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
12:36:34.0750 3792        odserv - ok
12:36:34.0812 3792        ose            (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
12:36:34.0843 3792        ose - ok
12:36:34.0875 3792        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
12:36:35.0000 3792        Parport - ok
12:36:35.0015 3792        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:36:35.0156 3792        PartMgr - ok
12:36:35.0187 3792        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
12:36:35.0328 3792        ParVdm - ok
12:36:35.0359 3792        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
12:36:35.0500 3792        PCI - ok
12:36:35.0500 3792        PCIDump - ok
12:36:35.0531 3792        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:36:35.0671 3792        PCIIde - ok
12:36:35.0703 3792        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:36:35.0859 3792        Pcmcia - ok
12:36:35.0875 3792        PDCOMP - ok
12:36:35.0875 3792        PDFRAME - ok
12:36:35.0890 3792        PDRELI - ok
12:36:35.0890 3792        PDRFRAME - ok
12:36:35.0906 3792        perc2 - ok
12:36:35.0906 3792        perc2hib - ok
12:36:35.0953 3792        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
12:36:35.0984 3792        PlugPlay - ok
12:36:36.0015 3792        PolicyAgent    (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:36:36.0140 3792        PolicyAgent - ok
12:36:36.0171 3792        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:36:36.0312 3792        PptpMiniport - ok
12:36:36.0359 3792        PRISM_A00      (621848f689066206d710c468ef145cde) C:\WINDOWS\system32\DRIVERS\PRISMA00.sys
12:36:36.0421 3792        PRISM_A00 - ok
12:36:36.0421 3792        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:36:36.0546 3792        ProtectedStorage - ok
12:36:36.0578 3792        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:36:36.0718 3792        PSched - ok
12:36:36.0750 3792        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:36:36.0875 3792        Ptilink - ok
12:36:36.0921 3792        PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:36:36.0937 3792        PxHelp20 - ok
12:36:36.0937 3792        ql1080 - ok
12:36:36.0937 3792        Ql10wnt - ok
12:36:36.0953 3792        ql12160 - ok
12:36:36.0953 3792        ql1240 - ok
12:36:36.0968 3792        ql1280 - ok
12:36:37.0000 3792        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:36:37.0140 3792        RasAcd - ok
12:36:37.0171 3792        RasAuto        (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
12:36:37.0296 3792        RasAuto - ok
12:36:37.0328 3792        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:36:37.0453 3792        Rasl2tp - ok
12:36:37.0484 3792        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
12:36:37.0625 3792        RasMan - ok
12:36:37.0640 3792        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:36:37.0781 3792        RasPppoe - ok
12:36:37.0812 3792        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:36:37.0937 3792        Raspti - ok
12:36:37.0968 3792        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:36:38.0109 3792        Rdbss - ok
12:36:38.0140 3792        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:36:38.0265 3792        RDPCDD - ok
12:36:38.0312 3792        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:36:38.0453 3792        rdpdr - ok
12:36:38.0500 3792        RDPWD          (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
12:36:38.0546 3792        RDPWD - ok
12:36:38.0593 3792        RDSessMgr      (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
12:36:38.0781 3792        RDSessMgr - ok
12:36:38.0812 3792        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:36:38.0937 3792        redbook - ok
12:36:38.0968 3792        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
12:36:39.0093 3792        RemoteAccess - ok
12:36:39.0125 3792        RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
12:36:39.0250 3792        RemoteRegistry - ok
12:36:39.0500 3792        RichVideo      (06a49b7bdc36cfbf97dd90804f833369) C:\Programme\CyberLink\Shared files\RichVideo.exe
12:36:39.0531 3792        RichVideo - ok
12:36:39.0562 3792        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
12:36:39.0703 3792        RpcLocator - ok
12:36:39.0750 3792        RpcSs          (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll
12:36:39.0796 3792        RpcSs - ok
12:36:39.0843 3792        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
12:36:39.0984 3792        RSVP - ok
12:36:40.0031 3792        SampleScanner  (9d68bbedac2c3744724f6a99cc42d8e1) C:\WINDOWS\system32\DRIVERS\GT680x.sys
12:36:40.0031 3792        SampleScanner ( UnsignedFile.Multi.Generic ) - warning
12:36:40.0031 3792        SampleScanner - detected UnsignedFile.Multi.Generic (1)
12:36:40.0062 3792        SamSs          (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:36:40.0187 3792        SamSs - ok
12:36:40.0234 3792        SbieDrv        (d5223bb45782b35407148a47255497c7) C:\Programme\Sandboxie\SbieDrv.sys
12:36:40.0250 3792        SbieDrv ( UnsignedFile.Multi.Generic ) - warning
12:36:40.0250 3792        SbieDrv - detected UnsignedFile.Multi.Generic (1)
12:36:40.0265 3792        SbieSvc        (de88a8d417bb530003d84fce6774c0f6) C:\Programme\Sandboxie\SbieSvc.exe
12:36:40.0265 3792        SbieSvc ( UnsignedFile.Multi.Generic ) - warning
12:36:40.0265 3792        SbieSvc - detected UnsignedFile.Multi.Generic (1)
12:36:40.0296 3792        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
12:36:40.0437 3792        SCardSvr - ok
12:36:40.0484 3792        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
12:36:40.0640 3792        Schedule - ok
12:36:40.0671 3792        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:36:40.0734 3792        Secdrv - ok
12:36:40.0750 3792        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
12:36:40.0890 3792        seclogon - ok
12:36:40.0906 3792        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
12:36:41.0046 3792        SENS - ok
12:36:41.0062 3792        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:36:41.0187 3792        serenum - ok
12:36:41.0203 3792        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
12:36:41.0312 3792        Serial - ok
12:36:41.0343 3792        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:36:41.0468 3792        Sfloppy - ok
12:36:41.0531 3792        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
12:36:41.0671 3792        SharedAccess - ok
12:36:41.0718 3792        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:36:41.0734 3792        ShellHWDetection - ok
12:36:41.0750 3792        Simbad - ok
12:36:41.0750 3792        Sparrow - ok
12:36:41.0781 3792        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:36:41.0906 3792        splitter - ok
12:36:41.0953 3792        Spooler        (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:36:42.0000 3792        Spooler - ok
12:36:42.0062 3792        sptd            (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
12:36:42.0062 3792        Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
12:36:42.0062 3792        sptd ( LockedFile.Multi.Generic ) - warning
12:36:42.0062 3792        sptd - detected LockedFile.Multi.Generic (1)
12:36:42.0093 3792        Sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
12:36:42.0156 3792        Sr - ok
12:36:42.0187 3792        srservice      (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
12:36:42.0250 3792        srservice - ok
12:36:42.0296 3792        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:36:42.0359 3792        Srv - ok
12:36:42.0406 3792        SSDPSRV        (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
12:36:42.0468 3792        SSDPSRV - ok
12:36:42.0500 3792        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
12:36:42.0515 3792        ssmdrv - ok
12:36:42.0562 3792        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
12:36:42.0703 3792        stisvc - ok
12:36:42.0718 3792        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:36:42.0859 3792        swenum - ok
12:36:42.0890 3792        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:36:43.0015 3792        swmidi - ok
12:36:43.0031 3792        SwPrv - ok
12:36:43.0031 3792        symc810 - ok
12:36:43.0046 3792        symc8xx - ok
12:36:43.0046 3792        sym_hi - ok
12:36:43.0062 3792        sym_u3 - ok
12:36:43.0078 3792        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:36:43.0203 3792        sysaudio - ok
12:36:43.0250 3792        SysmonLog      (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
12:36:43.0375 3792        SysmonLog - ok
12:36:43.0421 3792        TapiSrv        (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
12:36:43.0562 3792        TapiSrv - ok
12:36:43.0609 3792        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:36:43.0687 3792        Tcpip - ok
12:36:43.0718 3792        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:36:43.0828 3792        TDPIPE - ok
12:36:43.0859 3792        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:36:43.0984 3792        TDTCP - ok
12:36:44.0015 3792        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:36:44.0140 3792        TermDD - ok
12:36:44.0218 3792        TermService    (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
12:36:44.0390 3792        TermService - ok
12:36:44.0437 3792        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:36:44.0453 3792        Themes - ok
12:36:44.0484 3792        TlntSvr        (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
12:36:44.0562 3792        TlntSvr - ok
12:36:44.0562 3792        TosIde - ok
12:36:44.0578 3792        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
12:36:44.0718 3792        TrkWks - ok
12:36:44.0750 3792        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:36:44.0890 3792        Udfs - ok
12:36:44.0906 3792        ultra - ok
12:36:44.0953 3792        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:36:45.0125 3792        Update - ok
12:36:45.0171 3792        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
12:36:45.0234 3792        upnphost - ok
12:36:45.0265 3792        UPS            (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
12:36:45.0390 3792        UPS - ok
12:36:45.0406 3792        usbbus - ok
12:36:45.0421 3792        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:36:45.0562 3792        usbccgp - ok
12:36:45.0562 3792        UsbDiag - ok
12:36:45.0609 3792        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:36:45.0750 3792        usbehci - ok
12:36:45.0781 3792        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:36:45.0906 3792        usbhub - ok
12:36:45.0921 3792        USBModem - ok
12:36:45.0953 3792        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:36:46.0109 3792        usbprint - ok
12:36:46.0125 3792        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:36:46.0250 3792        usbscan - ok
12:36:46.0265 3792        usbser - ok
12:36:46.0296 3792        usbstor        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:36:46.0437 3792        usbstor - ok
12:36:46.0453 3792        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:36:46.0578 3792        usbuhci - ok
12:36:46.0609 3792        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:36:46.0734 3792        VgaSave - ok
12:36:46.0750 3792        ViaIde - ok
12:36:46.0765 3792        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
12:36:46.0890 3792        VolSnap - ok
12:36:46.0921 3792        VSS            (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
12:36:47.0000 3792        VSS - ok
12:36:47.0046 3792        W32Time        (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
12:36:47.0187 3792        W32Time - ok
12:36:47.0203 3792        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:36:47.0328 3792        Wanarp - ok
12:36:47.0390 3792        Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
12:36:47.0437 3792        Wdf01000 - ok
12:36:47.0437 3792        WDICA - ok
12:36:47.0468 3792        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:36:47.0609 3792        wdmaud - ok
12:36:47.0640 3792        WebClient      (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
12:36:47.0781 3792        WebClient - ok
12:36:47.0843 3792        winmgmt        (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:36:47.0984 3792        winmgmt - ok
12:36:48.0015 3792        WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
12:36:48.0062 3792        WmdmPmSN - ok
12:36:48.0140 3792        Wmi            (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
12:36:48.0218 3792        Wmi - ok
12:36:48.0250 3792        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:36:48.0390 3792        WmiApSrv - ok
12:36:48.0437 3792        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:36:48.0468 3792        WpdUsb - ok
12:36:48.0484 3792        WS2IFSL        (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:36:48.0625 3792        WS2IFSL - ok
12:36:48.0671 3792        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
12:36:48.0796 3792        wscsvc - ok
12:36:48.0828 3792        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
12:36:48.0953 3792        wuauserv - ok
12:36:49.0000 3792        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:36:49.0046 3792        WudfPf - ok
12:36:49.0078 3792        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:36:49.0109 3792        WudfRd - ok
12:36:49.0125 3792        WudfSvc        (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:36:49.0156 3792        WudfSvc - ok
12:36:49.0218 3792        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
12:36:49.0546 3792        WZCSVC - ok
12:36:49.0562 3792        xmlprov        (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
12:36:49.0718 3792        xmlprov - ok
12:36:49.0781 3792        {95808DC4-FA4A-4C74-92FE-5B863F82066B} (560bf4bd85bf11608ee85d6cf87c02da) C:\Programme\CyberLink\PowerDVD\000.fcl
12:36:49.0796 3792        {95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok
12:36:49.0828 3792        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
12:36:50.0390 3792        \Device\Harddisk0\DR0 - ok
12:36:50.0406 3792        Boot (0x1200)  (6332e952af096fef9038bd2f7c3e89b0) \Device\Harddisk0\DR0\Partition0
12:36:50.0421 3792        \Device\Harddisk0\DR0\Partition0 - ok
12:36:50.0437 3792        Boot (0x1200)  (b341a24cea3da209bd255639801f1507) \Device\Harddisk0\DR0\Partition1
12:36:50.0437 3792        \Device\Harddisk0\DR0\Partition1 - ok
12:36:50.0468 3792        Boot (0x1200)  (ce1e35c942b14ac498d758d569358bec) \Device\Harddisk0\DR0\Partition2
12:36:50.0468 3792        \Device\Harddisk0\DR0\Partition2 - ok
12:36:50.0468 3792        ============================================================
12:36:50.0468 3792        Scan finished
12:36:50.0468 3792        ============================================================
12:36:50.0578 3744        Detected object count: 10
12:36:50.0578 3744        Actual detected object count: 10
12:38:30.0406 3744        Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:30.0406 3744        Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:38:30.0406 3744        ewusbnet ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:30.0406 3744        ewusbnet ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:38:30.0406 3744        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:30.0406 3744        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:38:30.0421 3744        GT680x ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:30.0421 3744        GT680x ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:38:30.0421 3744        hwdatacard ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:30.0421 3744        hwdatacard ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:38:30.0421 3744        Mobile Partner. RunOuc ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:30.0421 3744        Mobile Partner. RunOuc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:38:30.0421 3744        SampleScanner ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:30.0421 3744        SampleScanner ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:38:30.0421 3744        SbieDrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:30.0421 3744        SbieDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:38:30.0421 3744        SbieSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:30.0421 3744        SbieSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:38:30.0421 3744        sptd ( LockedFile.Multi.Generic ) - skipped by user
12:38:30.0437 3744        sptd ( LockedFile.Multi.Generic ) - User select action: Skip

markusg 30.07.2012 21:39
ja, siehts tatsächlich.
lade den CCleaner standard:
CCleaner Download - CCleaner 3.21.1767
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

che 31.07.2012 13:37
Code:
Adobe Flash Player                                      notwendig
Adobe Flash Player 11 Plugin                                unebkannt
Adobe Reader X (10.1.3) - Deutsch                        notwendig       
Adobe Shockwave Player                                        notwendig
Allgemeine Runtime Dateien                                unbekannt
Avira Free Antivirus                                        notwendig       
Avira NTFS4DOS 1.9                                        unbekannt
C-Media 3D Audio                                        notwendig
CCleaner                                                unnötig
CoreAVC Professional Edition (remove only)                notwendig
DirectX 9.0c Zusatzdateien                                unbekannt
DivX Codec                                                notwendig
DivX Player                                                unnötig
DivX Plus DirectShow Filters                                unbekannt
DivX Web Player                                                notwendig
EVEREST Ultimate Edition v5.00                                notwendig
Flachbettscanner                                        unnötig
Foxit Reader 5.1                                        notwendig
Free YouTube to MP3 Converter version 3.11.18.403        notwendig
Google Earth                                                notwendig
Haali Media Splitter                                        notwendig
HD Tune 2.55                                                notwendig
HijackThis 2.0.2                                        unnötig
HTC Driver Installer                                        unnötig
HTC Sync                                                notwendig
HxD Hex Editor Version 1.7.7.0                                notwendig
ImgBurn                                                        notwendig
InterVideo DeviceService                                unnötig
Java(TM) 7 Update 4                                        notwendig
JavaFX 2.1.0                                                unbekannt
Malwarebytes Anti-Malware Version 1.61.0.1400                notwendig
Medion Flash XL                                                unbekannt
Microsoft .NET Framework 1.1                                                unbekannt                                       
Microsoft .NET Framework 1.1 German Language Pack                              unbekannt
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU                unbekannt
Microsoft .NET Framework 2.0 Service Pack 2                                unbekannt
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU                unbekannt
Microsoft .NET Framework 3.0 Service Pack 2                                unbekannt
Microsoft .NET Framework 3.5 SP1                                        unbekannt
Microsoft Office Enterprise 2007                        notwendig
Microsoft Silverlight                                        unbekannt
Microsoft Tool Web Package:diskpart.exe                        unnötig
Microsoft Visual C++ 2005 Redistributable                                unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219                unbekannt
Mobile Partner                                                notwendig
Mozilla Firefox 14.0.1 (x86 de)                                notwendig
Mozilla Maintenance Service                                unbekannt
MSXML 4.0 SP2 (KB954430)                                unbekannt
MSXML 4.0 SP2 (KB973688)                                unbekannt
NVIDIA Drivers                                                notwendig
Sandboxie 3.40                                                notwendig
Sophos Anti-Rootkit 1.5.0                                unnötig
SUPER © v2012.build.52 (July 7, 2012) Version v2012.build.52                notwendig
Total Commander (Remove or Repair)                        unbekannt
Unlocker 1.8.7                                                ubekannt
XP Codec Pack                                                unnötig       
YTD Video Downloader 3.9                                notwendig

markusg 01.08.2012 20:28
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Avira NTFS4DOS
Flachbettscanner
HijackThis
InterVideo
Microsoft Silverlight
Sophos
Total Commander
Unlocker
XP Codec

öffne ccleaner analysieren starten
öffne otl bereinigen, pc startet neu, testen wie er läuft

che 02.08.2012 20:07
Habe alles erledigt. Der PC arbeitet subjektiv so wie vor der Infizierung. Es gibt keine Probleme mehr.
MBAM startet aber nach jedem Systemstart automatisch, kann man das deaktivieren?

Sind wird jetzt durch oder muss ich noch etwas machen (Combofix deinstallieren, defogger re-enable etc.)

LG

che 07.08.2012 17:21
Kümmert sich da noch jemand drum oder sind wir fertig? Habe schon seit fast einer Woche keine Antwort erhalten trotz Aktivität des Helfers...

markusg 08.08.2012 19:35
hi
ccleaner öffnen, extras, autostart liste und deren inhalt mal posten bitte

che 09.08.2012 14:19
Liste der Anhänge anzeigen (Anzahl: 1)
Habe den MBAM Eintrag entfernt.

markusg 09.08.2012 16:18
ich möchte die liste als text datei. bzw eingefügt als text


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:05 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19