Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Rootkit BOO/TDss.D Bekomme ich nicht mehr weg HELP

Rootkit BOO/TDss.D Bekomme ich nicht mehr weg HELP


Log-Analyse und Auswertung: Rootkit BOO/TDss.D Bekomme ich nicht mehr weg HELP

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 09.08.2011, 19:25   #1
Hauke1234
 
Rootkit BOO/TDss.D Bekomme ich nicht mehr weg HELP - Standard

Rootkit BOO/TDss.D Bekomme ich nicht mehr weg HELP


Hallo Liebes Trojaner Board Team!

Seit kurzem zeigt mein Laptop obskure Fehlermeldungen wie: "Windows konnte alle Daten "fur" die Datei \\System32\\496A8300 nicht speichern.Datei verloren. Diese Fehler kann durch einen Ausfall der Hardware verursacht werden." Wenn ich jetzt was anklick von "Abbrechen" "Wiederholen" oder "Beenden" fährt er sich runter.
Darüber hinaus konnte ich keine Dateien auf meinem pc mehr sehen... Dieses Problem habe ich temporär mit unhide.exe gelöst, welches hier im Forum gefunden habe. Antivir zeigt die ganze Zeit Das Malware gefunden wurde, nämlich das besagte BOO/TDss.D.
Unhide muss ich auch alle 5 Minuten neu starten, damit ich überhaupt was sehen kann. Wenn ich Alt+Strg+Entf Drücke fehlt der Taskmanager Button.
"System Repair" ein Programm was ich nie wissentlich herruntergeladen habe "poped" ab und zu auf und will mein System reparieren... ich habe ausversehen einmal eingewilligt, weil ich dachte es ist eines von den anderen Programmen, die ich ausprobiert habe, um das Problem auf eigene Faust zu lösen.
Mein Laptop ist auch sehr Langsam geworden.

Habe eure vorgeschriebenen Schritte durchgeführt und schicke euch erst einmal den OTL Log:


OTL logfile created on: 09.08.2011 19:13:35 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\HaukeS\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,90 Gb Total Physical Memory | 0,74 Gb Available Physical Memory | 38,73% Memory free
3,80 Gb Paging File | 2,42 Gb Available in Paging File | 63,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,95 Gb Total Space | 88,79 Gb Free Space | 40,00% Space Free | Partition Type: NTFS
Drive Q: | 9,77 Gb Total Space | 2,92 Gb Free Space | 29,94% Space Free | Partition Type: NTFS

Computer Name: HAUKES-THINK | User Name: HaukeS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.08.09 19:09:07 | 000,579,584 | -H-- | M] (OldTimer Tools) -- C:\Users\HaukeS\Desktop\OTL.exe
PRC - [2011.08.09 19:00:00 | 000,414,720 | -H-- | M] () -- C:\ProgramData\P1kAlMiG2Kb7Fz.exe
PRC - [2011.08.09 15:59:29 | 000,458,240 | -H-- | M] () -- C:\ProgramData\QcQriuLdiTSqim.exe
PRC - [2011.07.29 03:09:07 | 004,599,680 | -H-- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011.07.19 02:02:03 | 000,123,264 | -H-- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.06.26 15:21:52 | 000,912,344 | -H-- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.11.26 15:36:32 | 001,762,688 | -H-- | M] () -- C:\Programme\Connect it\BecHelperService.exe
PRC - [2010.11.26 15:34:52 | 000,294,400 | -H-- | M] () -- C:\Programme\Connect it\LoggerServer.exe
PRC - [2010.04.16 20:55:32 | 000,223,584 | -H-- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Toolbar\wltuser.exe
PRC - [2009.11.24 11:24:55 | 000,386,872 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\jucheck.exe
PRC - [2009.11.24 11:24:55 | 000,149,280 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\jusched.exe
PRC - [2009.09.30 16:47:28 | 000,242,976 | -H-- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe
PRC - [2009.09.30 16:47:26 | 000,124,192 | -H-- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2009.09.30 16:14:46 | 000,335,872 | -H-- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2009.09.28 09:27:20 | 000,144,752 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2009.09.25 20:57:38 | 000,245,248 | -H-- | M] () -- C:\Programme\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
PRC - [2009.09.24 23:55:56 | 000,015,872 | -H-- | M] (Lenovo Group Limited) -- c:\Programme\Lenovo\System Update\SUService.exe
PRC - [2009.09.21 16:55:12 | 000,858,384 | -H-- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2009.09.21 16:31:36 | 000,473,360 | -H-- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009.09.01 00:32:20 | 000,098,304 | -H-- | M] () -- C:\Windows\System32\DTS.exe
PRC - [2009.09.01 00:28:04 | 001,692,920 | -H-- | M] (AuthenTec, Inc.) -- C:\Windows\System32\AtService.exe
PRC - [2009.08.26 16:02:26 | 001,021,240 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009.08.20 02:38:30 | 000,062,752 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009.07.15 03:18:02 | 000,062,320 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009.07.14 08:15:36 | 000,128,296 | -H-- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009.07.14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009.07.01 19:03:12 | 002,352,416 | -H-- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTStackServer.exe
PRC - [2009.07.01 19:03:12 | 000,795,936 | -H-- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2009.07.01 19:03:12 | 000,582,944 | -H-- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe
PRC - [2009.05.27 23:09:36 | 000,049,976 | -H-- | M] () -- C:\Programme\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009.03.13 10:32:48 | 000,068,976 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009.02.02 11:04:10 | 000,067,432 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009.01.14 18:53:02 | 000,226,656 | -H-- | M] (Microsoft Corp.) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008.11.24 23:31:12 | 000,087,904 | -H-- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.09.12 17:00:00 | 000,199,680 | -H-- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFAE.EXE
PRC - [2008.01.16 10:51:44 | 000,030,312 | -H-- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.12.17 15:00:00 | 000,143,872 | -H-- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007.01.11 15:02:00 | 000,113,664 | -H-- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2007.01.04 20:48:50 | 000,112,152 | -H-- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006.10.27 01:47:42 | 000,031,016 | -H-- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006.10.26 21:24:54 | 000,098,632 | -H-- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE


========== Modules (SafeList) ==========

MOD - [2011.08.09 19:09:07 | 000,579,584 | -H-- | M] (OldTimer Tools) -- C:\Users\HaukeS\Desktop\OTL.exe
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009.07.01 19:03:26 | 000,226,592 | -H-- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BtMmHook.dll
MOD - [2009.07.01 19:03:24 | 000,132,384 | -H-- | M] () -- C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2008.03.13 11:46:24 | 000,079,224 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\HKVOLKEY.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.07.19 02:02:03 | 000,123,264 | -H-- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010.11.26 15:36:32 | 001,762,688 | -H-- | M] () [Auto | Running] -- C:\Programme\Connect it\BecHelperService.exe -- (BecHelperService)
SRV - [2010.08.06 13:48:47 | 000,654,848 | -H-- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.09.30 16:47:28 | 000,242,976 | -H-- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2009.09.30 16:47:26 | 000,124,192 | -H-- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009.09.24 23:55:56 | 000,015,872 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009.09.21 16:55:12 | 000,858,384 | -H-- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009.09.21 16:31:36 | 000,473,360 | -H-- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009.09.01 00:32:20 | 000,098,304 | -H-- | M] () [Auto | Running] -- C:\Windows\System32\DTS.exe -- (dtsvc)
SRV - [2009.09.01 00:32:16 | 000,106,496 | -H-- | M] () [On_Demand | Stopped] -- C:\Windows\System32\ADMonitor.exe -- (ADMonitor)
SRV - [2009.09.01 00:28:04 | 001,692,920 | -H-- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\System32\AtService.exe -- (ATService)
SRV - [2009.08.26 16:02:26 | 001,021,240 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009.08.23 20:04:00 | 000,075,040 | -H-- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2009.08.04 22:32:42 | 001,124,848 | -H-- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009.07.15 03:18:02 | 000,062,320 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.03 11:47:10 | 000,045,424 | -H-- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009.07.01 19:03:12 | 000,582,944 | -H-- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.04.29 04:21:04 | 000,410,624 | -H-- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008.01.16 10:51:44 | 000,030,312 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.12.17 15:00:00 | 000,143,872 | -H-- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007.01.11 15:02:00 | 000,113,664 | -H-- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2007.01.04 20:48:50 | 000,112,152 | -H-- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011.07.22 18:27:02 | 000,012,880 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.11.26 16:21:56 | 000,072,832 | -H-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.11.26 16:21:52 | 000,208,896 | -H-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010.11.26 16:21:52 | 000,106,880 | -H-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.11.26 16:21:52 | 000,011,136 | -H-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2010.11.26 16:21:50 | 000,102,784 | -H-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009.11.24 11:35:33 | 000,033,088 | -H-- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009.11.20 12:12:52 | 000,020,848 | -H-- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{C4B36920-79E24793-06000000}_0)
DRV - [2009.11.20 12:12:52 | 000,020,848 | -H-- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06000000}_0)
DRV - [2009.09.15 13:40:18 | 006,114,816 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009.09.15 06:30:00 | 000,038,400 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009.09.15 05:36:00 | 000,044,544 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009.09.07 11:00:00 | 000,048,128 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009.09.01 02:44:16 | 000,485,376 | -H-- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009.08.23 20:04:00 | 000,011,552 | -H-- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2009.07.22 07:56:22 | 000,459,264 | -H-- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009.07.14 03:19:10 | 000,175,824 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:12:52 | 000,030,720 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.07.14 00:02:52 | 000,214,016 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel(R)
DRV - [2009.07.14 00:02:51 | 004,231,168 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.02 11:16:22 | 000,038,336 | -H-- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2009.06.29 14:51:04 | 000,117,800 | -H-- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009.06.29 14:51:02 | 000,020,520 | -H-- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009.06.23 05:49:58 | 000,040,832 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009.06.11 10:04:22 | 003,486,208 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009.04.29 04:20:56 | 000,008,704 | -H-- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008.05.12 11:04:04 | 000,013,480 | -H-- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2007.04.17 21:09:28 | 000,011,032 | -H-- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.19 14:22:43 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.04 16:21:29 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.27 18:36:17 | 000,000,000 | -H-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.19 14:22:43 | 000,000,000 | -H-D | M]

[2010.01.05 14:20:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\HaukeS\AppData\Roaming\mozilla\Extensions
[2011.08.08 20:22:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\HaukeS\AppData\Roaming\mozilla\Firefox\Profiles\1f5dimxi.default\extensions
[2010.08.23 13:05:12 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\HaukeS\AppData\Roaming\mozilla\Firefox\Profiles\1f5dimxi.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.01.10 13:05:07 | 000,000,881 | -H-- | M] () -- C:\Users\HaukeS\AppData\Roaming\Mozilla\Firefox\Profiles\1f5dimxi.default\searchplugins\conduit.xml
[2010.01.05 14:20:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.02.19 14:22:43 | 000,000,000 | -H-D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2011.03.16 18:15:01 | 000,001,392 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.16 18:15:01 | 000,002,344 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.16 18:15:01 | 000,006,805 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.16 18:15:01 | 000,001,178 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.16 18:15:01 | 000,001,105 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Programme\Lenovo\Access Connections\AcTBenabler.exe ()
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [Launch Backup Service Once] C:\Program Files\Lenovo\Rescue and Recovery\rrstrigger.exe ()
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LenVolFx] C:\Windows\LenVolEx.exe (Lenovo)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [EPSON S21 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [QcQriuLdiTSqim] C:\ProgramData\QcQriuLdiTSqim.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\HaukeS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\My_AutoWarkey_Script.lnk = C:\Programme\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe ()
O4 - Startup: C:\Users\HaukeS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\HaukeS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warkeys Update.lnk = C:\Programme\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HaukeS\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.06.10 18:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{1c1a95a5-6bf3-11e0-ba19-0026c63983e8}\Shell - "" = AutoRun
O33 - MountPoints2\{1c1a95a5-6bf3-11e0-ba19-0026c63983e8}\Shell\AutoRun\command - "" = D:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{202b0aa5-b76e-11e0-8869-0c607688b5f7}\Shell - "" = AutoRun
O33 - MountPoints2\{202b0aa5-b76e-11e0-8869-0c607688b5f7}\Shell\AutoRun\command - "" = D:\Autorun.exe
O33 - MountPoints2\{202b0abb-b76e-11e0-8869-0c607688b5f7}\Shell - "" = AutoRun
O33 - MountPoints2\{202b0abb-b76e-11e0-8869-0c607688b5f7}\Shell\AutoRun\command - "" = D:\Autorun.exe
O33 - MountPoints2\{55a5e322-d8d8-11de-83d9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55a5e322-d8d8-11de-83d9-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 23:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{65e34b15-b778-11e0-9589-0c607688b5f7}\Shell - "" = AutoRun
O33 - MountPoints2\{65e34b15-b778-11e0-9589-0c607688b5f7}\Shell\AutoRun\command - "" = D:\Autorun.exe
O33 - MountPoints2\{84155ecb-9f3b-11df-99e7-0026c63983e8}\Shell - "" = AutoRun
O33 - MountPoints2\{84155ecb-9f3b-11df-99e7-0026c63983e8}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{da4316f0-f3ee-11df-baf2-ba2d6f2592b6}\Shell - "" = AutoRun
O33 - MountPoints2\{da4316f0-f3ee-11df-baf2-ba2d6f2592b6}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{ea16cf15-b6a1-11e0-b31c-0c607688b5f7}\Shell - "" = AutoRun
O33 - MountPoints2\{ea16cf15-b6a1-11e0-b31c-0c607688b5f7}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{ea16cf24-b6a1-11e0-b31c-0c607688b5f7}\Shell - "" = AutoRun
O33 - MountPoints2\{ea16cf24-b6a1-11e0-b31c-0c607688b5f7}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{ee7aff8b-b899-11e0-9e14-001e101f8ed0}\Shell - "" = AutoRun
O33 - MountPoints2\{ee7aff8b-b899-11e0-9e14-001e101f8ed0}\Shell\AutoRun\command - "" = D:\Autorun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.08.09 19:09:05 | 000,579,584 | -H-- | C] (OldTimer Tools) -- C:\Users\HaukeS\Desktop\OTL.exe
[2011.08.09 19:00:07 | 000,000,000 | -H-D | C] -- C:\Users\HaukeS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair
[2011.08.09 18:45:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.08.09 16:59:37 | 000,000,000 | -H-D | C] -- C:\Users\HaukeS\AppData\Roaming\SUPERAntiSpyware.com
[2011.08.09 16:59:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.08.09 16:59:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\!SASCORE
[2011.08.09 16:59:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.08.09 16:59:18 | 000,000,000 | -H-D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.08.09 16:56:49 | 000,000,000 | -H-D | C] -- C:\Users\HaukeS\AppData\Roaming\Malwarebytes
[2011.08.09 16:55:20 | 000,041,272 | -H-- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.09 16:55:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.09 16:55:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011.08.09 16:55:14 | 000,000,000 | -H-D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.05 16:10:42 | 001,404,208 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Users\HaukeS\Desktop\TDSSKiller.exe
[2011.07.29 16:26:01 | 000,000,000 | -H-D | C] -- C:\Users\HaukeS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warkeys
[2011.07.29 16:26:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warkeys
[2011.07.29 16:25:52 | 000,000,000 | -H-D | C] -- C:\Program Files\Warkeys
[2011.07.29 16:25:28 | 000,000,000 | -H-D | C] -- C:\Users\HaukeS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Garena
[2011.07.29 16:25:21 | 000,000,000 | -H-D | C] -- C:\Program Files\Garena
[2011.07.26 12:12:52 | 000,000,000 | -H-D | C] -- C:\Users\HaukeS\AppData\Roaming\Birdstep Technology
[2011.07.26 12:12:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\Birdstep Technology
[2011.07.26 12:11:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connect it
[2011.07.26 12:11:49 | 000,168,960 | -H-- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juwwanecm.sys
[2011.07.26 12:11:49 | 000,082,816 | -H-- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys
[2011.07.26 12:11:49 | 000,072,832 | -H-- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys
[2011.07.26 12:11:49 | 000,051,712 | -H-- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys
[2011.07.26 12:11:49 | 000,027,008 | -H-- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys
[2011.07.26 12:11:49 | 000,019,456 | -H-- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwupgrade.sys
[2011.07.26 12:11:42 | 000,011,136 | -H-- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys
[2011.07.26 12:11:34 | 000,102,784 | -H-- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys
[2011.07.26 12:11:28 | 000,000,000 | -H-D | C] -- C:\Program Files\Huawei Modems
[2011.07.26 12:11:27 | 000,000,000 | -H-D | C] -- C:\Program Files\Connect it
[2011.07.25 11:40:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
[2011.07.25 11:40:38 | 000,860,928 | -H-- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys
[2011.07.25 11:40:38 | 000,208,896 | -H-- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2011.07.25 11:40:38 | 000,106,880 | -H-- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2011.07.25 11:40:38 | 000,027,136 | -H-- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2011.07.25 11:40:19 | 000,000,000 | -H-D | C] -- C:\Program Files\Mobile Partner
[2009.11.24 19:56:34 | 000,232,448 | -H-- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009.11.24 19:56:34 | 000,196,608 | -H-- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2011.08.09 19:09:07 | 000,579,584 | -H-- | M] (OldTimer Tools) -- C:\Users\HaukeS\Desktop\OTL.exe
[2011.08.09 19:03:18 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.09 19:03:18 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.09 19:02:20 | 000,000,392 | -H-- | M] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
[2011.08.09 19:00:11 | 000,000,232 | -H-- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
[2011.08.09 19:00:11 | 000,000,168 | -H-- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011.08.09 19:00:06 | 000,718,958 | -H-- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.09 19:00:06 | 000,661,084 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.09 19:00:06 | 000,155,486 | -H-- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.09 19:00:06 | 000,126,024 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.09 19:00:00 | 000,414,720 | -H-- | M] () -- C:\ProgramData\P1kAlMiG2Kb7Fz.exe
[2011.08.09 18:54:22 | 000,001,024 | -H-- | M] () -- C:\Users\HaukeS\.rnd
[2011.08.09 18:54:22 | 000,001,024 | -H-- | M] () -- C:\.rnd
[2011.08.09 18:53:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.09 18:53:24 | 1528,832,000 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.09 18:48:17 | 000,050,477 | -H-- | M] () -- C:\Users\HaukeS\Desktop\Defogger.exe
[2011.08.09 18:40:22 | 000,000,000 | -H-- | M] () -- C:\Users\HaukeS\defogger_reenable
[2011.08.09 18:13:40 | 000,684,297 | -H-- | M] () -- C:\Users\HaukeS\Desktop\unhide.exe
[2011.08.09 16:59:21 | 000,001,972 | -H-- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.08.09 16:55:20 | 000,001,078 | -H-- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.09 15:59:29 | 000,458,240 | -H-- | M] () -- C:\ProgramData\QcQriuLdiTSqim.exe
[2011.08.05 16:10:42 | 001,404,208 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Users\HaukeS\Desktop\TDSSKiller.exe
[2011.08.04 20:02:28 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011.08.04 17:43:13 | 000,051,222 | -H-- | M] () -- C:\Users\HaukeS\AppData\Roaming\room_v3.dat
[2011.07.29 17:23:53 | 000,001,417 | -H-- | M] () -- C:\Users\HaukeS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\My_AutoWarkey_Script.lnk
[2011.07.29 16:26:01 | 000,002,241 | -H-- | M] () -- C:\Users\HaukeS\Desktop\AutoWarkey.lnk
[2011.07.29 16:26:01 | 000,002,237 | -H-- | M] () -- C:\Users\HaukeS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warkeys Update.lnk
[2011.07.29 16:26:01 | 000,002,163 | -H-- | M] () -- C:\Users\HaukeS\Desktop\Warkeys.lnk
[2011.07.29 16:25:29 | 000,000,948 | -H-- | M] () -- C:\Users\HaukeS\Desktop\Garena.lnk
[2011.07.26 12:11:55 | 000,001,835 | -H-- | M] () -- C:\Users\Public\Desktop\Connect it.lnk
[2011.07.26 12:11:55 | 000,000,748 | -H-- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk
[2011.07.26 12:11:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01009.Wdf
[2011.07.26 12:11:29 | 000,067,156 | -H-- | M] () -- C:\Windows\Huawei ModemsUninstall.exe
[2011.07.25 11:40:47 | 000,001,048 | -H-- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2011.07.18 14:00:00 | 000,000,528 | -H-- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011.07.16 13:08:30 | 000,031,720 | -H-- | M] () -- C:\SISTodo
[2011.07.16 13:08:30 | 000,000,312 | -H-- | M] () -- C:\SISHashTodo

========== Files Created - No Company Name ==========

[2011.08.09 19:00:11 | 000,000,232 | -H-- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
[2011.08.09 19:00:11 | 000,000,168 | -H-- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011.08.09 19:00:04 | 000,000,392 | -H-- | C] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
[2011.08.09 19:00:00 | 000,414,720 | -H-- | C] () -- C:\ProgramData\P1kAlMiG2Kb7Fz.exe
[2011.08.09 18:54:22 | 000,001,024 | -H-- | C] () -- C:\.rnd
[2011.08.09 18:48:18 | 000,050,477 | -H-- | C] () -- C:\Users\HaukeS\Desktop\Defogger.exe
[2011.08.09 18:45:23 | 000,002,023 | -H-- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.08.09 18:40:22 | 000,000,000 | -H-- | C] () -- C:\Users\HaukeS\defogger_reenable
[2011.08.09 18:15:21 | 000,001,972 | -H-- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.08.09 18:15:21 | 000,001,896 | -H-- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.08.09 18:15:21 | 000,001,835 | -H-- | C] () -- C:\Users\Public\Desktop\Connect it.lnk
[2011.08.09 18:15:21 | 000,001,078 | -H-- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.09 18:15:21 | 000,001,048 | -H-- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2011.08.09 18:15:13 | 000,002,080 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011.08.09 18:15:13 | 000,001,918 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2011.08.09 18:15:13 | 000,000,890 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2011.08.09 18:15:13 | 000,000,748 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk
[2011.08.09 18:15:11 | 000,002,476 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools.lnk
[2011.08.09 18:15:11 | 000,002,441 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.08.09 18:15:11 | 000,001,515 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011.08.09 18:15:11 | 000,001,352 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011.08.09 18:15:11 | 000,001,345 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011.08.09 18:15:11 | 000,001,330 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011.08.09 18:15:11 | 000,001,326 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011.08.09 18:15:11 | 000,001,246 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011.08.09 18:15:11 | 000,001,210 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011.08.09 18:13:36 | 000,684,297 | -H-- | C] () -- C:\Users\HaukeS\Desktop\unhide.exe
[2011.08.09 15:59:36 | 000,458,240 | -H-- | C] () -- C:\ProgramData\QcQriuLdiTSqim.exe
[2011.08.09 07:59:53 | 000,001,024 | -H-- | C] () -- C:\Users\HaukeS\.rnd
[2011.07.29 17:39:14 | 000,051,222 | -H-- | C] () -- C:\Users\HaukeS\AppData\Roaming\room_v3.dat
[2011.07.29 17:23:53 | 000,001,417 | -H-- | C] () -- C:\Users\HaukeS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\My_AutoWarkey_Script.lnk
[2011.07.29 16:26:01 | 000,002,241 | -H-- | C] () -- C:\Users\HaukeS\Desktop\AutoWarkey.lnk
[2011.07.29 16:26:01 | 000,002,237 | -H-- | C] () -- C:\Users\HaukeS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warkeys Update.lnk
[2011.07.29 16:26:01 | 000,002,163 | -H-- | C] () -- C:\Users\HaukeS\Desktop\Warkeys.lnk
[2011.07.29 16:25:29 | 000,000,948 | -H-- | C] () -- C:\Users\HaukeS\Desktop\Garena.lnk
[2011.07.26 12:11:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01009.Wdf
[2011.07.26 12:11:28 | 000,067,156 | -H-- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2011.07.16 12:35:20 | 000,031,720 | -H-- | C] () -- C:\SISTodo
[2011.07.16 12:35:20 | 000,000,312 | -H-- | C] () -- C:\SISHashTodo
[2011.06.09 05:15:02 | 000,709,992 | -H-- | C] () -- C:\Windows\System32\kindling.dll
[2011.02.19 14:19:20 | 000,180,769 | -H-- | C] () -- C:\Windows\hpoins27.dat
[2011.02.19 14:19:20 | 000,000,442 | -H-- | C] () -- C:\Windows\hpomdl27.dat
[2010.11.06 12:37:24 | 000,000,848 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010.08.06 13:55:20 | 002,463,976 | -H-- | C] () -- C:\Windows\System32\NPSWF32.dll
[2010.01.05 14:20:38 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2009.11.24 20:01:39 | 000,718,958 | -H-- | C] () -- C:\Windows\System32\perfh007.dat
[2009.11.24 20:01:39 | 000,295,922 | -H-- | C] () -- C:\Windows\System32\perfi007.dat
[2009.11.24 20:01:39 | 000,155,486 | -H-- | C] () -- C:\Windows\System32\perfc007.dat
[2009.11.24 20:01:39 | 000,038,104 | -H-- | C] () -- C:\Windows\System32\perfd007.dat
[2009.11.24 19:56:34 | 003,486,208 | -H-- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009.11.24 19:56:34 | 000,028,544 | -H-- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009.11.24 19:56:34 | 000,015,497 | -H-- | C] () -- C:\Windows\snp2uvc.ini
[2009.11.24 11:16:08 | 000,982,220 | -H-- | C] () -- C:\Windows\System32\igkrng500.bin
[2009.11.24 11:16:08 | 000,134,592 | -H-- | C] () -- C:\Windows\System32\igfcg500.bin
[2009.11.24 11:16:08 | 000,092,216 | -H-- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009.11.24 11:16:07 | 000,439,300 | -H-- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009.09.01 00:32:20 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\DTS.exe
[2009.09.01 00:32:16 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\ADMonitor.exe
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 001,804,088 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,661,084 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,126,024 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011.07.26 12:12:52 | 000,000,000 | -H-D | M] -- C:\Users\HaukeS\AppData\Roaming\Birdstep Technology
[2010.08.23 13:05:12 | 000,000,000 | -H-D | M] -- C:\Users\HaukeS\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.05.29 20:41:44 | 000,000,000 | -H-D | M] -- C:\Users\HaukeS\AppData\Roaming\InterVideo
[2010.01.04 09:42:49 | 000,000,000 | -H-D | M] -- C:\Users\HaukeS\AppData\Roaming\Lenovo
[2011.07.18 14:00:00 | 000,000,528 | -H-- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011.08.02 14:56:27 | 000,032,640 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.08.04 20:02:28 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2010.01.04 15:40:24 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.11.24 11:32:01 | 000,000,000 | -H-D | M] -- C:\AuthLog
[2009.07.21 08:20:37 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.06.28 07:48:59 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.01.04 09:31:19 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.06.11 18:25:49 | 000,000,000 | -H-D | M] -- C:\DVDVideoSoft
[2011.07.16 12:33:28 | 000,000,000 | -H-D | M] -- C:\FavoriteVideo
[2009.11.24 11:13:28 | 000,000,000 | -H-D | M] -- C:\Intel
[2009.11.24 19:45:54 | 000,000,000 | -H-D | M] -- C:\mfg
[2010.02.22 20:53:36 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:37:05 | 000,000,000 | -H-D | M] -- C:\PerfLogs
[2011.08.09 16:59:18 | 000,000,000 | RH-D | M] -- C:\Program Files
[2011.08.09 19:00:11 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.01.04 09:31:19 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.05.26 13:50:56 | 000,000,000 | -H-D | M] -- C:\Programs
[2010.01.04 09:34:04 | 000,000,000 | RHSD | M] -- C:\RRbackups
[2011.07.16 11:30:31 | 000,000,000 | -H-D | M] -- C:\swshare
[2010.01.04 15:38:14 | 000,000,000 | -H-D | M] -- C:\SWTOOLS
[2011.08.09 19:14:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.01.04 09:31:43 | 000,000,000 | RH-D | M] -- C:\Users
[2011.07.26 12:11:28 | 000,000,000 | -H-D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >


< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe

< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WININIT.EXE >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Die restlich Logs sind im Anhang. Hoffe ich hab nichts vergessen.

Schon im Vorraus ein herzliches ich freue mich auf eine Antwort.

Grüße Hauke

 

Themen zu Rootkit BOO/TDss.D Bekomme ich nicht mehr weg HELP
5 minuten, antivir, bho, bonjour, boo/tdss.d, c:\windows\system32\rundll32.exe, converter, disabletaskmgr, excel.exe, firefox, help, kaspersky, keine dateien, langsam, lenovo, logfile, malware, malware gefunden, mozilla, mp3, plug-in, problem, programm, registry, rootkit, scan, security, sehr langsam, software, start menu, starten, system, taskmanager, temporär, trojaner, trojaner board, version=1.0, webcheck, windows


« Piepston, als ob AntiVir Virus erkannt hätte | Fremde Facebook anmeldung »


Ähnliche Themen: Rootkit BOO/TDss.D Bekomme ich nicht mehr weg HELP


  1. Rootkit, Bootkit, Rootkit.win32.tdss.ld4 - ich weiss nicht weiter..
    Log-Analyse und Auswertung - 18.03.2013 (1)
  2. Bekomme das Rootkit.0access nicht mehr weg
    Log-Analyse und Auswertung - 03.08.2012 (2)
  3. Rootkit.0Access bekomme ich nicht weg
    Log-Analyse und Auswertung - 16.07.2012 (9)
  4. rootkit tdss.d lässt sich nicht entfernen
    Log-Analyse und Auswertung - 27.10.2011 (60)
  5. TDSS.M Auf C:\ bekomme den Virus nicht entfernt.
    Plagegeister aller Art und deren Bekämpfung - 01.09.2011 (1)
  6. TDss.M im Bootsektor gelöscht, Pc fährt nicht mehr hoch
    Plagegeister aller Art und deren Bekämpfung - 10.07.2011 (1)
  7. Starforce? Rootkit Rootkit.TDSS! Bluescreens und Mbr laufend beschädigt!
    Plagegeister aller Art und deren Bekämpfung - 02.03.2011 (9)
  8. rootkit.win32.tdss.d lässt sich nicht löschen oder desinfizieren!
    Plagegeister aller Art und deren Bekämpfung - 21.08.2010 (43)
  9. HILFE! Rootkit.win32.tdss.d kann nicht gelöscht werden und friert alles ein!
    Plagegeister aller Art und deren Bekämpfung - 01.06.2010 (1)
  10. Virus: Win32:Rootkit-gen [Rtk] (Engine B) bekomme es nicht weg
    Plagegeister aller Art und deren Bekämpfung - 14.05.2010 (3)
  11. Rootkit.Win32.TDSS.d lässt sich nicht entfernen!
    Plagegeister aller Art und deren Bekämpfung - 12.05.2010 (15)
  12. Nach Rootkit-Entfernung (TDSS) aus atapi.sys startet der Rechner nicht (Bluescreen)
    Plagegeister aller Art und deren Bekämpfung - 10.05.2010 (17)
  13. Rootkit.Win32.TDSS.d - Komme nicht mehr weiter
    Plagegeister aller Art und deren Bekämpfung - 24.04.2010 (1)
  14. Rootkit.Win32.TDSS.d läßt sich mit TDSSKiller.exe nicht löschen !
    Plagegeister aller Art und deren Bekämpfung - 12.04.2010 (5)
  15. Rootkit.TDSS werde ich nicht los!
    Plagegeister aller Art und deren Bekämpfung - 06.09.2009 (43)
  16. TR/Rootkit.Gen bekomme ich nicht weg
    Plagegeister aller Art und deren Bekämpfung - 19.02.2009 (7)
  17. Rootkit RKIT/TDss.G.22 Backdoorprogramm BDS/TDSS.adb und Trojaner TR/Proxy.GHY
    Log-Analyse und Auswertung - 21.12.2008 (28)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Rootkit BOO/TDss.D Bekomme ich nicht mehr weg HELP - Hallo Liebes Trojaner Board Team! Seit kurzem zeigt mein Laptop obskure Fehlermeldungen wie: "Windows konnte alle Daten "fur" die Datei \\System32\\496A8300 nicht speichern.Datei verloren. Diese Fehler kann durch einen Ausfall - Rootkit BOO/TDss.D Bekomme ich nicht mehr weg HELP...
Archiv
Du betrachtest: Rootkit BOO/TDss.D Bekomme ich nicht mehr weg HELP auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131