Bundespolizei Trojaner. Öffnet sich beim Start des Systems.

subh · 10.11.2011, 18:37

Hallo zusammen,

ich sitze hier grad an einem Notebook von einem Bekannten. Der soll den Bundespolizei Trojaner (Aufforderung Geld zu überweisen, sonst wird der Computer nicht entsperrt; Bundespolizei Schriftzug) drauf haben und immer beim Starten des Systems auftauchen.
Wenn ich das Notebook starte passiert aber nichts (habe keine aktive Internetverbindung)...

Ich habe jetzt die 3 Logs erstellt, die Ihr für die Analyse braucht (32Bit System).

Vielleicht könnt Ihr mir ja helfen.
Und wenn nicht, bin ich trotzdem dankbar, dass es euch gibt

Zitat:

OTL logfile created on: 10.11.2011 17:08:07 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Fluppe\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 67,15% Memory free
4,22 Gb Paging File | 3,07 Gb Available in Paging File | 72,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 56,13 Gb Free Space | 80,60% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 25,08 Gb Free Space | 36,01% Space Free | Partition Type: NTFS
Drive E: | 234,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 1,90 Gb Total Space | 1,90 Gb Free Space | 99,87% Space Free | Partition Type: FAT

Computer Name: FLUPPE-PC | User Name: Fluppe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.11.10 17:38:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Fluppe\Desktop\OTL.exe
PRC - [2007.09.26 09:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007.08.29 10:35:38 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2007.07.24 11:21:26 | 000,450,560 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.07.12 16:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.06.15 06:45:00 | 000,850,704 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2007.06.13 16:56:18 | 000,765,952 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007.04.25 16:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
PRC - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007.02.09 06:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006.11.21 21:39:34 | 000,107,624 | ---- | M] (Symantec Corporation) -- c:\Programme\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006.11.21 21:39:22 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccApp.exe
PRC - [2006.11.21 21:38:24 | 000,046,736 | ---- | M] (Symantec Corporation) -- c:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2006.11.02 13:35:15 | 001,196,032 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006.04.14 09:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

========== Modules (No Company Name) ==========

MOD - [2007.11.13 13:12:05 | 001,675,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2764.39489__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dl l
MOD - [2007.11.13 13:12:05 | 000,360,448 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2764.39718__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2007.11.13 13:12:05 | 000,237,568 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2764.39446__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2007.11.13 13:12:05 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2764.39503__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2007.11.13 13:12:05 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2764.39709__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2007.11.13 13:12:05 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2764.39668__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2007.11.13 13:12:05 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2764.39480__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2007.11.13 13:12:05 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2764.39502__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
MOD - [2007.11.13 13:12:05 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2764.39601__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l
MOD - [2007.11.13 13:12:05 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2764.39466__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll
MOD - [2007.11.13 13:12:05 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2729.30202__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2007.11.13 13:12:05 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2729.30197__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2007.11.13 13:12:05 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2729.30224__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2007.11.13 13:12:05 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2729.30212__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2007.11.13 13:12:05 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2729.30222__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2007.11.13 13:12:04 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2729.30178__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2007.11.13 13:12:04 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2729.30199__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2007.11.13 13:12:04 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2007.11.13 13:12:04 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2729.30174__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2007.11.13 13:12:04 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2729.30313__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2007.11.13 13:12:04 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2729.30184__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2007.11.13 13:12:04 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2729.30259__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2007.11.13 13:12:04 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2729.30211__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2007.11.13 13:12:04 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2729.30185__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2007.11.13 13:12:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2729.30207__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2007.11.13 13:12:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2729.30242__90ba9c70f846762e\DEM.OS.dll
MOD - [2007.11.13 13:12:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2729.30256__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2007.11.13 13:12:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2007.11.13 13:12:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2729.30203__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2007.11.13 13:12:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2729.30216__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2007.11.13 13:12:03 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2729.30231__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2007.11.13 13:12:03 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2729.30219__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2007.11.13 13:12:03 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2729.30230__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2007.11.13 13:12:03 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2729.30213__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2007.11.13 13:12:03 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2729.30212__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2007.11.13 13:12:03 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2729.30176__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2007.11.13 13:12:03 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2007.11.13 13:12:03 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2729.30216__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l
MOD - [2007.11.13 13:12:03 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2729.30208__90ba9c70f846762e\APM.Foundation.dll
MOD - [2007.11.13 13:12:03 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2729.30201__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2007.11.13 13:11:55 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2764.39776__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2007.11.13 13:11:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2764.39723_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2007.11.13 13:11:55 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2764.39436__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2007.11.13 13:11:54 | 000,471,040 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2764.39475__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2007.11.13 13:11:54 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2764.39723__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2007.11.13 13:11:54 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2764.39730__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2007.11.13 13:11:54 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2764.39438__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2007.11.13 13:11:54 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2764.39729__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2007.11.13 13:11:54 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2729.30193__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2007.11.13 13:11:54 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2729.30209__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2007.11.13 13:11:54 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2729.30188__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2007.11.13 13:11:54 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2729.30258__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2007.11.13 13:11:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2729.30211__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2007.11.13 13:11:53 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2764.39438__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2007.11.13 13:11:53 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2764.39437__90ba9c70f846762e\APM.Server.dll
MOD - [2007.11.13 13:11:53 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2729.30205__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2007.11.13 13:11:53 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2764.39730__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2007.11.13 13:11:53 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2007.11.13 13:11:53 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2729.30243__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2007.11.13 13:11:50 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2764.39436__90ba9c70f846762e\AEM.Server.dll
MOD - [2007.08.29 10:35:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2007.08.29 10:34:34 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2007.07.28 08:26:30 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007.07.24 10:39:40 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2007.07.05 02:01:23 | 000,430,080 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2007.07.05 02:01:16 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.06.28 18:50:56 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
MOD - [2007.06.28 18:50:56 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll
MOD - [2007.06.28 18:50:38 | 000,010,752 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll
MOD - [2007.06.28 18:50:36 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
MOD - [2007.06.28 18:50:28 | 003,420,160 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
MOD - [2007.06.28 18:50:20 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
MOD - [2007.06.15 06:46:00 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
MOD - [2007.06.13 16:56:36 | 000,249,856 | R--- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
MOD - [2007.05.24 09:53:34 | 000,106,496 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll
MOD - [2007.05.24 09:53:32 | 000,679,936 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll
MOD - [2007.04.25 16:31:00 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll
MOD - [2007.04.25 16:30:44 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll
MOD - [2007.04.11 16:42:40 | 000,307,200 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
MOD - [2007.04.11 15:07:46 | 000,077,824 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\de\ePresentationCTL.resources.dll
MOD - [2007.03.22 16:30:30 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2007.02.13 06:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
MOD - [2006.11.02 14:08:49 | 001,060,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3fe3f7ba542ab78e52e49d19640a7e64\System.Management.ni.dll
MOD - [2006.11.02 14:04:44 | 012,156,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\77385d6b0a1556395d8d0ec4a2e77bdc\System.Web.ni.dll
MOD - [2006.11.02 13:57:48 | 000,815,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\bf5e1558dda3eb1bd0513a9e7f6c9e52\System.Runtime.Remoting.ni.dll
MOD - [2006.11.02 13:57:34 | 013,148,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\35a9f19f21aac42b979be321f1bb5fd4\System.Windows.Forms.ni.dll
MOD - [2006.11.02 13:56:59 | 001,617,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\70c145ed25af403aa899ffcb633350b1\System.Drawing.ni.dll
MOD - [2006.11.02 13:56:48 | 005,619,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f76a7622c73e26e4d2daf54068d7ff79\System.Xml.ni.dll
MOD - [2006.11.02 13:56:39 | 001,003,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d7b63c1d2ab17ac3cc24881c4ff78b63\System.Configuration.ni.dll
MOD - [2006.11.02 13:56:38 | 000,229,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\61b951bd03727a096c1c02cb18d5ce30\System.ServiceProcess.ni.dll
MOD - [2006.11.02 13:55:23 | 008,151,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\fcc712bc5da45a672e7f1ad176dbd5a5\System.ni.dll
MOD - [2006.11.02 13:55:10 | 011,628,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7fe79782947b85d961fd55cb5e02a129\mscorlib.ni.dll
MOD - [2006.10.20 02:14:52 | 000,368,640 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

========== Win32 Services (SafeList) ==========

SRV - [2007.09.26 09:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.09.26 09:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.07.04 17:00:09 | 001,174,152 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007.07.04 16:27:18 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006.11.21 21:39:34 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2006.11.21 21:39:34 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006.11.21 21:39:34 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006.11.21 21:38:24 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006.11.21 21:37:18 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006.11.21 21:36:32 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)

========== Driver Services (SafeList) ==========

DRV - [2008.04.15 09:00:00 | 000,866,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080415.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2008.04.15 09:00:00 | 000,089,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080415.003\NAVENG.SYS -- (NAVENG)
DRV - [2008.04.04 16:47:34 | 000,261,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20080407.003\IDSvix86.sys -- (IDSvix86)
DRV - [2008.03.18 14:13:34 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008.03.18 14:13:34 | 000,109,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2007.08.08 17:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.07.28 08:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.07.04 17:01:31 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007.05.02 12:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007.03.02 18:19:34 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007.02.07 18:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2006.11.29 01:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.21 21:40:58 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006.11.21 21:40:58 | 000,144,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2006.11.21 21:40:58 | 000,038,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2006.11.21 21:40:58 | 000,037,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2006.11.21 21:40:58 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006.11.21 21:40:58 | 000,011,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2006.11.21 21:40:50 | 000,275,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2006.11.21 21:40:50 | 000,024,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2006.11.21 21:40:48 | 000,245,880 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2006.11.21 21:40:42 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.02 08:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006.09.19 16:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008.04.16 19:42:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008.04.16 19:42:23 | 000,000,000 | ---D | M]

[2008.04.16 19:42:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fluppe\AppData\Roaming\mozilla\Firefox\Profiles\qhds8q09.default\extensions
[2008.04.16 19:42:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.04.16 19:42:29 | 000,000,000 | ---D | M] (Talkback) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org
[2008.03.12 12:15:22 | 000,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008.03.12 12:15:22 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008.03.12 12:15:22 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2008.03.12 12:15:22 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008.03.12 12:15:22 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2006.08.24 22:07:50 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2006.08.24 22:07:50 | 000,001,063 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2006.11.10 12:42:00 | 000,000,998 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2006.11.10 23:32:03 | 000,000,815 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [osCheck] c:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.6.96.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56DD1A89-E996-44B2-9D4B-0CDB38641D96}: DhcpNameServer = 192.167.159.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0E156F1-D108-49E4-AC91-2F09F96711B0}: DhcpNameServer = 10.6.96.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\ACER01.bmp
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\ACER01.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.11.10 17:04:04 | 000,000,000 | ---D | C] -- C:\Users\Fluppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2011.11.10 17:00:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Fluppe\Desktop\OTL.exe
[2011.11.10 16:37:09 | 000,123,392 | ---- | C] (Kaspersky Lab) -- C:\Users\Fluppe\Desktop\digita_cure.exe
[2011.11.10 16:16:39 | 000,120,584 | ---- | C] (Kaspersky Lab) -- C:\Users\Fluppe\Desktop\pmaxkiller.exe
[2011.11.10 16:09:23 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Fluppe\Desktop\TDSSKiller.exe
[2011.11.09 22:01:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2007.11.13 13:24:25 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007.11.13 13:04:08 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[2007.11.13 13:04:07 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2007.11.13 13:04:07 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2007.07.04 17:20:35 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

========== Files - Modified Within 30 Days ==========

[2011.11.10 17:38:54 | 000,302,592 | ---- | M] () -- C:\Users\Fluppe\Desktop\7nx6510j.exe
[2011.11.10 17:38:42 | 000,050,477 | ---- | M] () -- C:\Users\Fluppe\Desktop\Defogger.exe
[2011.11.10 17:38:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Fluppe\Desktop\OTL.exe
[2011.11.10 17:30:32 | 000,495,616 | ---- | M] () -- C:\Users\Fluppe\Desktop\antinimd.exe
[2011.11.10 17:30:28 | 000,123,392 | ---- | M] (Kaspersky Lab) -- C:\Users\Fluppe\Desktop\digita_cure.exe
[2011.11.10 17:30:28 | 000,049,213 | ---- | M] () -- C:\Users\Fluppe\Desktop\digita_cure.zip
[2011.11.10 17:11:44 | 000,698,314 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.10 17:11:44 | 000,656,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.10 17:11:44 | 000,140,232 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.10 17:11:44 | 000,121,446 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.10 17:04:05 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.10 17:04:05 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.10 17:03:51 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2011.11.10 17:03:45 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.10 17:01:42 | 000,000,000 | ---- | M] () -- C:\Users\Fluppe\defogger_reenable
[2011.11.10 16:58:26 | 000,120,584 | ---- | M] (Kaspersky Lab) -- C:\Users\Fluppe\Desktop\pmaxkiller.exe
[2011.11.10 16:56:30 | 001,545,505 | ---- | M] () -- C:\Users\Fluppe\Desktop\tdsskiller.zip
[2011.11.09 16:49:00 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Fluppe\Desktop\TDSSKiller.exe

========== Files Created - No Company Name ==========

[2011.11.10 17:03:45 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys
[2011.11.10 17:00:47 | 000,000,000 | ---- | C] () -- C:\Users\Fluppe\defogger_reenable
[2011.11.10 17:00:27 | 000,302,592 | ---- | C] () -- C:\Users\Fluppe\Desktop\7nx6510j.exe
[2011.11.10 17:00:27 | 000,050,477 | ---- | C] () -- C:\Users\Fluppe\Desktop\Defogger.exe
[2011.11.10 16:37:09 | 001,545,505 | ---- | C] () -- C:\Users\Fluppe\Desktop\tdsskiller.zip
[2011.11.10 16:37:09 | 000,495,616 | ---- | C] () -- C:\Users\Fluppe\Desktop\antinimd.exe
[2011.11.10 16:37:09 | 000,049,213 | ---- | C] () -- C:\Users\Fluppe\Desktop\digita_cure.zip
[2008.04.17 10:08:57 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008.04.16 19:42:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007.11.13 22:48:22 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007.11.13 22:48:22 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.11.13 22:48:22 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007.11.13 13:25:12 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007.11.13 13:25:12 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007.11.13 13:24:25 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007.11.13 13:23:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007.11.13 13:23:03 | 000,000,000 | ---- | C] () -- C:\Windows\setup.INI
[2007.11.13 13:04:08 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007.07.05 02:03:04 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007.07.05 02:03:03 | 000,698,314 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007.07.05 02:03:03 | 000,140,232 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.07.05 02:03:03 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.07.05 01:54:52 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.07.04 17:20:33 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007.07.04 16:32:20 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007.04.25 16:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007.04.25 16:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007.04.25 16:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007.04.25 16:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007.04.25 16:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007.04.25 16:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2007.04.18 10:19:21 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2007.04.18 10:19:21 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2007.04.18 10:19:21 | 000,000,041 | ---- | C] () -- C:\Windows\PreLaunch.ini
[2006.12.25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006.11.13 05:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006.11.02 13:57:28 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,371,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,656,850 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,121,446 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 08:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011.11.09 22:04:58 | 000,007,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2011.11.09 22:01:52 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2008.04.16 19:10:35 | 000,000,000 | ---D | M] -- C:\Acer
[2007.11.13 22:48:36 | 000,000,000 | ---D | M] -- C:\Book
[2006.11.11 08:41:40 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.04.16 19:06:36 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.04.16 19:10:45 | 000,000,000 | ---D | M] -- C:\elements
[2007.07.04 17:09:45 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.04.16 19:42:21 | 000,000,000 | R--D | M] -- C:\Program Files
[2008.04.16 19:26:21 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.04.16 19:06:36 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.11.10 17:12:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.04.16 19:10:27 | 000,000,000 | R--D | M] -- C:\Users
[2011.11.10 17:05:13 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >

< MD5 for: EXPLORER.EXE >
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe

< MD5 for: REGEDIT.EXE >
[2006.11.02 10:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\regedit.exe
[2006.11.02 10:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe

< MD5 for: USERINIT.EXE >
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WININIT.EXE >
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\System32\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Gruß subh

cosinus · 10.11.2011, 21:58

Zitat:

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16512)

Warum fehlen auf diesem System jegliche Updates?

S1, SP2, IE9 => alles Fehlanzeige!

subh · 10.11.2011, 22:02

Gute Frage.

Updaten und alles noch mal loggen und posten? Oder wie soll ich weiter vorgehen?

gruß subh

cosinus · 10.11.2011, 22:04

Nee, ich wollte erstmal wisse ob das einen triftigen Grund hat oder ob das einfach nur Schlamperei ist

Falls wir die Kiste gut bereinigt bekommen und hinterher alls wieder gut läuft geht es an die Updates. Das ist der letzte Schritt.

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

subh · 10.11.2011, 22:07

Danke Arne!

Wird so schnell wie möglich erledigt.

gruß subh

subh · 11.11.2011, 09:53

So die log files sind im Anhang.

Danke!!

subh · 11.11.2011, 10:40

Übrigens haben die Scanner nichts gefunden....irgendwie merkwürdig...
Hab jetzt auch erfahren warum die Updates nicht drauf sind. Der Besitzer hat auf dem Notebook die Systemwiederherstellung laufen lassen und da sind die Updates wohl entfernt worden...

gruß subh

cosinus · 11.11.2011, 14:53

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

subh · 11.11.2011, 14:56

Nein, hab eben nachgeschaut. Dort ist nur die eine Datei vorhanden. War auch der erste Scan mit Malwarebytes auf dem Ding.

cosinus · 11.11.2011, 15:15

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://de.rd.yahoo.com/customize/ycomp/defaults/sp/*http://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Tour] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

subh · 11.11.2011, 15:43

Juhu!

Ich habe den Fix ausgeführt. Log Datei im Anhang!

Danke Arne!

gruß subh

subh · 11.11.2011, 15:44

sorry, log noch mal

cosinus · 11.11.2011, 15:52

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

subh · 11.11.2011, 15:59

Ok. Hier das log file:

Zitat:

15:55:29.0909 5960 TDSS rootkit removing tool 2.6.17.0 Nov 9 2011 16:48:26
15:55:31.0952 5960 ============================================================
15:55:31.0952 5960 Current date / time: 2011/11/11 15:55:31.0952
15:55:31.0952 5960 SystemInfo:
15:55:31.0952 5960
15:55:31.0952 5960 OS Version: 6.0.6000 ServicePack: 0.0
15:55:31.0952 5960 Product type: Workstation
15:55:31.0952 5960 ComputerName: FLUPPE-PC
15:55:31.0952 5960 UserName: Fluppe
15:55:31.0952 5960 Windows directory: C:\Windows
15:55:31.0952 5960 System windows directory: C:\Windows
15:55:31.0952 5960 Processor architecture: Intel x86
15:55:31.0952 5960 Number of processors: 2
15:55:31.0952 5960 Page size: 0x1000
15:55:31.0952 5960 Boot type: Normal boot
15:55:31.0952 5960 ============================================================
15:55:32.0873 5960 Initialize success
15:55:50.0641 5008 ============================================================
15:55:50.0641 5008 Scan started
15:55:50.0641 5008 Mode: Manual; SigCheck; TDLFS;
15:55:50.0641 5008 ============================================================
15:55:51.0312 5008 ACPI (192bdbd1540645c4a2aa69f24cce197f) C:\Windows\system32\drivers\acpi.sys
15:55:51.0359 5008 ACPI - ok
15:55:51.0421 5008 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
15:55:51.0530 5008 adp94xx - ok
15:55:51.0702 5008 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
15:55:51.0749 5008 adpahci - ok
15:55:51.0764 5008 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
15:55:51.0811 5008 adpu160m - ok
15:55:51.0827 5008 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
15:55:51.0858 5008 adpu320 - ok
15:55:51.0905 5008 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
15:55:52.0014 5008 AFD - ok
15:55:52.0123 5008 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
15:55:52.0170 5008 agp440 - ok
15:55:52.0201 5008 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:55:52.0248 5008 aic78xx - ok
15:55:52.0279 5008 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
15:55:52.0310 5008 aliide - ok
15:55:52.0342 5008 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
15:55:52.0373 5008 amdagp - ok
15:55:52.0388 5008 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
15:55:52.0435 5008 amdide - ok
15:55:52.0544 5008 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
15:55:52.0622 5008 AmdK7 - ok
15:55:52.0638 5008 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
15:55:52.0732 5008 AmdK8 - ok
15:55:52.0747 5008 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
15:55:52.0794 5008 arc - ok
15:55:52.0825 5008 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
15:55:52.0856 5008 arcsas - ok
15:55:52.0950 5008 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
15:55:53.0059 5008 AsyncMac - ok
15:55:53.0075 5008 atapi (9e7e85ec61d1c9c3171cc08427108863) C:\Windows\system32\drivers\atapi.sys
15:55:53.0122 5008 atapi - ok
15:55:53.0153 5008 athr (6046a55f79de9c581b8d5e9c1366cc81) C:\Windows\system32\DRIVERS\athr.sys
15:55:53.0309 5008 athr - ok
15:55:53.0496 5008 atikmdag (22d300f835600c9c634860cf2912f9cf) C:\Windows\system32\DRIVERS\atikmdag.sys
15:55:53.0652 5008 atikmdag - ok
15:55:53.0808 5008 b57nd60x (0b92ccf7bfcbe2b33838434f2f50cb61) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:55:53.0870 5008 b57nd60x - ok
15:55:53.0948 5008 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
15:55:54.0058 5008 Beep - ok
15:55:54.0136 5008 blbdrive - ok
15:55:54.0182 5008 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
15:55:54.0276 5008 bowser - ok
15:55:54.0307 5008 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:55:54.0401 5008 BrFiltLo - ok
15:55:54.0494 5008 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:55:54.0588 5008 BrFiltUp - ok
15:55:54.0635 5008 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:55:54.0728 5008 Brserid - ok
15:55:54.0744 5008 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:55:54.0853 5008 BrSerWdm - ok
15:55:54.0947 5008 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:55:55.0025 5008 BrUsbMdm - ok
15:55:55.0056 5008 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:55:55.0134 5008 BrUsbSer - ok
15:55:55.0165 5008 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:55:55.0274 5008 BTHMODEM - ok
15:55:55.0368 5008 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
15:55:55.0462 5008 cdfs - ok
15:55:55.0493 5008 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
15:55:55.0586 5008 cdrom - ok
15:55:55.0602 5008 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
15:55:55.0680 5008 circlass - ok
15:55:55.0711 5008 CLFS (51b4b82560e49c415ae5b1337d635c3f) C:\Windows\system32\CLFS.sys
15:55:55.0758 5008 CLFS - ok
15:55:55.0867 5008 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
15:55:55.0961 5008 CmBatt - ok
15:55:55.0961 5008 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
15:55:56.0008 5008 cmdide - ok
15:55:56.0023 5008 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\DRIVERS\compbatt.sys
15:55:56.0070 5008 Compbatt - ok
15:55:56.0086 5008 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
15:55:56.0117 5008 crcdisk - ok
15:55:56.0132 5008 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
15:55:56.0226 5008 Crusoe - ok
15:55:56.0351 5008 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
15:55:56.0444 5008 DfsC - ok
15:55:56.0507 5008 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
15:55:56.0538 5008 disk - ok
15:55:56.0585 5008 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
15:55:56.0678 5008 DKbFltr - ok
15:55:56.0772 5008 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
15:55:56.0866 5008 drmkaud - ok
15:55:56.0912 5008 DXGKrnl (f032a2f91287a0b800891c7bef9ca7a8) C:\Windows\System32\drivers\dxgkrnl.sys
15:55:57.0068 5008 DXGKrnl - ok
15:55:57.0162 5008 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:55:57.0256 5008 E1G60 - ok
15:55:57.0302 5008 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
15:55:57.0334 5008 Ecache - ok
15:55:57.0427 5008 eeCtrl (e89cc1363cb7f5320ae3b41c1333d0c3) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:55:57.0505 5008 eeCtrl - ok
15:55:57.0677 5008 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
15:55:57.0724 5008 elxstor - ok
15:55:57.0802 5008 EraserUtilRebootDrv (e7d1a496c71cd56bdd97f32c9141a03b) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:55:57.0833 5008 EraserUtilRebootDrv - ok
15:55:57.0895 5008 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
15:55:57.0989 5008 fastfat - ok
15:55:58.0098 5008 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
15:55:58.0176 5008 fdc - ok
15:55:58.0207 5008 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
15:55:58.0254 5008 FileInfo - ok
15:55:58.0270 5008 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
15:55:58.0363 5008 Filetrace - ok
15:55:58.0394 5008 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
15:55:58.0472 5008 flpydisk - ok
15:55:58.0582 5008 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
15:55:58.0628 5008 FltMgr - ok
15:55:58.0660 5008 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
15:55:58.0738 5008 Fs_Rec - ok
15:55:58.0784 5008 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
15:55:58.0816 5008 gagp30kx - ok
15:55:58.0940 5008 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
15:55:59.0034 5008 HdAudAddService - ok
15:55:59.0065 5008 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:55:59.0096 5008 HDAudBus - ok
15:55:59.0112 5008 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:55:59.0206 5008 HidBth - ok
15:55:59.0221 5008 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:55:59.0315 5008 HidIr - ok
15:55:59.0424 5008 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
15:55:59.0471 5008 HidUsb - ok
15:55:59.0518 5008 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
15:55:59.0549 5008 HpCISSs - ok
15:55:59.0611 5008 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:55:59.0705 5008 HSFHWAZL - ok
15:55:59.0830 5008 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:56:00.0079 5008 HSF_DPV - ok
15:56:00.0235 5008 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:56:00.0298 5008 HSXHWAZL - ok
15:56:00.0329 5008 HTTP (f31d27ccf514549a17e79bebe01b40b6) C:\Windows\system32\drivers\HTTP.sys
15:56:00.0485 5008 HTTP - ok
15:56:00.0594 5008 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
15:56:00.0641 5008 i2omp - ok
15:56:00.0672 5008 i8042prt (1060f1377f395a242e27719440ece602) C:\Windows\system32\DRIVERS\i8042prt.sys
15:56:00.0766 5008 i8042prt - ok
15:56:00.0953 5008 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:56:01.0109 5008 ialm - ok
15:56:01.0218 5008 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys
15:56:01.0249 5008 iaStor - ok
15:56:01.0280 5008 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
15:56:01.0327 5008 iaStorV - ok
15:56:01.0405 5008 IDSvix86 (f49b22e2cc15de6e752fc8cb24eb7069) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080407.003\IDSvix86.sys
15:56:01.0452 5008 IDSvix86 - ok
15:56:01.0468 5008 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:56:01.0499 5008 iirsp - ok
15:56:01.0624 5008 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Windows\system32\drivers\int15.sys
15:56:01.0655 5008 int15 - ok
15:56:01.0764 5008 IntcAzAudAddService (9438fe15da89c6aace8a79db2c6f60c1) C:\Windows\system32\drivers\RTKVHDA.sys
15:56:01.0873 5008 IntcAzAudAddService - ok
15:56:01.0998 5008 intelide (1b16626beae3a52e611fc681cd796f86) C:\Windows\system32\drivers\intelide.sys
15:56:02.0029 5008 intelide - ok
15:56:02.0060 5008 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
15:56:02.0138 5008 intelppm - ok
15:56:02.0170 5008 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:56:02.0263 5008 IpFilterDriver - ok
15:56:02.0279 5008 IpInIp - ok
15:56:02.0294 5008 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
15:56:02.0372 5008 IPMIDRV - ok
15:56:02.0404 5008 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
15:56:02.0497 5008 IPNAT - ok
15:56:02.0638 5008 irda (f11a90fb3f44f37ad10a4893bb690065) C:\Windows\system32\DRIVERS\irda.sys
15:56:02.0716 5008 irda - ok
15:56:02.0747 5008 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
15:56:02.0825 5008 IRENUM - ok
15:56:02.0856 5008 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
15:56:02.0903 5008 isapnp - ok
15:56:02.0918 5008 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
15:56:02.0934 5008 iScsiPrt - ok
15:56:02.0965 5008 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:56:02.0996 5008 iteatapi - ok
15:56:03.0012 5008 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:56:03.0059 5008 iteraid - ok
15:56:03.0168 5008 kbdclass (1a48765f92ba1a88445fc25c9c9d94fc) C:\Windows\system32\DRIVERS\kbdclass.sys
15:56:03.0215 5008 kbdclass - ok
15:56:03.0230 5008 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
15:56:03.0324 5008 kbdhid - ok
15:56:03.0371 5008 KSecDD (11d0bc1f2afd8abbb5a3dc47a042de54) C:\Windows\system32\Drivers\ksecdd.sys
15:56:03.0449 5008 KSecDD - ok
15:56:03.0667 5008 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
15:56:03.0761 5008 lltdio - ok
15:56:03.0823 5008 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
15:56:03.0854 5008 LSI_FC - ok
15:56:03.0886 5008 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
15:56:03.0932 5008 LSI_SAS - ok
15:56:04.0042 5008 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
15:56:04.0088 5008 LSI_SCSI - ok
15:56:04.0120 5008 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
15:56:04.0198 5008 luafv - ok
15:56:04.0229 5008 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:56:04.0276 5008 mdmxsdk - ok
15:56:04.0416 5008 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
15:56:04.0463 5008 megasas - ok
15:56:04.0494 5008 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
15:56:04.0572 5008 Modem - ok
15:56:04.0619 5008 monitor (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
15:56:04.0697 5008 monitor - ok
15:56:04.0806 5008 mouclass (3c9469dfb3440555dab070716d768b1e) C:\Windows\system32\DRIVERS\mouclass.sys
15:56:04.0853 5008 mouclass - ok
15:56:04.0868 5008 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\DRIVERS\mouhid.sys
15:56:04.0962 5008 mouhid - ok
15:56:04.0993 5008 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
15:56:05.0040 5008 MountMgr - ok
15:56:05.0056 5008 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
15:56:05.0102 5008 mpio - ok
15:56:05.0134 5008 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
15:56:05.0196 5008 mpsdrv - ok
15:56:05.0336 5008 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:56:05.0383 5008 Mraid35x - ok
15:56:05.0414 5008 MRxDAV (93224014a418b72356462b8f7de6e8c9) C:\Windows\system32\drivers\mrxdav.sys
15:56:05.0461 5008 MRxDAV - ok
15:56:05.0492 5008 mrxsmb (fca7563d87f71c6db0182ca67cc19aa7) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:56:05.0586 5008 mrxsmb - ok
15:56:05.0726 5008 mrxsmb10 (58a9ab5754fa4cabede7401283b5a771) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:56:05.0820 5008 mrxsmb10 - ok
15:56:05.0836 5008 mrxsmb20 (79b09504e4a790104683722cd04f76b4) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:56:05.0929 5008 mrxsmb20 - ok
15:56:05.0960 5008 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys
15:56:05.0992 5008 msahci - ok
15:56:06.0023 5008 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
15:56:06.0054 5008 msdsm - ok
15:56:06.0194 5008 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
15:56:06.0304 5008 Msfs - ok
15:56:06.0319 5008 msisadrv (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys
15:56:06.0366 5008 msisadrv - ok
15:56:06.0382 5008 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
15:56:06.0475 5008 MSKSSRV - ok
15:56:06.0491 5008 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
15:56:06.0584 5008 MSPCLOCK - ok
15:56:06.0694 5008 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
15:56:06.0787 5008 MSPQM - ok
15:56:06.0818 5008 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
15:56:06.0850 5008 MsRPC - ok
15:56:06.0881 5008 mssmbios (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys
15:56:06.0912 5008 mssmbios - ok
15:56:06.0943 5008 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
15:56:07.0037 5008 MSTEE - ok
15:56:07.0162 5008 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
15:56:07.0193 5008 Mup - ok
15:56:07.0240 5008 NativeWifiP (497de786240303ee67ab01f5690c24c2) C:\Windows\system32\DRIVERS\nwifi.sys
15:56:07.0302 5008 NativeWifiP - ok
15:56:07.0364 5008 NAVENG (bdc7f8e4fffd81b6abbf66256b699623) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080415.003\NAVENG.SYS
15:56:07.0396 5008 NAVENG - ok
15:56:07.0458 5008 NAVEX15 (e9ea4236281112471ce905704d5a8418) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080415.003\NAVEX15.SYS
15:56:07.0505 5008 NAVEX15 - ok
15:56:07.0645 5008 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
15:56:07.0739 5008 NDIS - ok
15:56:07.0879 5008 NdisTapi (7584f1794b23b83d63cc124a8c56d103) C:\Windows\system32\DRIVERS\ndistapi.sys
15:56:07.0988 5008 NdisTapi - ok
15:56:08.0004 5008 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
15:56:08.0113 5008 Ndisuio - ok
15:56:08.0144 5008 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
15:56:08.0254 5008 NdisWan - ok
15:56:08.0378 5008 NDProxy (874c12e3ad1431cabc854697d302c563) C:\Windows\system32\drivers\NDProxy.sys
15:56:08.0472 5008 NDProxy - ok
15:56:08.0597 5008 NetBIOS (30eeb75ea6dd31cd813ae0500284455c) C:\Windows\system32\DRIVERS\netbios.sys
15:56:08.0628 5008 NetBIOS - ok
15:56:08.0753 5008 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
15:56:08.0878 5008 netbt - ok
15:56:08.0971 5008 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
15:56:09.0112 5008 NETw3v32 - ok
15:56:09.0346 5008 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
15:56:09.0798 5008 NETw4v32 - ok
15:56:09.0938 5008 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:56:09.0985 5008 nfrd960 - ok
15:56:10.0016 5008 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
15:56:10.0110 5008 Npfs - ok
15:56:10.0141 5008 NSCIRDA (c9294e01e45139fd77e16ec07fd86f61) C:\Windows\system32\DRIVERS\nscirda.sys
15:56:10.0250 5008 NSCIRDA - ok
15:56:10.0360 5008 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
15:56:10.0453 5008 nsiproxy - ok
15:56:10.0516 5008 Ntfs (3f379380a4a2637f559444e338cf1b51) C:\Windows\system32\drivers\Ntfs.sys
15:56:10.0594 5008 Ntfs - ok
15:56:10.0703 5008 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
15:56:10.0750 5008 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
15:56:10.0750 5008 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
15:56:10.0781 5008 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:56:10.0921 5008 ntrigdigi - ok
15:56:11.0046 5008 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
15:56:11.0108 5008 Null - ok
15:56:11.0155 5008 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
15:56:11.0186 5008 nvraid - ok
15:56:11.0218 5008 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
15:56:11.0249 5008 nvstor - ok
15:56:11.0264 5008 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
15:56:11.0311 5008 nv_agp - ok
15:56:11.0327 5008 NwlnkFlt - ok
15:56:11.0342 5008 NwlnkFwd - ok
15:56:11.0374 5008 ohci1394 (953c1ba621f4da9dc7d268ae839a51fb) C:\Windows\system32\DRIVERS\ohci1394.sys
15:56:11.0420 5008 ohci1394 - ok
15:56:11.0545 5008 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:56:11.0639 5008 Parport - ok
15:56:11.0748 5008 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
15:56:11.0795 5008 partmgr - ok
15:56:11.0810 5008 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:56:11.0904 5008 Parvdm - ok
15:56:12.0185 5008 pci (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys
15:56:12.0216 5008 pci - ok
15:56:12.0341 5008 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
15:56:12.0372 5008 pciide - ok
15:56:12.0403 5008 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
15:56:12.0450 5008 pcmcia - ok
15:56:12.0512 5008 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:56:12.0622 5008 PEAUTH - ok
15:56:12.0793 5008 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
15:56:12.0840 5008 PptpMiniport - ok
15:56:12.0856 5008 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
15:56:12.0949 5008 Processor - ok
15:56:12.0996 5008 PSched (b74edf14453c9987e99e66535047ebee) C:\Windows\system32\DRIVERS\pacer.sys
15:56:13.0090 5008 PSched - ok
15:56:13.0214 5008 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys
15:56:13.0246 5008 PSDFilter - ok
15:56:13.0261 5008 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys
15:56:13.0292 5008 PSDNServ - ok
15:56:13.0308 5008 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys
15:56:13.0339 5008 psdvdisk - ok
15:56:13.0402 5008 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
15:56:13.0526 5008 ql2300 - ok
15:56:13.0682 5008 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:56:13.0714 5008 ql40xx - ok
15:56:13.0745 5008 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
15:56:13.0792 5008 QWAVEdrv - ok
15:56:13.0838 5008 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
15:56:13.0932 5008 RasAcd - ok
15:56:13.0963 5008 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:56:14.0010 5008 Rasl2tp - ok
15:56:14.0119 5008 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
15:56:14.0213 5008 RasPppoe - ok
15:56:14.0244 5008 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
15:56:14.0338 5008 rdbss - ok
15:56:14.0369 5008 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:56:14.0447 5008 RDPCDD - ok
15:56:14.0572 5008 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
15:56:14.0665 5008 rdpdr - ok
15:56:14.0681 5008 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
15:56:14.0759 5008 RDPENCDD - ok
15:56:14.0790 5008 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
15:56:14.0884 5008 RDPWD - ok
15:56:15.0024 5008 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
15:56:15.0118 5008 rspndr - ok
15:56:15.0133 5008 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
15:56:15.0211 5008 RTL8169 - ok
15:56:15.0242 5008 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:56:15.0289 5008 sbp2port - ok
15:56:15.0320 5008 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
15:56:15.0383 5008 sdbus - ok
15:56:15.0414 5008 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:56:15.0508 5008 secdrv - ok
15:56:15.0632 5008 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:56:15.0726 5008 Serenum - ok
15:56:15.0742 5008 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:56:15.0835 5008 Serial - ok
15:56:15.0866 5008 sermouse (fd06895f55c0bec3cbd84bda14e1c6b7) C:\Windows\system32\drivers\sermouse.sys
15:56:15.0944 5008 sermouse - ok
15:56:16.0163 5008 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
15:56:16.0225 5008 sffdisk - ok
15:56:16.0334 5008 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
15:56:16.0397 5008 sffp_mmc - ok
15:56:16.0444 5008 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
15:56:16.0475 5008 sffp_sd - ok
15:56:16.0506 5008 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:56:16.0584 5008 sfloppy - ok
15:56:16.0615 5008 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
15:56:16.0662 5008 sisagp - ok
15:56:16.0678 5008 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
15:56:16.0709 5008 SiSRaid2 - ok
15:56:16.0724 5008 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
15:56:16.0771 5008 SiSRaid4 - ok
15:56:16.0896 5008 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
15:56:17.0005 5008 Smb - ok
15:56:17.0083 5008 SNP2UVC (53d1e2ecbf26b313ffdd2b8ba3d2f66e) C:\Windows\system32\DRIVERS\snp2uvc.sys
15:56:17.0395 5008 SNP2UVC - ok
15:56:17.0489 5008 SPBBCDrv (905782bcf15b6e5af9905b77923c7fa2) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
15:56:17.0536 5008 SPBBCDrv - ok
15:56:17.0660 5008 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
15:56:17.0692 5008 spldr - ok
15:56:17.0723 5008 SRTSP (15e29eb26dd53eb6385629f4622b5519) C:\Windows\system32\Drivers\SRTSP.SYS
15:56:17.0770 5008 SRTSP - ok
15:56:17.0801 5008 SRTSPL (fd0c0333fae09dbd1170e0d607eca5c8) C:\Windows\system32\Drivers\SRTSPL.SYS
15:56:17.0848 5008 SRTSPL - ok
15:56:17.0863 5008 SRTSPX (7e60a4a4035be470f47c6806da57db99) C:\Windows\system32\Drivers\SRTSPX.SYS
15:56:17.0910 5008 SRTSPX - ok
15:56:17.0941 5008 srv (2c677528b24d64d22886ecbe5cd97f20) C:\Windows\system32\DRIVERS\srv.sys
15:56:18.0050 5008 srv - ok
15:56:18.0160 5008 srv2 (382baf4dcbd7648ced6c64a8a1e335b2) C:\Windows\system32\DRIVERS\srv2.sys
15:56:18.0253 5008 srv2 - ok
15:56:18.0284 5008 srvnet (f8e47a77e1690d8574962b69cb22beb3) C:\Windows\system32\DRIVERS\srvnet.sys
15:56:18.0378 5008 srvnet - ok
15:56:18.0425 5008 swenum (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys
15:56:18.0456 5008 swenum - ok
15:56:18.0487 5008 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:56:18.0534 5008 Symc8xx - ok
15:56:18.0643 5008 SYMDNS (55a216212c89de109bde71a5f440593c) C:\Windows\System32\Drivers\SYMDNS.SYS
15:56:18.0706 5008 SYMDNS - ok
15:56:18.0737 5008 SymEvent (9d98270b5f10a4c84e8da417c30756e1) C:\Windows\system32\Drivers\SYMEVENT.SYS
15:56:18.0784 5008 SymEvent - ok
15:56:18.0830 5008 SYMFW (3f72da2a613ae5da86c7002737fe56b3) C:\Windows\System32\Drivers\SYMFW.SYS
15:56:18.0908 5008 SYMFW - ok
15:56:18.0924 5008 SYMIDS (cf88c0fa1fb45fd49fa1f4adf6251ea6) C:\Windows\System32\Drivers\SYMIDS.SYS
15:56:18.0955 5008 SYMIDS - ok
15:56:18.0971 5008 SYMNDISV (105f0717ab5049a0a40d55c524b4c2e5) C:\Windows\System32\Drivers\SYMNDISV.SYS
15:56:19.0033 5008 SYMNDISV - ok
15:56:19.0049 5008 SYMREDRV (7f4011a719bf30e3dbd84d3a0a45c91c) C:\Windows\System32\Drivers\SYMREDRV.SYS
15:56:19.0111 5008 SYMREDRV - ok
15:56:19.0158 5008 SYMTDI (2f03cbdb0f22278d05d5d616c993ab58) C:\Windows\System32\Drivers\SYMTDI.SYS
15:56:19.0189 5008 SYMTDI - ok
15:56:19.0314 5008 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:56:19.0361 5008 Sym_hi - ok
15:56:19.0376 5008 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:56:19.0439 5008 Sym_u3 - ok
15:56:19.0486 5008 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys
15:56:19.0532 5008 SynTP - ok
15:56:19.0595 5008 Tcpip (d944522b048a5feb7700b5170d3d9423) C:\Windows\system32\drivers\tcpip.sys
15:56:19.0751 5008 Tcpip - ok
15:56:19.0891 5008 Tcpip6 (d944522b048a5feb7700b5170d3d9423) C:\Windows\system32\DRIVERS\tcpip.sys
15:56:20.0000 5008 Tcpip6 - ok
15:56:20.0047 5008 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
15:56:20.0141 5008 tcpipreg - ok
15:56:20.0250 5008 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
15:56:20.0359 5008 TDPIPE - ok
15:56:20.0390 5008 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
15:56:20.0484 5008 TDTCP - ok
15:56:20.0500 5008 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
15:56:20.0593 5008 tdx - ok
15:56:20.0609 5008 TermDD (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys
15:56:20.0640 5008 TermDD - ok
15:56:20.0780 5008 tifm21 (78213f01ce781f93180bef5eb5b3ad81) C:\Windows\system32\drivers\tifm21.sys
15:56:20.0812 5008 tifm21 - ok
15:56:20.0858 5008 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:56:20.0952 5008 tssecsrv - ok
15:56:21.0030 5008 tunmp (a858917785681743c512950fdfa14db7) C:\Windows\system32\DRIVERS\tunmp.sys
15:56:21.0061 5008 tunmp - ok
15:56:21.0077 5008 tunnel (29f1d1d888ee61d20d5662e72aa34129) C:\Windows\system32\DRIVERS\tunnel.sys
15:56:21.0108 5008 tunnel - ok
15:56:21.0124 5008 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
15:56:21.0170 5008 uagp35 - ok
15:56:21.0280 5008 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
15:56:21.0373 5008 udfs - ok
15:56:21.0420 5008 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
15:56:21.0467 5008 uliagpkx - ok
15:56:21.0482 5008 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
15:56:21.0529 5008 uliahci - ok
15:56:21.0545 5008 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:56:21.0576 5008 UlSata - ok
15:56:21.0607 5008 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:56:21.0638 5008 ulsata2 - ok
15:56:21.0748 5008 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
15:56:21.0841 5008 umbus - ok
15:56:21.0888 5008 usbccgp (0adb101083dfa5039b1e65fb36551ab1) C:\Windows\system32\DRIVERS\usbccgp.sys
15:56:21.0935 5008 usbccgp - ok
15:56:21.0966 5008 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:56:22.0044 5008 usbcir - ok
15:56:22.0138 5008 usbehci (11fa3acbf0de0286829c69e01fe705e4) C:\Windows\system32\DRIVERS\usbehci.sys
15:56:22.0200 5008 usbehci - ok
15:56:22.0247 5008 usbhub (6a7858a38b5105731e219e7c6a238730) C:\Windows\system32\DRIVERS\usbhub.sys
15:56:22.0294 5008 usbhub - ok
15:56:22.0325 5008 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:56:22.0403 5008 usbohci - ok
15:56:22.0496 5008 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
15:56:22.0590 5008 usbprint - ok
15:56:22.0637 5008 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:56:22.0668 5008 USBSTOR - ok
15:56:22.0699 5008 usbuhci (4013315fed70a2d293b998cbba4022ee) C:\Windows\system32\DRIVERS\usbuhci.sys
15:56:22.0746 5008 usbuhci - ok
15:56:22.0871 5008 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
15:56:22.0949 5008 usbvideo - ok
15:56:22.0996 5008 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
15:56:23.0089 5008 vga - ok
15:56:23.0105 5008 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
15:56:23.0198 5008 VgaSave - ok
15:56:23.0323 5008 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
15:56:23.0386 5008 viaagp - ok
15:56:23.0432 5008 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
15:56:23.0526 5008 ViaC7 - ok
15:56:23.0557 5008 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
15:56:23.0588 5008 viaide - ok
15:56:23.0620 5008 volmgr (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys
15:56:23.0651 5008 volmgr - ok
15:56:23.0760 5008 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
15:56:23.0791 5008 volmgrx - ok
15:56:23.0838 5008 volsnap (11ef6c1caef76b685233450a126125d6) C:\Windows\system32\drivers\volsnap.sys
15:56:23.0900 5008 volsnap - ok
15:56:23.0994 5008 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
15:56:24.0041 5008 vsmraid - ok
15:56:24.0103 5008 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:56:24.0197 5008 WacomPen - ok
15:56:24.0228 5008 Wanarp (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
15:56:24.0306 5008 Wanarp - ok
15:56:24.0322 5008 Wanarpv6 (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
15:56:24.0384 5008 Wanarpv6 - ok
15:56:24.0415 5008 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
15:56:24.0446 5008 Wd - ok
15:56:24.0493 5008 Wdf01000 (5dfdbd5ef13e4d95be6fc108e2ed4a67) C:\Windows\system32\drivers\Wdf01000.sys
15:56:24.0571 5008 Wdf01000 - ok
15:56:24.0680 5008 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:56:24.0774 5008 winachsf - ok
15:56:24.0914 5008 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:56:24.0992 5008 WmiAcpi - ok
15:56:25.0039 5008 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
15:56:25.0133 5008 ws2ifsl - ok
15:56:25.0180 5008 WSVD (2584df81cc9f7e7bd3545691106f8cae) C:\Windows\system32\drivers\WSVD.sys
15:56:25.0211 5008 WSVD - ok
15:56:25.0320 5008 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:56:25.0398 5008 WUDFRd - ok
15:56:25.0429 5008 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
15:56:25.0476 5008 XAudio - ok
15:56:25.0523 5008 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl
15:56:25.0554 5008 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok
15:56:25.0585 5008 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
15:56:26.0599 5008 \Device\Harddisk0\DR0 - ok
15:56:26.0615 5008 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR2
15:56:26.0818 5008 \Device\Harddisk1\DR2 - ok
15:56:26.0927 5008 Boot (0x1200) (1b863578a762e0496ed1f487ba8dd45c) \Device\Harddisk0\DR0\Partition0
15:56:26.0927 5008 \Device\Harddisk0\DR0\Partition0 - ok
15:56:26.0958 5008 Boot (0x1200) (6a87274163a285c697e78c87627137b3) \Device\Harddisk0\DR0\Partition1
15:56:26.0958 5008 \Device\Harddisk0\DR0\Partition1 - ok
15:56:26.0958 5008 Boot (0x1200) (09e212fe50b619eb722b535dd7f40c24) \Device\Harddisk1\DR2\Partition0
15:56:26.0974 5008 \Device\Harddisk1\DR2\Partition0 - ok
15:56:26.0974 5008 ============================================================
15:56:26.0974 5008 Scan finished
15:56:26.0974 5008 ============================================================
15:56:26.0989 6036 Detected object count: 1
15:56:26.0989 6036 Actual detected object count: 1
15:56:34.0056 6036 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:34.0056 6036 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip

subh · 14.11.2011, 09:54

hi,

der besitzer hat wochende updates installiert....ohne mein wissen....ich hoffe es ist nicht jetzt nicht alles umsonst gewesen..

hier das combofix log:

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-11-12.02 - Fluppe 12.11.2011  15:08:19.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.49.1031.18.2046.1170 [GMT 1:00]
ausgeführt von:: c:\users\Fluppe\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-12 bis 2011-11-12  ))))))))))))))))))))))))))))))
.
.
2011-11-12 14:14 . 2011-11-12 14:19    --------    d-----w-    c:\users\Fluppe\AppData\Local\temp
2011-11-12 14:14 . 2011-11-12 14:14    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-11-11 22:12 . 2011-11-11 22:12    34304    ----a-w-    c:\windows\system32\atmlib.dll
2011-11-11 22:12 . 2011-11-11 22:12    289792    ----a-w-    c:\windows\system32\atmfd.dll
2011-11-11 22:12 . 2011-11-11 22:12    24064    ----a-w-    c:\windows\system32\lpk.dll
2011-11-11 22:12 . 2011-11-11 22:12    156672    ----a-w-    c:\windows\system32\t2embed.dll
2011-11-11 22:12 . 2011-11-11 22:12    10240    ----a-w-    c:\windows\system32\dciman32.dll
2011-11-11 22:12 . 2011-11-11 22:12    72704    ----a-w-    c:\windows\system32\fontsub.dll
2011-11-11 22:06 . 2011-11-11 22:06    61440    ----a-w-    c:\windows\system32\winipsec.dll
2011-11-11 22:06 . 2011-11-11 22:06    28672    ----a-w-    c:\windows\system32\FwRemoteSvr.dll
2011-11-11 22:06 . 2011-11-11 22:06    361984    ----a-w-    c:\windows\system32\IPSECSVC.DLL
2011-11-11 22:06 . 2011-11-11 22:06    272896    ----a-w-    c:\windows\system32\polstore.dll
2011-11-11 22:04 . 2011-11-11 22:04    84992    ----a-w-    c:\windows\system32\drivers\srvnet.sys
2011-11-11 22:04 . 2011-11-11 22:04    306688    ----a-w-    c:\windows\system32\drivers\srv.sys
2011-11-11 22:03 . 2011-11-11 22:03    9728    ----a-w-    c:\windows\system32\TCPSVCS.EXE
2011-11-11 22:03 . 2011-11-11 22:03    8704    ----a-w-    c:\windows\system32\HOSTNAME.EXE
2011-11-11 22:03 . 2011-11-11 22:03    15360    ----a-w-    c:\windows\system32\netevent.dll
2011-11-11 22:03 . 2011-11-11 22:03    11264    ----a-w-    c:\windows\system32\MRINFO.EXE
2011-11-11 22:03 . 2011-11-11 22:03    103936    ----a-w-    c:\windows\system32\netiohlp.dll
2011-11-11 22:03 . 2011-11-11 22:03    27136    ----a-w-    c:\windows\system32\NETSTAT.EXE
2011-11-11 22:03 . 2011-11-11 22:03    19968    ----a-w-    c:\windows\system32\ARP.EXE
2011-11-11 22:03 . 2011-11-11 22:03    17920    ----a-w-    c:\windows\system32\ROUTE.EXE
2011-11-11 22:03 . 2011-11-11 22:03    10240    ----a-w-    c:\windows\system32\finger.exe
2011-11-11 22:01 . 2011-11-11 22:01    194560    ----a-w-    c:\windows\system32\WebClnt.dll
2011-11-11 22:01 . 2011-11-11 22:01    110080    ----a-w-    c:\windows\system32\drivers\mrxdav.sys
2011-11-11 21:59 . 2011-11-11 21:59    123904    ----a-w-    c:\windows\system32\L2SecHC.dll
2011-11-11 21:59 . 2011-11-11 21:59    67584    ----a-w-    c:\windows\system32\wlanhlp.dll
2011-11-11 21:59 . 2011-11-11 21:59    47104    ----a-w-    c:\windows\system32\wlanapi.dll
2011-11-11 21:59 . 2011-11-11 21:59    502272    ----a-w-    c:\windows\system32\wlansvc.dll
2011-11-11 21:59 . 2011-11-11 21:59    297984    ----a-w-    c:\windows\system32\wlansec.dll
2011-11-11 21:59 . 2011-11-11 21:59    290816    ----a-w-    c:\windows\system32\wlanmsm.dll
2011-11-11 21:58 . 2011-11-11 21:58    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2011-11-11 21:58 . 2011-11-11 21:58    1260032    ----a-w-    c:\windows\system32\msxml3.dll
2011-11-11 21:58 . 2011-11-11 21:58    1406464    ----a-w-    c:\windows\system32\msxml6.dll
2011-11-11 21:58 . 2011-11-11 21:58    2048    ----a-w-    c:\windows\system32\msxml6r.dll
2011-11-11 21:56 . 2011-11-11 21:56    216576    ----a-w-    c:\windows\system32\msv1_0.dll
2011-11-11 21:55 . 2011-11-11 21:55    58368    ----a-w-    c:\windows\system32\drivers\mrxsmb20.sys
2011-11-11 21:55 . 2011-11-11 21:55    211968    ----a-w-    c:\windows\system32\drivers\mrxsmb10.sys
2011-11-11 21:54 . 2011-11-11 21:54    102400    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
2011-11-11 21:53 . 2011-11-11 21:53    2855424    ----a-w-    c:\windows\system32\mf.dll
2011-11-11 21:53 . 2011-11-11 21:53    98816    ----a-w-    c:\windows\system32\mfps.dll
2011-11-11 21:53 . 2011-11-11 21:53    52736    ----a-w-    c:\windows\system32\rrinstaller.exe
2011-11-11 21:53 . 2011-11-11 21:53    24576    ----a-w-    c:\windows\system32\mfpmp.exe
2011-11-11 21:53 . 2011-11-11 21:53    2048    ----a-w-    c:\windows\system32\mferror.dll
2011-11-11 21:51 . 2011-11-11 21:51    3502480    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2011-11-11 21:51 . 2011-11-11 21:51    3468168    ----a-w-    c:\windows\system32\ntoskrnl.exe
2011-11-11 21:50 . 2011-11-11 21:50    376832    ----a-w-    c:\windows\system32\winhttp.dll
2011-11-11 21:49 . 2011-11-11 21:49    434176    ----a-w-    c:\windows\system32\vbscript.dll
2011-11-11 21:47 . 2011-11-11 21:47    71680    ----a-w-    c:\windows\system32\atl.dll
2011-11-11 21:46 . 2011-11-11 21:46    297472    ----a-w-    c:\windows\system32\gdi32.dll
2011-11-11 21:43 . 2011-11-11 21:43    500736    ----a-w-    c:\windows\system32\msdtcprx.dll
2011-11-11 21:43 . 2011-11-11 21:43    30208    ----a-w-    c:\windows\system32\xolehlp.dll
2011-11-11 21:42 . 2011-11-11 21:42    156160    ----a-w-    c:\windows\system32\wkssvc.dll
2011-11-11 21:40 . 2011-11-11 21:40    36352    ----a-w-    c:\windows\system32\tsgqec.dll
2011-11-11 21:40 . 2011-11-11 21:40    116736    ----a-w-    c:\windows\system32\aaclient.dll
2011-11-11 21:40 . 2011-11-11 21:40    1871872    ----a-w-    c:\windows\system32\mstscax.dll
2011-11-11 21:39 . 2011-11-11 21:39    303616    ----a-w-    c:\windows\system32\wmpeffects.dll
2011-11-11 21:33 . 2011-11-11 21:33    150016    ----a-w-    c:\program files\Movie Maker\MOVIEMK.exe
2011-11-11 21:33 . 2011-11-11 21:33    10922496    ----a-w-    c:\program files\Movie Maker\MOVIEMK.dll
2011-11-11 21:33 . 2011-11-11 21:33    23040    ----a-w-    c:\program files\Movie Maker\WMM2EXT.dll
2011-11-11 21:33 . 2011-11-11 21:33    195072    ----a-w-    c:\program files\Movie Maker\WMM2AE.dll
2011-11-11 21:28 . 2011-11-11 21:28    2048    ----a-w-    c:\windows\system32\tzres.dll
2011-11-11 21:27 . 2011-11-11 21:27    696832    ----a-w-    c:\windows\system32\localspl.dll
2011-11-11 21:25 . 2011-11-11 21:25    2923520    ----a-w-    c:\windows\explorer.exe
2011-11-11 21:22 . 2011-11-11 21:22    171520    ----a-w-    c:\windows\system32\wintrust.dll
2011-11-11 21:21 . 2011-11-11 21:21    494592    ----a-w-    c:\windows\system32\kerberos.dll
2011-11-11 21:21 . 2011-11-11 21:21    175104    ----a-w-    c:\windows\system32\wdigest.dll
2011-11-11 21:21 . 2011-11-11 21:21    7680    ----a-w-    c:\windows\system32\lsass.exe
2011-11-11 21:21 . 2011-11-11 21:21    72704    ----a-w-    c:\windows\system32\secur32.dll
2011-11-11 21:21 . 2011-11-11 21:21    408136    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2011-11-11 21:21 . 2011-11-11 21:21    1233920    ----a-w-    c:\windows\system32\lsasrv.dll
2011-11-11 21:21 . 2011-11-11 21:21    272384    ----a-w-    c:\windows\system32\schannel.dll
2011-11-11 21:19 . 2011-11-11 21:19    24064    ----a-w-    c:\windows\system32\netcfg.exe
2011-11-11 21:17 . 2011-11-11 21:17    7042560    ----a-w-    c:\windows\system32\NlsLexicons081a.dll
2011-11-11 21:12 . 2011-11-11 21:12    1585664    ----a-w-    c:\windows\system32\setupapi.dll
2011-11-11 21:12 . 2011-11-11 21:12    40960    ----a-w-    c:\windows\system32\srclient.dll
2011-11-11 21:12 . 2011-11-11 21:12    371712    ----a-w-    c:\windows\system32\srcore.dll
2011-11-11 21:12 . 2011-11-11 21:12    313856    ----a-w-    c:\windows\system32\rstrui.exe
2011-11-11 21:12 . 2011-11-11 21:12    16384    ----a-w-    c:\windows\system32\srdelayed.exe
2011-11-11 21:12 . 2011-11-11 21:12    613888    ----a-w-    c:\windows\system32\wpd_ci.dll
2011-11-11 21:08 . 2011-11-11 21:08    549888    ----a-w-    c:\windows\system32\rpcss.dll
2011-11-11 21:08 . 2011-11-11 21:08    654336    ----a-w-    c:\windows\system32\printfilterpipelinesvc.exe
2011-11-11 21:08 . 2011-11-11 21:08    24576    ----a-w-    c:\windows\system32\printfilterpipelineprxy.dll
2011-11-11 21:08 . 2011-11-11 21:08    247296    ----a-w-    c:\windows\system32\wbem\WmiPrvSE.exe
2011-11-11 21:08 . 2011-11-11 21:08    130560    ----a-w-    c:\windows\system32\wbem\WmiDcPrv.dll
2011-11-11 21:08 . 2011-11-11 21:08    614912    ----a-w-    c:\windows\system32\wbem\fastprox.dll
2011-11-11 21:08 . 2011-11-11 21:08    501760    ----a-w-    c:\windows\system32\wbem\WmiPrvSD.dll
2011-11-11 21:08 . 2011-11-11 21:08    53248    ----a-w-    c:\windows\system32\iasads.dll
2011-11-11 21:08 . 2011-11-11 21:08    37888    ----a-w-    c:\windows\system32\iasdatastore.dll
2011-11-11 21:08 . 2011-11-11 21:08    158720    ----a-w-    c:\windows\system32\sdohlp.dll
2011-11-11 21:08 . 2011-11-11 21:08    97280    ----a-w-    c:\windows\system32\iasrecst.dll
2011-11-11 21:06 . 2011-11-11 21:06    62464    ----a-w-    c:\windows\system32\l3codeca.acm
2011-11-11 21:06 . 2011-11-11 21:06    220672    ----a-w-    c:\windows\system32\l3codecp.acm
2011-11-11 21:03 . 2011-11-11 21:03    25088    ----a-w-    c:\windows\system32\drivers\tunnel.sys
2011-11-11 21:03 . 2011-11-11 21:03    179712    ----a-w-    c:\windows\system32\iphlpsvc.dll
2011-11-11 21:03 . 2011-11-11 21:03    15360    ----a-w-    c:\windows\system32\drivers\TUNMP.SYS
2011-11-11 21:03 . 2011-11-11 21:03    22016    ----a-w-    c:\windows\system32\netiougc.exe
2011-11-11 21:03 . 2011-11-11 21:03    213592    ----a-w-    c:\windows\system32\drivers\netio.sys
2011-11-11 21:03 . 2011-11-11 21:03    167424    ----a-w-    c:\windows\system32\tcpipcfg.dll
2011-11-11 21:03 . 2011-11-11 21:03    815104    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2011-11-11 21:02 . 2011-11-11 21:02    454656    ----a-w-    c:\program files\Common Files\System\msadc\msadce.dll
2011-11-11 21:01 . 2011-11-11 21:01    9728    ----a-w-    c:\windows\system32\LAPRXY.DLL
2011-11-11 21:01 . 2011-11-11 21:01    223232    ----a-w-    c:\windows\system32\WMASF.DLL
2011-11-11 21:01 . 2011-11-11 21:01    2048    ----a-w-    c:\windows\system32\asferror.dll
2011-11-11 20:59 . 2011-11-11 20:59    293376    ----a-w-    c:\windows\system32\browserchoice.exe
2011-11-11 20:58 . 2011-11-11 20:58    25600    ----a-w-    c:\windows\system32\amxread.dll
2011-11-11 20:58 . 2011-11-11 20:58    14848    ----a-w-    c:\windows\system32\apilogen.dll
2011-11-11 20:51 . 2011-11-11 20:51    --------    d-----w-    c:\users\Fluppe\AppData\Local\Microsoft Help
2011-11-11 20:45 . 2011-11-11 20:45    97792    ----a-w-    c:\windows\system32\cabview.dll
2011-11-11 20:37 . 2011-11-11 20:37    441856    ----a-w-    c:\windows\system32\win32spl.dll
2011-11-11 20:37 . 2011-11-11 20:37    37376    ----a-w-    c:\windows\system32\printcom.dll
2011-11-11 20:36 . 2011-11-11 20:36    2031104    ----a-w-    c:\windows\system32\win32k.sys
2011-11-11 20:35 . 2011-11-11 20:35    14848    ----a-w-    c:\windows\system32\wshrm.dll
2011-11-11 20:35 . 2011-11-11 20:35    113664    ----a-w-    c:\windows\system32\drivers\rmcast.sys
2011-11-11 20:34 . 2011-11-11 20:34    8147968    ----a-w-    c:\windows\system32\wmploc.DLL
2011-11-11 20:34 . 2011-11-11 20:34    7680    ----a-w-    c:\windows\system32\spwmp.dll
2011-11-11 20:34 . 2011-11-11 20:34    168960    ----a-w-    c:\program files\Windows Media Player\wmplayer.exe
2011-11-11 20:34 . 2011-11-11 20:34    4096    ----a-w-    c:\windows\system32\msdxm.ocx
2011-11-11 20:34 . 2011-11-11 20:34    4096    ----a-w-    c:\windows\system32\dxmasf.dll
2011-11-11 20:34 . 2011-11-11 20:34    107520    ----a-w-    c:\program files\Windows Media Player\wmpshare.exe
2011-11-11 20:34 . 2011-11-11 20:34    107520    ----a-w-    c:\program files\Windows Media Player\wmpconfig.exe
2011-11-11 20:34 . 2011-11-11 20:34    43520    ----a-w-    c:\windows\system32\msdxm.tlb
2011-11-11 20:34 . 2011-11-11 20:34    313344    ----a-w-    c:\windows\system32\wmpdxm.dll
2011-11-11 20:34 . 2011-11-11 20:34    18432    ----a-w-    c:\windows\system32\amcompat.tlb
2011-11-11 20:32 . 2011-11-11 20:32    66048    ----a-w-    c:\program files\Windows Sidebar\sbdrop.dll
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-11 22:10 . 2011-11-11 22:10    52736    ----a-w-    c:\windows\apppatch\iebrshim.dll
2011-11-11 21:12 . 2011-11-11 21:12    5120    ----a-w-    c:\windows\system32\drivers\de-DE\mouclass.sys.mui
2011-11-11 21:12 . 2011-11-11 21:12    3584    ----a-w-    c:\windows\system32\drivers\de-DE\mouhid.sys.mui
2011-11-11 21:12 . 2011-11-11 21:12    6144    ----a-w-    c:\windows\system32\drivers\de-DE\sermouse.sys.mui
2011-11-11 21:12 . 2011-11-11 21:12    5632    ----a-w-    c:\windows\system32\drivers\de-DE\kbdclass.sys.mui
2011-11-11 21:12 . 2011-11-11 21:12    3072    ----a-w-    c:\windows\system32\drivers\de-DE\kbdhid.sys.mui
2011-11-11 21:12 . 2011-11-11 21:12    11264    ----a-w-    c:\windows\system32\drivers\de-DE\i8042prt.sys.mui
2011-11-11 20:58 . 2011-11-11 20:58    40960    ----a-w-    c:\windows\apppatch\apihex86.dll
2011-11-11 17:46 . 2007-07-04 15:58    124464    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2011-11-05 07:10 . 2011-11-12 13:50    134104    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2011-06-24 17:37    86696    ----a-w-    c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2011-06-24 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2011-11-11 1232896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 107112]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-11-21 22696]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2011-06-29 217256]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [N/A]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-4 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20080407.003\IDSvix86.sys [2008-04-04 261680]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2011-04-28 126024]
S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2011-07-05 143624]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2011-04-28 99400]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2011-04-28 111176]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2011-04-28 112712]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-03-18 109616]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-08-03 38448]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - COMHOST
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-12 c:\windows\Tasks\Norton Internet Security - Vollständige Systemprüfung ausführen - Fluppe.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-21 20:35]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uSearchMigratedDefaultURL = 
mStart Page = 
mLocal Page = 
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Fluppe\AppData\Roaming\Mozilla\Firefox\Profiles\qhds8q09.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-eRecoveryService - (no file)
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2332)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\programdata\Panda Security URL Filtering\panda_url_filtering.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\program files\Launch Manager\LManager.exe
c:\acer\Empowering Technology\ENET\ENMTRAY.EXE
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-12  15:25:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-12 14:24
.
Vor Suchlauf: 9 Verzeichnis(se), 45.418.827.776 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 45.224.824.832 Bytes frei
.
- - End Of File - - 4C0327BF5CA0D206975724B905DB8F91

--- --- ---

[/QUOTE]

11.11.2011, 14:53	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundespolizei Trojaner. Öffnet sich beim Start des Systems. Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind. __________________ Logfiles bitte immer in CODE-Tags posten

Bundespolizei Trojaner. Öffnet sich beim Start des Systems.

Log-Analyse und Auswertung: Bundespolizei Trojaner. Öffnet sich beim Start des Systems.