Bundespolizei Trojaner

peter1984 · 23.12.2011, 09:37

Hallo zusammen,
hatte seit gestern abend auch diesen Bundespolizei-Trojaner auf dem Rechner, bei dem der Desktop mit einem großen Bild überschrieben wird, dass man 100 Euro bezahlen soll, damit man weiterarbeiten darf und ansonsten die HDD gelöscht wird.
Habe heute morgen im Abgesicherten Modus gestartet und mir Malewarebytes heruntergeladen.
Das Programm hat 2 Trojaner gefunden und folgende Logdatei ausgegeben:

Zitat:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122304

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

23.12.2011 08:56:39
mbam-log-2011-12-23 (08-56-29).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 168177
Laufzeit: 3 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Peter\AppData\Local\Temp\0.80379981267055.exe (Trojan.Zbot.CBCGen) -> No action taken.
c:\Users\Peter\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\0.80379981267055.exe.lnk (Backdoor.Agent) -> No action taken.

Habe dann OTL heruntergeladen und laufen lassen mit folgenden 2 Logdateien

OTL.txt:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 23.12.2011 09:00:45 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Peter\Downloads
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 64,46% Memory free
5,86 Gb Paging File | 4,73 Gb Available in Paging File | 80,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 67,07 Gb Free Space | 23,26% Space Free | Partition Type: NTFS
 
Computer Name: PETERPC | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Peter\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\logonmore.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\ProgramData\logonmore.exe ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 BC D5 56 0A 37 CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "spiegel.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.2&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.06.02 08:21:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.02 06:16:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.02 08:21:28 | 000,000,000 | ---D | M]
 
[2009.11.16 17:56:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\Extensions
[2011.12.20 19:31:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\ane3nxe5.default\extensions
[2011.12.20 19:31:35 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\ane3nxe5.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.11.14 06:49:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\ane3nxe5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.05.10 12:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\ane3nxe5.default\extensions\nostmp
[2011.12.22 06:44:40 | 000,000,950 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ane3nxe5.default\searchplugins\icqplugin-1.xml
[2011.09.24 19:31:53 | 000,000,950 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ane3nxe5.default\searchplugins\icqplugin-10.xml
[2011.10.02 15:26:04 | 000,000,950 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ane3nxe5.default\searchplugins\icqplugin-11.xml
[2011.10.03 06:47:54 | 000,000,950 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ane3nxe5.default\searchplugins\icqplugin-12.xml
[2011.11.16 19:23:46 | 000,000,950 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ane3nxe5.default\searchplugins\icqplugin-13.xml
[2011.12.02 06:25:13 | 000,000,950 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ane3nxe5.default\searchplugins\icqplugin-14.xml
[2011.05.02 05:33:34 | 000,000,950 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ane3nxe5.default\searchplugins\icqplugin-2.xml
[2011.05.10 12:08:15 | 000,000,950 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ane3nxe5.default\searchplugins\icqplugin-3.xml
[2011.06.23 16:16:14 | 000,000,950 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ane3nxe5.default\searchplugins\icqplugin-4.xml
[2011.07.27 05:37:14 | 000,000,950 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ane3nxe5.default\searchplugins\icqplugin-5.xml
[2011.08.19 07:04:56 | 000,000,950 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ane3nxe5.default\searchplugins\icqplugin-6.xml
[2011.08.19 16:24:55 | 000,000,950 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ane3nxe5.default\searchplugins\icqplugin-7.xml
[2011.08.27 08:05:05 | 000,000,950 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ane3nxe5.default\searchplugins\icqplugin-8.xml
[2011.09.03 00:18:22 | 000,000,950 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ane3nxe5.default\searchplugins\icqplugin-9.xml
[2011.12.18 13:29:14 | 000,000,168 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ane3nxe5.default\searchplugins\icqplugin.gif
[2011.12.18 13:29:14 | 000,000,618 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ane3nxe5.default\searchplugins\icqplugin.src
[2010.12.10 10:34:05 | 000,001,056 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ane3nxe5.default\searchplugins\icqplugin.xml
[2011.12.02 06:16:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ANE3NXE5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ANE3NXE5.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011.12.02 06:16:30 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.02 15:25:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.02 15:25:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.02 15:25:29 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.02 15:25:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 15:25:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.02 15:25:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [cfgSched] C:\Users\Peter\AppData\Roaming\cfgSched.exe ()
O4 - HKCU..\Run: [logonmore] C:\ProgramData\logonmore.exe ()
O4 - Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.145 217.0.43.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03343D9B-EF8C-427A-8973-72148376A066}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{744FFBA9-C5A1-40B0-B421-149EE51D694F}: DhcpNameServer = 217.0.43.145 217.0.43.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A598261-F3A7-453E-B03C-5EBEF6CDE071}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAD88208-4374-42B3-8946-6ED430D95363}: NameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{43588252-3130-11e0-9686-001f16b3a7cf}\Shell - "" = AutoRun
O33 - MountPoints2\{43588252-3130-11e0-9686-001f16b3a7cf}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{4358826a-3130-11e0-9686-001f16b3a7cf}\Shell - "" = AutoRun
O33 - MountPoints2\{4358826a-3130-11e0-9686-001f16b3a7cf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7212fdbf-1cf2-11e1-bc06-001f16b3a7cf}\Shell\AutoRun\command - "" = D:\fscommand\LS_Start_Launch.cmd
O33 - MountPoints2\{7212fdbf-1cf2-11e1-bc06-001f16b3a7cf}\Shell\Launcher\command - "" = D:\fscommand\LS_Start_Launch.cmd
O33 - MountPoints2\{990d0bfc-7f27-11e0-a6c8-001f16b3a7cf}\Shell - "" = AutoRun
O33 - MountPoints2\{990d0bfc-7f27-11e0-a6c8-001f16b3a7cf}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{e3abd241-4f70-11df-adbd-001f16b3a7cf}\Shell - "" = AutoRun
O33 - MountPoints2\{e3abd241-4f70-11df-adbd-001f16b3a7cf}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{e3f54350-3db4-11e0-818d-001f16b3a7cf}\Shell - "" = AutoRun
O33 - MountPoints2\{e3f54350-3db4-11e0-818d-001f16b3a7cf}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.23 08:30:31 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Malwarebytes
[2011.12.23 08:30:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.23 08:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.23 08:30:21 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.23 08:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.22 23:59:51 | 000,000,000 | -HSD | C] -- C:\Users\Peter\AppData\Local\034af41b
[2011.12.20 16:49:31 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Neuer Ordner (2)
[2011.12.13 15:57:16 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\datein von ms
[2011.12.05 08:07:42 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Schul-PC
[2011.12.03 08:49:41 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Bilder vom Foto
[2011.12.02 18:58:42 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Geburtstag
[2011.11.23 11:13:44 | 000,000,000 | ---D | C] -- C:\Users\Peter\Application Data
[2010.08.25 17:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Peter\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Peter\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Peter\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Peter\AppData\Local\bass.dll
[4 C:\Users\Peter\Desktop\*.tmp files -> C:\Users\Peter\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.23 09:04:37 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.23 09:04:37 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.23 09:04:37 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.23 09:04:37 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.23 09:00:35 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.23 09:00:35 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.23 08:58:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.23 08:58:01 | 2359,951,360 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.23 08:30:25 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.22 23:59:38 | 000,067,072 | ---- | M] () -- C:\ProgramData\logonmore.exe
[2011.12.22 23:59:38 | 000,067,072 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\cfgSched.exe
[2011.12.21 14:58:51 | 206,148,460 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.12.13 16:23:05 | 000,000,276 | ---- | M] () -- C:\Windows\MTB40.INI
[2011.12.13 16:23:05 | 000,000,073 | ---- | M] () -- C:\Windows\asym.ini
[2011.12.13 16:23:04 | 000,001,431 | ---- | M] () -- C:\Users\Peter\Desktop\Freihandexperimente Hauptbuch.lnk
[2011.11.27 17:22:16 | 002,453,757 | ---- | M] () -- C:\Users\Peter\Desktop\IMG_1395.JPG
[2011.11.27 16:32:05 | 000,340,157 | ---- | M] () -- C:\Users\Peter\Desktop\IMG_1395 neu.jpg
[2011.11.23 17:03:13 | 000,051,172 | ---- | M] () -- C:\Users\Peter\Desktop\ostern_1_426625.jpg
[4 C:\Users\Peter\Desktop\*.tmp files -> C:\Users\Peter\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.23 08:30:25 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.22 23:59:38 | 000,067,072 | ---- | C] () -- C:\ProgramData\logonmore.exe
[2011.12.22 23:59:38 | 000,067,072 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\cfgSched.exe
[2011.11.27 16:32:03 | 000,340,157 | ---- | C] () -- C:\Users\Peter\Desktop\IMG_1395 neu.jpg
[2011.11.27 16:22:44 | 002,453,757 | ---- | C] () -- C:\Users\Peter\Desktop\IMG_1395.JPG
[2011.11.23 17:03:11 | 000,051,172 | ---- | C] () -- C:\Users\Peter\Desktop\ostern_1_426625.jpg
[2011.09.29 17:06:33 | 000,004,608 | ---- | C] () -- C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.26 21:50:22 | 000,007,595 | ---- | C] () -- C:\Users\Peter\AppData\Local\Resmon.ResmonCfg
[2011.06.13 10:13:15 | 000,000,276 | ---- | C] () -- C:\Windows\MTB40.INI
[2011.06.13 10:12:07 | 000,000,073 | ---- | C] () -- C:\Windows\asym.ini
[2011.02.15 15:13:46 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.12.11 10:12:02 | 000,000,053 | ---- | C] () -- C:\Windows\KMSTMVM.ini
[2010.12.11 10:01:24 | 000,000,027 | ---- | C] () -- C:\Windows\EZSET_SP.INI
[2010.08.25 18:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 18:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 18:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 17:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 17:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 17:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.04.28 17:37:56 | 000,220,160 | ---- | C] () -- C:\Windows\PRINTERS.EXE
[2010.04.28 17:37:56 | 000,026,624 | ---- | C] () -- C:\Windows\System32\PRTmate.dll
[2010.02.28 09:42:16 | 000,001,470 | ---- | C] () -- C:\Users\Peter\AppData\Local\RecConfig.xml
[2010.01.14 13:08:59 | 000,018,944 | ---- | C] () -- C:\Windows\eraser.exe
[2009.12.21 21:33:21 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.12.09 08:15:27 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.11.16 18:06:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll
[2009.11.16 18:01:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.23 21:41:22 | 000,197,424 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009.08.13 21:45:40 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009.07.14 09:47:43 | 000,643,628 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,126,188 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,428,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,606,992 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,103,370 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Peter\AppData\Local\lame_enc.dll
[2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Peter\AppData\Local\vorbisenc.dll
[2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Peter\AppData\Local\vorbisfile.dll
[2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Peter\AppData\Local\vorbis.dll
[2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Peter\AppData\Local\ogg.dll
[2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Peter\AppData\Local\no23xwrapper.dll
 
========== LOP Check ==========
 
[2010.02.02 22:01:28 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\avidemux
[2009.12.21 21:33:31 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Canneverbe_Limited
[2010.02.02 21:06:11 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Cuttermaran
[2011.12.08 07:06:04 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Dropbox
[2011.01.25 21:42:59 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Gutscheinmieze
[2011.08.14 14:57:43 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\ICQ
[2009.11.17 20:13:32 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\MyBible
[2009.11.29 16:59:54 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\OpenOffice.org
[2011.10.09 10:20:50 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:ED98798B

< End of report >

--- --- ---

und Extra.txt:

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 23.12.2011 09:00:45 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Peter\Downloads
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 64,46% Memory free
5,86 Gb Paging File | 4,73 Gb Available in Paging File | 80,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 67,07 Gb Free Space | 23,26% Space Free | Partition Type: NTFS
 
Computer Name: PETERPC | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08B785C1-3893-4154-B53B-F5D341D0AAAA}" = Cisco Systems VPN Client 5.0.06.0110
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{317A50BC-06BE-472D-BDCE-A802AA944B62}_is1" = Image Assistant
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39690898-1226-4455-9D76-A6CAF97BD487}_is1" = MyBible 1.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}" = Cuttermaran 1.70
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.46
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3E7A2A5-A059-4A44-949B-21FBD371A8B8}" = Paint.NET v3.5
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All Sound Recorder Vista_is1" = All Sound Recorder Vista 1.30
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Barricade" = Barricade
"CASSY Lab" = CASSY Lab
"CircSchema_is1" = CircSchema - Circuit Schematic Generator, 19_February_2007,
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GeoGebra" = GeoGebra
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV Source Selector" = Hauppauge WinTV Source Selector
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQToolbar" = ICQ Toolbar
"Kyocera FS-1100 / FS-1300D Printer Library" = Kyocera FS-1100 / FS-1300D Printer Library
"LeechFTP" = LeechFTP 
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"MediaManager" = MediaManager
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"RealPlayer 12.0" = RealPlayer
"SopCast" = SopCast 3.2.4
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yenka" = Yenka
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.12.2011 12:00:15 | Computer Name = PeterPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 20.12.2011 12:00:15 | Computer Name = PeterPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 20.12.2011 12:00:15 | Computer Name = PeterPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 20.12.2011 12:00:15 | Computer Name = PeterPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 21.12.2011 09:59:18 | Computer Name = PeterPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 21.12.2011 09:59:18 | Computer Name = PeterPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 22.12.2011 19:08:32 | Computer Name = PeterPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 22.12.2011 19:08:32 | Computer Name = PeterPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 23.12.2011 03:58:26 | Computer Name = PeterPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 23.12.2011 03:58:26 | Computer Name = PeterPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ Media Center Events ]
Error - 29.11.2009 10:42:09 | Computer Name = PeterPC | Source = MCUpdate | ID = 0
Description = 15:42:09 - Fehler beim Herstellen der Internetverbindung.  15:42:09 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.11.2009 10:42:22 | Computer Name = PeterPC | Source = MCUpdate | ID = 0
Description = 15:42:14 - Fehler beim Herstellen der Internetverbindung.  15:42:14 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 04.12.2009 04:50:37 | Computer Name = PeterPC | Source = MCUpdate | ID = 0
Description = 09:50:37 - Fehler beim Herstellen der Internetverbindung.  09:50:37 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 04.12.2009 04:51:12 | Computer Name = PeterPC | Source = MCUpdate | ID = 0
Description = 09:51:06 - Fehler beim Herstellen der Internetverbindung.  09:51:06 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.12.2009 03:59:39 | Computer Name = PeterPC | Source = MCUpdate | ID = 0
Description = 08:59:39 - Fehler beim Herstellen der Internetverbindung.  08:59:39 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.12.2009 03:59:48 | Computer Name = PeterPC | Source = MCUpdate | ID = 0
Description = 08:59:44 - Fehler beim Herstellen der Internetverbindung.  08:59:44 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12.01.2010 06:38:28 | Computer Name = PeterPC | Source = MCUpdate | ID = 0
Description = 11:38:27 - Fehler beim Herstellen der Internetverbindung.  11:38:28 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 18.01.2010 02:22:04 | Computer Name = PeterPC | Source = MCUpdate | ID = 0
Description = 07:22:03 - Fehler beim Herstellen der Internetverbindung.  07:22:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 02.02.2010 02:49:02 | Computer Name = PeterPC | Source = MCUpdate | ID = 0
Description = 07:49:01 - Fehler beim Herstellen der Internetverbindung.  07:49:01 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.11.2010 12:14:51 | Computer Name = PeterPC | Source = MCUpdate | ID = 0
Description = 17:14:51 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)  
 
[ System Events ]
Error - 23.12.2011 03:24:02 | Computer Name = PeterPC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 23.12.2011 03:24:02 | Computer Name = PeterPC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 23.12.2011 03:24:02 | Computer Name = PeterPC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 23.12.2011 03:24:02 | Computer Name = PeterPC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 23.12.2011 03:24:02 | Computer Name = PeterPC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.
 
Error - 23.12.2011 03:24:02 | Computer Name = PeterPC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 23.12.2011 03:25:43 | Computer Name = PeterPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.12.2011 03:25:45 | Computer Name = PeterPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.12.2011 03:25:45 | Computer Name = PeterPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.12.2011 03:58:32 | Computer Name = PeterPC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
 
< End of report >

--- --- ---

Nun ist dieser Bundespolizei-Trojaner nicht mehr sichtbar - bin mir aber nicht sicher, ob der PC sauber ist (wahrscheinlich ist ers nicht), weil Malwarebytes ununterbrochen die Meldung ausgibt:

Zugang zu einer potentiell gefährlichen Website erfolgreich gestoppt: 77.79.4.149
Art: ausgehend
Port: 45462
Prozess: logonmore.exe

Denke, das bedeutet, dass irgendwas auf meinem Rechner dauernd noch Dinge unternimmt, die nicht so super gewünscht sind.

Wäre super klasse, wenn mir jemand sagen könnte, wie ich diesen Mist weg bekomme.
Danke schonmal

Ach so, ich nutze Windows7 als kostenlose Versin für Studenten aus dem MSDNAA-Programm von Microsoft.

Chris4You · 23.12.2011, 09:55

Hi,

Dateien Online überprüfen lassen

Als erstes versteckte Dateien anzeigen lassen! (nur Punkt 1 durchführen!)

Suche die Seite Virustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code:

ATTFilter

C:\ProgramData\logonmore.exe
C:\Users\Peter\AppData\Roaming\cfgSched.exe

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Beide Dateien bitte hochladen:
Datei hochladen:
http://www.trojaner-board.de/54791-a...ner-board.html
Folge den Anweisungen dort und lade die Datei:

Code:

ATTFilter

C:\ProgramData\logonmore.exe
C:\Users\Peter\AppData\Roaming\cfgSched.exe

hoch.

Alle Funde von MAM löschen lassen!

Fix für OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
O4 - HKCU..\Run: [logonmore] C:\ProgramData\logonmore.exe ()
[2011.12.22 23:59:38 | 000,067,072 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\cfgSched.exe
O33 - MountPoints2\{43588252-3130-11e0-9686-001f16b3a7cf}\Shell - "" = AutoRun
O33 - MountPoints2\{43588252-3130-11e0-9686-001f16b3a7cf}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{4358826a-3130-11e0-9686-001f16b3a7cf}\Shell - "" = AutoRun
O33 - MountPoints2\{4358826a-3130-11e0-9686-001f16b3a7cf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7212fdbf-1cf2-11e1-bc06-001f16b3a7cf}\Shell\AutoRun\command - "" = D:\fscommand\LS_Start_Launch.cmd
O33 - MountPoints2\{7212fdbf-1cf2-11e1-bc06-001f16b3a7cf}\Shell\Launcher\command - "" = D:\fscommand\LS_Start_Launch.cmd
O33 - MountPoints2\{990d0bfc-7f27-11e0-a6c8-001f16b3a7cf}\Shell - "" = AutoRun
O33 - MountPoints2\{990d0bfc-7f27-11e0-a6c8-001f16b3a7cf}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{e3abd241-4f70-11df-adbd-001f16b3a7cf}\Shell - "" = AutoRun
O33 - MountPoints2\{e3abd241-4f70-11df-adbd-001f16b3a7cf}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{e3f54350-3db4-11e0-818d-001f16b3a7cf}\Shell - "" = AutoRun
O33 - MountPoints2\{e3f54350-3db4-11e0-818d-001f16b3a7cf}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
[2011.12.22 23:59:51 | 000,000,000 | -HSD | C] -- C:\Users\Peter\AppData\Local\034af41b
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:ED98798B

:Commands
[emptytemp]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

MAM im Fullscan-Mode, nicht quickscann...& alles löschen lassen!

chris

peter1984 · 23.12.2011, 17:33

Wow, ganz herzlichen Dank schonmal für die schnelle Antwort!!

Hier mal das Ergebnis von Virustotal auf die Datei logonmore.exe:

Zitat:

File name:
logonmore.exe
Submission date:
2011-12-23 16:14:38 (UTC)
Current status:
finished
Result:
9/ 43 (20.9%)

VT Community

not reviewed
Safety score: -

Compact

Print results

Antivirus Version Last Update Result

AhnLab-V3 2011.12.23.00 2011.12.23 -
AntiVir 7.11.19.248 2011.12.23 -
Antiy-AVL 2.0.3.7 2011.12.23 -
Avast 6.0.1289.0 2011.12.23 Win32

ownloader-LYB [Trj]
AVG 10.0.0.1190 2011.12.23 -
BitDefender 7.2 2011.12.23 Gen:Variant.FakeAlert.47
ByteHero 1.0.0.1 2011.12.07 -
CAT-QuickHeal 12.00 2011.12.23 -
ClamAV 0.97.3.0 2011.12.23 -
Commtouch 5.3.2.6 2011.12.23 -
Comodo 11062 2011.12.23 -
DrWeb 5.0.2.03300 2011.12.23 Trojan.DownLoader5.27285
Emsisoft 5.1.0.11 2011.12.23 -
eSafe 7.0.17.0 2011.12.22 -
eTrust-Vet 37.0.9641 2011.12.23 -
F-Prot 4.6.5.141 2011.12.22 -
F-Secure 9.0.16440.0 2011.12.23 Gen:Variant.FakeAlert.47
Fortinet 4.3.388.0 2011.12.23 W32/Xtoober.EDG!tr
GData 22 2011.12.23 Gen:Variant.FakeAlert.47
Ikarus T3.1.1.109.0 2011.12.23 -
Jiangmin 13.0.900 2011.12.23 -
K7AntiVirus 9.120.5757 2011.12.23 -
Kaspersky 9.0.0.837 2011.12.23 -
McAfee 5.400.0.1158 2011.12.23 -
McAfee-GW-Edition 2010.1E 2011.12.23 -
Microsoft 1.7903 2011.12.23 -
NOD32 6738 2011.12.23 a variant of Win32/Kryptik.XXR
Norman 6.07.13 2011.12.23 W32/Ransom.UV
nProtect 2011-12-22.01 2011.12.22 -
Panda 10.0.3.5 2011.12.23 Suspicious file
PCTools 8.0.0.5 2011.12.23 -
Prevx 3.0 2011.12.23 -
Rising 23.89.04.02 2011.12.23 -
Sophos 4.72.0 2011.12.23 -
SUPERAntiSpyware 4.40.0.1006 2011.12.23 -
Symantec 20111.2.0.82 2011.12.23 -
TheHacker 6.7.0.1.362 2011.12.22 -
TrendMicro 9.500.0.1008 2011.12.23 -
TrendMicro-HouseCall 9.500.0.1008 2011.12.23 -
VBA32 3.12.16.4 2011.12.22 -
VIPRE 11293 2011.12.23 -
ViRobot 2011.12.23.4843 2011.12.23 -
VirusBuster 14.1.130.0 2011.12.22 -
Additional information
MD5 : 2217b82683c432acb4c9b992253c170e
SHA1 : 786b585a6130593cbe67531b370dda8caef24bf1
SHA256: eeee77ccac9c8513d7a50c63947aa2fe2b92549ca8597142db8cfac2b84147d7

VT Community

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal Team

und hier das Ergebnis für cfgshed.exe

Zitat:

cfgSched.exe
Submission date:
2011-12-23 16:22:34 (UTC)
Current status:
finished
Result:
10/ 43 (23.3%)

Antivirus Version Last Update Result
AhnLab-V3 2011.12.23.00 2011.12.23 Worm/Win32.QBot
AntiVir 7.11.19.248 2011.12.23 -
Antiy-AVL 2.0.3.7 2011.12.23 -
Avast 6.0.1289.0 2011.12.23 Win32

ownloader-LYB [Trj]
AVG 10.0.0.1190 2011.12.23 -
BitDefender 7.2 2011.12.23 Gen:Variant.FakeAlert.47
ByteHero 1.0.0.1 2011.12.07 -
CAT-QuickHeal 12.00 2011.12.23 -
ClamAV 0.97.3.0 2011.12.23 -
Commtouch 5.3.2.6 2011.12.23 -
Comodo 11062 2011.12.23 -
DrWeb 5.0.2.03300 2011.12.23 Trojan.DownLoader5.27285
Emsisoft 5.1.0.11 2011.12.23 -
eSafe 7.0.17.0 2011.12.22 -
eTrust-Vet 37.0.9641 2011.12.23 -
F-Prot 4.6.5.141 2011.12.22 -
F-Secure 9.0.16440.0 2011.12.23 Gen:Variant.FakeAlert.47
Fortinet 4.3.388.0 2011.12.23 W32/Xtoober.EDG!tr
GData 22 2011.12.23 Gen:Variant.FakeAlert.47
Ikarus T3.1.1.109.0 2011.12.23 -
Jiangmin 13.0.900 2011.12.23 -
K7AntiVirus 9.120.5757 2011.12.23 -
Kaspersky 9.0.0.837 2011.12.23 -
McAfee 5.400.0.1158 2011.12.23 -
McAfee-GW-Edition 2010.1E 2011.12.23 -
Microsoft 1.7903 2011.12.23 -
NOD32 6738 2011.12.23 a variant of Win32/Kryptik.XXR
Norman 6.07.13 2011.12.23 W32/Ransom.UV
nProtect 2011-12-22.01 2011.12.22 -
Panda 10.0.3.5 2011.12.23 Suspicious file
PCTools 8.0.0.5 2011.12.23 -
Prevx 3.0 2011.12.23 -
Rising 23.89.04.02 2011.12.23 -
Sophos 4.72.0 2011.12.23 -
SUPERAntiSpyware 4.40.0.1006 2011.12.23 -
Symantec 20111.2.0.82 2011.12.23 -
TheHacker 6.7.0.1.362 2011.12.22 -
TrendMicro 9.500.0.1008 2011.12.23 -
TrendMicro-HouseCall 9.500.0.1008 2011.12.23 -
VBA32 3.12.16.4 2011.12.22 -
VIPRE 11293 2011.12.23 -
ViRobot 2011.12.23.4843 2011.12.23 -
VirusBuster 14.1.130.0 2011.12.22 -
Additional information
MD5 : 2217b82683c432acb4c9b992253c170e
SHA1 : 786b585a6130593cbe67531b370dda8caef24bf1
SHA256: eeee77ccac9c8513d7a50c63947aa2fe2b92549ca8597142db8cfac2b84147d7

VT Community

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal Team

Bin mir nicht sicher, was du mit "Größenangabe und HASH" gemeint hast... hab jetzt eben alles kopiert was virustotal anzeigte - hoff das ist so in Ordnung!

Vielen vielen Dank nochmal für die Hilfe

peter

peter1984 · 23.12.2011, 18:14

Gut, und hier noch die Results vom OTL-Fix:

Zitat:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\logonmore deleted successfully.
C:\ProgramData\logonmore.exe moved successfully.
C:\Users\Peter\AppData\Roaming\cfgSched.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43588252-3130-11e0-9686-001f16b3a7cf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43588252-3130-11e0-9686-001f16b3a7cf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43588252-3130-11e0-9686-001f16b3a7cf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43588252-3130-11e0-9686-001f16b3a7cf}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4358826a-3130-11e0-9686-001f16b3a7cf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4358826a-3130-11e0-9686-001f16b3a7cf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4358826a-3130-11e0-9686-001f16b3a7cf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4358826a-3130-11e0-9686-001f16b3a7cf}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7212fdbf-1cf2-11e1-bc06-001f16b3a7cf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7212fdbf-1cf2-11e1-bc06-001f16b3a7cf}\ not found.
File D:\fscommand\LS_Start_Launch.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7212fdbf-1cf2-11e1-bc06-001f16b3a7cf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7212fdbf-1cf2-11e1-bc06-001f16b3a7cf}\ not found.
File D:\fscommand\LS_Start_Launch.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{990d0bfc-7f27-11e0-a6c8-001f16b3a7cf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{990d0bfc-7f27-11e0-a6c8-001f16b3a7cf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{990d0bfc-7f27-11e0-a6c8-001f16b3a7cf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{990d0bfc-7f27-11e0-a6c8-001f16b3a7cf}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3abd241-4f70-11df-adbd-001f16b3a7cf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3abd241-4f70-11df-adbd-001f16b3a7cf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3abd241-4f70-11df-adbd-001f16b3a7cf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3abd241-4f70-11df-adbd-001f16b3a7cf}\ not found.
File "D:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3f54350-3db4-11e0-818d-001f16b3a7cf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3f54350-3db4-11e0-818d-001f16b3a7cf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3f54350-3db4-11e0-818d-001f16b3a7cf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3f54350-3db4-11e0-818d-001f16b3a7cf}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
C:\Users\Peter\AppData\Local\034af41b\U folder moved successfully.
C:\Users\Peter\AppData\Local\034af41b folder moved successfully.
ADS C:\ProgramData\TEMP:ED98798B deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Peter
->Temp folder emptied: 945901357 bytes
->Temporary Internet Files folder emptied: 2102371553 bytes
->Java cache emptied: 13571709 bytes
->FireFox cache emptied: 54075487 bytes
->Flash cache emptied: 499 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6817371 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.978,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12232011_180856

Files\Folders moved on Reboot...
File\Folder C:\Users\Peter\AppData\Local\Temp\2011-09-09-1180355500_04-RG.PDF not found!
File\Folder C:\Users\Peter\AppData\Local\Temp\2011-10-10-1190589058_04-RG.PDF not found!
File\Folder C:\Users\Peter\AppData\Local\Temp\2011-11-08-1201016779_04-RG-1.PDF not found!
File\Folder C:\Users\Peter\AppData\Local\Temp\2011-11-08-1201016779_04-RG.PDF not found!

Registry entries deleted on Reboot...

Werde jetzt noch MAM drüber laufen lassen und hoff das ist dann erledigt!

Kannst du mir vielleicht noch sagen, was denn außer MAM ein guter Schutz ist, um diesem Mist ein bisschen besser vorsorgend zu begegnen?

markusg · 23.12.2011, 18:29

hi, bitte mache nur das was ich schreibe, keine andern programme laufen lassen, wenn mbam schon mal läuft, dann log posten.
nicht antimalware scanner sind der beste schutz, sondern das schließen von sicherheitslücken und ne vernünftige konfiguration, keine sorge, dies gehe ich mit allen nutzern durch :-)

markusg · 23.12.2011, 19:32

sorry ich hatte mich hier im thema geirrt, zurück an chris

peter1984 · 23.12.2011, 20:00

kein problem

hab jetzt zum ende nochmal MAM laufen lassen und folgenden log bekommen:

Zitat:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122304

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23.12.2011 19:56:03
mbam-log-2011-12-23 (19-56-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 335688
Laufzeit: 1 Stunde(n), 31 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Peter\Desktop\unterrichtszeug\Physik\G9\13.klasse\2 quantenphysik\interferometer.exe (Spyware.Banker) -> Quarantined and deleted successfully.
c:\Users\Peter\Desktop\unterrichtszeug\Physik\physik\manuskripte\klasse 12 13 alt\Material\quantenphysik\simulationen\muenchner programme\mach-zehnder\interferometer.exe (Spyware.Banker) -> Quarantined and deleted successfully.
c:\physik\manuskripte\klasse 12 13 alt\Material\quantenphysik\simulationen\muenchner programme\mach-zehnder\interferometer.exe (Spyware.Banker) -> Quarantined and deleted successfully.
c:\program files\MyBible\uninstallhelper.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Die Fundorte sind nun also an einer anderen Stelle als beim letzten Mal...!

Wenn ich die nun gelöscht habe, habe ich dann meine Platte wieder sauber, oder soll ich noch weiteres unternehmen?

wie stelle ich denn die konfigurationen so ein, dass sicherheitslücken geschlossen werden? habt ihr da zufällig auch so ne tolle anleitung?

peter

Chris4You · 25.12.2011, 10:26

Hi,

das scheinen mir eher Fehlalarme (f/p) sein, bitte bei Virustotal.com prüfen lassen... (Kennst Du ja schon)..

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

Mit Firefox und einem Gastaccount mit WOT und Noscript surfen....

chris

peter1984 · 26.12.2011, 22:23

Virustotal hat nichts angezeigt. Scheinen also wirklich Fehlalarme gewesen sein - v.a. weil das mir bekannte Dateien waren.

Hier noch der Report von TDSS:

Zitat:

22:16:19.0553 2804 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
22:16:20.0130 2804 ============================================================
22:16:20.0130 2804 Current date / time: 2011/12/26 22:16:20.0130
22:16:20.0130 2804 SystemInfo:
22:16:20.0130 2804
22:16:20.0130 2804 OS Version: 6.1.7600 ServicePack: 0.0
22:16:20.0130 2804 Product type: Workstation
22:16:20.0130 2804 ComputerName: PETERPC
22:16:20.0130 2804 UserName: Peter
22:16:20.0130 2804 Windows directory: C:\Windows
22:16:20.0130 2804 System windows directory: C:\Windows
22:16:20.0130 2804 Processor architecture: Intel x86
22:16:20.0130 2804 Number of processors: 2
22:16:20.0130 2804 Page size: 0x1000
22:16:20.0130 2804 Boot type: Normal boot
22:16:20.0130 2804 ============================================================
22:16:21.0120 2804 Initialize success
22:16:24.0212 3960 ============================================================
22:16:24.0212 3960 Scan started
22:16:24.0212 3960 Mode: Manual;
22:16:24.0212 3960 ============================================================
22:16:26.0202 3960 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
22:16:26.0202 3960 1394ohci - ok
22:16:26.0242 3960 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
22:16:26.0252 3960 ACPI - ok
22:16:26.0272 3960 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
22:16:26.0282 3960 AcpiPmi - ok
22:16:26.0332 3960 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:16:26.0342 3960 adp94xx - ok
22:16:26.0372 3960 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:16:26.0372 3960 adpahci - ok
22:16:26.0402 3960 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:16:26.0402 3960 adpu320 - ok
22:16:26.0492 3960 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
22:16:26.0492 3960 AFD - ok
22:16:26.0552 3960 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
22:16:26.0562 3960 AgereSoftModem - ok
22:16:26.0592 3960 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
22:16:26.0592 3960 agp440 - ok
22:16:26.0612 3960 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:16:26.0622 3960 aic78xx - ok
22:16:26.0662 3960 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
22:16:26.0662 3960 aliide - ok
22:16:26.0672 3960 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
22:16:26.0672 3960 amdagp - ok
22:16:26.0692 3960 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
22:16:26.0692 3960 amdide - ok
22:16:26.0722 3960 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:16:26.0722 3960 AmdK8 - ok
22:16:26.0742 3960 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:16:26.0742 3960 AmdPPM - ok
22:16:26.0772 3960 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
22:16:26.0772 3960 amdsata - ok
22:16:26.0792 3960 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:16:26.0802 3960 amdsbs - ok
22:16:26.0822 3960 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
22:16:26.0822 3960 amdxata - ok
22:16:26.0882 3960 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
22:16:26.0882 3960 AppID - ok
22:16:26.0942 3960 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:16:26.0942 3960 arc - ok
22:16:26.0962 3960 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:16:26.0972 3960 arcsas - ok
22:16:27.0002 3960 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:16:27.0002 3960 AsyncMac - ok
22:16:27.0022 3960 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
22:16:27.0022 3960 atapi - ok
22:16:27.0112 3960 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
22:16:27.0122 3960 athr - ok
22:16:27.0202 3960 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
22:16:27.0202 3960 avgio - ok
22:16:27.0232 3960 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
22:16:27.0232 3960 avgntflt - ok
22:16:27.0252 3960 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
22:16:27.0262 3960 avipbb - ok
22:16:27.0312 3960 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:16:27.0322 3960 b06bdrv - ok
22:16:27.0362 3960 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:16:27.0362 3960 b57nd60x - ok
22:16:27.0392 3960 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:16:27.0392 3960 Beep - ok
22:16:27.0442 3960 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:16:27.0452 3960 blbdrive - ok
22:16:27.0492 3960 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
22:16:27.0492 3960 bowser - ok
22:16:27.0512 3960 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:16:27.0512 3960 BrFiltLo - ok
22:16:27.0542 3960 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:16:27.0542 3960 BrFiltUp - ok
22:16:27.0592 3960 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:16:27.0592 3960 Brserid - ok
22:16:27.0612 3960 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:16:27.0612 3960 BrSerWdm - ok
22:16:27.0652 3960 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:16:27.0652 3960 BrUsbMdm - ok
22:16:27.0672 3960 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:16:27.0672 3960 BrUsbSer - ok
22:16:27.0702 3960 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:16:27.0702 3960 BTHMODEM - ok
22:16:27.0742 3960 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:16:27.0742 3960 cdfs - ok
22:16:27.0792 3960 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
22:16:27.0792 3960 cdrom - ok
22:16:27.0832 3960 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:16:27.0832 3960 circlass - ok
22:16:27.0862 3960 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:16:27.0872 3960 CLFS - ok
22:16:27.0912 3960 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:16:27.0912 3960 CmBatt - ok
22:16:27.0942 3960 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
22:16:27.0942 3960 cmdide - ok
22:16:27.0962 3960 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
22:16:27.0972 3960 CNG - ok
22:16:28.0002 3960 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:16:28.0012 3960 Compbatt - ok
22:16:28.0042 3960 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:16:28.0042 3960 CompositeBus - ok
22:16:28.0082 3960 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:16:28.0082 3960 crcdisk - ok
22:16:28.0142 3960 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
22:16:28.0152 3960 CSC - ok
22:16:28.0232 3960 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
22:16:28.0232 3960 CVirtA - ok
22:16:28.0322 3960 CVPNDRVA (34c345aaf390c12ae6e51b75198e8564) C:\Windows\system32\Drivers\CVPNDRVA.sys
22:16:28.0332 3960 CVPNDRVA - ok
22:16:28.0402 3960 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
22:16:28.0412 3960 DfsC - ok
22:16:28.0432 3960 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:16:28.0442 3960 discache - ok
22:16:28.0472 3960 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:16:28.0472 3960 Disk - ok
22:16:28.0542 3960 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
22:16:28.0542 3960 DNE - ok
22:16:28.0582 3960 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:16:28.0582 3960 drmkaud - ok
22:16:28.0652 3960 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
22:16:28.0662 3960 DXGKrnl - ok
22:16:28.0782 3960 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:16:28.0812 3960 ebdrv - ok
22:16:28.0852 3960 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:16:28.0852 3960 elxstor - ok
22:16:28.0872 3960 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
22:16:28.0872 3960 ErrDev - ok
22:16:28.0962 3960 ewusbnet (dafc7e1b2ffa35ccbddf95ae3e31bfae) C:\Windows\system32\DRIVERS\ewusbnet.sys
22:16:28.0962 3960 ewusbnet - ok
22:16:28.0982 3960 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:16:28.0982 3960 exfat - ok
22:16:29.0012 3960 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:16:29.0012 3960 fastfat - ok
22:16:29.0042 3960 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:16:29.0042 3960 fdc - ok
22:16:29.0072 3960 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:16:29.0072 3960 FileInfo - ok
22:16:29.0092 3960 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:16:29.0092 3960 Filetrace - ok
22:16:29.0112 3960 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:16:29.0112 3960 flpydisk - ok
22:16:29.0132 3960 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:16:29.0142 3960 FltMgr - ok
22:16:29.0162 3960 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:16:29.0162 3960 FsDepends - ok
22:16:29.0182 3960 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
22:16:29.0182 3960 Fs_Rec - ok
22:16:29.0252 3960 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
22:16:29.0252 3960 fvevol - ok
22:16:29.0292 3960 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:16:29.0292 3960 gagp30kx - ok
22:16:29.0322 3960 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:16:29.0322 3960 hcw85cir - ok
22:16:29.0362 3960 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
22:16:29.0362 3960 HdAudAddService - ok
22:16:29.0402 3960 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:16:29.0402 3960 HDAudBus - ok
22:16:29.0462 3960 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:16:29.0472 3960 HidBatt - ok
22:16:29.0662 3960 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:16:29.0662 3960 HidBth - ok
22:16:29.0702 3960 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:16:29.0702 3960 HidIr - ok
22:16:29.0732 3960 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
22:16:29.0742 3960 HidUsb - ok
22:16:29.0782 3960 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:16:29.0782 3960 HpSAMD - ok
22:16:29.0822 3960 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
22:16:29.0832 3960 HTTP - ok
22:16:29.0912 3960 hwdatacard (1fc7a63148e4f2bd831dab0dc732026d) C:\Windows\system32\DRIVERS\ewusbmdm.sys
22:16:29.0912 3960 hwdatacard - ok
22:16:29.0922 3960 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
22:16:29.0932 3960 hwpolicy - ok
22:16:29.0992 3960 hwusbdev (a259d3619aa23d4562581067f85e2006) C:\Windows\system32\DRIVERS\ewusbdev.sys
22:16:29.0992 3960 hwusbdev - ok
22:16:30.0022 3960 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
22:16:30.0022 3960 i8042prt - ok
22:16:30.0062 3960 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
22:16:30.0062 3960 iaStorV - ok
22:16:30.0372 3960 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:16:30.0432 3960 igfx - ok
22:16:30.0472 3960 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:16:30.0472 3960 iirsp - ok
22:16:30.0492 3960 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
22:16:30.0492 3960 intelide - ok
22:16:30.0532 3960 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:16:30.0532 3960 intelppm - ok
22:16:30.0552 3960 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:16:30.0552 3960 IpFilterDriver - ok
22:16:30.0572 3960 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:16:30.0582 3960 IPMIDRV - ok
22:16:30.0602 3960 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:16:30.0602 3960 IPNAT - ok
22:16:30.0642 3960 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:16:30.0652 3960 IRENUM - ok
22:16:30.0662 3960 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
22:16:30.0672 3960 isapnp - ok
22:16:30.0692 3960 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
22:16:30.0692 3960 iScsiPrt - ok
22:16:30.0742 3960 k57nd60x (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\Windows\system32\DRIVERS\k57nd60x.sys
22:16:30.0752 3960 k57nd60x - ok
22:16:30.0792 3960 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:16:30.0792 3960 kbdclass - ok
22:16:30.0822 3960 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
22:16:30.0832 3960 kbdhid - ok
22:16:30.0852 3960 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
22:16:30.0852 3960 KSecDD - ok
22:16:30.0902 3960 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
22:16:30.0902 3960 KSecPkg - ok
22:16:30.0962 3960 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:16:30.0962 3960 lltdio - ok
22:16:30.0992 3960 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:16:31.0002 3960 LSI_FC - ok
22:16:31.0012 3960 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:16:31.0012 3960 LSI_SAS - ok
22:16:31.0042 3960 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:16:31.0042 3960 LSI_SAS2 - ok
22:16:31.0062 3960 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:16:31.0062 3960 LSI_SCSI - ok
22:16:31.0102 3960 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:16:31.0102 3960 luafv - ok
22:16:31.0142 3960 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
22:16:31.0142 3960 MBAMProtector - ok
22:16:31.0182 3960 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:16:31.0182 3960 megasas - ok
22:16:31.0212 3960 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:16:31.0222 3960 MegaSR - ok
22:16:31.0252 3960 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:16:31.0262 3960 Modem - ok
22:16:31.0292 3960 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:16:31.0292 3960 monitor - ok
22:16:31.0322 3960 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
22:16:31.0322 3960 mouclass - ok
22:16:31.0352 3960 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:16:31.0352 3960 mouhid - ok
22:16:31.0392 3960 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
22:16:31.0392 3960 mountmgr - ok
22:16:31.0412 3960 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
22:16:31.0422 3960 mpio - ok
22:16:31.0442 3960 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:16:31.0442 3960 mpsdrv - ok
22:16:31.0472 3960 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
22:16:31.0472 3960 MRxDAV - ok
22:16:31.0542 3960 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:16:31.0542 3960 mrxsmb - ok
22:16:31.0572 3960 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:16:31.0572 3960 mrxsmb10 - ok
22:16:31.0602 3960 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:16:31.0602 3960 mrxsmb20 - ok
22:16:31.0622 3960 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
22:16:31.0622 3960 msahci - ok
22:16:31.0652 3960 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
22:16:31.0662 3960 msdsm - ok
22:16:31.0682 3960 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:16:31.0692 3960 Msfs - ok
22:16:31.0712 3960 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:16:31.0712 3960 mshidkmdf - ok
22:16:31.0722 3960 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
22:16:31.0722 3960 msisadrv - ok
22:16:31.0762 3960 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:16:31.0772 3960 MSKSSRV - ok
22:16:31.0782 3960 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:16:31.0782 3960 MSPCLOCK - ok
22:16:31.0802 3960 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:16:31.0802 3960 MSPQM - ok
22:16:31.0822 3960 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:16:31.0832 3960 MsRPC - ok
22:16:31.0842 3960 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
22:16:31.0842 3960 mssmbios - ok
22:16:31.0872 3960 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:16:31.0872 3960 MSTEE - ok
22:16:31.0892 3960 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:16:31.0892 3960 MTConfig - ok
22:16:31.0912 3960 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:16:31.0912 3960 Mup - ok
22:16:31.0962 3960 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:16:31.0962 3960 NativeWifiP - ok
22:16:32.0022 3960 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
22:16:32.0022 3960 NDIS - ok
22:16:32.0042 3960 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:16:32.0052 3960 NdisCap - ok
22:16:32.0082 3960 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:16:32.0082 3960 NdisTapi - ok
22:16:32.0122 3960 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
22:16:32.0122 3960 Ndisuio - ok
22:16:32.0142 3960 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
22:16:32.0142 3960 NdisWan - ok
22:16:32.0162 3960 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
22:16:32.0162 3960 NDProxy - ok
22:16:32.0192 3960 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:16:32.0192 3960 NetBIOS - ok
22:16:32.0212 3960 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
22:16:32.0212 3960 NetBT - ok
22:16:32.0262 3960 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:16:32.0262 3960 nfrd960 - ok
22:16:32.0322 3960 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:16:32.0332 3960 Npfs - ok
22:16:32.0342 3960 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:16:32.0342 3960 nsiproxy - ok
22:16:32.0392 3960 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
22:16:32.0392 3960 Ntfs - ok
22:16:32.0412 3960 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:16:32.0412 3960 Null - ok
22:16:32.0442 3960 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
22:16:32.0442 3960 nvraid - ok
22:16:32.0472 3960 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
22:16:32.0472 3960 nvstor - ok
22:16:32.0492 3960 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
22:16:32.0492 3960 nv_agp - ok
22:16:32.0522 3960 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
22:16:32.0522 3960 ohci1394 - ok
22:16:32.0592 3960 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:16:32.0602 3960 Parport - ok
22:16:32.0622 3960 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
22:16:32.0622 3960 partmgr - ok
22:16:32.0642 3960 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:16:32.0642 3960 Parvdm - ok
22:16:32.0662 3960 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
22:16:32.0672 3960 pci - ok
22:16:32.0692 3960 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
22:16:32.0692 3960 pciide - ok
22:16:32.0712 3960 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:16:32.0712 3960 pcmcia - ok
22:16:32.0742 3960 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:16:32.0742 3960 pcw - ok
22:16:32.0772 3960 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:16:32.0782 3960 PEAUTH - ok
22:16:32.0852 3960 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:16:32.0852 3960 PptpMiniport - ok
22:16:32.0872 3960 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:16:32.0882 3960 Processor - ok
22:16:32.0912 3960 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:16:32.0912 3960 Psched - ok
22:16:32.0962 3960 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:16:32.0972 3960 ql2300 - ok
22:16:32.0992 3960 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:16:32.0992 3960 ql40xx - ok
22:16:33.0012 3960 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:16:33.0012 3960 QWAVEdrv - ok
22:16:33.0032 3960 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:16:33.0032 3960 RasAcd - ok
22:16:33.0072 3960 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:16:33.0072 3960 RasAgileVpn - ok
22:16:33.0092 3960 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:16:33.0092 3960 Rasl2tp - ok
22:16:33.0122 3960 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:16:33.0122 3960 RasPppoe - ok
22:16:33.0152 3960 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:16:33.0152 3960 RasSstp - ok
22:16:33.0172 3960 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
22:16:33.0172 3960 rdbss - ok
22:16:33.0202 3960 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:16:33.0202 3960 rdpbus - ok
22:16:33.0222 3960 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:16:33.0222 3960 RDPCDD - ok
22:16:33.0262 3960 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
22:16:33.0262 3960 RDPDR - ok
22:16:33.0292 3960 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:16:33.0292 3960 RDPENCDD - ok
22:16:33.0322 3960 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:16:33.0322 3960 RDPREFMP - ok
22:16:33.0342 3960 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
22:16:33.0342 3960 RDPWD - ok
22:16:33.0382 3960 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
22:16:33.0382 3960 rdyboost - ok
22:16:33.0442 3960 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:16:33.0452 3960 rspndr - ok
22:16:33.0482 3960 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
22:16:33.0482 3960 s3cap - ok
22:16:33.0522 3960 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
22:16:33.0522 3960 sbp2port - ok
22:16:33.0552 3960 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
22:16:33.0552 3960 scfilter - ok
22:16:33.0582 3960 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:16:33.0582 3960 secdrv - ok
22:16:33.0632 3960 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:16:33.0632 3960 Serenum - ok
22:16:33.0652 3960 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:16:33.0652 3960 Serial - ok
22:16:33.0682 3960 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:16:33.0682 3960 sermouse - ok
22:16:33.0742 3960 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
22:16:33.0742 3960 sffdisk - ok
22:16:33.0792 3960 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
22:16:33.0792 3960 sffp_mmc - ok
22:16:33.0852 3960 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\drivers\sffp_sd.sys
22:16:33.0852 3960 sffp_sd - ok
22:16:33.0872 3960 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:16:33.0872 3960 sfloppy - ok
22:16:33.0892 3960 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
22:16:33.0892 3960 sisagp - ok
22:16:33.0932 3960 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:16:33.0932 3960 SiSRaid2 - ok
22:16:33.0952 3960 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:16:33.0962 3960 SiSRaid4 - ok
22:16:34.0002 3960 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:16:34.0002 3960 Smb - ok
22:16:34.0032 3960 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:16:34.0032 3960 spldr - ok
22:16:34.0122 3960 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
22:16:34.0132 3960 srv - ok
22:16:34.0182 3960 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
22:16:34.0192 3960 srv2 - ok
22:16:34.0252 3960 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
22:16:34.0252 3960 srvnet - ok
22:16:34.0302 3960 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:16:34.0302 3960 ssmdrv - ok
22:16:34.0382 3960 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
22:16:34.0382 3960 StarOpen - ok
22:16:34.0412 3960 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:16:34.0412 3960 stexstor - ok
22:16:34.0452 3960 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
22:16:34.0462 3960 storflt - ok
22:16:34.0492 3960 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
22:16:34.0492 3960 storvsc - ok
22:16:34.0512 3960 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
22:16:34.0522 3960 swenum - ok
22:16:34.0632 3960 Tcpip (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\drivers\tcpip.sys
22:16:34.0642 3960 Tcpip - ok
22:16:34.0722 3960 TCPIP6 (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\DRIVERS\tcpip.sys
22:16:34.0732 3960 TCPIP6 - ok
22:16:34.0762 3960 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
22:16:34.0762 3960 tcpipreg - ok
22:16:34.0782 3960 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
22:16:34.0782 3960 TDPIPE - ok
22:16:34.0812 3960 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
22:16:34.0812 3960 TDTCP - ok
22:16:34.0842 3960 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
22:16:34.0842 3960 tdx - ok
22:16:34.0852 3960 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
22:16:34.0862 3960 TermDD - ok
22:16:34.0902 3960 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:16:34.0902 3960 tssecsrv - ok
22:16:34.0942 3960 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
22:16:34.0942 3960 tunnel - ok
22:16:34.0962 3960 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:16:34.0962 3960 uagp35 - ok
22:16:34.0982 3960 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
22:16:34.0982 3960 udfs - ok
22:16:35.0012 3960 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:16:35.0022 3960 uliagpkx - ok
22:16:35.0062 3960 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
22:16:35.0062 3960 umbus - ok
22:16:35.0072 3960 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:16:35.0082 3960 UmPass - ok
22:16:35.0112 3960 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
22:16:35.0112 3960 usbccgp - ok
22:16:35.0142 3960 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
22:16:35.0142 3960 usbcir - ok
22:16:35.0162 3960 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
22:16:35.0162 3960 usbehci - ok
22:16:35.0182 3960 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
22:16:35.0182 3960 usbhub - ok
22:16:35.0212 3960 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
22:16:35.0212 3960 usbohci - ok
22:16:35.0242 3960 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:16:35.0242 3960 usbprint - ok
22:16:35.0272 3960 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:16:35.0272 3960 USBSTOR - ok
22:16:35.0292 3960 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
22:16:35.0292 3960 usbuhci - ok
22:16:35.0362 3960 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
22:16:35.0362 3960 usbvideo - ok
22:16:35.0402 3960 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:16:35.0402 3960 vdrvroot - ok
22:16:35.0432 3960 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:16:35.0442 3960 vga - ok
22:16:35.0462 3960 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:16:35.0462 3960 VgaSave - ok
22:16:35.0492 3960 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
22:16:35.0492 3960 vhdmp - ok
22:16:35.0522 3960 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
22:16:35.0532 3960 viaagp - ok
22:16:35.0552 3960 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:16:35.0552 3960 ViaC7 - ok
22:16:35.0572 3960 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
22:16:35.0582 3960 viaide - ok
22:16:35.0622 3960 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
22:16:35.0622 3960 vmbus - ok
22:16:35.0642 3960 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
22:16:35.0642 3960 VMBusHID - ok
22:16:35.0672 3960 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
22:16:35.0672 3960 volmgr - ok
22:16:35.0702 3960 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:16:35.0702 3960 volmgrx - ok
22:16:35.0742 3960 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
22:16:35.0742 3960 volsnap - ok
22:16:35.0782 3960 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:16:35.0782 3960 vsmraid - ok
22:16:35.0812 3960 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
22:16:35.0812 3960 vwifibus - ok
22:16:35.0852 3960 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
22:16:35.0852 3960 vwififlt - ok
22:16:35.0872 3960 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
22:16:35.0882 3960 vwifimp - ok
22:16:35.0912 3960 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:16:35.0912 3960 WacomPen - ok
22:16:35.0932 3960 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
22:16:35.0932 3960 WANARP - ok
22:16:35.0942 3960 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
22:16:35.0942 3960 Wanarpv6 - ok
22:16:35.0982 3960 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:16:35.0992 3960 Wd - ok
22:16:36.0022 3960 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:16:36.0032 3960 Wdf01000 - ok
22:16:36.0072 3960 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:16:36.0082 3960 WfpLwf - ok
22:16:36.0102 3960 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:16:36.0102 3960 WIMMount - ok
22:16:36.0212 3960 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
22:16:36.0212 3960 WinUsb - ok
22:16:36.0262 3960 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:16:36.0262 3960 WmiAcpi - ok
22:16:36.0302 3960 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:16:36.0302 3960 ws2ifsl - ok
22:16:36.0342 3960 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
22:16:36.0342 3960 WudfPf - ok
22:16:36.0372 3960 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:16:36.0372 3960 WUDFRd - ok
22:16:36.0442 3960 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:16:36.0502 3960 \Device\Harddisk0\DR0 - ok
22:16:36.0502 3960 Boot (0x1200) (f89a7db5e1d588dfb71c927e4c932343) \Device\Harddisk0\DR0\Partition0
22:16:36.0502 3960 \Device\Harddisk0\DR0\Partition0 - ok
22:16:36.0502 3960 ============================================================
22:16:36.0502 3960 Scan finished
22:16:36.0502 3960 ============================================================
22:16:36.0522 4048 Detected object count: 0
22:16:36.0522 4048 Actual detected object count: 0

1000 Dank für alles! Es scheint als wär alles wieder sauber!

Zeige ich mich auch dem "Kompetenzteam" gegenüber erkenntlich, wenn ich ans trojaner-board spende? Hab irgendwo gesehen, dass das geht...!

23.12.2011, 19:32	#6
markusg /// Malware-holic	Bundespolizei Trojaner sorry ich hatte mich hier im thema geirrt, zurück an chris __________________ --> Bundespolizei Trojaner

Bundespolizei Trojaner

Log-Analyse und Auswertung: Bundespolizei Trojaner