| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Kryptik und andere UNDINGER auf meinem nun leeren Rechner...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.01.2012, 22:57
| #16 |
 |  Kryptik und andere UNDINGER auf meinem nun leeren Rechner... Im normalen abgesicherten Modus ging es, der mit Netztreibern ließ sich erst gar nicht starten. (Lediglich DOS fenstern,ohne möglichkeiten irgendwas einzugeben.) Code:
ATTFilter All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Mit FRITZ!Box Anrufen\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{833f6520-48ea-11dd-a2d1-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{833f6520-48ea-11dd-a2d1-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{833f6520-48ea-11dd-a2d1-806d6172696f}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8af4ed36-47d3-11e0-9aab-002100edc2b5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8af4ed36-47d3-11e0-9aab-002100edc2b5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8af4ed36-47d3-11e0-9aab-002100edc2b5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8af4ed36-47d3-11e0-9aab-002100edc2b5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8af4ed36-47d3-11e0-9aab-002100edc2b5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8af4ed36-47d3-11e0-9aab-002100edc2b5}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
C:\WINDOWS\Tasks\MpIdleTask.job moved successfully.
C:\WINDOWS\Tasks\PMTask.job moved successfully.
========== FILES ==========
C:\FOUND.000 folder moved successfully.
C:\FOUND.004 folder moved successfully.
C:\FOUND.002 folder moved successfully.
C:\FOUND.003 folder moved successfully.
C:\FOUND.001 folder moved successfully.
C:\FOUND.006 folder moved successfully.
C:\FOUND.007 folder moved successfully.
C:\FOUND.005 folder moved successfully.
C:\FOUND.008 folder moved successfully.
C:\FOUND.009 folder moved successfully.
C:\FOUND.010 folder moved successfully.
C:\FOUND.011 folder moved successfully.
C:\FOUND.012 folder moved successfully.
C:\FOUND.013 folder moved successfully.
C:\FOUND.014 folder moved successfully.
C:\dvmexp.idx moved successfully.
C:\WINDOWS\System32\drivers\slkjsdth.dat moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 7463856 bytes
->Temporary Internet Files folder emptied: 640824 bytes
User: Sarah
->Temp folder emptied: 19405200 bytes
->Temporary Internet Files folder emptied: 1966441 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 543 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2442314 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8731441 bytes
RecycleBin emptied: 1089 bytes
Total Files Cleaned = 39,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 01312012_225159
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
01.02.2012, 10:31
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Kryptik und andere UNDINGER auf meinem nun leeren Rechner... Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:
__________________1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen! 2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ |
|
02.02.2012, 19:26
| #18 |
| | Kryptik und andere UNDINGER auf meinem nun leeren Rechner... Halli Hallo.
__________________Ich hab es jetzt mehrfach probiert, aber es lädt nicht hoch. (Bearbeitungsleiste lädt auch fertig, aber dann passiert nichts.)  |
|
02.02.2012, 22:54
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kryptik und andere UNDINGER auf meinem nun leeren Rechner... Dann ist das Teil zu groß. Hier hochladen => File-Upload.net - Ihr kostenloser File Hoster! Downloadlink hier posten
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.02.2012, 19:58
| #20 |
| | Kryptik und andere UNDINGER auf meinem nun leeren Rechner... Immer noch zu groß. Maximal 100mb,eine datei hat schon 101 MB. (auch gezippt) |
|
05.02.2012, 19:13
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kryptik und andere UNDINGER auf meinem nun leeren Rechner... Was für eine Datei ist das denn?  Wenn eine Datei 100 MB schon hat, dann lass die mal aus dem ZIP-Archiv raus
__________________ --> Kryptik und andere UNDINGER auf meinem nun leeren Rechner... |
|
07.02.2012, 20:19
| #22 |
| | Kryptik und andere UNDINGER auf meinem nun leeren Rechner... Hab jetzt nur eine Textdatei hochgeladen. Die andere Datei ist 135 MB Nee, konnte doch noch eine weitere Datei mitsenden. Datei ist eine Datei mit den Funden Dateiendungen *CHK und *IDX Geändert von unwissende00 (07.02.2012 um 20:26 Uhr) |
|
07.02.2012, 22:00
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kryptik und andere UNDINGER auf meinem nun leeren Rechner... Systempartition nach NTFS konvertieren: 1) Start, Ausführen, cmd eintippen und ok
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.02.2012, 18:40
| #24 |
| | Kryptik und andere UNDINGER auf meinem nun leeren Rechner... Ist erledigt. Ist allerdings alles wie vorher. |
|
09.02.2012, 11:42
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kryptik und andere UNDINGER auf meinem nun leeren Rechner... Es sollte ja auch nur das Dateisystem konvertiert werden, mehr macht convert nicht  Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.02.2012, 15:32
| #26 |
| | Kryptik und andere UNDINGER auf meinem nun leeren Rechner... So erledigt: Code:
ATTFilter OTL logfile created on: 10.02.2012 15:12:39 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Sarah\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,49 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 68,40% Memory free 2,83 Gb Paging File | 2,36 Gb Available in Paging File | 83,27% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 103,91 Gb Total Space | 81,50 Gb Free Space | 78,43% Space Free | Partition Type: NTFS Drive D: | 30,38 Gb Total Space | 29,40 Gb Free Space | 96,77% Space Free | Partition Type: NTFS Computer Name: IDEAPAD-S12 | User Name: Sarah | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.27 21:28:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.04.27 15:39:26 | 000,011,736 | -H-- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2011.04.08 12:59:52 | 000,254,696 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.05.30 21:53:18 | 000,187,456 | -H-- | M] (DATA BECKER GmbH & Co KG) -- C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe PRC - [2010.03.03 01:20:00 | 000,132,456 | -H-- | M] (Lenovo.) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE PRC - [2010.03.03 01:20:00 | 000,053,248 | -H-- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe PRC - [2009.06.12 10:55:48 | 000,028,672 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe PRC - [2009.03.26 10:20:40 | 000,315,392 | -H-- | M] (DeviceVM) -- C:\QSTART.SYS\config\DVMExportService.exe PRC - [2009.02.11 04:13:52 | 000,532,480 | -H-- | M] (Vimicro) -- C:\Programme\USB Camera\VM331_STI.EXE PRC - [2009.01.16 17:56:42 | 000,346,720 | -H-- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe PRC - [2009.01.04 12:57:28 | 004,462,464 | -H-- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe PRC - [2008.12.26 10:05:46 | 001,277,952 | -H-- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe PRC - [2008.09.27 11:00:24 | 000,430,080 | -H-- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe PRC - [2008.07.20 17:45:06 | 000,354,840 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.07.20 17:45:06 | 000,182,808 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.04.14 04:00:00 | 001,036,800 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.03.04 10:34:20 | 000,487,424 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe PRC - [2008.03.04 10:34:12 | 001,122,304 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe PRC - [2007.09.26 17:34:46 | 000,644,408 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe PRC - [2006.07.13 13:33:14 | 000,053,248 | -H-- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark 1200 Series\lxczbmon.exe PRC - [2006.07.13 13:26:10 | 000,057,344 | -H-- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark 1200 Series\lxczbmgr.exe ========== Modules (No Company Name) ========== MOD - [2011.10.14 17:33:20 | 000,212,992 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll MOD - [2011.10.14 17:28:48 | 005,450,752 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll MOD - [2011.10.14 17:28:16 | 007,950,848 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll MOD - [2011.10.14 17:27:36 | 011,490,816 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll MOD - [2010.04.21 17:48:30 | 000,315,392 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.04.21 17:48:24 | 000,040,960 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2010.03.03 01:20:00 | 000,053,248 | -H-- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe MOD - [2010.03.03 01:20:00 | 000,043,008 | -H-- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL MOD - [2009.02.27 16:41:26 | 000,311,296 | -H-- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2008.05.21 17:33:22 | 000,045,056 | -H-- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll MOD - [2008.01.03 19:23:06 | 000,167,936 | -H-- | M] () -- C:\Program Files\Lenovo\OneKey App\System Repair\LenovoAPI.dll MOD - [2007.08.21 13:32:44 | 000,098,304 | -H-- | M] () -- C:\WINDOWS\system32\redmonnt.dll MOD - [2006.01.19 12:33:38 | 000,078,336 | -H-- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXCZPP5C.DLL MOD - [2005.06.24 03:05:02 | 000,045,056 | -H-- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (gupdatem) Google Update-Dienst (gupdatem) SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.04.27 15:39:26 | 000,011,736 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2010.05.30 21:53:18 | 000,187,456 | -H-- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe -- (DBService) SRV - [2010.03.03 01:20:00 | 000,132,456 | -H-- | M] (Lenovo.) [Auto | Running] -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc) SRV - [2010.03.03 01:20:00 | 000,053,248 | -H-- | M] () [Auto | Running] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2009.06.12 10:55:48 | 000,028,672 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2009.03.26 10:20:40 | 000,315,392 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\QSTART.SYS\config\DVMExportService.exe -- (DvmMDES) SRV - [2009.01.16 17:56:42 | 000,346,720 | -H-- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2008.11.04 01:06:28 | 000,441,712 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.09.27 11:00:24 | 000,430,080 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor) SRV - [2008.07.20 17:45:06 | 000,354,840 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.03.04 10:34:12 | 001,122,304 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler) SRV - [2007.09.26 17:34:46 | 000,644,408 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2006.10.26 14:03:08 | 000,145,184 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.03.03 01:20:00 | 000,024,304 | -H-- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD) DRV - [2010.03.03 01:20:00 | 000,004,442 | -H-- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF) DRV - [2010.02.24 12:22:10 | 000,185,472 | -H-- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11) DRV - [2009.05.08 03:06:10 | 000,203,312 | -H-- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2009.03.02 08:57:22 | 000,995,328 | -H-- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vm331avs.sys -- (vm331avs) DRV - [2009.02.03 07:42:32 | 000,162,816 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.01.07 23:19:00 | 000,991,784 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2008.10.30 21:19:16 | 000,047,272 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2008.09.10 19:14:48 | 001,386,624 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2008.08.28 18:39:08 | 000,048,192 | -H-- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtumon.sys -- (tvtumon) DRV - [2008.07.24 10:37:12 | 000,156,816 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2008.05.30 04:46:14 | 000,534,568 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2008.04.02 08:00:02 | 005,056,000 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.04.02 08:00:02 | 001,684,736 | -H-- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008.04.02 08:00:02 | 001,389,056 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2008.02.04 09:57:46 | 000,037,160 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2008.01.11 14:58:42 | 000,009,472 | -H-- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC) DRV - [2008.01.10 10:59:08 | 000,081,192 | -H-- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WSVD.sys -- (WSVD) DRV - [2007.09.17 13:00:12 | 000,161,792 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007.05.23 16:33:58 | 000,128,104 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr) DRV - [2007.02.19 07:56:46 | 000,021,376 | -H-- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lenovo.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lenovo.com IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lenovo.com IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lenovo.com IE - HKU\S-1-5-21-1048569259-3835621956-88264608-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1048569259-3835621956-88264608-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1048569259-3835621956-88264608-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-1048569259-3835621956-88264608-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1048569259-3835621956-88264608-1008\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1048569259-3835621956-88264608-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1048569259-3835621956-88264608-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Programme\Google\Update\1.2.183.29\npGoogleOneClick8.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) O1 HOSTS File: ([2012.01.31 22:52:06 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [331BigDog] C:\Programme\USB Camera\VM331_STI.EXE (Vimicro) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [Lexmark 1200 Series] C:\Programme\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1048569259-3835621956-88264608-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1048569259-3835621956-88264608-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: LENOVO - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - hxxp://www.lenovo.com File not found O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271851683671 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84753FCB-80EF-4817-88AB-33A577F161E8}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.0 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: Microsoft Base Smart Card Crypto Provider Package - Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm () Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.01.31 20:31:59 | 000,000,000 | ---D | C] -- C:\_OTL [2012.01.27 22:35:18 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Sarah\Recent [2012.01.27 21:28:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe [2012.01.27 16:04:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Malwarebytes [2012.01.27 16:03:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.01.27 16:03:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.01.27 16:03:42 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.01.27 16:03:42 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.01.27 15:42:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Desktop\hijack [2012.01.27 15:41:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Startmenü\Programme\HiJackThis [2012.01.27 15:41:10 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2012.01.26 21:45:53 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.01.24 21:24:47 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Sarah\.thumbnails [2012.01.15 21:33:49 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Sarah\Desktop\HOCHZEIT ========== Files - Modified Within 30 Days ========== [2012.02.10 15:24:30 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job [2012.02.10 14:29:00 | 000,001,088 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.02.10 14:27:08 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx [2012.02.09 11:01:54 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo [2012.02.09 11:01:15 | 000,001,084 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.02.09 11:01:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.01.31 22:56:38 | 000,000,660 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.31 20:19:08 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.01.29 21:06:38 | 000,146,589 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Unbenannt.PNG [2012.01.29 20:58:34 | 000,077,634 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\das ist alles.pdf [2012.01.27 21:36:22 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\tjc3ltwv.exe [2012.01.27 21:28:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe [2012.01.27 21:27:38 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\defogger_reenable [2012.01.27 21:26:12 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Defogger.exe [2012.01.26 09:46:08 | 003,610,120 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.01.22 11:45:22 | 000,036,877 | -H-- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Bild 049.jpg ========== Files Created - No Company Name ========== [2012.01.31 23:03:10 | 000,000,177 | -H-- | C] () -- C:\dvmexp.idx [2012.01.31 22:57:48 | 000,000,382 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job [2012.01.29 21:06:36 | 000,146,589 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Unbenannt.PNG [2012.01.29 20:58:31 | 000,077,634 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\das ist alles.pdf [2012.01.27 21:36:06 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\tjc3ltwv.exe [2012.01.27 21:27:36 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\defogger_reenable [2012.01.27 21:26:16 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Defogger.exe [2012.01.27 16:03:56 | 000,000,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.22 11:45:20 | 000,036,877 | -H-- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Bild 049.jpg [2011.04.11 21:17:31 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011.03.06 15:14:49 | 000,027,648 | -H-- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2010.11.27 17:20:12 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2010.08.15 16:50:41 | 000,014,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.05 11:15:29 | 000,000,076 | -H-- | C] () -- C:\WINDOWS\dellstat.ini [2010.07.05 11:13:51 | 000,000,393 | -H-- | C] () -- C:\WINDOWS\lexstat.ini [2010.07.05 11:12:07 | 000,155,648 | -H-- | C] () -- C:\WINDOWS\System32\LEXPING.EXE [2010.07.05 11:12:07 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\lxczvs.dll [2010.07.05 11:12:07 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\INSTMON.EXE [2010.07.05 11:10:46 | 000,000,270 | -H-- | C] () -- C:\WINDOWS\System32\lxczcoin.ini [2010.06.09 14:53:24 | 001,126,560 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.04.23 04:31:02 | 000,065,308 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010.04.21 15:36:44 | 000,196,608 | -H-- | C] () -- C:\WINDOWS\PWMBTHLP.EXE [2010.04.21 15:36:43 | 000,004,442 | -H-- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2010.04.21 13:13:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat [2009.06.21 21:52:10 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini [2009.06.21 17:03:16 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\setbt.exe [2009.06.21 16:20:14 | 009,338,880 | -H-- | C] () -- C:\WINDOWS\System32\Facev.dll [2009.06.21 16:20:14 | 000,495,616 | -H-- | C] () -- C:\WINDOWS\System32\picn.dll [2009.06.21 16:20:14 | 000,208,896 | -H-- | C] () -- C:\WINDOWS\System32\image.dll [2009.06.21 16:20:13 | 001,564,672 | -H-- | C] () -- C:\WINDOWS\System32\MainOp.dll [2009.06.21 16:20:13 | 000,655,360 | -H-- | C] () -- C:\WINDOWS\System32\EncIcons.dll [2009.06.21 16:20:13 | 000,507,904 | -H-- | C] () -- C:\WINDOWS\System32\SimpleExt.dll [2009.06.21 16:20:13 | 000,241,752 | -H-- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll [2009.06.21 16:20:13 | 000,221,184 | -H-- | C] () -- C:\WINDOWS\System32\SetDev.dll [2009.06.21 16:20:13 | 000,126,976 | -H-- | C] () -- C:\WINDOWS\System32\VideoOp.dll [2009.06.21 16:20:13 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\FunFrm.dll [2009.06.21 16:20:12 | 009,502,720 | -H-- | C] () -- C:\WINDOWS\System32\FaceVerify.dll [2009.06.21 16:20:12 | 001,974,272 | -H-- | C] () -- C:\WINDOWS\System32\Imagereog.dll [2009.06.21 16:20:12 | 001,167,360 | -H-- | C] () -- C:\WINDOWS\System32\PicNotify.dll [2009.06.21 16:20:12 | 000,974,848 | -H-- | C] () -- C:\WINDOWS\System32\Apblend.dll [2009.06.21 16:20:12 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\Momo.dll [2009.06.21 16:20:12 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\DevFilt.dll [2009.06.21 16:20:10 | 000,241,664 | -H-- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll [2009.06.21 15:57:32 | 000,001,282 | -H-- | C] () -- C:\WINDOWS\vm331Rmv.ini [2009.06.21 15:46:32 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2009.01.16 17:55:38 | 002,854,976 | -H-- | C] () -- C:\WINDOWS\System32\btwicons.dll [2008.11.07 18:08:20 | 000,362,029 | -H-- | C] () -- C:\WINDOWS\System32\sqlite3.dll [2008.07.21 18:30:37 | 000,001,650 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2008.07.03 01:34:14 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.07.03 01:33:08 | 003,610,120 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008.07.03 00:44:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008.07.03 00:39:50 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008.05.26 22:23:36 | 000,016,834 | -H-- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 22:23:34 | 000,024,188 | -H-- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 22:23:32 | 000,016,568 | -H-- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.05.26 21:59:42 | 000,018,904 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin [2008.05.26 21:59:40 | 000,106,605 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2008.04.14 04:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat [2008.04.14 04:00:00 | 000,535,426 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat [2008.04.14 04:00:00 | 000,483,380 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008.04.14 04:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008.04.14 04:00:00 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat [2008.04.14 04:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat [2008.04.14 04:00:00 | 000,115,726 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat [2008.04.14 04:00:00 | 000,087,090 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008.04.14 04:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin [2008.04.14 04:00:00 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat [2008.04.14 04:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008.04.14 04:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat [2008.04.14 04:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008.04.14 04:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat [2001.11.14 12:56:00 | 001,802,240 | -H-- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2001.10.09 23:36:22 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin [2001.10.09 23:35:30 | 000,004,492 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat ========== LOP Check ========== [2010.04.22 00:32:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus [2010.05.30 21:53:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DATA BECKER Downloads [2011.01.19 21:07:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2010.04.23 10:46:18 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2010.04.22 01:09:50 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Laplink [2010.08.27 12:07:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MySQL [2010.04.21 15:29:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr [2011.12.24 08:17:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi [2010.04.22 01:10:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spearit [2010.06.12 13:30:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010.04.29 09:30:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.06.12 13:30:14 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010.04.22 01:10:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Spearit [2010.05.31 07:56:12 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\mresreg [2010.08.21 08:25:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\OCS [2010.05.30 21:52:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\ProtectDisc [2011.12.24 08:17:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\RavensburgerTipToi [2010.06.10 13:50:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\SmartTools [2010.04.22 01:10:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Spearit [2010.06.12 13:30:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\TuneUp Software [2010.06.01 21:41:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\VSO [2010.04.21 14:48:02 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Windows Desktop Search [2010.04.21 15:01:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Windows Search [2012.02.10 15:24:30 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.04.21 12:21:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Adobe [2010.04.23 06:15:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Help [2008.07.03 00:45:32 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Identities [2009.06.21 15:43:06 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\InstallShield [2010.04.21 15:25:00 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Macromedia [2012.01.27 16:04:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Malwarebytes [2008.07.03 00:52:08 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Microsoft [2010.05.31 07:56:12 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\mresreg [2010.08.21 08:25:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\OCS [2010.05.30 21:52:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\ProtectDisc [2011.12.24 08:17:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\RavensburgerTipToi [2010.06.10 13:50:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\SmartTools [2010.04.22 01:10:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Spearit [2010.09.08 22:24:36 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Sun [2010.06.12 13:30:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\TuneUp Software [2011.05.02 18:55:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\vlc [2010.06.01 21:41:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\VSO [2010.04.21 14:48:02 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Windows Desktop Search [2010.04.21 15:01:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Windows Search < %APPDATA%\*.exe /s > [2012.01.27 15:41:16 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe [2010.08.21 08:25:08 | 000,106,496 | -H-- | M] (OCS) -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\OCS\SM\SearchAnonymizer.exe [2010.08.21 08:25:08 | 000,040,960 | -H-- | M] () -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe [2009.07.22 17:28:36 | 000,477,976 | -H-- | M] (Protect GmbH) -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\ProtectDisc\License Helper v2\PDLicenseHelperBroker.exe [2010.05.30 21:52:44 | 000,059,043 | -H-- | M] () -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\ProtectDisc\License Helper v2\uninst.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.04.14 04:00:00 | 020,108,202 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.13 14:06:40 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys [2008.04.13 14:06:40 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS < MD5 for: ATAPI.SYS > [2008.04.14 04:00:00 | 020,108,202 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 00:10:32 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008.04.14 00:10:32 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008.04.13 14:10:32 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:00:00 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008.04.14 04:00:00 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll < MD5 for: IASTOR.SYS > [2008.07.20 17:44:44 | 000,324,120 | -H-- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2008.07.20 17:44:44 | 000,324,120 | -H-- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\system32\drivers\iaStor.sys [2008.07.20 17:44:44 | 000,324,120 | -H-- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\system32\DRVSTORE\iaAHCI_80FADF59B996DEF517513B0713A4AB06CE0D38E2\iaStor.sys [2008.07.20 17:44:54 | 000,402,456 | -H-- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 04:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008.04.14 04:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:00:00 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008.04.14 04:00:00 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 04:00:00 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll [2008.04.14 04:00:00 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:00:00 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008.04.14 04:00:00 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 04:00:00 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008.04.14 04:00:00 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.04.14 04:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2008.04.14 04:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.07.03 02:32:28 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\System32\config\default.sav [2008.07.03 02:32:28 | 001,069,056 | -H-- | M] () -- C:\WINDOWS\System32\config\software.sav [2008.07.03 02:32:26 | 000,471,040 | -H-- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
10.02.2012, 16:59
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kryptik und andere UNDINGER auf meinem nun leeren Rechner... Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.02.2012, 18:06
| #28 |
| | Kryptik und andere UNDINGER auf meinem nun leeren Rechner... Ok, es wurde was gefunden, ich habe es aber abgebrochen... Unhide ausgeführt, allerdings noch nicht immer alles da! So hier das LOG: Code:
ATTFilter 17:58:21.0968 1188 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
17:58:22.0156 1188 ============================================================
17:58:22.0156 1188 Current date / time: 2012/02/10 17:58:22.0156
17:58:22.0156 1188 SystemInfo:
17:58:22.0156 1188
17:58:22.0156 1188 OS Version: 5.1.2600 ServicePack: 3.0
17:58:22.0156 1188 Product type: Workstation
17:58:22.0156 1188 ComputerName: IDEAPAD-S12
17:58:22.0156 1188 UserName: Sarah
17:58:22.0156 1188 Windows directory: C:\WINDOWS
17:58:22.0156 1188 System windows directory: C:\WINDOWS
17:58:22.0156 1188 Processor architecture: Intel x86
17:58:22.0156 1188 Number of processors: 2
17:58:22.0156 1188 Page size: 0x1000
17:58:22.0156 1188 Boot type: Normal boot
17:58:22.0156 1188 ============================================================
17:58:23.0406 1188 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:58:23.0468 1188 \Device\Harddisk0\DR0:
17:58:23.0468 1188 MBR used
17:58:23.0468 1188 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xCFD387E
17:58:23.0484 1188 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xCFD4800, BlocksNum 0x3CC3000
17:58:23.0578 1188 Initialize success
17:58:23.0578 1188 ============================================================
17:59:39.0812 3748 ============================================================
17:59:39.0812 3748 Scan started
17:59:39.0812 3748 Mode: Manual; SigCheck; TDLFS;
17:59:39.0812 3748 ============================================================
17:59:40.0515 3748 Abiosdsk - ok
17:59:40.0609 3748 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:59:41.0437 3748 abp480n5 - ok
17:59:41.0609 3748 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\WINDOWS\system32\drivers\acedrv11.sys
17:59:42.0640 3748 acedrv11 - ok
17:59:42.0765 3748 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:59:43.0093 3748 ACPI - ok
17:59:43.0281 3748 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:59:43.0625 3748 ACPIEC - ok
17:59:43.0687 3748 ACPIVPC (5508e9f55799c6551d54dfbc4a068b68) C:\WINDOWS\system32\DRIVERS\AcpiVpc.sys
17:59:43.0828 3748 ACPIVPC - ok
17:59:43.0890 3748 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:59:44.0281 3748 adpu160m - ok
17:59:44.0359 3748 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:59:44.0671 3748 aec - ok
17:59:44.0703 3748 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:59:44.0812 3748 AFD - ok
17:59:44.0859 3748 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:59:45.0171 3748 agp440 - ok
17:59:45.0187 3748 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:59:45.0500 3748 agpCPQ - ok
17:59:45.0531 3748 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:59:45.0656 3748 Aha154x - ok
17:59:45.0671 3748 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:59:45.0921 3748 aic78u2 - ok
17:59:45.0937 3748 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:59:46.0234 3748 aic78xx - ok
17:59:46.0265 3748 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:59:46.0484 3748 AliIde - ok
17:59:46.0500 3748 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:59:46.0781 3748 alim1541 - ok
17:59:46.0875 3748 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
17:59:47.0109 3748 Ambfilt - ok
17:59:47.0156 3748 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:59:47.0437 3748 amdagp - ok
17:59:47.0484 3748 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:59:47.0640 3748 amsint - ok
17:59:47.0703 3748 ApfiltrService (83c822899ffba5e6b733dba9eebc7e32) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
17:59:47.0765 3748 ApfiltrService - ok
17:59:47.0828 3748 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:59:48.0156 3748 Arp1394 - ok
17:59:48.0234 3748 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:59:48.0484 3748 asc - ok
17:59:48.0515 3748 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:59:48.0640 3748 asc3350p - ok
17:59:48.0656 3748 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:59:48.0890 3748 asc3550 - ok
17:59:48.0921 3748 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:59:49.0171 3748 AsyncMac - ok
17:59:49.0218 3748 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:59:49.0531 3748 atapi - ok
17:59:49.0546 3748 Atdisk - ok
17:59:49.0625 3748 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:59:49.0921 3748 Atmarpc - ok
17:59:49.0984 3748 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:59:50.0187 3748 audstub - ok
17:59:50.0234 3748 b57w2k (e470738b601a7fbb1e1c34cec8355f5d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
17:59:50.0390 3748 b57w2k - ok
17:59:50.0484 3748 BCM43XX (cc03987ee5d0f956706b40d2f91f9e4f) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
17:59:50.0640 3748 BCM43XX - ok
17:59:50.0687 3748 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:59:50.0953 3748 Beep - ok
17:59:51.0046 3748 btaudio (4b43dfe1c1fbb305a1dc5504ef9bb34e) C:\WINDOWS\system32\drivers\btaudio.sys
17:59:51.0109 3748 btaudio - ok
17:59:51.0171 3748 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
17:59:51.0234 3748 BTDriver - ok
17:59:51.0296 3748 BTKRNL (cf47c53d294abcb5159b02b68b37ba89) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
17:59:51.0406 3748 BTKRNL - ok
17:59:51.0468 3748 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
17:59:51.0578 3748 BTWDNDIS - ok
17:59:51.0625 3748 BTWUSB (6b622612fe21b59faee2ca4385959778) C:\WINDOWS\system32\Drivers\btwusb.sys
17:59:51.0734 3748 BTWUSB - ok
17:59:51.0765 3748 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:59:52.0062 3748 cbidf - ok
17:59:52.0109 3748 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:59:52.0343 3748 cbidf2k - ok
17:59:52.0406 3748 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:59:52.0656 3748 CCDECODE - ok
17:59:52.0687 3748 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:59:52.0765 3748 cd20xrnt - ok
17:59:52.0828 3748 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:59:53.0078 3748 Cdaudio - ok
17:59:53.0140 3748 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:59:53.0437 3748 Cdfs - ok
17:59:53.0500 3748 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:59:53.0796 3748 Cdrom - ok
17:59:53.0828 3748 Changer - ok
17:59:53.0890 3748 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:59:54.0140 3748 CmBatt - ok
17:59:54.0187 3748 CmdIde (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:59:54.0406 3748 CmdIde - ok
17:59:54.0421 3748 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:59:54.0671 3748 Compbatt - ok
17:59:54.0703 3748 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:59:54.0953 3748 Cpqarray - ok
17:59:54.0984 3748 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:59:55.0265 3748 dac2w2k - ok
17:59:55.0281 3748 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:59:55.0515 3748 dac960nt - ok
17:59:55.0578 3748 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:59:55.0828 3748 Disk - ok
17:59:55.0890 3748 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
17:59:56.0203 3748 dmboot - ok
17:59:56.0250 3748 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
17:59:56.0531 3748 dmio - ok
17:59:56.0546 3748 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:59:56.0781 3748 dmload - ok
17:59:56.0843 3748 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:59:57.0125 3748 DMusic - ok
17:59:57.0171 3748 DozeHDD (e00b3ce273b17aee1259c105df5524ca) C:\WINDOWS\system32\DRIVERS\DozeHDD.sys
17:59:57.0234 3748 DozeHDD - ok
17:59:57.0265 3748 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:59:57.0500 3748 dpti2o - ok
17:59:57.0562 3748 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:59:57.0765 3748 drmkaud - ok
17:59:57.0796 3748 ebwmjnis - ok
17:59:57.0843 3748 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:59:58.0109 3748 Fastfat - ok
17:59:58.0156 3748 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:59:58.0421 3748 Fdc - ok
17:59:58.0468 3748 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
17:59:58.0734 3748 Fips - ok
17:59:58.0765 3748 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:59:59.0031 3748 Flpydisk - ok
17:59:59.0078 3748 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:59:59.0343 3748 FltMgr - ok
17:59:59.0375 3748 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:59:59.0578 3748 Fs_Rec - ok
17:59:59.0609 3748 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:59:59.0859 3748 Ftdisk - ok
17:59:59.0906 3748 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:59:59.0984 3748 GEARAspiWDM - ok
18:00:00.0031 3748 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:00:00.0296 3748 Gpc - ok
18:00:00.0359 3748 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:00:00.0656 3748 HDAudBus - ok
18:00:00.0718 3748 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:00:00.0968 3748 HidUsb - ok
18:00:01.0015 3748 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:00:01.0265 3748 hpn - ok
18:00:01.0312 3748 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:00:01.0390 3748 HTTP - ok
18:00:01.0421 3748 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:00:01.0671 3748 i2omgmt - ok
18:00:01.0703 3748 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:00:01.0953 3748 i2omp - ok
18:00:02.0015 3748 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:00:02.0296 3748 i8042prt - ok
18:00:02.0531 3748 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:00:02.0921 3748 ialm - ok
18:00:03.0015 3748 iaStor (707c1692214b1c290271067197f075f6) C:\WINDOWS\system32\DRIVERS\iaStor.sys
18:00:03.0156 3748 iaStor - ok
18:00:03.0218 3748 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:00:03.0500 3748 Imapi - ok
18:00:03.0531 3748 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:00:03.0765 3748 ini910u - ok
18:00:03.0984 3748 IntcAzAudAddService (e304748137d6cd6e1cf98bddea20bfa2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:00:04.0328 3748 IntcAzAudAddService - ok
18:00:04.0343 3748 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:00:04.0562 3748 IntelIde - ok
18:00:04.0609 3748 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:00:04.0875 3748 intelppm - ok
18:00:04.0921 3748 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:00:05.0218 3748 Ip6Fw - ok
18:00:05.0234 3748 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:00:05.0500 3748 IpFilterDriver - ok
18:00:05.0515 3748 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:00:05.0765 3748 IpInIp - ok
18:00:05.0812 3748 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:00:06.0093 3748 IpNat - ok
18:00:06.0125 3748 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:00:06.0421 3748 IPSec - ok
18:00:06.0500 3748 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:00:06.0625 3748 IRENUM - ok
18:00:06.0703 3748 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:00:06.0984 3748 isapnp - ok
18:00:07.0015 3748 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:00:07.0281 3748 Kbdclass - ok
18:00:07.0343 3748 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:00:07.0562 3748 kmixer - ok
18:00:07.0609 3748 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:00:07.0765 3748 KSecDD - ok
18:00:07.0796 3748 lbrtfdc - ok
18:00:07.0859 3748 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
18:00:07.0921 3748 MBAMProtector - ok
18:00:07.0984 3748 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:00:08.0218 3748 mnmdd - ok
18:00:08.0265 3748 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
18:00:08.0546 3748 Modem - ok
18:00:08.0625 3748 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
18:00:08.0812 3748 Monfilt - ok
18:00:08.0859 3748 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:00:09.0125 3748 Mouclass - ok
18:00:09.0171 3748 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:00:09.0406 3748 mouhid - ok
18:00:09.0453 3748 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:00:09.0750 3748 MountMgr - ok
18:00:09.0781 3748 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
18:00:09.0875 3748 MpFilter - ok
18:00:10.0031 3748 MpKsl287915b9 (a69630d039c38018689190234f866d77) c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{47835004-CCC4-45CE-8F63-CEA76B0EFF46}\MpKsl287915b9.sys
18:00:10.0109 3748 MpKsl287915b9 - ok
18:00:10.0218 3748 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:00:10.0468 3748 mraid35x - ok
18:00:10.0546 3748 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:00:10.0796 3748 MRxDAV - ok
18:00:10.0890 3748 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:00:11.0046 3748 MRxSmb - ok
18:00:11.0109 3748 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:00:11.0375 3748 Msfs - ok
18:00:11.0406 3748 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:00:11.0625 3748 MSKSSRV - ok
18:00:11.0671 3748 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:00:11.0890 3748 MSPCLOCK - ok
18:00:11.0937 3748 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:00:12.0156 3748 MSPQM - ok
18:00:12.0203 3748 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:00:12.0437 3748 mssmbios - ok
18:00:12.0484 3748 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:00:12.0734 3748 MSTEE - ok
18:00:12.0796 3748 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:00:12.0921 3748 Mup - ok
18:00:13.0031 3748 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:00:13.0296 3748 NABTSFEC - ok
18:00:13.0375 3748 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:00:13.0703 3748 NDIS - ok
18:00:13.0750 3748 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:00:14.0000 3748 NdisIP - ok
18:00:14.0031 3748 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:00:14.0140 3748 NdisTapi - ok
18:00:14.0203 3748 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:00:14.0468 3748 Ndisuio - ok
18:00:14.0500 3748 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:00:14.0843 3748 NdisWan - ok
18:00:14.0906 3748 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:00:15.0015 3748 NDProxy - ok
18:00:15.0078 3748 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:00:15.0359 3748 NetBIOS - ok
18:00:15.0406 3748 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:00:15.0718 3748 NetBT - ok
18:00:15.0796 3748 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:00:16.0125 3748 NIC1394 - ok
18:00:16.0187 3748 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:00:16.0468 3748 Npfs - ok
18:00:16.0531 3748 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:00:16.0796 3748 Ntfs - ok
18:00:16.0890 3748 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:00:17.0093 3748 Null - ok
18:00:17.0125 3748 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:00:17.0390 3748 NwlnkFlt - ok
18:00:17.0406 3748 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:00:17.0687 3748 NwlnkFwd - ok
18:00:17.0718 3748 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:00:18.0015 3748 ohci1394 - ok
18:00:18.0062 3748 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
18:00:18.0359 3748 Parport - ok
18:00:18.0375 3748 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:00:18.0640 3748 PartMgr - ok
18:00:18.0687 3748 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
18:00:18.0890 3748 ParVdm - ok
18:00:18.0937 3748 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
18:00:19.0234 3748 PCI - ok
18:00:19.0250 3748 PCIDump - ok
18:00:19.0281 3748 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:00:19.0484 3748 PCIIde - ok
18:00:19.0515 3748 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:00:19.0781 3748 Pcmcia - ok
18:00:19.0812 3748 PDCOMP - ok
18:00:19.0843 3748 PDFRAME - ok
18:00:19.0859 3748 PDRELI - ok
18:00:19.0890 3748 PDRFRAME - ok
18:00:19.0906 3748 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:00:20.0171 3748 perc2 - ok
18:00:20.0187 3748 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:00:20.0406 3748 perc2hib - ok
18:00:20.0484 3748 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:00:20.0734 3748 PptpMiniport - ok
18:00:20.0781 3748 psadd (651d3abc1d82d61b6cfb40cb947b3db3) C:\WINDOWS\system32\DRIVERS\psadd.sys
18:00:20.0859 3748 psadd - ok
18:00:20.0890 3748 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:00:21.0187 3748 PSched - ok
18:00:21.0203 3748 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:00:21.0468 3748 Ptilink - ok
18:00:21.0515 3748 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:00:21.0750 3748 ql1080 - ok
18:00:21.0765 3748 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:00:22.0015 3748 Ql10wnt - ok
18:00:22.0046 3748 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:00:22.0296 3748 ql12160 - ok
18:00:22.0312 3748 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:00:22.0562 3748 ql1240 - ok
18:00:22.0578 3748 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:00:22.0812 3748 ql1280 - ok
18:00:22.0843 3748 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:00:23.0093 3748 RasAcd - ok
18:00:23.0140 3748 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:00:23.0453 3748 Rasl2tp - ok
18:00:23.0468 3748 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:00:23.0734 3748 RasPppoe - ok
18:00:23.0781 3748 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:00:24.0031 3748 Raspti - ok
18:00:24.0078 3748 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:00:24.0390 3748 Rdbss - ok
18:00:24.0437 3748 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:00:24.0687 3748 RDPCDD - ok
18:00:24.0734 3748 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:00:25.0078 3748 rdpdr - ok
18:00:25.0140 3748 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:00:25.0296 3748 RDPWD - ok
18:00:25.0343 3748 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:00:25.0625 3748 redbook - ok
18:00:25.0687 3748 RSUSBSTOR (7ffa9821b1c5e0e0667e0a2685cfb89f) C:\WINDOWS\system32\Drivers\RtsUStor.sys
18:00:25.0781 3748 RSUSBSTOR - ok
18:00:25.0812 3748 Rts516xIR - ok
18:00:25.0875 3748 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
18:00:26.0125 3748 sdbus - ok
18:00:26.0140 3748 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:00:26.0281 3748 Secdrv - ok
18:00:26.0312 3748 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:00:26.0562 3748 serenum - ok
18:00:26.0609 3748 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
18:00:26.0937 3748 Serial - ok
18:00:27.0031 3748 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
18:00:27.0265 3748 Sfloppy - ok
18:00:27.0296 3748 Simbad - ok
18:00:27.0359 3748 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:00:27.0625 3748 sisagp - ok
18:00:27.0671 3748 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:00:27.0906 3748 SLIP - ok
18:00:27.0937 3748 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:00:28.0078 3748 Sparrow - ok
18:00:28.0109 3748 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:00:28.0312 3748 splitter - ok
18:00:28.0359 3748 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
18:00:28.0546 3748 sr - ok
18:00:28.0578 3748 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:00:28.0718 3748 Srv - ok
18:00:28.0812 3748 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:00:29.0062 3748 streamip - ok
18:00:29.0109 3748 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:00:29.0375 3748 swenum - ok
18:00:29.0406 3748 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:00:29.0687 3748 swmidi - ok
18:00:29.0781 3748 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:00:30.0062 3748 symc810 - ok
18:00:30.0093 3748 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:00:30.0343 3748 symc8xx - ok
18:00:30.0375 3748 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:00:30.0609 3748 sym_hi - ok
18:00:30.0640 3748 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:00:30.0890 3748 sym_u3 - ok
18:00:30.0937 3748 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:00:31.0234 3748 sysaudio - ok
18:00:31.0296 3748 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:00:31.0484 3748 Tcpip - ok
18:00:31.0531 3748 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:00:31.0781 3748 TDPIPE - ok
18:00:31.0796 3748 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:00:32.0062 3748 TDTCP - ok
18:00:32.0125 3748 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:00:32.0406 3748 TermDD - ok
18:00:32.0468 3748 TosIde (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
18:00:32.0671 3748 TosIde - ok
18:00:32.0718 3748 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
18:00:32.0781 3748 TPPWRIF ( UnsignedFile.Multi.Generic ) - warning
18:00:32.0781 3748 TPPWRIF - detected UnsignedFile.Multi.Generic (1)
18:00:32.0859 3748 tvtumon (3385d48304443d0ee42af5dbf89634b6) C:\WINDOWS\system32\DRIVERS\tvtumon.sys
18:00:32.0953 3748 tvtumon - ok
18:00:33.0000 3748 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:00:33.0296 3748 Udfs - ok
18:00:33.0359 3748 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:00:33.0484 3748 ultra - ok
18:00:33.0531 3748 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:00:33.0781 3748 Update - ok
18:00:33.0812 3748 USBAAPL - ok
18:00:33.0859 3748 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:00:34.0125 3748 usbccgp - ok
18:00:34.0156 3748 USBCCID - ok
18:00:34.0203 3748 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:00:34.0437 3748 usbehci - ok
18:00:34.0515 3748 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:00:34.0781 3748 usbhub - ok
18:00:34.0828 3748 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:00:35.0109 3748 usbprint - ok
18:00:35.0140 3748 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:00:35.0390 3748 usbscan - ok
18:00:35.0453 3748 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:00:35.0718 3748 USBSTOR - ok
18:00:35.0781 3748 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:00:36.0015 3748 usbuhci - ok
18:00:36.0078 3748 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
18:00:36.0343 3748 usbvideo - ok
18:00:36.0375 3748 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:00:36.0640 3748 VgaSave - ok
18:00:36.0703 3748 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:00:36.0984 3748 viaagp - ok
18:00:37.0000 3748 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:00:37.0250 3748 ViaIde - ok
18:00:37.0343 3748 vm331avs (0f24dd656b030fae4372bf4904e4b0a3) C:\WINDOWS\system32\Drivers\vm331avs.sys
18:00:37.0500 3748 vm331avs - ok
18:00:37.0515 3748 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
18:00:37.0812 3748 VolSnap - ok
18:00:37.0890 3748 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:00:38.0187 3748 Wanarp - ok
18:00:38.0250 3748 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:00:38.0343 3748 Wdf01000 - ok
18:00:38.0359 3748 WDICA - ok
18:00:38.0421 3748 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:00:38.0734 3748 wdmaud - ok
18:00:38.0781 3748 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\WINDOWS\system32\DRIVERS\wimfltr.sys
18:00:38.0906 3748 WimFltr - ok
18:00:38.0984 3748 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:00:39.0218 3748 WmiAcpi - ok
18:00:39.0281 3748 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:00:39.0562 3748 WSTCODEC - ok
18:00:39.0609 3748 WSVD (5d0a08ebf9660e07865907fb1ab022b5) C:\WINDOWS\system32\drivers\WSVD.sys
18:00:39.0703 3748 WSVD - ok
18:00:39.0750 3748 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:00:39.0875 3748 WudfPf - ok
18:00:39.0906 3748 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:00:40.0031 3748 WudfRd - ok
18:00:40.0078 3748 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:00:40.0234 3748 \Device\Harddisk0\DR0 - ok
18:00:40.0234 3748 Boot (0x1200) (9656a52cafdd75cfec2d0c7a15cd8802) \Device\Harddisk0\DR0\Partition0
18:00:40.0234 3748 \Device\Harddisk0\DR0\Partition0 - ok
18:00:40.0265 3748 Boot (0x1200) (d355d3602cdcbd1931487087dce288a0) \Device\Harddisk0\DR0\Partition1
18:00:40.0265 3748 \Device\Harddisk0\DR0\Partition1 - ok
18:00:40.0265 3748 ============================================================
18:00:40.0265 3748 Scan finished
18:00:40.0265 3748 ============================================================
18:00:40.0390 0944 Detected object count: 1
18:00:40.0390 0944 Actual detected object count: 1
18:00:51.0187 0944 TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user
18:00:51.0187 0944 TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
10.02.2012, 19:14
| #29 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kryptik und andere UNDINGER auf meinem nun leeren Rechner... Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.02.2012, 22:51
| #30 |
| | Kryptik und andere UNDINGER auf meinem nun leeren Rechner... also ich hab es jetzt zwei mal versucht beim ersten mal kam 5 min nicht viel und dann wurde der Bildschirm schwarz. Reagierte nicht mehr. Beim zweiten mal hat er irgendwas gemacht Startlevel1, Startlevel2 etc. und so weiter (Ich weiß nicht genau, was da stand hab nicht so genau hingeschaut.) und dann wurde der Bildschirm schwarz und der PC reagierte nicht. Jetzt findet der Rechner meinen Akku nicht mehr. |
|
| Themen zu Kryptik und andere UNDINGER auf meinem nun leeren Rechner... |
| adobe, becker, bho, bildschirm, bonjour, browser, dll, einstellungen, explorer, hijackthis, hkus\s-1-5-18, internet, internet explorer, kryptik, lenovo, logfile, löschen, microsoft security, microsoft security essentials, object, performance, plug-in, programme, registry, rundll, security, senden, server, system, usb, windows, windows xp |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
