Windows gesperrt - bezahlen...

rookie-5 · 02.03.2012, 17:33

Hallo,

habe die anderen Beiträge zu diesem Thema gelesen. Wäre super wenn mir jemand weiterhelfen könnte.

anbei sind die txt.dateien der logs.

vielen Dank im Vorraus.

cosinus · 02.03.2012, 20:10

Zitat:

Boot Mode: SafeMode with Networking |

na wenn der Modus geht wirst du erstmal MBAM/ESET probieren können:

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

rookie-5 · 02.03.2012, 22:53

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.02.04

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Oliver Gräßer :: ROOKIE [Administrator]

Schutz: Deaktiviert

02.03.2012 20:19:44
mbam-log-2012-03-02 (20-24-53).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 197902
Laufzeit: 4 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{40E72E3E-7529-11DD-B7F6-806E6F6E6963} (Backdoor.Messa) -> Daten: C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\torrent.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Oliver Gräßer\AppData\Roaming\msnsvconfig.txt (Malware.Trace) -> Keine Aktion durchgeführt.
C:\Users\Oliver Gräßer\AppData\Local\Temp\0.47462910465231734.exe (Exploit.Drop.2) -> Keine Aktion durchgeführt.
C:\Users\Oliver Gräßer\AppData\Local\Temp\0.796138540254269.exe (Exploit.Drop.2) -> Keine Aktion durchgeführt.
C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\torrent.exe (Backdoor.Messa) -> Keine Aktion durchgeführt.

(Ende)

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f19d73bf4dd0dd4a821ec217323b533f
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-02 07:51:02
# local_time=2012-03-02 08:51:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 5398938 5398938 0 0
# compatibility_mode=5892 16776574 100 100 23658 168249871 0 0
# compatibility_mode=8192 67108863 100 0 4131 4131 0 0
# scanned=22267
# found=0
# cleaned=0
# scan_time=719
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f19d73bf4dd0dd4a821ec217323b533f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-02 09:44:34
# local_time=2012-03-02 10:44:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 5399697 5399697 0 0
# compatibility_mode=5892 16776574 100 100 24417 168250630 0 0
# compatibility_mode=8192 67108863 100 0 4890 4890 0 0
# scanned=231862
# found=1
# cleaned=0
# scan_time=6772
C:\Program Files\pdfforge Toolbar\SearchSettings.exe	Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I

rookie-5 · 05.03.2012, 11:25

kann mir noch jemand weiterhelfen

cosinus · 05.03.2012, 14:15

Ja. Du könntest mal das umsetzen was man in der Anleitung gepostet hat

Zitat:

Art des Suchlaufs: Quick-Scan

Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!

Und poste alle Logs von Malwarebytes, die im Reiter Logdateien zu sehen sind

rookie-5 · 05.03.2012, 23:20

mein Fehler,danke für die Info...

anbei alle logs:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.05.08

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Oliver Gräßer :: ROOKIE [Administrator]

Schutz: Deaktiviert

05.03.2012 22:12:19
mbam-log-2012-03-05 (22-12-19).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 394777
Laufzeit: 1 Stunde(n), 1 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.02.04

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Oliver Gräßer :: ROOKIE [Administrator]

Schutz: Deaktiviert

02.03.2012 20:19:44
mbam-log-2012-03-02 (20-19-44).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 197902
Laufzeit: 4 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{40E72E3E-7529-11DD-B7F6-806E6F6E6963} (Backdoor.Messa) -> Daten: C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\torrent.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Oliver Gräßer\AppData\Roaming\msnsvconfig.txt (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Oliver Gräßer\AppData\Local\Temp\0.47462910465231734.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Oliver Gräßer\AppData\Local\Temp\0.796138540254269.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\torrent.exe (Backdoor.Messa) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

2012/03/05 20:47:22 +0100	ROOKIE	(null)	MESSAGE	Executing scheduled update:  Daily
2012/03/05 20:47:24 +0100	ROOKIE	(null)	ERROR	Scheduled update failed:  No address found failed with error code 11004

cosinus · 06.03.2012, 12:46

Funktioniert jetzt der normale Modus wieder oder nicht?

rookie-5 · 06.03.2012, 13:54

es scheint wieder zu funktionieren

muss ich noch ich noch weitere schritte beachten?

cosinus · 06.03.2012, 14:10

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

rookie-5 · 06.03.2012, 16:17

Code:

ATTFilter

OTL logfile created on: 06.03.2012 15:33:05 - Run 2
OTL by OldTimer - Version 3.2.34.0     Folder = C:\Users\Oliver Gräßer\Desktop\Trojaner
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 64,17% Memory free
6,20 Gb Paging File | 4,93 Gb Available in Paging File | 79,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76,00 Gb Total Space | 16,68 Gb Free Space | 21,94% Space Free | Partition Type: NTFS
Drive D: | 148,09 Gb Total Space | 147,99 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
 
Computer Name: ROOKIE | User Name: Oliver Gräßer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Oliver Gräßer\Desktop\Trojaner\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Lexware\LxWebAccess\LxWebAccess.exe (Lexware GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe (Fujitsu Technology Solutions)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\C&E\OSD\osd.exe (C&E)
PRC - C:\Program Files\Lexmark 4800 Series\lxdemon.exe ()
PRC - C:\Program Files\Lexmark 4800 Series\lxdeamon.exe ()
PRC - C:\Windows\System32\lxdecoms.exe ( )
PRC - C:\Windows\System32\spool\drivers\w32x86\3\lxdeserv.exe (Lexmark International, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\Belkin\F1U201.401\usbshare.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\e3e1fd8ccf76e9eb0147484fb8dd773a\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7390d789557549200e474b9bbeca3d1a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\aa90407cafb9b4a0dc5e3fdff170fee9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll ()
MOD - C:\Program Files\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll ()
MOD - C:\Program Files\Lexmark 4800 Series\lxdemon.exe ()
MOD - C:\Program Files\Lexmark 4800 Series\app4r.monitor.core.dll ()
MOD - C:\Program Files\Lexmark 4800 Series\app4r.monitor.common.dll ()
MOD - C:\Program Files\Lexmark 4800 Series\app4r.devmons.mcmdevmon.dll ()
MOD - C:\Program Files\Lexmark 4800 Series\app4r.devmons.mcmdevmon.autoplayutil.dll ()
MOD - C:\Program Files\Lexmark 4800 Series\lxdeamon.exe ()
MOD - C:\Program Files\Lexmark 4800 Series\lxdescw.dll ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\lxdedatr.dll ()
MOD - C:\Program Files\ArcSoft\TotalMedia 3.5\uPiApi.dll ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\lxdecats.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56ita.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56esp.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56brz.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56kor.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56ger.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56fra.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56dnk.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56jpn.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56cht.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56chs.dll ()
MOD - C:\Program Files\Belkin\F1U201.401\usbshare.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Lexware_Datenbank_Plus) -- C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
SRV - (TestHandler) -- C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe (Fujitsu Technology Solutions)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (OsdService) -- C:\Program Files\C&E\OSD\OsdService\OsdService.exe ()
SRV - (lxde_device) -- C:\Windows\System32\lxdecoms.exe ( )
SRV - (lxdeCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdeserv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RTL2832U_IRHID) -- C:\Windows\System32\drivers\RTL2832U_IRHID.sys (Realtek)
DRV - (RTL2832UUSB) -- C:\Windows\System32\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (RTL2832UBDA) -- C:\Windows\System32\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (CEBFilter) -- C:\Program Files\C&E\OSD\OsdService\cebuffer.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (CEIO) -- C:\Program Files\C&E\OSD\OsdService\ceio.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (cKBFilter) -- C:\Program Files\C&E\OSD\OsdService\kbfiltr.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (Cam5603D) -- C:\Windows\System32\drivers\BisonCam.sys ()
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (Si3531) -- C:\Windows\system32\DRIVERS\Si3531.sys (Silicon Image, Inc)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (SiRemFil) -- C:\Windows\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.)
DRV - (SiFilter) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found
IE - HKU\..\SearchScopes,DefaultScope = 
IE - HKU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_DE
IE - HKU\..\SearchScopes\{1E2576B3-CBBE-454F-BB1F-B3BD6BF69DC7}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKU\..\SearchScopes\{402A7386-7397-48A4-AB48-B491835C9908}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_deDE356
IE - HKU\..\SearchScopes\{72A01BE8-36E6-4E3E-A212-EEAA937D7AC3}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\..\SearchScopes\{A1804725-6852-46FC-B62D-1F28FF49F4ED}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Oliver Gräßer\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
 
 
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [lxdeamon] C:\Program Files\Lexmark 4800 Series\lxdeamon.exe ()
O4 - HKLM..\Run: [lxdemon.exe] C:\Program Files\Lexmark 4800 Series\lxdemon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe (C&E)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O7 - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Oliver Gräßer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Oliver Gräßer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{644959B3-FC4D-4DCB-AC67-42F5087751D1}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF0F9B18-BF57-4021-B073-C27A35EFC145}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Google EULA Launcher - hkey= - key= - c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger -  File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\CYBERL~1\PowerDV\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.05 23:29:04 | 000,000,000 | ---D | C] -- C:\Users\Oliver Gräßer\Desktop\Trojaner
[2012.03.02 20:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.02 20:16:57 | 000,000,000 | ---D | C] -- C:\Users\Oliver Gräßer\AppData\Roaming\Malwarebytes
[2012.03.02 20:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.02 20:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.02 20:16:49 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.02 20:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.02 17:34:13 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.02.29 03:02:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.02.05 19:28:06 | 000,000,000 | ---D | C] -- C:\Users\Oliver Gräßer\Documents\Steuererklärung
[15 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[15 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.06 15:24:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.06 15:24:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.06 15:16:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.06 13:32:03 | 002,833,274 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.06 13:32:02 | 007,881,110 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.06 13:32:02 | 002,507,678 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.06 13:32:02 | 002,252,068 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.06 13:25:31 | 000,223,107 | ---- | M] () -- C:\Users\Oliver Gräßer\AppData\Roaming\nvModes.001
[2012.03.06 13:24:25 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.06 13:24:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.06 13:23:58 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.06 13:22:43 | 000,001,356 | ---- | M] () -- C:\Users\Oliver Gräßer\AppData\Local\d3d9caps.dat
[2012.03.05 23:33:58 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.03.02 15:31:44 | 000,306,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.28 15:31:54 | 000,223,107 | ---- | M] () -- C:\Users\Oliver Gräßer\AppData\Roaming\nvModes.dat
[2012.02.27 14:06:26 | 000,002,653 | ---- | M] () -- C:\Users\Public\Desktop\TAXMAN 2012.lnk
[2012.02.21 13:46:36 | 000,133,262 | ---- | M] () -- C:\Users\Oliver Gräßer\Documents\WV Begünstigte 21.02.2012 13;46;36.PDF
[2012.02.17 16:40:09 | 316,193,826 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.02.17 16:24:13 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[15 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[15 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.06 13:23:57 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.21 13:46:52 | 000,133,262 | ---- | C] () -- C:\Users\Oliver Gräßer\Documents\WV Begünstigte 21.02.2012 13;46;36.PDF
[2012.01.23 18:48:59 | 000,000,147 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.09.27 11:17:26 | 000,198,144 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2011.09.27 11:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll
[2011.09.27 11:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll
[2011.09.27 11:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll
[2010.10.21 14:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2010.10.21 14:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2010.10.21 14:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2010.05.15 17:16:04 | 000,001,356 | ---- | C] () -- C:\Users\Oliver Gräßer\AppData\Local\d3d9caps.dat
[2010.04.04 16:52:27 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdecoin.dll
[2010.04.04 16:50:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2010.04.04 16:50:04 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2010.04.04 16:48:04 | 000,000,060 | ---- | C] () -- C:\Windows\System32\lxderwrd.ini
[2010.04.04 16:47:51 | 000,434,176 | ---- | C] ( ) -- C:\Windows\System32\lxdehcp.dll
[2010.04.04 16:47:51 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdeinst.dll
[2010.04.04 16:47:50 | 001,200,128 | ---- | C] ( ) -- C:\Windows\System32\lxdeserv.dll
[2010.04.04 16:47:50 | 000,950,272 | ---- | C] ( ) -- C:\Windows\System32\lxdeusb1.dll
[2010.04.04 16:47:50 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdeinpa.dll
[2010.04.04 16:47:50 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdeiesc.dll
[2010.04.04 16:47:49 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdepmui.dll
[2010.04.04 16:47:49 | 000,565,248 | ---- | C] ( ) -- C:\Windows\System32\lxdelmpm.dll
[2010.04.04 16:47:49 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdeprox.dll
[2010.04.04 16:47:48 | 000,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdeih.exe
[2010.04.04 16:47:47 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdehbn3.dll
[2010.04.04 16:47:47 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdegrd.dll
[2010.04.04 16:47:46 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdecomc.dll
[2010.04.04 16:47:46 | 000,598,960 | ---- | C] ( ) -- C:\Windows\System32\lxdecoms.exe
[2010.04.04 16:47:46 | 000,365,488 | ---- | C] ( ) -- C:\Windows\System32\lxdecfg.exe
[2010.04.04 16:47:46 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdecomm.dll
 
========== LOP Check ==========
 
[2011.12.19 12:58:23 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\1&1 Mail & Media GmbH
[2009.02.08 19:40:30 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\biu software
[2011.05.20 21:31:36 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\BOM
[2010.01.23 22:15:02 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Canneverbe_Limited
[2011.12.19 16:34:21 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\DVDVideoSoft
[2011.09.18 15:38:46 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.08 10:34:32 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular
[2011.01.05 23:26:26 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\eMusic
[2009.02.07 17:26:24 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\GlarySoft
[2008.12.02 19:41:45 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\IrfanView
[2010.04.04 17:11:46 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Lexmark Productivity Studio
[2008.12.15 23:00:30 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Lexware
[2008.09.13 20:22:20 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\PeerNetworking
[2012.03.02 16:34:10 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\RayV
[2009.03.26 20:15:45 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Samsung
[2008.09.13 11:22:44 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Template
[2011.01.21 20:26:39 | 000,000,000 | ---D | M] -- C:\Users\Steuer\AppData\Roaming\elsterformular
[2009.04.17 14:39:55 | 000,000,000 | ---D | M] -- C:\Users\Steuer\AppData\Roaming\Haufe
[2009.05.16 13:31:01 | 000,000,000 | ---D | M] -- C:\Users\Steuer\AppData\Roaming\Lexmark Productivity Studio
[2008.12.15 23:23:03 | 000,000,000 | ---D | M] -- C:\Users\Steuer\AppData\Roaming\Lexware
[2012.03.05 23:33:59 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.19 12:58:23 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\1&1 Mail & Media GmbH
[2008.09.13 12:32:25 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Adobe
[2009.10.10 21:25:10 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\ArcSoft
[2011.12.31 10:02:37 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Avira
[2009.02.08 19:40:30 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\biu software
[2011.05.20 21:31:36 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\BOM
[2010.01.23 22:15:02 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Canneverbe_Limited
[2008.08.31 09:29:24 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\CyberLink
[2010.06.25 10:52:52 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\DivX
[2011.12.19 16:34:21 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\DVDVideoSoft
[2011.09.18 15:38:46 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.08 10:34:32 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular
[2011.01.05 23:26:26 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\eMusic
[2008.12.25 11:31:46 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\FaxCtr
[2009.02.07 17:26:24 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\GlarySoft
[2008.08.28 19:34:49 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Google
[2008.08.28 19:10:05 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Identities
[2008.12.15 23:37:13 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\InstallShield
[2008.12.02 19:41:45 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\IrfanView
[2010.04.04 17:11:46 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Lexmark Productivity Studio
[2008.12.15 23:00:30 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Lexware
[2008.08.28 20:43:32 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Macromedia
[2012.03.02 20:16:57 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Media Center Programs
[2009.04.11 07:27:36 | 000,000,000 | --SD | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft
[2010.03.17 22:35:35 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Move Networks
[2010.08.01 09:32:42 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Mozilla
[2010.08.01 09:32:51 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Mozilla-Cache
[2008.10.05 18:12:42 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Nero
[2008.09.13 20:22:20 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\PeerNetworking
[2012.03.02 16:34:10 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\RayV
[2009.03.26 20:15:45 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Samsung
[2008.09.13 11:22:44 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Template
[2008.11.23 01:30:31 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.01.09 22:01:39 | 004,051,632 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_10_7094_7699.exe
[2012.01.09 22:03:01 | 004,048,168 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_11_7094_7699.exe
[2012.01.09 22:04:21 | 004,067,576 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_09_7094_7699.exe
[2012.01.09 22:05:25 | 004,058,240 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_10_7094_7699.exe
[2012.01.09 22:06:23 | 004,052,104 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_11_7094_7699.exe
[2012.01.09 22:07:35 | 004,049,248 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_10_7094_7699.exe
[2012.01.09 22:08:37 | 004,051,088 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_11_7094_7699.exe
[2011.10.08 10:32:29 | 011,250,312 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular\update\ElsterFormular_update-12_3_2_6814u.exe
[2012.01.23 18:27:24 | 000,086,016 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\Installer\{1D081AB0-B1CC-11E0-80C0-005056B12123}\ARPPRODUCTICON.exe
[2008.08.28 19:09:32 | 000,008,704 | R--- | M] () -- C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\Installer\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}\Icon9A3BC1573.exe
[2008.12.15 23:10:57 | 000,086,016 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\Installer\{A4E86B6A-6EEC-41FD-8960-26947F0E3353}\ARPPRODUCTICON.exe
[2009.01.09 20:23:12 | 000,086,016 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\Installer\{D5C8E140-6E6F-11DD-9AA9-0050560400B1}\ARPPRODUCTICON.exe
[2009.01.09 20:23:40 | 000,086,016 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\Installer\{F48AAE0F-52F4-11DD-B1F7-0050560400B1}\ARPPRODUCTICON.exe
[2010.03.17 22:35:35 | 000,144,053 | ---- | M] () -- C:\Users\Oliver Gräßer\AppData\Roaming\Move Networks\uninstall.exe
[2009.02.12 19:37:34 | 000,097,144 | ---- | M] () -- C:\Users\Oliver Gräßer\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2008.05.27 12:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Windows\System32\drivers\ahcix86s.sys
[2008.05.27 12:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_c617648e\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.06.03 04:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2008.06.03 04:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2008.06.03 04:27:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2008.06.03 04:27:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_41af7b1f\iaStor.sys
[2007.02.12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\DRIVER\SATA\INTEL\iaStor.sys
[2007.02.12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
[2007.02.12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.08.07 13:34:48 | 013,115,392 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.08.07 13:34:39 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.08.07 13:34:48 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008.08.07 13:34:58 | 017,633,280 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008.08.07 13:35:00 | 006,705,152 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

cosinus · 06.03.2012, 19:48

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://supertoolbar.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_DE
IE - HKU\..\SearchScopes\{1E2576B3-CBBE-454F-BB1F-B3BD6BF69DC7}: "URL" = http://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = http://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKU\..\SearchScopes\{402A7386-7397-48A4-AB48-B491835C9908}: "URL" = http://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_deDE356
IE - HKU\..\SearchScopes\{72A01BE8-36E6-4E3E-A212-EEAA937D7AC3}: "URL" = http://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\..\SearchScopes\{A1804725-6852-46FC-B62D-1F28FF49F4ED}: "URL" = http://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O7 - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
:Files
C:\Program Files\pdfforge Toolbar
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

rookie-5 · 06.03.2012, 20:17

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{1E2576B3-CBBE-454F-BB1F-B3BD6BF69DC7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E2576B3-CBBE-454F-BB1F-B3BD6BF69DC7}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{402A7386-7397-48A4-AB48-B491835C9908}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{402A7386-7397-48A4-AB48-B491835C9908}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{72A01BE8-36E6-4E3E-A212-EEAA937D7AC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72A01BE8-36E6-4E3E-A212-EEAA937D7AC3}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{A1804725-6852-46FC-B62D-1F28FF49F4ED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1804725-6852-46FC-B62D-1F28FF49F4ED}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ deleted successfully.
C:\Program Files\Lexmark Toolbar\toolband.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ deleted successfully.
C:\Program Files\WEB.DE Toolbar\IE\uitb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
File C:\Program Files\Lexmark Toolbar\toolband.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C424171E-592A-415a-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415a-9EB1-DFD6D95D3530}\ deleted successfully.
File C:\Program Files\WEB.DE Toolbar\IE\uitb.dll not found.
Registry value HKEY_USERS\S-1-5-21-3359374848-750208709-1910855389-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
File C:\Program Files\Lexmark Toolbar\toolband.dll not found.
Registry value HKEY_USERS\S-1-5-21-3359374848-750208709-1910855389-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
File C:\Program Files\Lexmark Toolbar\toolband.dll not found.
Registry value HKEY_USERS\S-1-5-21-3359374848-750208709-1910855389-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found.
File C:\Program Files\WEB.DE Toolbar\IE\uitb.dll not found.
Registry value HKEY_USERS\S-1-5-21-3359374848-750208709-1910855389-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\add to &BOM\ deleted successfully.
File move failed. C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta scheduled to be moved on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== FILES ==========
C:\Program Files\pdfforge Toolbar\Res folder moved successfully.
C:\Program Files\pdfforge Toolbar folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Oliver Gräßer
->Temp folder emptied: 300770193 bytes
->Temporary Internet Files folder emptied: 1107652437 bytes
->Java cache emptied: 39147454 bytes
->Flash cache emptied: 95213 bytes
 
User: Public
 
User: Steuer
->Temp folder emptied: 2156909 bytes
->Temporary Internet Files folder emptied: 135238340 bytes
->Java cache emptied: 24268233 bytes
->Flash cache emptied: 24447 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 79431643 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 11026356 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 19689711 bytes
RecycleBin emptied: 5258760 bytes
 
Total Files Cleaned = 1.645,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.34.0 log created on 03062012_195553

Files\Folders moved on Reboot...
File\Folder C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta not found!
File\Folder C:\Users\Oliver Gräßer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VYDCNNB3\n=Europa;w_lan=DE;w_reg=BW;w_ort=Cleebronn;w_plz=74389;w_tmi=9;w_tma=15;w_pic=1;w_wx=2;xx=pl;xx=wp;xx=pb;xx=pr;wefo=pu1;wefo=fb2;wefo=rt1;wefo=sc1;tile=1;ord=5892113329[1] not found!
File\Folder C:\Users\Oliver Gräßer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VYDCNNB3\n=Europa;w_lan=DE;w_reg=BW;w_ort=Cleebronn;w_plz=74389;w_tmi=9;w_tma=15;w_pic=1;w_wx=2;xx=pl;xx=wp;xx=pb;xx=pr;wefo=pu1;wefo=fb2;wefo=rt1;wefo=sc1;tile=5;ord=5892113329[1] not found!
File\Folder C:\Users\Oliver Gräßer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\4U0BLN4Q\n=Europa;w_lan=DE;w_reg=BW;w_ort=Cleebronn;w_plz=74389;w_tmi=9;w_tma=15;w_pic=1;w_wx=2;xx=pl;xx=wp;xx=pb;xx=pr;wefo=pu1;wefo=fb2;wefo=rt1;wefo=sc1;tile=3;ord=5892113329[1] not found!
File\Folder C:\Users\Oliver Gräßer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2GB73HT2\n=Europa;w_lan=DE;w_reg=BW;w_ort=Cleebronn;w_plz=74389;w_tmi=9;w_tma=15;w_pic=1;w_wx=2;xx=pl;xx=wp;xx=pb;xx=pr;wefo=pu1;wefo=fb2;wefo=rt1;wefo=sc1;tile=2;ord=5892113329[1] not found!
File\Folder C:\Users\Oliver Gräßer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2GB73HT2\n=Europa;w_lan=DE;w_reg=BW;w_ort=Cleebronn;w_plz=74389;w_tmi=9;w_tma=15;w_pic=1;w_wx=2;xx=pl;xx=wp;xx=pb;xx=pr;wefo=pu1;wefo=fb2;wefo=rt1;wefo=sc1;tile=4;ord=5892113329[1] not found!
File move failed. C:\Windows\temp\asat0000.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus · 06.03.2012, 20:21

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

rookie-5 · 06.03.2012, 20:53

Code:

ATTFilter

20:48:07.0727 4908	TDSS rootkit removing tool 2.7.19.0 Mar  5 2012 11:23:39
20:48:07.0976 4908	============================================================
20:48:07.0976 4908	Current date / time: 2012/03/06 20:48:07.0976
20:48:07.0976 4908	SystemInfo:
20:48:07.0976 4908	
20:48:07.0976 4908	OS Version: 6.0.6002 ServicePack: 2.0
20:48:07.0976 4908	Product type: Workstation
20:48:07.0976 4908	ComputerName: ROOKIE
20:48:07.0976 4908	UserName: Oliver Gräßer
20:48:07.0976 4908	Windows directory: C:\Windows
20:48:07.0976 4908	System windows directory: C:\Windows
20:48:07.0976 4908	Processor architecture: Intel x86
20:48:07.0976 4908	Number of processors: 2
20:48:07.0976 4908	Page size: 0x1000
20:48:07.0976 4908	Boot type: Normal boot
20:48:07.0976 4908	============================================================
20:48:08.0866 4908	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:48:08.0881 4908	\Device\Harddisk0\DR0:
20:48:08.0881 4908	MBR used
20:48:08.0881 4908	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1194800, BlocksNum 0x9800800
20:48:08.0881 4908	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xA995000, BlocksNum 0x12830170
20:48:08.0990 4908	Initialize success
20:48:08.0990 4908	============================================================
20:50:29.0406 4212	============================================================
20:50:29.0406 4212	Scan started
20:50:29.0406 4212	Mode: Manual; SigCheck; TDLFS; 
20:50:29.0406 4212	============================================================
20:50:29.0936 4212	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:50:30.0155 4212	ACPI - ok
20:50:30.0217 4212	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:50:30.0248 4212	adp94xx - ok
20:50:30.0295 4212	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:50:30.0326 4212	adpahci - ok
20:50:30.0358 4212	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:50:30.0373 4212	adpu160m - ok
20:50:30.0404 4212	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:50:30.0436 4212	adpu320 - ok
20:50:30.0498 4212	Afc             (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
20:50:30.0545 4212	Afc - ok
20:50:30.0607 4212	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:50:30.0685 4212	AFD - ok
20:50:30.0748 4212	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:50:30.0763 4212	agp440 - ok
20:50:30.0826 4212	ahcix86s        (fbe4016f9ef3ab3db547e40a936b6cd9) C:\Windows\system32\drivers\ahcix86s.sys
20:50:30.0841 4212	ahcix86s - ok
20:50:30.0872 4212	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:50:30.0904 4212	aic78xx - ok
20:50:30.0935 4212	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:50:30.0950 4212	aliide - ok
20:50:30.0982 4212	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:50:30.0997 4212	amdagp - ok
20:50:31.0028 4212	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:50:31.0044 4212	amdide - ok
20:50:31.0075 4212	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:50:31.0216 4212	AmdK7 - ok
20:50:31.0247 4212	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:50:31.0309 4212	AmdK8 - ok
20:50:31.0403 4212	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:50:31.0418 4212	arc - ok
20:50:31.0465 4212	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:50:31.0481 4212	arcsas - ok
20:50:31.0512 4212	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:50:31.0590 4212	AsyncMac - ok
20:50:31.0621 4212	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:50:31.0652 4212	atapi - ok
20:50:31.0715 4212	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
20:50:31.0730 4212	avgntflt - ok
20:50:31.0762 4212	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
20:50:31.0777 4212	avipbb - ok
20:50:31.0808 4212	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
20:50:31.0824 4212	avkmgr - ok
20:50:31.0855 4212	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:50:31.0918 4212	Beep - ok
20:50:31.0964 4212	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:50:32.0027 4212	blbdrive - ok
20:50:32.0074 4212	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:50:32.0136 4212	bowser - ok
20:50:32.0183 4212	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:50:32.0292 4212	BrFiltLo - ok
20:50:32.0323 4212	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:50:32.0386 4212	BrFiltUp - ok
20:50:32.0432 4212	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:50:32.0651 4212	Brserid - ok
20:50:32.0682 4212	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:50:32.0776 4212	BrSerWdm - ok
20:50:32.0791 4212	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:50:32.0885 4212	BrUsbMdm - ok
20:50:32.0900 4212	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:50:32.0994 4212	BrUsbSer - ok
20:50:33.0056 4212	BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
20:50:33.0103 4212	BthEnum - ok
20:50:33.0150 4212	BTHMODEM        (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
20:50:33.0212 4212	BTHMODEM - ok
20:50:33.0259 4212	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
20:50:33.0337 4212	BthPan - ok
20:50:33.0400 4212	BTHPORT         (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
20:50:33.0509 4212	BTHPORT - ok
20:50:33.0556 4212	BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
20:50:33.0602 4212	BTHUSB - ok
20:50:33.0680 4212	Cam5603D        (166eba385178229475b6aeb950e0a082) C:\Windows\system32\Drivers\BisonCam.sys
20:50:33.0805 4212	Cam5603D - ok
20:50:33.0868 4212	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:50:33.0930 4212	cdfs - ok
20:50:33.0992 4212	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:50:34.0039 4212	cdrom - ok
20:50:34.0117 4212	CEBFilter       (039f27ea2344c541cb6a0ef288bc8996) C:\Program Files\C&E\OSD\OsdService\cebuffer.sys
20:50:34.0133 4212	CEBFilter ( UnsignedFile.Multi.Generic ) - warning
20:50:34.0133 4212	CEBFilter - detected UnsignedFile.Multi.Generic (1)
20:50:34.0148 4212	CEIO            (147019abeb922507f2fa107032c480ce) C:\Program Files\C&E\OSD\OsdService\ceio.sys
20:50:34.0148 4212	CEIO ( UnsignedFile.Multi.Generic ) - warning
20:50:34.0148 4212	CEIO - detected UnsignedFile.Multi.Generic (1)
20:50:34.0195 4212	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
20:50:34.0258 4212	circlass - ok
20:50:34.0273 4212	cKBFilter       (cb11e608025aa6e601ff0c097e6009bd) C:\Program Files\C&E\OSD\OsdService\kbfiltr.sys
20:50:34.0289 4212	cKBFilter ( UnsignedFile.Multi.Generic ) - warning
20:50:34.0289 4212	cKBFilter - detected UnsignedFile.Multi.Generic (1)
20:50:34.0351 4212	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:50:34.0382 4212	CLFS - ok
20:50:34.0460 4212	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:50:34.0507 4212	CmBatt - ok
20:50:34.0538 4212	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:50:34.0554 4212	cmdide - ok
20:50:34.0585 4212	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:50:34.0601 4212	Compbatt - ok
20:50:34.0616 4212	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:50:34.0648 4212	crcdisk - ok
20:50:34.0663 4212	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:50:34.0726 4212	Crusoe - ok
20:50:34.0804 4212	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:50:34.0866 4212	DfsC - ok
20:50:34.0975 4212	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:50:34.0991 4212	disk - ok
20:50:35.0069 4212	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:50:35.0131 4212	drmkaud - ok
20:50:35.0225 4212	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:50:35.0350 4212	DXGKrnl - ok
20:50:35.0428 4212	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:50:35.0490 4212	E1G60 - ok
20:50:35.0552 4212	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:50:35.0584 4212	Ecache - ok
20:50:35.0630 4212	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:50:35.0662 4212	elxstor - ok
20:50:35.0708 4212	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:50:35.0771 4212	ErrDev - ok
20:50:35.0849 4212	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:50:35.0927 4212	exfat - ok
20:50:35.0974 4212	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:50:36.0020 4212	fastfat - ok
20:50:36.0067 4212	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:50:36.0130 4212	fdc - ok
20:50:36.0176 4212	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:50:36.0192 4212	FileInfo - ok
20:50:36.0223 4212	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:50:36.0286 4212	Filetrace - ok
20:50:36.0317 4212	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:50:36.0379 4212	flpydisk - ok
20:50:36.0473 4212	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:50:36.0504 4212	FltMgr - ok
20:50:36.0582 4212	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:50:36.0660 4212	Fs_Rec - ok
20:50:36.0691 4212	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:50:36.0707 4212	gagp30kx - ok
20:50:36.0847 4212	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:50:36.0956 4212	HdAudAddService - ok
20:50:37.0019 4212	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:50:37.0112 4212	HDAudBus - ok
20:50:37.0144 4212	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:50:37.0237 4212	HidBth - ok
20:50:37.0284 4212	HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
20:50:37.0346 4212	HidIr - ok
20:50:37.0409 4212	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:50:37.0456 4212	HidUsb - ok
20:50:37.0518 4212	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:50:37.0534 4212	HpCISSs - ok
20:50:37.0580 4212	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:50:37.0690 4212	HTTP - ok
20:50:37.0736 4212	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:50:37.0752 4212	i2omp - ok
20:50:37.0799 4212	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:50:37.0861 4212	i8042prt - ok
20:50:37.0908 4212	iaStor          (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
20:50:37.0939 4212	iaStor - ok
20:50:37.0970 4212	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:50:38.0002 4212	iaStorV - ok
20:50:38.0048 4212	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:50:38.0064 4212	iirsp - ok
20:50:38.0189 4212	IntcAzAudAddService (5d854cbac8b7b4b964406f9808c95fae) C:\Windows\system32\drivers\RTKVHDA.sys
20:50:38.0329 4212	IntcAzAudAddService - ok
20:50:38.0392 4212	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:50:38.0454 4212	intelide - ok
20:50:38.0532 4212	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:50:38.0594 4212	intelppm - ok
20:50:38.0641 4212	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:50:38.0704 4212	IpFilterDriver - ok
20:50:38.0719 4212	IpInIp - ok
20:50:38.0766 4212	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:50:38.0844 4212	IPMIDRV - ok
20:50:38.0875 4212	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:50:38.0938 4212	IPNAT - ok
20:50:38.0969 4212	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:50:39.0016 4212	IRENUM - ok
20:50:39.0047 4212	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:50:39.0078 4212	isapnp - ok
20:50:39.0125 4212	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:50:39.0156 4212	iScsiPrt - ok
20:50:39.0187 4212	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:50:39.0203 4212	iteatapi - ok
20:50:39.0265 4212	itecir          (e4b04a0d8b237ecf026d849439f1bcce) C:\Windows\system32\DRIVERS\itecir.sys
20:50:39.0296 4212	itecir - ok
20:50:39.0312 4212	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:50:39.0328 4212	iteraid - ok
20:50:39.0374 4212	JRAID           (c36f3a1a4e8416ef43f30deab7701730) C:\Windows\system32\drivers\jraid.sys
20:50:39.0421 4212	JRAID - ok
20:50:39.0452 4212	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:50:39.0484 4212	kbdclass - ok
20:50:39.0530 4212	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:50:39.0593 4212	kbdhid - ok
20:50:39.0655 4212	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
20:50:39.0718 4212	KSecDD - ok
20:50:39.0796 4212	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:50:39.0920 4212	lltdio - ok
20:50:40.0061 4212	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:50:40.0076 4212	LSI_FC - ok
20:50:40.0108 4212	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:50:40.0139 4212	LSI_SAS - ok
20:50:40.0170 4212	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:50:40.0201 4212	LSI_SCSI - ok
20:50:40.0232 4212	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:50:40.0295 4212	luafv - ok
20:50:40.0388 4212	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
20:50:40.0404 4212	MBAMProtector - ok
20:50:40.0451 4212	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:50:40.0466 4212	megasas - ok
20:50:40.0529 4212	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:50:40.0607 4212	MegaSR - ok
20:50:40.0669 4212	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:50:40.0732 4212	Modem - ok
20:50:40.0888 4212	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:50:40.0934 4212	monitor - ok
20:50:41.0075 4212	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:50:41.0090 4212	mouclass - ok
20:50:41.0153 4212	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:50:41.0215 4212	mouhid - ok
20:50:41.0262 4212	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:50:41.0278 4212	MountMgr - ok
20:50:41.0512 4212	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:50:41.0527 4212	mpio - ok
20:50:41.0574 4212	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:50:41.0621 4212	mpsdrv - ok
20:50:41.0714 4212	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:50:41.0730 4212	Mraid35x - ok
20:50:41.0777 4212	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:50:41.0839 4212	MRxDAV - ok
20:50:41.0886 4212	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:50:41.0948 4212	mrxsmb - ok
20:50:41.0995 4212	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:50:42.0042 4212	mrxsmb10 - ok
20:50:42.0073 4212	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:50:42.0104 4212	mrxsmb20 - ok
20:50:42.0151 4212	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
20:50:42.0182 4212	msahci - ok
20:50:42.0198 4212	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:50:42.0229 4212	msdsm - ok
20:50:42.0260 4212	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:50:42.0323 4212	Msfs - ok
20:50:42.0354 4212	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:50:42.0385 4212	msisadrv - ok
20:50:42.0448 4212	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:50:42.0510 4212	MSKSSRV - ok
20:50:42.0526 4212	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:50:42.0588 4212	MSPCLOCK - ok
20:50:42.0619 4212	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:50:42.0791 4212	MSPQM - ok
20:50:42.0853 4212	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:50:42.0900 4212	MsRPC - ok
20:50:42.0931 4212	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:50:42.0962 4212	mssmbios - ok
20:50:42.0994 4212	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:50:43.0118 4212	MSTEE - ok
20:50:43.0181 4212	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:50:43.0196 4212	Mup - ok
20:50:43.0259 4212	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:50:43.0306 4212	NativeWifiP - ok
20:50:43.0384 4212	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:50:43.0446 4212	NDIS - ok
20:50:43.0493 4212	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:50:43.0555 4212	NdisTapi - ok
20:50:43.0571 4212	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:50:43.0618 4212	Ndisuio - ok
20:50:43.0664 4212	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:50:43.0727 4212	NdisWan - ok
20:50:43.0742 4212	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:50:43.0805 4212	NDProxy - ok
20:50:43.0836 4212	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:50:43.0898 4212	NetBIOS - ok
20:50:43.0945 4212	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:50:43.0976 4212	netbt - ok
20:50:44.0132 4212	NETw4v32        (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys
20:50:44.0320 4212	NETw4v32 - ok
20:50:44.0382 4212	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:50:44.0413 4212	nfrd960 - ok
20:50:44.0460 4212	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:50:44.0491 4212	Npfs - ok
20:50:44.0522 4212	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:50:44.0585 4212	nsiproxy - ok
20:50:44.0663 4212	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:50:44.0725 4212	Ntfs - ok
20:50:44.0756 4212	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:50:44.0866 4212	ntrigdigi - ok
20:50:44.0912 4212	NuidFltr        (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
20:50:44.0944 4212	NuidFltr - ok
20:50:44.0959 4212	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:50:45.0022 4212	Null - ok
20:50:45.0302 4212	nvlddmkm        (fe6bebb8fc2a1e50426624025d7c30d6) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:50:45.0848 4212	nvlddmkm - ok
20:50:45.0895 4212	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:50:45.0911 4212	nvraid - ok
20:50:45.0942 4212	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:50:45.0973 4212	nvstor - ok
20:50:45.0989 4212	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:50:46.0020 4212	nv_agp - ok
20:50:46.0020 4212	NwlnkFlt - ok
20:50:46.0051 4212	NwlnkFwd - ok
20:50:46.0114 4212	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:50:46.0145 4212	ohci1394 - ok
20:50:46.0207 4212	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:50:46.0301 4212	Parport - ok
20:50:46.0363 4212	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:50:46.0379 4212	partmgr - ok
20:50:46.0410 4212	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:50:46.0504 4212	Parvdm - ok
20:50:46.0550 4212	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:50:46.0566 4212	pci - ok
20:50:46.0613 4212	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
20:50:46.0628 4212	pciide - ok
20:50:46.0660 4212	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:50:46.0675 4212	pcmcia - ok
20:50:46.0738 4212	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:50:46.0940 4212	PEAUTH - ok
20:50:47.0096 4212	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:50:47.0159 4212	PptpMiniport - ok
20:50:47.0174 4212	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:50:47.0237 4212	Processor - ok
20:50:47.0299 4212	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:50:47.0330 4212	PSched - ok
20:50:47.0408 4212	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:50:47.0502 4212	ql2300 - ok
20:50:47.0533 4212	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:50:47.0564 4212	ql40xx - ok
20:50:47.0596 4212	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:50:47.0642 4212	QWAVEdrv - ok
20:50:47.0674 4212	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:50:47.0736 4212	RasAcd - ok
20:50:47.0767 4212	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:50:47.0830 4212	Rasl2tp - ok
20:50:47.0892 4212	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:50:47.0939 4212	RasPppoe - ok
20:50:47.0970 4212	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:50:48.0001 4212	RasSstp - ok
20:50:48.0032 4212	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:50:48.0095 4212	rdbss - ok
20:50:48.0110 4212	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:50:48.0173 4212	RDPCDD - ok
20:50:48.0204 4212	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:50:48.0266 4212	rdpdr - ok
20:50:48.0298 4212	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:50:48.0344 4212	RDPENCDD - ok
20:50:48.0376 4212	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
20:50:48.0422 4212	RDPWD - ok
20:50:48.0500 4212	RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
20:50:48.0547 4212	RFCOMM - ok
20:50:48.0594 4212	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:50:48.0656 4212	rspndr - ok
20:50:48.0703 4212	RTL2832UBDA     (3f2e468d0659cec13aeb57f09860a47b) C:\Windows\system32\drivers\RTL2832UBDA.sys
20:50:48.0734 4212	RTL2832UBDA - ok
20:50:48.0781 4212	RTL2832UUSB     (a2cef3feec543fd0a027222fddb87ecd) C:\Windows\system32\Drivers\RTL2832UUSB.sys
20:50:48.0797 4212	RTL2832UUSB - ok
20:50:48.0828 4212	RTL2832U_IRHID  (cf9b3fc317b6ea27531c0e8e04df286e) C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys
20:50:48.0844 4212	RTL2832U_IRHID - ok
20:50:48.0890 4212	RTL8169         (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys
20:50:48.0953 4212	RTL8169 - ok
20:50:48.0984 4212	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:50:49.0000 4212	sbp2port - ok
20:50:49.0062 4212	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:50:49.0140 4212	secdrv - ok
20:50:49.0171 4212	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:50:49.0265 4212	Serenum - ok
20:50:49.0296 4212	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:50:49.0374 4212	Serial - ok
20:50:49.0405 4212	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:50:49.0468 4212	sermouse - ok
20:50:49.0514 4212	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:50:49.0561 4212	sffdisk - ok
20:50:49.0592 4212	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:50:49.0639 4212	sffp_mmc - ok
20:50:49.0670 4212	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:50:49.0717 4212	sffp_sd - ok
20:50:49.0764 4212	sfloppy         (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
20:50:49.0826 4212	sfloppy - ok
20:50:49.0889 4212	Si3531          (8613e8fe6c190f377240a3989fad5d5e) C:\Windows\system32\DRIVERS\Si3531.sys
20:50:49.0904 4212	Si3531 - ok
20:50:49.0936 4212	SiFilter        (72cf151fb410e544904dbc7d7f29b796) C:\Windows\system32\DRIVERS\SiWinAcc.sys
20:50:49.0982 4212	SiFilter - ok
20:50:49.0998 4212	SiRemFil        (41a59f484188be629087ba391ff60d74) C:\Windows\system32\DRIVERS\SiRemFil.sys
20:50:50.0029 4212	SiRemFil - ok
20:50:50.0076 4212	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:50:50.0092 4212	sisagp - ok
20:50:50.0123 4212	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:50:50.0138 4212	SiSRaid2 - ok
20:50:50.0170 4212	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:50:50.0201 4212	SiSRaid4 - ok
20:50:50.0248 4212	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:50:50.0294 4212	Smb - ok
20:50:50.0357 4212	smserial        (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\Windows\system32\DRIVERS\smserial.sys
20:50:50.0466 4212	smserial - ok
20:50:50.0513 4212	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:50:50.0528 4212	spldr - ok
20:50:50.0575 4212	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:50:50.0638 4212	srv - ok
20:50:50.0684 4212	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:50:50.0747 4212	srv2 - ok
20:50:50.0794 4212	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:50:50.0840 4212	srvnet - ok
20:50:50.0887 4212	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
20:50:50.0903 4212	ssmdrv - ok
20:50:50.0965 4212	StarOpen - ok
20:50:50.0996 4212	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:50:51.0028 4212	swenum - ok
20:50:51.0043 4212	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:50:51.0074 4212	Symc8xx - ok
20:50:51.0121 4212	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:50:51.0152 4212	Sym_hi - ok
20:50:51.0168 4212	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:50:51.0199 4212	Sym_u3 - ok
20:50:51.0293 4212	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
20:50:51.0418 4212	Tcpip - ok
20:50:51.0496 4212	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
20:50:51.0574 4212	Tcpip6 - ok
20:50:51.0620 4212	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:50:51.0667 4212	tcpipreg - ok
20:50:51.0714 4212	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:50:51.0761 4212	TDPIPE - ok
20:50:51.0792 4212	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:50:51.0854 4212	TDTCP - ok
20:50:51.0901 4212	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:50:51.0964 4212	tdx - ok
20:50:52.0026 4212	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:50:52.0042 4212	TermDD - ok
20:50:52.0120 4212	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:50:52.0166 4212	tssecsrv - ok
20:50:52.0182 4212	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:50:52.0229 4212	tunmp - ok
20:50:52.0276 4212	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:50:52.0307 4212	tunnel - ok
20:50:52.0338 4212	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:50:52.0369 4212	uagp35 - ok
20:50:52.0432 4212	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:50:52.0494 4212	udfs - ok
20:50:52.0541 4212	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:50:52.0556 4212	uliagpkx - ok
20:50:52.0603 4212	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:50:52.0634 4212	uliahci - ok
20:50:52.0666 4212	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:50:52.0681 4212	UlSata - ok
20:50:52.0712 4212	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:50:52.0728 4212	ulsata2 - ok
20:50:52.0759 4212	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:50:52.0822 4212	umbus - ok
20:50:52.0900 4212	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:50:52.0946 4212	usbccgp - ok
20:50:52.0978 4212	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:50:53.0071 4212	usbcir - ok
20:50:53.0102 4212	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:50:53.0149 4212	usbehci - ok
20:50:53.0196 4212	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:50:53.0258 4212	usbhub - ok
20:50:53.0290 4212	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:50:53.0383 4212	usbohci - ok
20:50:53.0430 4212	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:50:53.0492 4212	usbprint - ok
20:50:53.0539 4212	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:50:53.0586 4212	usbscan - ok
20:50:53.0617 4212	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:50:53.0664 4212	USBSTOR - ok
20:50:53.0695 4212	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:50:53.0742 4212	usbuhci - ok
20:50:53.0773 4212	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:50:53.0836 4212	vga - ok
20:50:53.0867 4212	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:50:53.0929 4212	VgaSave - ok
20:50:53.0976 4212	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:50:53.0992 4212	viaagp - ok
20:50:54.0023 4212	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:50:54.0070 4212	ViaC7 - ok
20:50:54.0101 4212	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:50:54.0116 4212	viaide - ok
20:50:54.0148 4212	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:50:54.0163 4212	volmgr - ok
20:50:54.0210 4212	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:50:54.0241 4212	volmgrx - ok
20:50:54.0288 4212	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:50:54.0319 4212	volsnap - ok
20:50:54.0350 4212	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:50:54.0382 4212	vsmraid - ok
20:50:54.0428 4212	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:50:54.0538 4212	WacomPen - ok
20:50:54.0569 4212	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:50:54.0616 4212	Wanarp - ok
20:50:54.0631 4212	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:50:54.0678 4212	Wanarpv6 - ok
20:50:54.0709 4212	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:50:54.0725 4212	Wd - ok
20:50:54.0772 4212	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:50:54.0834 4212	Wdf01000 - ok
20:50:54.0928 4212	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:50:54.0959 4212	WmiAcpi - ok
20:50:55.0037 4212	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:50:55.0099 4212	WpdUsb - ok
20:50:55.0130 4212	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:50:55.0193 4212	ws2ifsl - ok
20:50:55.0240 4212	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:50:55.0302 4212	WUDFRd - ok
20:50:55.0349 4212	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:50:55.0567 4212	\Device\Harddisk0\DR0 - ok
20:50:55.0567 4212	Boot (0x1200)   (579a7a032e337a3761f23e619d0a8322) \Device\Harddisk0\DR0\Partition0
20:50:55.0583 4212	\Device\Harddisk0\DR0\Partition0 - ok
20:50:55.0614 4212	Boot (0x1200)   (e36eb5ffc005f3a5f9a19d4e34b70750) \Device\Harddisk0\DR0\Partition1
20:50:55.0614 4212	\Device\Harddisk0\DR0\Partition1 - ok
20:50:55.0614 4212	============================================================
20:50:55.0614 4212	Scan finished
20:50:55.0614 4212	============================================================
20:50:55.0630 4356	Detected object count: 3
20:50:55.0630 4356	Actual detected object count: 3
20:52:06.0235 4356	CEBFilter ( UnsignedFile.Multi.Generic ) - skipped by user
20:52:06.0235 4356	CEBFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:52:06.0235 4356	CEIO ( UnsignedFile.Multi.Generic ) - skipped by user
20:52:06.0235 4356	CEIO ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:52:06.0235 4356	cKBFilter ( UnsignedFile.Multi.Generic ) - skipped by user
20:52:06.0235 4356	cKBFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 06.03.2012, 21:22

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

06.03.2012, 12:46	#7
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows gesperrt - bezahlen... Funktioniert jetzt der normale Modus wieder oder nicht? __________________ Logfiles bitte immer in CODE-Tags posten

Windows gesperrt - bezahlen...

Log-Analyse und Auswertung: Windows gesperrt - bezahlen...