| |
| |||||||
Log-Analyse und Auswertung: Nochmal Bundespolizei TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.04.2011, 18:26
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Nochmal Bundespolizei Trojaner Wie im normalen OTL auch...
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.04.2011, 18:45
| #17 |
 | Nochmal Bundespolizei Trojaner So da sann mer wieder,
__________________nun yu den Logs Code:
ATTFilter OTL logfile created on: 4/14/2011 8:36:10 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 134.90 Gb Total Space | 55.44 Gb Free Space | 41.10% Space Free | Partition Type: NTFS
Drive D: | 3.65 Gb Total Space | 3.64 Gb Free Space | 99.77% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - (clr_optimization_v2.0.50727_32) -- File not found
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (DozeSvc) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe ()
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (SUService) -- C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (TVT Scheduler) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (TVT Backup Protection Service) -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (tvtnetwk) -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe ()
SRV - (Diskeeper) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (UIUSys) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (DozeHDD) -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS (Lenovo.)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS (Lenovo Group Limited)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (NETwLx32) Intel(R) -- C:\WINDOWS\system32\drivers\NETwLx32.sys (Intel Corporation)
DRV - (lenovo.smi) -- C:\WINDOWS\system32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (Shockprf) -- C:\WINDOWS\system32\drivers\ApsX86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\WINDOWS\system32\drivers\ApsHM86.sys (Lenovo.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (NETw4x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (G400) -- C:\WINDOWS\system32\drivers\G400m.sys (Matrox Graphics Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Dao2_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\Dao2_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com
IE - HKU\Dao2_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\T61_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE - HKU\T61_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\T61_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\T61_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Dao2_ON_C\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\T61_ON_C\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\T61_ON_C\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PSQLLauncher] C:\Programme\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKU\T61_ON_C..\Run: [AquaSnap] C:\Programme\AquaSnap\AquaSnap.Daemon.exe (hxxp://www.nurgo-software.com)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\T61\Startmenü\Programme\Autostart\Yahoo! Widgets.lnk = C:\Programme\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Dao2_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\T61_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Programme\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {439B6D3C-A359-4D73-8515-2AFE8CF90C08} hxxp://www.tradesignalonline.com/charts/bin/axts5we.cab (TradeSignal 5 Web Edition)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\DOKUME~1\T61\LOKALE~1\Temp\0.9949424927759878.exe) - C:\Dokumente und Einstellungen\T61\Lokale Einstellungen\Temp\0.9949424927759878.exe (Eipunrwaso Ensmw)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\psfus: DllName - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/26 22:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/04/14 08:31:56 | 000,000,016 | -H-- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2011/04/14 08:31:56 | 000,000,016 | -H-- | M] () - D:\AUTORUN_.INF -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/14 10:24:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dao2\Lokale Einstellungen\Anwendungsdaten\Paint.NET
[2011/04/14 10:12:59 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Dao2\Desktop\mbam-setup.exe
[2011/04/14 10:09:58 | 000,364,705 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Dao2\Desktop\3nl6top7fb.exe
[2011/04/14 10:07:27 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Dao2\Desktop\OTH.scr
[2011/04/14 09:53:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dao2\Lokale Einstellungen\Anwendungsdaten\Opera
[2011/04/14 09:53:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dao2\Anwendungsdaten\Opera
[2011/04/14 09:53:06 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Dao2\PrivacIE
[2011/04/14 04:30:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dao2\Anwendungsdaten\Macromedia
[2011/04/13 18:48:29 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\IETldCache
[2011/04/13 18:48:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/04/13 18:36:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/04/11 03:36:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PDF24
[2011/04/02 14:20:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN
[2011/04/02 08:28:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\T61\Anwendungsdaten\PwrMgr
[2011/04/02 08:10:20 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\T61\Recent
[2011/04/01 12:27:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\T61\Lokale Einstellungen\Anwendungsdaten\Unity
[2011/03/23 16:27:07 | 000,000,000 | ---D | C] -- C:\Programme\Paint.NET
[2011/03/23 16:27:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\T61\Lokale Einstellungen\Anwendungsdaten\Paint.NET
[2011/03/23 13:12:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\T61\Lokale Einstellungen\Anwendungsdaten\World Clock - countries
[2011/03/23 13:10:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\T61\Lokale Einstellungen\Anwendungsdaten\World Clock - cities
[2011/03/23 13:08:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\T61\Lokale Einstellungen\Anwendungsdaten\World+Clock
[2011/03/23 13:02:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\T61\Desktop\Shortcuts
[2011/03/18 05:29:12 | 000,000,000 | ---D | C] -- C:\Programme\McAfee Labs Stinger
[2011/03/18 05:07:13 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2007/10/15 16:05:36 | 000,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2007/10/15 16:05:36 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/04/14 12:45:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/14 12:44:50 | 000,074,256 | ---- | M] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011/04/14 12:42:58 | 000,025,261 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2011/04/14 12:42:45 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2011/04/14 12:42:32 | 2103,750,656 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/14 10:50:44 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/14 10:45:01 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2011/04/14 10:44:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2011/04/14 10:43:48 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2011/04/14 10:32:03 | 000,000,872 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/14 10:13:04 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Dao2\Desktop\mbam-setup.exe
[2011/04/14 10:10:00 | 000,364,705 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Dao2\Desktop\3nl6top7fb.exe
[2011/04/14 10:07:53 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Dao2\Desktop\OTH.scr
[2011/04/14 03:57:33 | 000,459,396 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011/04/14 03:57:33 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/14 03:57:33 | 000,084,722 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011/04/14 03:57:33 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/13 03:44:00 | 000,012,800 | ---- | M] () -- C:\Dokumente und Einstellungen\T61\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/12 02:53:50 | 000,001,859 | ---- | M] () -- C:\Dokumente und Einstellungen\T61\Desktop\OANDA fxTrade.lnk
[2011/04/11 03:36:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PDF24
[2011/04/10 04:45:02 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2011/04/02 14:20:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN
[2011/03/30 03:53:14 | 000,002,501 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Word.lnk
[2011/03/29 06:40:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/29 02:31:17 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/23 16:27:15 | 000,000,853 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Paint.NET.lnk
[2011/03/18 05:07:13 | 000,003,002 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/04/14 12:42:32 | 2103,750,656 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/23 16:27:15 | 000,000,853 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Paint.NET.lnk
[2011/03/23 13:12:29 | 000,002,360 | ---- | C] () -- C:\Dokumente und Einstellungen\T61\Startmenü\Programme\World Clock - countries.lnk
[2011/03/23 13:10:02 | 000,002,312 | ---- | C] () -- C:\Dokumente und Einstellungen\T61\Startmenü\Programme\World Clock - cities.lnk
[2011/03/23 13:08:04 | 000,002,168 | ---- | C] () -- C:\Dokumente und Einstellungen\T61\Startmenü\Programme\World+Clock.lnk
[2011/03/18 03:28:05 | 000,001,859 | ---- | C] () -- C:\Dokumente und Einstellungen\T61\Desktop\OANDA fxTrade.lnk
[2011/01/20 10:47:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/09 13:03:25 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Dao2\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010/12/20 08:35:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2010/12/02 03:07:38 | 000,074,256 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010/12/01 09:25:59 | 000,012,800 | ---- | C] () -- C:\Dokumente und Einstellungen\T61\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/01 08:12:45 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/10 08:44:08 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll
[2008/09/10 08:44:07 | 000,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/10/17 14:59:22 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\T61\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007/10/15 23:47:33 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/10/15 16:40:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/10/15 16:28:37 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2007/10/15 16:27:10 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2007/10/15 16:21:43 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/10/15 16:19:29 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/10/15 16:19:29 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/10/15 16:19:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/10/15 16:19:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/10/15 16:19:29 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/10/15 16:19:29 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/10/15 16:11:45 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/10/15 16:11:45 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/10/15 16:11:44 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/10/15 16:11:43 | 001,018,804 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/10/15 16:11:43 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/10/15 16:11:42 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/10/15 16:11:42 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/10/15 16:11:39 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/10/15 16:11:39 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/10/15 16:06:25 | 000,196,608 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2007/10/15 16:05:36 | 009,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2007/10/15 16:05:36 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2007/10/15 16:04:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2007/10/15 15:57:38 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2007/03/02 08:15:36 | 000,025,261 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2007/03/02 08:15:25 | 000,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2007/02/27 11:48:38 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/27 11:29:32 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2007/01/16 11:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/05 08:20:36 | 000,079,400 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006/02/16 04:18:38 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/01/27 13:18:01 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/01/27 13:05:14 | 000,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/26 22:25:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/01/26 22:15:11 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/01/26 21:01:44 | 000,459,396 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006/01/26 21:01:44 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006/01/26 21:01:44 | 000,084,722 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006/01/26 21:01:44 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006/01/26 21:01:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/01/26 21:01:21 | 000,441,458 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/01/26 21:01:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/01/26 21:01:21 | 000,071,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/01/26 21:01:21 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/01/26 21:01:19 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/01/26 21:01:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/01/26 21:01:15 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/01/26 21:01:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/01/26 21:01:08 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/01/26 21:01:02 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/01/26 21:00:53 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/01/26 13:09:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/01/26 13:08:46 | 000,114,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/11/14 06:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2007/10/15 16:34:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\System32\config\systemprofile\Anwendungsdaten\Lenovo
[2010/12/01 06:04:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lenovo
[2011/01/09 13:03:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dao2\Anwendungsdaten\Lenovo
[2011/04/14 09:53:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dao2\Anwendungsdaten\Opera
[2010/12/02 03:43:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T61\Anwendungsdaten\Avaya
[2011/03/11 10:02:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T61\Anwendungsdaten\avidemux
[2011/03/24 03:10:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T61\Anwendungsdaten\Dexpot
[2011/03/11 12:10:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T61\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010/12/02 18:37:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T61\Anwendungsdaten\foobar2000
[2010/12/01 07:39:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T61\Anwendungsdaten\Leadertech
[2010/12/01 15:44:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T61\Anwendungsdaten\Lenovo
[2010/12/01 17:27:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T61\Anwendungsdaten\MetaQuotes
[2011/03/23 13:12:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T61\Anwendungsdaten\Opera
[2011/04/02 08:28:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T61\Anwendungsdaten\PwrMgr
[2011/02/24 05:36:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T61\Anwendungsdaten\tradesignal
[2010/12/21 10:06:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T61\Anwendungsdaten\Update
[2010/12/01 07:49:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2010/12/01 15:36:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2011/03/08 17:36:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MetaQuotes
[2007/10/15 16:27:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC-Doctor
[2010/12/21 10:08:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr
[2009/04/07 04:41:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB
[2011/02/15 10:12:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WMRCBA2
[2011/04/14 10:45:01 | 000,000,242 | ---- | M] () -- C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2011/04/10 04:45:02 | 000,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/04/14 10:43:48 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2011/04/14 10:44:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job
========== Purity Check ==========
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 4/14/2011 8:36:10 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 134.90 Gb Total Space | 55.44 Gb Free Space | 41.10% Space Free | Partition Type: NTFS
Drive D: | 3.65 Gb Total Space | 3.64 Gb Free Space | 99.77% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Programme\Opera\opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Programme\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Programme\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Programme\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\MetaTrader 4\terminal.exe" = C:\Programme\MetaTrader 4\terminal.exe:*:Enabled:MetaTrader -- (MetaQuotes Software Corp.)
"C:\Programme\NinjaTrader 6.5\bin\NinjaTrader.exe" = C:\Programme\NinjaTrader 6.5\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{10DDCDDD-9A59-4496-9371-C17F1668D433}" = Windows Live Toolbar
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = Dienstprogramm 'ThinkPad-Tastaturanpassung'
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75C82071-B29F-4824-BD2E-0BEA71206DAF}" = Tradesignal Online Chart
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{7B4174E8-FE92-4269-808A-3B8D116D9538}" = Advanced Security for Outlook
"{7D733DBC-1761-4EC9-831A-8976062B33CA}" = AquaSnap
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.7
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{90110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9F98C9F8-9B49-411C-AFB9-AF633249FA7C}" = ThinkVantage Fingerprint Software 5.8
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{F8F28729-B336-492C-B4FD-53A9BBDF0482}" = Intel(R) PROSet/Wireless WiFi-Software
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF09A6A1-4DE5-467D-AA26-EF18C0EA4DAB}" = Paint.NET v3.30
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"Avidemux 2.5" = Avidemux 2.5
"AwayTask" = Maintenance Manager
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem
"foobar2000" = foobar2000 v1.1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.34.305
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Jagged Alliance 2" = Jagged Alliance 2
"Lenovo Registration" = Lenovo Registration
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"MediaMonkey_is1" = MediaMonkey 3.2
"MetaTrader 5" = MetaTrader 5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"News Updater_is1" = News Updater ver 1.4
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OnScreenDisplay" = Anzeige am Bildschirm
"Opera 11.01.1190" = Opera 11.01
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Picasa2" = Picasa 2
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) PRO Network Connections Drivers
"Remove Multimedia Center" = Remove Multimedia Center
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.8
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\T61_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dexpot" = Dexpot
"OANDA FXNews for fxTrade" = OANDA FXNews for fxTrade
"OANDA fxTrade" = OANDA fxTrade
"OANDA fxTrade Practice" = OANDA fxTrade Practice
"UnityWebPlayer" = Unity Web Player
"World Clock - cities" = World Clock - cities
"World Clock - countries" = World Clock - countries
"World+Clock" = World+Clock
< End of report >
 gruss Nico |
|
14.04.2011, 19:49
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nochmal Bundespolizei Trojaner Mach einen OTL-Fix, über OTL in der Live-CD, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
[2010/12/21 10:08:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr
[2009/04/07 04:41:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB
[2011/02/15 10:12:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WMRCBA2
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/26 22:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/04/14 08:31:56 | 000,000,016 | -H-- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2011/04/14 08:31:56 | 000,000,016 | -H-- | M] () - D:\AUTORUN_.INF -- [ FAT32 ]
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ |
|
14.04.2011, 20:01
| #19 |
| | Nochmal Bundespolizei Trojaner Hallo, hier das logfile Code:
ATTFilter ========== OTL ==========
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr\Tonopah folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr\5717\Tonopah\upload folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr\5717\Tonopah\manifest\payloads folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr\5717\Tonopah\manifest folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr\5717\Tonopah\httpcache folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr\5717\Tonopah\db folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr\5717\Tonopah folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr\5717\TM folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr\5717\software folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr\5717\smartdata folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr\5717\performance folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr\5717\logs folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr\5717\libLenovoInfoCache folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr\5717\hardware folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr\5717\datastore folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr\5717 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB\{9F98C9F8-9B49-411C-AFB9-AF633249FA7C} folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WMRCBA2 folder moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
File D:\AUTORUN.INF not found.
D:\AUTORUN_.INF moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 63495 bytes
User: All Users
User: Dao2
->Temp folder emptied: 55534 bytes
->Temporary Internet Files folder emptied: 4635662 bytes
->Opera cache emptied: 240 bytes
->Flash cache emptied: 801 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: T61
->Temp folder emptied: 125429760 bytes
->Temporary Internet Files folder emptied: 5123886 bytes
->Java cache emptied: 106078502 bytes
->Opera cache emptied: 327403076 bytes
->Flash cache emptied: 52407 bytes
%systemdrive% .tmp files removed: 4 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1160192 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 556819 bytes
Total Files Cleaned = 544.00 mb
OTLPE by OldTimer - Version 3.1.46.0 log created on 04142011_215543
gruss Nico |
|
14.04.2011, 20:08
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nochmal Bundespolizei Trojaner Schau mal bitte wie sich das normal installierte Windows verhält. Im normalen und im abgesicherten Modus.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.04.2011, 20:31
| #21 |
| | Nochmal Bundespolizei Trojaner Es ist eine partielle Besserung eingetreten. Jetzt ist die Bundespolizeimeldung verschwunden. Ich habe jetzt im Primäracc. und Zweitacc. den jeweiligen Desktophintergrund. Im abgesicherten Modus ist der Bildschirm schwarz (denke das ist auch normal). Allerdings sind in sämtlichen Modi die Bildschirme noch immer leer. Ich kann Programme noch immer nur über den Taskmanager aufrufen. Dieser funktioniert jetzt aber in allen Modi. Von daher ist das ja schon ein super Fortschritt Schonmal vielen Dank und ich harre der Anweisungen, die da kommen mögen. gruß Nico |
|
14.04.2011, 20:32
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nochmal Bundespolizei Trojaner Gut. Den Rest kriegen wir auch noch hin. Mach erstmal einen Vollscan mit Malwarebytes.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.04.2011, 21:17
| #23 |
| | Nochmal Bundespolizei Trojaner Done. Hier das Log: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6364
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
14.04.2011 23:11:20
mbam-log-2011-04-14 (23-10-59).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 260879
Laufzeit: 31 Minute(n), 10 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\DOKUME~1\T61\LOKALE~1\Temp\0.9949424927759878.exe) Good: (explorer.exe) -> No action taken.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
gruß Nico |
|
15.04.2011, 08:51
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nochmal Bundespolizei Trojaner Hat Malwarebytes nicht mehr gefunden??
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.04.2011, 09:33
| #25 |
| | Nochmal Bundespolizei Trojaner Nein. Ich hab es eben nochmal durchlaufen lassen, hier das Log: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6367
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
15.04.2011 11:29:48
mbam-log-2011-04-15 (11-29-33).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 261386
Laufzeit: 30 Minute(n), 52 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\DOKUME~1\T61\LOKALE~1\Temp\0.9949424927759878.exe) Good: (explorer.exe) -> No action taken.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
 gruß Nico |
|
15.04.2011, 10:35
| #26 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nochmal Bundespolizei TrojanerZitat:
Außerdem brauch ich den Quarantäneordner von OTL. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen! 2.) Ordner C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.04.2011, 10:59
| #27 | ||
| | Nochmal Bundespolizei Trojaner Yes, mein "normaler" Desktop ist wieder da.  Zitat:
Ich hege die vage Hoffnung um ein Neuaufsetzen des Systems herumzukommen und das will ich nicht durch irgendeine eigenmächtige Handlung gefährden. Daher pfusch ich als Noob da nicht rum, schließlich seid ihr die Spezialisten Zitat:
Noch ne kurze Frage: gestern gab's ja großen Patchday. Mein System will deshalb updaten. Kann ich das in der Zwischenzeit tun oder soll ich warten, bis wir evtl. fertig sind? gruß Nico |
|
15.04.2011, 12:18
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nochmal Bundespolizei Trojaner Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf die Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.04.2011, 12:29
| #29 |
| | Nochmal Bundespolizei Trojaner Done. Das Programm hat nichts gefunden. Code:
ATTFilter 2011/04/15 14:25:45.0062 3132 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/15 14:25:45.0453 3132 ================================================================================
2011/04/15 14:25:45.0453 3132 SystemInfo:
2011/04/15 14:25:45.0453 3132
2011/04/15 14:25:45.0453 3132 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/15 14:25:45.0453 3132 Product type: Workstation
2011/04/15 14:25:45.0453 3132 ComputerName: LENOVO-D3196D7C
2011/04/15 14:25:45.0453 3132 UserName: T61
2011/04/15 14:25:45.0453 3132 Windows directory: C:\WINDOWS
2011/04/15 14:25:45.0453 3132 System windows directory: C:\WINDOWS
2011/04/15 14:25:45.0453 3132 Processor architecture: Intel x86
2011/04/15 14:25:45.0453 3132 Number of processors: 2
2011/04/15 14:25:45.0453 3132 Page size: 0x1000
2011/04/15 14:25:45.0453 3132 Boot type: Normal boot
2011/04/15 14:25:45.0453 3132 ================================================================================
2011/04/15 14:25:45.0609 3132 Initialize success
2011/04/15 14:25:51.0296 4128 ================================================================================
2011/04/15 14:25:51.0296 4128 Scan started
2011/04/15 14:25:51.0296 4128 Mode: Manual;
2011/04/15 14:25:51.0296 4128 ================================================================================
2011/04/15 14:25:51.0546 4128 Aavmker4 (83631291adf2887cffc786d034d3fa15) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/04/15 14:25:51.0593 4128 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/04/15 14:25:51.0609 4128 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2011/04/15 14:25:51.0656 4128 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/15 14:25:51.0687 4128 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/04/15 14:25:51.0734 4128 ADIHdAudAddService (ca6d262e0e68da7ac1e2edb0a8324031) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/04/15 14:25:51.0750 4128 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/04/15 14:25:51.0765 4128 AEAudio (b4afcc2f911939a1c16a26e7eba7f36b) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/04/15 14:25:51.0812 4128 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/15 14:25:51.0843 4128 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/15 14:25:51.0890 4128 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/04/15 14:25:51.0906 4128 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/04/15 14:25:51.0921 4128 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/04/15 14:25:51.0937 4128 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/04/15 14:25:51.0953 4128 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/04/15 14:25:51.0968 4128 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/04/15 14:25:52.0000 4128 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/04/15 14:25:52.0015 4128 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/04/15 14:25:52.0031 4128 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/04/15 14:25:52.0078 4128 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
2011/04/15 14:25:52.0140 4128 AR5211 (78e15866befe8b940046c36ba92f9eb6) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/04/15 14:25:52.0187 4128 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/15 14:25:52.0187 4128 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/04/15 14:25:52.0218 4128 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/04/15 14:25:52.0265 4128 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/04/15 14:25:52.0312 4128 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/04/15 14:25:52.0328 4128 aswMon2 (452d0ecd14fa02f9b061f42c8a30dd49) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/04/15 14:25:52.0406 4128 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/04/15 14:25:52.0453 4128 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/04/15 14:25:52.0484 4128 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\WINDOWS\system32\drivers\aswSP.sys
2011/04/15 14:25:52.0531 4128 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/04/15 14:25:52.0562 4128 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/15 14:25:52.0578 4128 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/15 14:25:52.0625 4128 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/15 14:25:52.0687 4128 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
2011/04/15 14:25:52.0718 4128 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/15 14:25:52.0750 4128 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/15 14:25:52.0796 4128 btaudio (3aa4bf555c00c5b87fd48dd7bdbd4e97) C:\WINDOWS\system32\drivers\btaudio.sys
2011/04/15 14:25:52.0843 4128 BTDriver (07f0a66cfa550b13ad0674ae09e3cba0) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/04/15 14:25:52.0890 4128 BTKRNL (9da09b5800b9de8336948664e3b9cc94) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/04/15 14:25:52.0921 4128 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/04/15 14:25:52.0953 4128 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/04/15 14:25:52.0984 4128 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/04/15 14:25:53.0000 4128 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/15 14:25:53.0046 4128 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/15 14:25:53.0062 4128 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/04/15 14:25:53.0093 4128 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/15 14:25:53.0109 4128 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/15 14:25:53.0140 4128 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/15 14:25:53.0187 4128 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/04/15 14:25:53.0218 4128 CmdIde (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/04/15 14:25:53.0218 4128 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/04/15 14:25:53.0250 4128 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/04/15 14:25:53.0265 4128 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/04/15 14:25:53.0281 4128 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/04/15 14:25:53.0296 4128 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/15 14:25:53.0359 4128 DLABOIOM (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/04/15 14:25:53.0375 4128 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/04/15 14:25:53.0406 4128 DLADResN (2104649b0b79b9f30122c545cba0c655) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/04/15 14:25:53.0437 4128 DLAIFS_M (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/04/15 14:25:53.0453 4128 DLAOPIOM (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/04/15 14:25:53.0484 4128 DLAPoolM (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/04/15 14:25:53.0531 4128 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/04/15 14:25:53.0562 4128 DLAUDFAM (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/04/15 14:25:53.0593 4128 DLAUDF_M (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/04/15 14:25:53.0640 4128 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/15 14:25:53.0656 4128 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/15 14:25:53.0687 4128 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/15 14:25:53.0718 4128 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/15 14:25:53.0765 4128 DozeHDD (6d279bb0de1d8e34f454e1b353f4d738) C:\WINDOWS\system32\DRIVERS\DozeHDD.sys
2011/04/15 14:25:53.0796 4128 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/04/15 14:25:53.0812 4128 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/15 14:25:53.0828 4128 DRVMCDB (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/04/15 14:25:53.0843 4128 DRVNDDM (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/04/15 14:25:53.0859 4128 E100B (a6de5342417fec3c0aa8efebb899c431) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/04/15 14:25:53.0921 4128 e1express (67396a6b3adac7ff233cadf6d1660dba) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/04/15 14:25:53.0968 4128 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/15 14:25:54.0000 4128 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/15 14:25:54.0031 4128 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/15 14:25:54.0046 4128 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/15 14:25:54.0078 4128 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/15 14:25:54.0156 4128 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/15 14:25:54.0187 4128 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/15 14:25:54.0234 4128 G400 (33d00f8cb70ac5f7a8101f79d5273615) C:\WINDOWS\system32\DRIVERS\G400m.sys
2011/04/15 14:25:54.0281 4128 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/15 14:25:54.0312 4128 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/15 14:25:54.0343 4128 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/15 14:25:54.0375 4128 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/04/15 14:25:54.0437 4128 HSFHWAZL (702a7e1b3c9263efbd6aede3b6919761) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/04/15 14:25:54.0468 4128 HSF_DPV (8d02cb68d53aa36189faf86fed438884) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/04/15 14:25:54.0515 4128 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/15 14:25:54.0593 4128 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/04/15 14:25:54.0609 4128 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/04/15 14:25:54.0656 4128 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/15 14:25:54.0796 4128 ialm (c1c2d6940d6ec2f247b0f3c11e0a18e0) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/04/15 14:25:55.0062 4128 iaStor (01446278d4563b3013c92830ae6cbb26) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/04/15 14:25:55.0093 4128 IBMPMDRV (fa3d0a6da7bb7968efe5c5bc267f0e55) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
2011/04/15 14:25:55.0109 4128 IBMTPCHK (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
2011/04/15 14:25:55.0140 4128 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/15 14:25:55.0203 4128 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/04/15 14:25:55.0234 4128 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/15 14:25:55.0265 4128 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/15 14:25:55.0312 4128 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/15 14:25:55.0328 4128 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/15 14:25:55.0343 4128 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/15 14:25:55.0359 4128 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/15 14:25:55.0390 4128 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/15 14:25:55.0437 4128 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/15 14:25:55.0468 4128 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/15 14:25:55.0515 4128 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2011/04/15 14:25:55.0562 4128 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/15 14:25:55.0593 4128 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/15 14:25:55.0625 4128 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/15 14:25:55.0656 4128 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/15 14:25:55.0718 4128 lenovo.smi (9aac267a225f3caebb9e633f7eb16e4b) C:\WINDOWS\system32\DRIVERS\smiif32.sys
2011/04/15 14:25:55.0750 4128 mdmxsdk (a027de1e6c11bd2daf61f6f276b2299f) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/04/15 14:25:55.0781 4128 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/15 14:25:55.0828 4128 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/15 14:25:55.0875 4128 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/15 14:25:55.0921 4128 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/15 14:25:55.0937 4128 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/15 14:25:55.0968 4128 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/04/15 14:25:55.0984 4128 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/15 14:25:56.0031 4128 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/15 14:25:56.0093 4128 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/15 14:25:56.0109 4128 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/15 14:25:56.0125 4128 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/15 14:25:56.0171 4128 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/15 14:25:56.0218 4128 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/15 14:25:56.0234 4128 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/15 14:25:56.0250 4128 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/15 14:25:56.0265 4128 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/15 14:25:56.0312 4128 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/15 14:25:56.0343 4128 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/15 14:25:56.0375 4128 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/15 14:25:56.0390 4128 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/15 14:25:56.0421 4128 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/15 14:25:56.0484 4128 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/15 14:25:56.0515 4128 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/15 14:25:56.0546 4128 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/15 14:25:56.0656 4128 NETw4x32 (18b2d3e11ed7a3c898ade6a6692b6929) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2011/04/15 14:25:56.0828 4128 NETwLx32 (72062b53186e4a3f5fcbc41ebb62b905) C:\WINDOWS\system32\DRIVERS\NETwLx32.sys
2011/04/15 14:25:57.0156 4128 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/15 14:25:57.0187 4128 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/15 14:25:57.0218 4128 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/15 14:25:57.0281 4128 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/15 14:25:57.0437 4128 nv (533a44be373bb8e9cd85a563eb132ed7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/15 14:25:57.0718 4128 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/15 14:25:57.0734 4128 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/15 14:25:57.0781 4128 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/15 14:25:57.0843 4128 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/15 14:25:57.0859 4128 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/15 14:25:57.0875 4128 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/15 14:25:57.0890 4128 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/15 14:25:57.0921 4128 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/15 14:25:57.0937 4128 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/04/15 14:25:58.0000 4128 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/04/15 14:25:58.0015 4128 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/04/15 14:25:58.0062 4128 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
2011/04/15 14:25:58.0109 4128 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/15 14:25:58.0156 4128 PROCDD (1d80309fed4babf8ea9e7b84a394348b) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
2011/04/15 14:25:58.0187 4128 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/04/15 14:25:58.0234 4128 psadd (aac08defb15aaab00b30341c716efa35) C:\WINDOWS\system32\DRIVERS\psadd.sys
2011/04/15 14:25:58.0265 4128 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/15 14:25:58.0296 4128 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/15 14:25:58.0359 4128 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/15 14:25:58.0390 4128 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/04/15 14:25:58.0406 4128 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/04/15 14:25:58.0421 4128 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/04/15 14:25:58.0437 4128 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/04/15 14:25:58.0453 4128 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/04/15 14:25:58.0468 4128 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/15 14:25:58.0515 4128 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/15 14:25:58.0531 4128 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/15 14:25:58.0593 4128 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/15 14:25:58.0625 4128 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/15 14:25:58.0656 4128 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/15 14:25:58.0671 4128 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/15 14:25:58.0734 4128 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/15 14:25:58.0765 4128 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/15 14:25:58.0796 4128 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/04/15 14:25:58.0828 4128 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/04/15 14:25:58.0843 4128 rismxdp (d231b577024aa324af13a42f3a807d10) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/04/15 14:25:58.0906 4128 s24trans (27fc71da659305e260acbda15a318399) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/04/15 14:25:58.0968 4128 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/04/15 14:25:59.0000 4128 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/15 14:25:59.0015 4128 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/15 14:25:59.0046 4128 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/15 14:25:59.0062 4128 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/15 14:25:59.0109 4128 Shockprf (bc31655a03d9e9ed6f7116bafb9b38c7) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
2011/04/15 14:25:59.0156 4128 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/04/15 14:25:59.0187 4128 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/15 14:25:59.0281 4128 smihlp (2a348e2292eb57775787ec4be7622715) C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
2011/04/15 14:25:59.0468 4128 SNP2UVC (537cd54295cdbcc4dcffe95e234387ae) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2011/04/15 14:25:59.0828 4128 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/04/15 14:25:59.0875 4128 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/15 14:25:59.0906 4128 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/15 14:25:59.0953 4128 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/15 14:25:59.0984 4128 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/15 14:26:00.0015 4128 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/15 14:26:00.0046 4128 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/15 14:26:00.0078 4128 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/04/15 14:26:00.0093 4128 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/04/15 14:26:00.0109 4128 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/04/15 14:26:00.0125 4128 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/04/15 14:26:00.0187 4128 SynTP (4f3fa14e8d306005f3f4cb771e806f40) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/04/15 14:26:00.0234 4128 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/15 14:26:00.0296 4128 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/15 14:26:00.0328 4128 TcUsb (d623a84feaf092ab2fcfbf68d194a3df) C:\WINDOWS\system32\Drivers\tcusb.sys
2011/04/15 14:26:00.0375 4128 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/15 14:26:00.0390 4128 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/15 14:26:00.0421 4128 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/15 14:26:00.0500 4128 TosIde (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/04/15 14:26:00.0531 4128 TPDIGIMN (c5dc9e462407b274b504de2aa3220c2e) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
2011/04/15 14:26:00.0578 4128 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
2011/04/15 14:26:00.0609 4128 TPPWRIF (c037817e2498d9db736e4ba355b1f4e7) C:\WINDOWS\system32\drivers\Tppwrif.sys
2011/04/15 14:26:00.0656 4128 TSMAPIP (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
2011/04/15 14:26:00.0687 4128 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
2011/04/15 14:26:00.0718 4128 TVTI2C (8ab24d4b7da715c2c80455137910e792) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
2011/04/15 14:26:00.0750 4128 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
2011/04/15 14:26:00.0781 4128 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/15 14:26:00.0843 4128 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/04/15 14:26:00.0890 4128 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/15 14:26:00.0937 4128 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/15 14:26:00.0953 4128 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/15 14:26:00.0968 4128 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/15 14:26:01.0015 4128 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/15 14:26:01.0031 4128 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/15 14:26:01.0078 4128 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/15 14:26:01.0109 4128 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/04/15 14:26:01.0140 4128 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/15 14:26:01.0171 4128 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/04/15 14:26:01.0203 4128 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/04/15 14:26:01.0250 4128 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/15 14:26:01.0296 4128 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/15 14:26:01.0343 4128 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/04/15 14:26:01.0390 4128 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/15 14:26:01.0468 4128 winachsf (115946a53b62a6b171fd0ed197c71d52) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/04/15 14:26:01.0515 4128 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/04/15 14:26:01.0546 4128 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/15 14:26:01.0593 4128 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/15 14:26:01.0609 4128 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/15 14:26:01.0671 4128 ================================================================================
2011/04/15 14:26:01.0671 4128 Scan finished
2011/04/15 14:26:01.0671 4128 ================================================================================
Gruß Nico |
|
15.04.2011, 13:48
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nochmal Bundespolizei Trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Nochmal Bundespolizei Trojaner |
| 0x00000001, 7-zip, avast!, bho, bildschirm, bundespolizei trojaner, bundespolizei-trojaner, converter, desktop, einstellungen, error, externe platte, festplatte, flash player, format, google earth, helper, homepage, installation, internet browser, location, logfile, mp3, object, oldtimer, otl.exe, picasa, plug-in, popup, registry, rundll, saver, scan, security, senden, shell32.dll, software, taskmanager, trojane, trojaner, udp, ukash, windows internet |
Linear-Darstellung
