|
Log-Analyse und Auswertung: Bundespolizei-Trojaner. Ist er weg ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.04.2011, 16:22 | #1 |
| Bundespolizei-Trojaner. Ist er weg ? Hallo Leute, ich hatte mir den Bundespolizei-Trojaner eingefangen. Zum Glück hatte ich ein altes Acronis-True-Image Backup von meiner Betriebssystem Partition. Ich bin dann folgendermaßen vorgegangen: - Mit einem weiteren Acronis-True-Image Backup habe ich wichtige Dateien gesichert. ( Nur Dokumente. Keine Programme ) Also nachdem der Rechner schon infiziert war. - Dann beide Backups wieder eingespielt und fertig. Ich habe jedoch 4 Partitionen auf 2 Festplatten und frage mich nun, ob der Trojaner wirklich weg ist, oder ob er sich auf die anderen Partitionen ausgedehnt hat ? Ich habe die ganze Sache mit Load.exe nach Anweisung abgearbeitet. Vielleicht ist jemand so nett und sieht sich mal die Logfiles an: OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.04.2011 15:02:47 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Carsten\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,23 Gb Total Space | 45,23 Gb Free Space | 60,93% Space Free | Partition Type: NTFS Drive D: | 74,82 Gb Total Space | 21,39 Gb Free Space | 28,59% Space Free | Partition Type: NTFS Drive E: | 74,58 Gb Total Space | 48,66 Gb Free Space | 65,25% Space Free | Partition Type: NTFS Drive F: | 74,47 Gb Total Space | 74,38 Gb Free Space | 99,88% Space Free | Partition Type: NTFS Computer Name: DELL | User Name: Carsten | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.19 14:49:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Carsten\Desktop\OTL.exe PRC - [2011.04.18 22:30:13 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011.04.18 15:34:19 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.26 10:02:44 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.26 10:02:44 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.09.10 12:15:24 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwmon.exe PRC - [2008.09.10 12:15:21 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwmsdmon.exe PRC - [2008.05.16 17:33:10 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdwcoms.exe PRC - [2007.05.09 17:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe PRC - [2007.02.16 18:49:50 | 000,411,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe ========== Modules (SafeList) ========== MOD - [2011.04.19 14:49:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Carsten\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2010.05.04 21:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll MOD - [2008.01.18 23:34:08 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll MOD - [2006.11.02 14:34:33 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll ========== Win32 Services (SafeList) ========== SRV - [2011.04.18 15:34:19 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.26 10:02:44 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.05.16 17:33:10 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdwcoms.exe -- (lxdw_device) SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.02.16 18:49:50 | 000,411,168 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2006.06.05 13:59:18 | 000,174,080 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer) ========== Driver Services (SafeList) ========== DRV - [2011.04.18 15:34:20 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.26 10:02:44 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.02 20:40:50 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.06.16 14:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.07.16 18:12:30 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2008.07.16 18:12:30 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2008.07.16 18:12:27 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman) DRV - [2008.01.18 22:15:00 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2008.01.18 20:25:06 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2007.10.10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev) DRV - [2007.03.05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx) DRV - [2006.11.14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan) DRV - [2006.05.29 08:26:38 | 000,127,488 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (Nokia USB Phone Parent) DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (Nokia USB Port) DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (Nokia USB Modem) DRV - [2006.05.29 08:26:36 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (Nokia USB Generic) DRV - [1997.12.23 03:00:00 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (Aspi32) DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.18 22:30:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.18 22:30:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.06 08:10:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.12.06 08:10:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carsten\AppData\Roaming\mozilla\Extensions [2010.12.06 08:10:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carsten\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.04.18 18:01:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carsten\AppData\Roaming\mozilla\Firefox\Profiles\jeou4izh.default\extensions [2010.06.26 08:27:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Carsten\AppData\Roaming\mozilla\Firefox\Profiles\jeou4izh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.29 18:11:21 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Users\Carsten\AppData\Roaming\mozilla\Firefox\Profiles\jeou4izh.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2010.12.04 12:30:42 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Carsten\AppData\Roaming\mozilla\Firefox\Profiles\jeou4izh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.12.21 01:13:49 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Carsten\AppData\Roaming\mozilla\Firefox\Profiles\jeou4izh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.10.14 18:54:08 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Carsten\AppData\Roaming\mozilla\Firefox\Profiles\jeou4izh.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2011.04.18 15:41:25 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Carsten\AppData\Roaming\mozilla\Firefox\Profiles\jeou4izh.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2011.04.18 15:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.10.22 20:55:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.27 13:33:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.04.18 15:29:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2011.04.18 22:30:16 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.04.18 22:30:16 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2011.04.18 22:30:16 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.04.18 22:30:16 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.04.18 22:30:16 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll () O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [lxdwamon] C:\Program Files\Lexmark 7600 Series\lxdwamon.exe () O4 - HKLM..\Run: [lxdwmon.exe] C:\Program Files\Lexmark 7600 Series\lxdwmon.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O18 - Protocol\Handler\haufereader {39198710-62F7-42CD-9458-069843FA5D32} - C:\Program Files\Haufe\HaufeReader\HRInstmon.dll (Haufe Mediengruppe) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{e3ec7d5c-5215-11dd-bd30-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e3ec7d5c-5215-11dd-bd30-806e6f6e6963}\Shell\AutoRun\command - "" = A:\wubi.exe --cdmenu O33 - MountPoints2\{ec66abfc-9faa-11df-8c1b-001e4cdc7873}\Shell - "" = AutoRun O33 - MountPoints2\{ec66abfc-9faa-11df-8c1b-001e4cdc7873}\Shell\AutoRun\command - "" = G:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ICQ - hkey= - key= - File not found MsConfig - StartUpReg: PCSuiteTrayApplication - hkey= - key= - File not found MsConfig - StartUpReg: PcSync - hkey= - key= - File not found MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.04.19 14:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.04.19 14:59:30 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2011.04.19 14:49:24 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Carsten\Desktop\Erunt-setup.exe [2011.04.19 14:49:24 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Carsten\Desktop\OTL.exe [2011.04.19 14:49:24 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Carsten\Desktop\TFC.exe [2011.04.18 21:40:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011.04.18 17:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView [2011.04.18 17:13:31 | 000,000,000 | ---D | C] -- C:\Users\Carsten\Desktop\ebay_yamaha - Kopie [2011.04.18 15:31:52 | 000,000,000 | ---D | C] -- C:\Users\Carsten\Desktop\SE_Xperia_X10 [2011.04.18 15:31:51 | 000,000,000 | ---D | C] -- C:\Users\Carsten\Desktop\KompoZer Lektionen [2011.04.18 15:31:49 | 000,000,000 | ---D | C] -- C:\Users\Carsten\Desktop\ebay_yamaha [2011.04.18 15:31:48 | 000,000,000 | ---D | C] -- C:\Users\Carsten\Desktop\ebay [2011.04.18 15:31:34 | 000,000,000 | ---D | C] -- C:\Users\Carsten\Desktop\Bilder_Yamaha [2011.04.18 15:31:32 | 000,000,000 | ---D | C] -- C:\Users\Carsten\Desktop\24 [2010.11.30 17:14:51 | 000,032,256 | ---- | C] (Microsoft) -- C:\Users\Carsten\AppData\Roaming\Microsoft Installer.exe [2010.06.21 18:53:43 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDWhcp.dll [2010.06.21 18:53:43 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdwinpa.dll [2010.06.21 18:53:42 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxdwserv.dll [2010.06.21 18:53:42 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdwusb1.dll [2010.06.21 18:53:42 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdwiesc.dll [2010.06.21 18:53:41 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdwpmui.dll [2010.06.21 18:53:41 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdwlmpm.dll [2010.06.21 18:53:40 | 000,679,936 | ---- | C] ( ) -- C:\Windows\System32\lxdwhbn3.dll [2010.06.21 18:53:40 | 000,328,360 | ---- | C] ( ) -- C:\Windows\System32\lxdwih.exe [2010.06.21 18:53:39 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxdwcomc.dll [2010.06.21 18:53:39 | 000,594,600 | ---- | C] ( ) -- C:\Windows\System32\lxdwcoms.exe [2010.06.21 18:53:39 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdwcomm.dll [2010.06.21 18:53:38 | 000,369,320 | ---- | C] ( ) -- C:\Windows\System32\lxdwcfg.exe [47 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [47 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.19 14:59:30 | 000,000,693 | ---- | M] () -- C:\Users\Carsten\Desktop\NTREGOPT.lnk [2011.04.19 14:59:30 | 000,000,674 | ---- | M] () -- C:\Users\Carsten\Desktop\ERUNT.lnk [2011.04.19 14:57:02 | 000,639,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.19 14:57:02 | 000,604,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.19 14:57:02 | 000,131,024 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.19 14:57:02 | 000,108,096 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.19 14:52:15 | 000,032,061 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.04.19 14:52:15 | 000,032,061 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.04.19 14:52:13 | 000,004,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.19 14:52:13 | 000,004,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.19 14:52:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.19 14:51:16 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.04.19 14:49:32 | 000,301,568 | ---- | M] () -- C:\Users\Carsten\Desktop\g2m3e4r.exe [2011.04.19 14:49:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Carsten\Desktop\OTL.exe [2011.04.19 14:49:29 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Carsten\Desktop\Erunt-setup.exe [2011.04.19 14:49:28 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Carsten\Desktop\TFC.exe [2011.04.19 14:48:06 | 000,377,260 | ---- | M] () -- C:\Users\Carsten\Desktop\Load.exe [2011.04.18 21:44:00 | 000,263,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.18 20:27:23 | 000,155,648 | ---- | M] () -- C:\Users\Carsten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.18 17:24:05 | 000,001,647 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView Thumbnails.lnk [2011.04.18 17:24:05 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView.lnk [2011.04.18 15:34:48 | 000,057,506 | ---- | M] () -- C:\Users\Carsten\Desktop\Yamaha-Logo.jpg [2011.04.18 15:34:48 | 000,013,958 | ---- | M] () -- C:\Users\Carsten\Desktop\Unbenannt 1.odt [2011.04.18 15:34:48 | 000,010,972 | ---- | M] () -- C:\Users\Carsten\Desktop\Strato.odt [2011.04.18 15:34:48 | 000,008,752 | ---- | M] () -- C:\Users\Carsten\Desktop\Xperia X10_Tests.odt [2011.04.18 15:34:48 | 000,000,998 | ---- | M] () -- C:\Users\Carsten\Desktop\Update Service.lnk [2011.04.18 15:34:47 | 003,906,917 | ---- | M] () -- C:\Users\Carsten\Desktop\SME_Flyer_01_2011.pdf [2011.04.18 15:34:20 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.04.18 15:31:52 | 000,009,216 | -H-- | M] () -- C:\Users\Carsten\Desktop\photothumb.db [2011.04.18 15:31:52 | 000,000,895 | ---- | M] () -- C:\Users\Carsten\Desktop\Playlist Creator 3.6.2.lnk [2011.04.18 15:31:52 | 000,000,812 | ---- | M] () -- C:\Users\Carsten\Desktop\mp3DirectCut.lnk [2011.04.18 15:31:52 | 000,000,480 | ---- | M] () -- C:\Users\Carsten\Desktop\Rechnungen - Verknüpfung.lnk [2011.04.18 15:31:51 | 000,001,877 | ---- | M] () -- C:\Users\Carsten\Desktop\JLC's Internet TV.lnk [2011.04.18 15:31:51 | 000,000,501 | ---- | M] () -- C:\Users\Carsten\Desktop\homepage_kompozer - Verknüpfung.lnk [2011.04.18 15:31:48 | 000,561,834 | ---- | M] () -- C:\Users\Carsten\Desktop\ComfortCredit.pdf [2011.04.18 15:31:34 | 000,370,908 | ---- | M] () -- C:\Users\Carsten\Desktop\antrag.pdf [2011.04.18 15:29:04 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{692325B4-3D4D-48E2-A700-8A0B9715E685}.job [2011.04.18 15:14:04 | 000,000,383 | ---- | M] () -- C:\Users\Carsten\Desktop\Eigene_Dateien - Verknüpfung.lnk [47 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [47 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.19 14:59:30 | 000,000,693 | ---- | C] () -- C:\Users\Carsten\Desktop\NTREGOPT.lnk [2011.04.19 14:59:30 | 000,000,674 | ---- | C] () -- C:\Users\Carsten\Desktop\ERUNT.lnk [2011.04.19 14:49:25 | 000,301,568 | ---- | C] () -- C:\Users\Carsten\Desktop\g2m3e4r.exe [2011.04.19 14:48:05 | 000,377,260 | ---- | C] () -- C:\Users\Carsten\Desktop\Load.exe [2011.04.18 17:24:05 | 000,001,647 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView Thumbnails.lnk [2011.04.18 17:24:05 | 000,000,767 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView.lnk [2011.04.18 15:48:25 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011.04.18 15:48:25 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2011.04.18 15:48:25 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2011.04.18 15:34:48 | 000,057,506 | ---- | C] () -- C:\Users\Carsten\Desktop\Yamaha-Logo.jpg [2011.04.18 15:34:48 | 000,013,958 | ---- | C] () -- C:\Users\Carsten\Desktop\Unbenannt 1.odt [2011.04.18 15:34:48 | 000,010,972 | ---- | C] () -- C:\Users\Carsten\Desktop\Strato.odt [2011.04.18 15:34:48 | 000,008,752 | ---- | C] () -- C:\Users\Carsten\Desktop\Xperia X10_Tests.odt [2011.04.18 15:34:48 | 000,000,998 | ---- | C] () -- C:\Users\Carsten\Desktop\Update Service.lnk [2011.04.18 15:34:47 | 003,906,917 | ---- | C] () -- C:\Users\Carsten\Desktop\SME_Flyer_01_2011.pdf [2011.04.18 15:31:52 | 000,000,895 | ---- | C] () -- C:\Users\Carsten\Desktop\Playlist Creator 3.6.2.lnk [2011.04.18 15:31:52 | 000,000,812 | ---- | C] () -- C:\Users\Carsten\Desktop\mp3DirectCut.lnk [2011.04.18 15:31:52 | 000,000,480 | ---- | C] () -- C:\Users\Carsten\Desktop\Rechnungen - Verknüpfung.lnk [2011.04.18 15:31:51 | 000,001,877 | ---- | C] () -- C:\Users\Carsten\Desktop\JLC's Internet TV.lnk [2011.04.18 15:31:51 | 000,000,501 | ---- | C] () -- C:\Users\Carsten\Desktop\homepage_kompozer - Verknüpfung.lnk [2011.04.18 15:31:48 | 000,561,834 | ---- | C] () -- C:\Users\Carsten\Desktop\ComfortCredit.pdf [2011.04.18 15:31:34 | 000,370,908 | ---- | C] () -- C:\Users\Carsten\Desktop\antrag.pdf [2011.04.18 15:14:04 | 000,000,383 | ---- | C] () -- C:\Users\Carsten\Desktop\Eigene_Dateien - Verknüpfung.lnk [2010.11.30 17:15:00 | 000,000,000 | ---- | C] () -- C:\Users\Carsten\AppData\Roaming\chrtmp [2010.11.25 15:16:57 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.10.20 16:55:33 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.07.26 16:53:17 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.07.02 11:35:53 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2010.06.21 18:58:57 | 000,360,448 | ---- | C] () -- C:\Windows\System32\lxdwcoin.dll [2010.06.21 18:57:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdwvs.dll [2010.06.21 18:55:59 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdwdrs.dll [2010.06.21 18:55:59 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdwcaps.dll [2010.06.21 18:55:59 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdwcnv4.dll [2010.06.21 18:54:28 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdwrwrd.ini [2010.06.21 18:53:44 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDWinst.dll [2010.06.21 18:53:40 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdwgrd.dll [2010.05.31 08:46:33 | 000,032,061 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.05.31 08:42:25 | 000,032,061 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.07.23 16:41:16 | 000,344,064 | ---- | C] () -- C:\Windows\System32\BH_DATA110VC8.dll [2008.07.16 23:01:06 | 000,155,648 | ---- | C] () -- C:\Users\Carsten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.07.16 22:23:27 | 000,000,096 | ---- | C] () -- C:\Windows\ktel.ini [2008.07.16 21:16:23 | 000,000,095 | ---- | C] () -- C:\Users\Carsten\AppData\Local\fusioncache.dat [2008.07.16 21:09:46 | 000,131,072 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC7.dll [2008.07.16 21:09:45 | 000,065,536 | ---- | C] () -- C:\Windows\System32\PXTToolVC7.dll [2008.07.16 21:09:44 | 000,303,104 | ---- | C] () -- C:\Windows\System32\LxImport50VC7.dll [2008.07.16 21:09:44 | 000,217,088 | ---- | C] () -- C:\Windows\System32\LxImport40VC7.dll [2008.07.16 20:56:14 | 000,233,527 | ---- | C] () -- C:\Windows\System32\dnt25.dll [2008.07.16 20:56:14 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc25.dll [2008.07.16 20:56:14 | 000,069,689 | ---- | C] () -- C:\Windows\System32\dntvm25.dll [2008.07.16 20:56:13 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll [2008.07.16 20:56:13 | 000,221,239 | ---- | C] () -- C:\Windows\System32\dnt24.dll [2008.07.16 20:56:13 | 000,090,112 | ---- | C] () -- C:\Windows\System32\LxUtl10.dll [2008.07.16 20:56:13 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc24.dll [2008.07.16 20:56:13 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll [2008.07.16 20:56:13 | 000,069,689 | ---- | C] () -- C:\Windows\System32\dntvm24.dll [2008.07.16 20:56:13 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll [2008.07.16 20:56:10 | 000,015,627 | ---- | C] () -- C:\Windows\System32\WBROLLRS.DLL [2008.07.16 20:56:09 | 000,110,080 | ---- | C] () -- C:\Windows\System32\W32MKRC.DLL [2008.07.16 20:56:08 | 000,320,512 | ---- | C] () -- C:\Windows\System32\W32MKDE.EXE [2008.07.16 20:56:08 | 000,041,472 | ---- | C] () -- C:\Windows\System32\W32btstp.dll [2008.07.16 20:56:08 | 000,025,088 | ---- | C] () -- C:\Windows\System32\W32btxlt.dll [2008.07.16 20:07:59 | 000,000,023 | ---- | C] () -- C:\Windows\eps32.INI [2008.07.16 20:07:59 | 000,000,023 | ---- | C] () -- C:\Windows\eps_stab.ini [2008.07.16 20:07:55 | 000,000,198 | ---- | C] () -- C:\Windows\ODBCINST.ini [2008.07.16 07:30:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2008.07.16 07:28:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.07.16 07:28:50 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.07.15 04:51:33 | 000,000,680 | ---- | C] () -- C:\Users\Carsten\AppData\Local\d3d9caps.dat [2008.07.15 04:39:48 | 000,003,204 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007.11.15 21:27:40 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2007.11.15 21:25:28 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2007.11.15 21:25:12 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2007.11.13 09:39:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\FKStampPainter20.dll [2007.11.09 15:18:10 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll [2006.11.02 17:33:31 | 000,639,210 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,131,024 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,263,168 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,604,764 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,108,096 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll [2005.11.09 12:18:38 | 000,282,679 | ---- | C] () -- C:\Windows\System32\dnt27.dll [2005.11.09 12:17:36 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc27.dll [2005.11.09 12:17:28 | 000,073,785 | ---- | C] () -- C:\Windows\System32\dntvm27.dll [2005.11.09 12:13:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\dnt27VC7.dll [2005.11.09 12:11:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvmc27VC7.dll [2005.11.09 12:11:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dntvm27VC7.dll [2005.05.06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2004.05.06 14:07:32 | 000,241,664 | ---- | C] () -- C:\Windows\System32\dnt26VC7.dll [2004.05.06 14:05:04 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvmc26VC7.dll [2004.05.06 14:04:42 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dntvm26VC7.dll [2003.09.05 12:25:54 | 000,237,623 | ---- | C] () -- C:\Windows\System32\dnt26.dll [2003.09.05 12:25:52 | 000,073,785 | ---- | C] () -- C:\Windows\System32\dntvm26.dll [2003.09.05 12:03:30 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc26.dll [2002.11.06 15:23:32 | 000,045,056 | ---- | C] () -- C:\Windows\System32\FKStampPainter.dll [2001.12.13 13:30:12 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SBSPAINT.DLL [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2010.10.20 19:50:53 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\AnvSoft [2010.11.23 23:51:48 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\Canneverbe Limited [2010.10.22 08:51:00 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\DataLayer [2010.08.17 18:34:02 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\DeepBurner [2010.10.25 12:38:58 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\DVDVideoSoftIEHelpers [2010.06.02 16:06:16 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\elsterformular [2011.04.18 20:11:50 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\FileZilla [2010.10.19 19:47:45 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\FreeAudioPack [2010.12.24 00:30:15 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\GrabIt [2010.09.06 18:19:17 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\gtk-2.0 [2010.12.13 09:33:37 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\install [2008.07.16 22:24:51 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\klickTel [2010.08.23 11:49:22 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\KompoZer [2010.07.02 22:12:28 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\Lexmark Productivity Studio [2008.07.17 00:02:01 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\Lexware [2010.09.25 14:52:39 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\MyPhoneExplorer [2010.10.22 08:49:59 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\Nokia [2010.09.13 13:49:45 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\Notepad++ [2010.07.16 15:28:39 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\Nvu [2008.07.16 21:59:08 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\OpenOffice.org [2010.10.22 07:01:35 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\PC Suite [2010.07.15 21:22:01 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\PhotoScape [2010.09.16 14:14:03 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\Shareaza [2010.12.06 08:10:49 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\Thunderbird [2010.11.13 21:12:10 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\XMedia Recode [2011.04.19 14:51:16 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.04.18 15:29:04 | 000,000,450 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{692325B4-3D4D-48E2-A700-8A0B9715E685}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2008.07.15 04:51:57 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.07.29 23:34:05 | 000,000,000 | -HSD | M] -- C:\Boot [2010.03.03 16:14:48 | 000,000,000 | ---D | M] -- C:\CHAMP [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.02.13 15:27:22 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2008.07.16 20:56:07 | 000,000,000 | ---D | M] -- C:\LEXWARE [2010.12.19 16:57:52 | 000,000,000 | ---D | M] -- C:\logs [2010.02.14 01:13:33 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.04.19 14:59:30 | 000,000,000 | ---D | M] -- C:\Program Files [2010.12.24 14:36:32 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.02.13 15:27:22 | 000,000,000 | -HSD | M] -- C:\Programme [2011.04.19 15:04:07 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2008.07.15 04:51:28 | 000,000,000 | R--D | M] -- C:\Users [2011.04.18 15:15:56 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.18 23:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: USERINIT.EXE > [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-19 09:21:48 ========== Alternate Data Streams ========== @Alternate Data Stream - 368 bytes -> C:\Users\Carsten\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63 @Alternate Data Stream - 16 bytes -> C:\Users\Carsten\Downloads:Shareaza.GUID < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.04.2011 15:02:47 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Carsten\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,23 Gb Total Space | 45,23 Gb Free Space | 60,93% Space Free | Partition Type: NTFS Drive D: | 74,82 Gb Total Space | 21,39 Gb Free Space | 28,59% Space Free | Partition Type: NTFS Drive E: | 74,58 Gb Total Space | 48,66 Gb Free Space | 65,25% Space Free | Partition Type: NTFS Drive F: | 74,47 Gb Total Space | 74,38 Gb Free Space | 99,88% Space Free | Partition Type: NTFS Computer Name: DELL | User Name: Carsten | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{3DF7010A-5A93-40EC-AC2F-E5A689A95D5F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4A88DA12-7675-4531-BDB3-CB00BC450B28}" = lport=139 | protocol=6 | dir=in | app=system | "{5E71C421-EF83-4EC6-9220-6614AFE27587}" = rport=138 | protocol=17 | dir=out | app=system | "{6EBC8F0F-8BEC-4B19-BE27-42FECB3130DD}" = rport=445 | protocol=6 | dir=out | app=system | "{9A574BC5-C269-493C-B06D-1AAE7FC67DA6}" = rport=137 | protocol=17 | dir=out | app=system | "{B87811DA-F250-45FC-894F-A9CE53F6A825}" = lport=138 | protocol=17 | dir=in | app=system | "{D18D22B5-44B4-4187-9640-05E03D4012DC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D509A1D9-D2AD-4465-A811-5D5945C89AE3}" = rport=139 | protocol=6 | dir=out | app=system | "{EBCCC037-CE96-4965-A9E9-5BB66413CA2D}" = lport=445 | protocol=6 | dir=in | app=system | "{FB57684C-2C70-4C85-B3ED-C0B250710D9A}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{131374F0-7094-481F-99AA-DD95482507E5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{27CF8E99-5DC5-4847-9F42-A226CB750CBB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{287B4C99-E14F-4FEE-850B-3851BC098443}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{35AA79E0-DA5F-476D-9795-3D1C48F7D385}" = protocol=6 | dir=in | app=c:\program files\lexmark 7600 series\lxdwamon.exe | "{3B880C29-41A8-4CE3-85A2-887911AA1A84}" = protocol=17 | dir=in | app=c:\program files\grabit\grabit.exe | "{52B4F851-40BA-4B96-BD4A-E8072B0E480B}" = protocol=17 | dir=in | app=c:\program files\lexmark 7600 series\frun.exe | "{59DD55D8-83C6-4F0E-A817-11559B15A3CA}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdwpswx.exe | "{65170697-3553-40ED-852C-075000736D12}" = protocol=6 | dir=in | app=c:\program files\lexmark 7600 series\frun.exe | "{80DEE436-0C55-4D38-A951-BFDE3378ECAB}" = protocol=6 | dir=in | app=c:\program files\grabit\grabit.exe | "{996899A6-9B84-4504-89B4-8D380826A2E6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{CE8E871B-E8E7-4014-ACEB-7F4311E9610F}" = protocol=17 | dir=in | app=c:\windows\system32\lxdwcoms.exe | "{D2AC5D5C-E4C0-4EA1-8E34-7C52DBEF5C9E}" = protocol=6 | dir=in | app=c:\windows\system32\lxdwcoms.exe | "{D4DCD057-38AE-48EF-8127-2A045B7872B2}" = protocol=17 | dir=in | app=c:\program files\lexmark 7600 series\lxdwamon.exe | "{DD418FF8-38D2-407B-975C-4EA28A0A7AFE}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdwpswx.exe | "TCP Query User{2AC91CB1-BFD8-4BFB-B5EB-642419F1B0EB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{372558C3-ED79-403D-BEB4-35BFF7CA7612}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "TCP Query User{933CB071-0C19-4FAA-9E07-B81243BE8FA9}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "TCP Query User{FF216E2D-2D3F-44F9-891E-35E9FFD5D9A4}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{0321CF7A-4933-41E2-8EAE-4DB8BB3D43F2}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "UDP Query User{0DC8A2F0-F309-48A7-8B97-FC22E956A515}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{368BE4C8-A545-4667-8E40-87E09F85F4BD}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{BB0EE5BE-41CF-459E-817D-9ABB4D5049A4}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{21C1E6B6-8796-4EEE-ACF3-F318CEFC257C}" = Lexware buchhalter 2006 "{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24 "{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service "{5C5B0836-9648-4057-8044-2DF181E073E2}" = TAXMAN 2010 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6E9B276F-77BE-49F7-8676-C10017F9E20B}" = Lexware buchhalter Servicepack 2008, Version 13.50 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{8B50F367-2686-4256-BA05-708B299961DF}" = Lexware Elster "{9324A633-2B64-411F-BD1A-849E6438EC18}" = klickTel Routenplaner Winter 2006 "{9762315F-29C6-488C-98D4-80CDE3418102}" = Lexware buchhalter 2006 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BD3BC83-C14A-4C54-A5FB-F43D93D5E4EF}" = Nokia Connectivity Cable Driver "{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch "{BC63A4AC-435D-4AAD-9881-D0ED60804D1A}" = Lexware buchhalter Aktualisierung Februar 2008, Version 13.10 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark "{DA82A3EB-9C78-411D-B389-5323CE29BA88}" = Lexware buchhalter 2003 "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E98371BD-6C0D-463E-B004-E6303F9A34A7}" = Lexware buchhalter 2008 "{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5 "{F49F760A-05DD-4424-BE2B-E084B9FDA9C0}" = Lexware buchhalter 2006 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FE688026-1C8C-4E50-889D-4B6607CADC24}" = Lexware buchhalter 2008 "{FF1B3317-EADD-4AC3-BE54-37265FC9A133}" = Lexware buchhalter Servicepack 2008, Version 13.50 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Any Video Converter_is1" = Any Video Converter 3.0.7 "Audiograbber" = Audiograbber 1.83 SE "Audiograbber-Lame" = Audiograbber MP3-Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "ClearProg" = ClearProg 1.6.0 Final "Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011) "EasyBCD" = EasyBCD 1.7.2 "ElsterFormular 11.4.1.4323" = ElsterFormular "ERUNT_is1" = ERUNT 1.1j "FileZilla Client" = FileZilla Client 3.3.5.1 "Free Studio_is1" = Free Studio version 4.3 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9 "GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997) "HaufeReader" = HaufeReader "IrfanView" = IrfanView (remove only) "JDownloader" = JDownloader "KHB_BH_M" = Lexware know how buchhaltung mini "Lexmark 7600 Series" = Lexmark 7600 Series "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16) "Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6) "MPE" = MyPhoneExplorer "Notepad++" = Notepad++ "NVIDIA Drivers" = NVIDIA Drivers "PhotoScape" = PhotoScape "SpeedFan" = SpeedFan (remove only) "SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010) "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.4 "WinGimp-2.0_is1" = GIMP 2.6.10 "XMedia Recode" = XMedia Recode 2.2.8.4 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 18.04.2011 15:59:27 | Computer Name = Dell | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 18.04.2011 15:59:27 | Computer Name = Dell | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 18.04.2011 16:00:41 | Computer Name = Dell | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 18.04.2011 16:00:41 | Computer Name = Dell | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 18.04.2011 21:18:14 | Computer Name = Dell | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 18.04.2011 21:18:14 | Computer Name = Dell | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 19.04.2011 05:16:26 | Computer Name = Dell | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 19.04.2011 05:16:26 | Computer Name = Dell | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 19.04.2011 08:52:30 | Computer Name = Dell | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 19.04.2011 08:52:30 | Computer Name = Dell | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ System Events ] Error - 11.08.2010 10:30:50 | Computer Name = Dell | Source = Service Control Manager | ID = 7000 Description = Error - 12.08.2010 21:20:04 | Computer Name = Dell | Source = Service Control Manager | ID = 7000 Description = Error - 13.08.2010 10:38:27 | Computer Name = Dell | Source = Service Control Manager | ID = 7000 Description = Error - 13.08.2010 10:46:23 | Computer Name = Dell | Source = Service Control Manager | ID = 7000 Description = Error - 14.08.2010 10:28:45 | Computer Name = Dell | Source = Service Control Manager | ID = 7000 Description = Error - 15.08.2010 14:23:12 | Computer Name = Dell | Source = Service Control Manager | ID = 7000 Description = Error - 17.08.2010 01:22:50 | Computer Name = Dell | Source = Service Control Manager | ID = 7000 Description = Error - 18.08.2010 03:22:53 | Computer Name = Dell | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 22.08.2010 14:26:43 | Computer Name = Dell | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 22.08.2010 um 20:24:52 unerwartet heruntergefahren. Error - 22.08.2010 14:28:21 | Computer Name = Dell | Source = Service Control Manager | ID = 7000 Description = < End of report > GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net Rootkit scan 2011-04-19 16:20:16 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST9160821AS rev.3.CDE Running: g2m3e4r.exe; Driver: C:\Users\Carsten\AppData\Local\Temp\pxldapod.sys ---- System - GMER 1.0.15 ---- INT 0x52 ? 85CD6F00 INT 0x62 ? 85CD6F00 INT 0x62 ? 85CD6F00 INT 0x62 ? 85CD6F00 INT 0x72 ? 85CD6F00 INT 0x72 ? 85CD6F00 INT 0x72 ? 85CD6F00 INT 0x72 ? 85CD6F00 INT 0x92 ? 84487BF8 INT 0xB2 ? 84487BF8 INT 0xB2 ? 84487BF8 INT 0xB2 ? 84487BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? System32\Drivers\spum.sys Das System kann den angegebenen Pfad nicht finden. ! .text USBPORT.SYS!DllUnload 881D441B 5 Bytes JMP 85CD64E0 ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[3832] ntdll.dll!LdrLoadDll 77A393A8 5 Bytes JMP 003B13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 84E1A1F8 Device \Driver\volmgr \Device\VolMgrControl 844891F8 Device \Driver\usbuhci \Device\USBPDO-0 85D011F8 Device \Driver\usbuhci \Device\USBPDO-1 85D011F8 Device \Driver\usbehci \Device\USBPDO-2 85CA41F8 Device \Driver\usbuhci \Device\USBPDO-3 85D011F8 Device \Driver\netbt \Device\NetBT_Tcpip_{172F17B8-BDA7-467B-91E7-3F57134886A7} 873DA500 Device \Driver\usbuhci \Device\USBPDO-4 85D011F8 Device \Driver\usbuhci \Device\USBPDO-5 85D011F8 Device \Driver\usbehci \Device\USBPDO-6 85CA41F8 Device \Driver\volmgr \Device\HarddiskVolume1 844891F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) Device \Driver\volmgr \Device\HarddiskVolume2 844891F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) Device \Driver\cdrom \Device\CdRom0 85DE81F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84E181F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 84E181F8 Device \Driver\atapi \Device\Ide\IdePort0 84E181F8 Device \Driver\atapi \Device\Ide\IdePort1 84E181F8 Device \Driver\atapi \Device\Ide\IdePort2 84E181F8 Device \Driver\msahci \Device\Ide\PciIde1Channel0 84E191F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 84E181F8 Device \Driver\msahci \Device\Ide\PciIde1Channel2 84E191F8 Device \Driver\volmgr \Device\HarddiskVolume3 844891F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) Device \Driver\volmgr \Device\HarddiskVolume4 844891F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) Device \Driver\netbt \Device\NetBt_Wins_Export 873DA500 Device \Driver\Smb \Device\NetbiosSmb 873C61F8 Device \Driver\netbt \Device\NetBT_Tcpip_{694715B8-88F3-4488-807E-6BD8ACED2B03} 873DA500 Device \Driver\iScsiPrt \Device\RaidPort0 85E0B1F8 Device \Driver\netbt \Device\NetBT_Tcpip_{BFEF0390-4D4F-486A-BF07-063D753059C5} 873DA500 Device \Driver\usbuhci \Device\USBFDO-0 85D011F8 Device \Driver\usbuhci \Device\USBFDO-1 85D011F8 Device \Driver\usbehci \Device\USBFDO-2 85CA41F8 Device \Driver\usbuhci \Device\USBFDO-3 85D011F8 Device \Driver\usbuhci \Device\USBFDO-4 85D011F8 Device \Driver\usbuhci \Device\USBFDO-5 85D011F8 Device \Driver\usbehci \Device\USBFDO-6 85CA41F8 Device \FileSystem\cdfs \Cdfs A20971F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cdc7873 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e4cdc7873 (not active ControlSet) ---- EOF - GMER 1.0.15 ---- Geändert von casi1a (19.04.2011 um 16:32 Uhr) |
20.04.2011, 18:11 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei-Trojaner. Ist er weg ? Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
22.04.2011, 07:09 | #3 |
| Bundespolizei-Trojaner. Ist er weg ? Hallo,
__________________habe jetzt noch einen Scan mit Malewarebytes durchgeführt. Ich weiss zwar nicht, ob es wichtig ist, aber der Vollständigkeit halber: Es waren bei diesem Scan noch eine zusätzliche externe Festplatte und ein USB-Stick angeschlossen. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6417 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 22.04.2011 07:36:37 mbam-log-2011-04-22 (07-36-24).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 143890 Laufzeit: 4 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> No action taken. Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\DC3_FEXEC (Malware.Trace) -> No action taken. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> No action taken. ___________________________________________ Gruß Carsten |
22.04.2011, 12:19 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei-Trojaner. Ist er weg ?Zitat:
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
22.04.2011, 14:00 | #5 |
| Bundespolizei-Trojaner. Ist er weg ? Okay, dieses hier ist der vorletzte Scan: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6417 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 22.04.2011 08:55:52 mbam-log-2011-04-22 (08-55-52).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 143456 Laufzeit: 3 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) dieses hier ist der letzte Scan mit aktualisierter Datenbank: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6418 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 22.04.2011 14:51:11 mbam-log-2011-04-22 (14-51-11).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|K:\|) Durchsuchte Objekte: 274685 Laufzeit: 1 Stunde(n), 2 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) _____________________________________________________________ Gruß Carsten |
22.04.2011, 14:02 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei-Trojaner. Ist er weg ? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> Bundespolizei-Trojaner. Ist er weg ? |
22.04.2011, 15:38 | #7 |
| Bundespolizei-Trojaner. Ist er weg ? Sooo, - unhide.exe war nicht nötig, - das Tool von kaspersky hat 4 oder 5 Probleme gefunden, die ich dann gelöscht habe. - danach nochmal Vollscan mit Malwarebyte. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6418 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 22.04.2011 16:30:51 mbam-log-2011-04-22 (16-30-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|K:\|) Durchsuchte Objekte: 274696 Laufzeit: 1 Stunde(n), 7 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) ___________________________________________________ Gruß Carsten |
23.04.2011, 14:11 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei-Trojaner. Ist er weg ? Ich wollte das Log vom TDSS-Killer sehen...
__________________ Logfiles bitte immer in CODE-Tags posten |
23.04.2011, 14:48 | #9 |
| Bundespolizei-Trojaner. Ist er weg ? Aaaaaahhhhhhhh, habs nochmal scannen lassen. 2011/04/23 15:40:36.0385 2728 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/23 15:40:36.0681 2728 ================================================================================ 2011/04/23 15:40:36.0681 2728 SystemInfo: 2011/04/23 15:40:36.0681 2728 2011/04/23 15:40:36.0681 2728 OS Version: 6.0.6002 ServicePack: 2.0 2011/04/23 15:40:36.0681 2728 Product type: Workstation 2011/04/23 15:40:36.0681 2728 ComputerName: DELL 2011/04/23 15:40:36.0681 2728 UserName: Carsten 2011/04/23 15:40:36.0681 2728 Windows directory: C:\Windows 2011/04/23 15:40:36.0681 2728 System windows directory: C:\Windows 2011/04/23 15:40:36.0681 2728 Processor architecture: Intel x86 2011/04/23 15:40:36.0681 2728 Number of processors: 2 2011/04/23 15:40:36.0681 2728 Page size: 0x1000 2011/04/23 15:40:36.0681 2728 Boot type: Normal boot 2011/04/23 15:40:36.0681 2728 ================================================================================ 2011/04/23 15:40:39.0130 2728 Initialize success 2011/04/23 15:40:41.0845 0900 ================================================================================ 2011/04/23 15:40:41.0845 0900 Scan started 2011/04/23 15:40:41.0845 0900 Mode: Manual; 2011/04/23 15:40:41.0845 0900 ================================================================================ 2011/04/23 15:40:42.0562 0900 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/04/23 15:40:42.0687 0900 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/04/23 15:40:42.0749 0900 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/04/23 15:40:42.0796 0900 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/04/23 15:40:42.0827 0900 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/04/23 15:40:42.0952 0900 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 2011/04/23 15:40:43.0015 0900 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 2011/04/23 15:40:43.0077 0900 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/04/23 15:40:43.0155 0900 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 2011/04/23 15:40:43.0217 0900 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2011/04/23 15:40:43.0249 0900 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 2011/04/23 15:40:43.0327 0900 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/04/23 15:40:43.0389 0900 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 2011/04/23 15:40:43.0467 0900 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/04/23 15:40:43.0498 0900 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/04/23 15:40:43.0607 0900 Aspi32 (20d04091eba710f6988f710507d85868) C:\Windows\system32\drivers\Aspi32.sys 2011/04/23 15:40:43.0685 0900 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/04/23 15:40:43.0748 0900 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/04/23 15:40:43.0857 0900 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/04/23 15:40:43.0982 0900 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/04/23 15:40:44.0029 0900 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys 2011/04/23 15:40:44.0169 0900 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys 2011/04/23 15:40:44.0247 0900 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/04/23 15:40:44.0387 0900 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 2011/04/23 15:40:44.0450 0900 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/04/23 15:40:44.0497 0900 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/04/23 15:40:44.0590 0900 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/04/23 15:40:44.0637 0900 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/04/23 15:40:44.0684 0900 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/04/23 15:40:44.0731 0900 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/04/23 15:40:44.0840 0900 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys 2011/04/23 15:40:44.0902 0900 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/04/23 15:40:45.0011 0900 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 2011/04/23 15:40:45.0089 0900 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys 2011/04/23 15:40:45.0152 0900 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys 2011/04/23 15:40:45.0292 0900 CAPI20 (d548fe9b6841141cb4c93bb52015567e) C:\Windows\system32\drivers\CAPI20.sys 2011/04/23 15:40:45.0464 0900 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/04/23 15:40:45.0542 0900 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/04/23 15:40:45.0838 0900 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/04/23 15:40:46.0010 0900 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/04/23 15:40:46.0197 0900 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/04/23 15:40:46.0259 0900 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 2011/04/23 15:40:46.0322 0900 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/04/23 15:40:46.0493 0900 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/04/23 15:40:46.0540 0900 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/04/23 15:40:46.0743 0900 DETEWECP (d24bab151777f35f24651ae40005510b) C:\Windows\System32\drivers\detewecp.sys 2011/04/23 15:40:46.0837 0900 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 2011/04/23 15:40:47.0102 0900 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/04/23 15:40:47.0195 0900 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/04/23 15:40:47.0320 0900 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 2011/04/23 15:40:47.0570 0900 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/04/23 15:40:47.0835 0900 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/04/23 15:40:48.0085 0900 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys 2011/04/23 15:40:48.0412 0900 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/04/23 15:40:48.0787 0900 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/04/23 15:40:48.0943 0900 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/04/23 15:40:49.0255 0900 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/04/23 15:40:49.0457 0900 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/04/23 15:40:49.0504 0900 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/04/23 15:40:49.0582 0900 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/04/23 15:40:49.0629 0900 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/04/23 15:40:49.0832 0900 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/04/23 15:40:50.0159 0900 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/04/23 15:40:50.0300 0900 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys 2011/04/23 15:40:50.0425 0900 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 2011/04/23 15:40:50.0549 0900 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/04/23 15:40:50.0674 0900 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys 2011/04/23 15:40:50.0861 0900 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/04/23 15:40:51.0173 0900 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2011/04/23 15:40:51.0220 0900 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/04/23 15:40:51.0298 0900 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2011/04/23 15:40:51.0485 0900 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 2011/04/23 15:40:51.0875 0900 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/04/23 15:40:52.0203 0900 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/04/23 15:40:52.0281 0900 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/04/23 15:40:52.0421 0900 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/04/23 15:40:52.0484 0900 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/04/23 15:40:52.0531 0900 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2011/04/23 15:40:52.0593 0900 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/04/23 15:40:52.0671 0900 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/04/23 15:40:52.0780 0900 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/04/23 15:40:52.0827 0900 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/04/23 15:40:53.0030 0900 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/04/23 15:40:53.0155 0900 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2011/04/23 15:40:53.0326 0900 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/04/23 15:40:53.0576 0900 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/04/23 15:40:53.0857 0900 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/04/23 15:40:54.0106 0900 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/04/23 15:40:54.0215 0900 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/04/23 15:40:54.0293 0900 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/04/23 15:40:54.0434 0900 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/04/23 15:40:54.0512 0900 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/04/23 15:40:54.0605 0900 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/04/23 15:40:54.0652 0900 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/04/23 15:40:54.0730 0900 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/04/23 15:40:54.0855 0900 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/04/23 15:40:54.0933 0900 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/04/23 15:40:55.0011 0900 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/04/23 15:40:55.0058 0900 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/04/23 15:40:55.0105 0900 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/04/23 15:40:55.0167 0900 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/04/23 15:40:55.0229 0900 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/04/23 15:40:55.0292 0900 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/04/23 15:40:55.0339 0900 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/04/23 15:40:55.0401 0900 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/04/23 15:40:55.0479 0900 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/04/23 15:40:55.0541 0900 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/04/23 15:40:55.0573 0900 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/04/23 15:40:55.0635 0900 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys 2011/04/23 15:40:55.0697 0900 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/04/23 15:40:55.0744 0900 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/04/23 15:40:55.0838 0900 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/04/23 15:40:55.0916 0900 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/04/23 15:40:55.0994 0900 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/04/23 15:40:56.0056 0900 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/04/23 15:40:56.0119 0900 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/04/23 15:40:56.0212 0900 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/04/23 15:40:56.0259 0900 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/04/23 15:40:56.0306 0900 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/04/23 15:40:56.0384 0900 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/04/23 15:40:56.0477 0900 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/04/23 15:40:56.0587 0900 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/04/23 15:40:56.0618 0900 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/04/23 15:40:56.0665 0900 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/04/23 15:40:56.0743 0900 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/04/23 15:40:56.0805 0900 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/04/23 15:40:56.0867 0900 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/04/23 15:40:57.0039 0900 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys 2011/04/23 15:40:57.0148 0900 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/04/23 15:40:57.0273 0900 Nokia USB Generic (5abb6b2461c4eb0afdf1bf7f03963d59) C:\Windows\system32\drivers\nmwcdc.sys 2011/04/23 15:40:57.0335 0900 Nokia USB Modem (353c16d21eec1f11306270040b3713c1) C:\Windows\system32\drivers\nmwcdcm.sys 2011/04/23 15:40:57.0382 0900 Nokia USB Phone Parent (f5b1200c75b160c81e7e48cc0489aa5e) C:\Windows\system32\drivers\nmwcd.sys 2011/04/23 15:40:57.0445 0900 Nokia USB Port (353c16d21eec1f11306270040b3713c1) C:\Windows\system32\drivers\nmwcdcj.sys 2011/04/23 15:40:57.0491 0900 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/04/23 15:40:57.0538 0900 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/04/23 15:40:57.0616 0900 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/04/23 15:40:57.0725 0900 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/04/23 15:40:57.0772 0900 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/04/23 15:40:58.0115 0900 nvlddmkm (8fe5350fa6a9f0b6633aee811c468954) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/04/23 15:40:58.0521 0900 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2011/04/23 15:40:58.0583 0900 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2011/04/23 15:40:58.0661 0900 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2011/04/23 15:40:58.0786 0900 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys 2011/04/23 15:40:58.0817 0900 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys 2011/04/23 15:40:58.0895 0900 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/04/23 15:40:58.0973 0900 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/04/23 15:40:59.0036 0900 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/04/23 15:40:59.0083 0900 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/04/23 15:40:59.0129 0900 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/04/23 15:40:59.0176 0900 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys 2011/04/23 15:40:59.0207 0900 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/04/23 15:40:59.0301 0900 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/04/23 15:40:59.0473 0900 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/04/23 15:40:59.0535 0900 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/04/23 15:40:59.0629 0900 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/04/23 15:40:59.0722 0900 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/04/23 15:40:59.0785 0900 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/04/23 15:40:59.0831 0900 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/04/23 15:40:59.0878 0900 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/04/23 15:40:59.0941 0900 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/04/23 15:40:59.0987 0900 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/04/23 15:41:00.0050 0900 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/04/23 15:41:00.0097 0900 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/04/23 15:41:00.0190 0900 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/04/23 15:41:00.0253 0900 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2011/04/23 15:41:00.0315 0900 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/04/23 15:41:00.0377 0900 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/04/23 15:41:00.0440 0900 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys 2011/04/23 15:41:00.0502 0900 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys 2011/04/23 15:41:00.0549 0900 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys 2011/04/23 15:41:00.0643 0900 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/04/23 15:41:00.0705 0900 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/04/23 15:41:00.0814 0900 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 2011/04/23 15:41:00.0877 0900 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/04/23 15:41:00.0923 0900 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/04/23 15:41:00.0970 0900 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/04/23 15:41:01.0033 0900 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/04/23 15:41:01.0126 0900 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/04/23 15:41:01.0173 0900 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 2011/04/23 15:41:01.0204 0900 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/04/23 15:41:01.0267 0900 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/04/23 15:41:01.0329 0900 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 2011/04/23 15:41:01.0360 0900 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/04/23 15:41:01.0407 0900 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/04/23 15:41:01.0485 0900 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/04/23 15:41:01.0532 0900 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\Windows\system32\DRIVERS\snapman.sys 2011/04/23 15:41:01.0610 0900 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys 2011/04/23 15:41:01.0672 0900 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/04/23 15:41:01.0750 0900 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 2011/04/23 15:41:01.0797 0900 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys 2011/04/23 15:41:01.0875 0900 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys 2011/04/23 15:41:01.0953 0900 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/04/23 15:41:02.0031 0900 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/04/23 15:41:02.0093 0900 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/04/23 15:41:02.0140 0900 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/04/23 15:41:02.0468 0900 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/04/23 15:41:02.0889 0900 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2011/04/23 15:41:03.0419 0900 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2011/04/23 15:41:03.0638 0900 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/04/23 15:41:03.0809 0900 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/04/23 15:41:03.0950 0900 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/04/23 15:41:04.0153 0900 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/04/23 15:41:04.0418 0900 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/04/23 15:41:04.0543 0900 tifsfilter (b84b82c0cbeb1b0d7eb7a946bade5830) C:\Windows\system32\DRIVERS\tifsfilt.sys 2011/04/23 15:41:04.0901 0900 timounter (74711884439bdf9ccf446c79cb05fac0) C:\Windows\system32\DRIVERS\timntr.sys 2011/04/23 15:41:05.0167 0900 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/04/23 15:41:05.0276 0900 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/04/23 15:41:05.0354 0900 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/04/23 15:41:05.0401 0900 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/04/23 15:41:05.0494 0900 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/04/23 15:41:05.0603 0900 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2011/04/23 15:41:05.0713 0900 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/04/23 15:41:05.0775 0900 ulisa (921ddeb4bbc370ecaa71aab3f101e68e) C:\Windows\system32\Drivers\ulisa.sys 2011/04/23 15:41:05.0837 0900 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/04/23 15:41:05.0869 0900 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/04/23 15:41:05.0931 0900 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/04/23 15:41:05.0993 0900 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/04/23 15:41:06.0071 0900 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/04/23 15:41:06.0134 0900 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/04/23 15:41:06.0181 0900 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/04/23 15:41:06.0243 0900 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/04/23 15:41:06.0305 0900 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/04/23 15:41:06.0368 0900 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2011/04/23 15:41:06.0415 0900 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/04/23 15:41:06.0461 0900 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/04/23 15:41:06.0508 0900 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 2011/04/23 15:41:06.0571 0900 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys 2011/04/23 15:41:06.0664 0900 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys 2011/04/23 15:41:06.0711 0900 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/04/23 15:41:06.0758 0900 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/04/23 15:41:06.0789 0900 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2011/04/23 15:41:06.0836 0900 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/04/23 15:41:06.0898 0900 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 2011/04/23 15:41:06.0945 0900 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/04/23 15:41:06.0992 0900 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/04/23 15:41:07.0054 0900 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/04/23 15:41:07.0148 0900 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/04/23 15:41:07.0257 0900 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/04/23 15:41:07.0304 0900 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/23 15:41:07.0335 0900 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/23 15:41:07.0429 0900 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/04/23 15:41:07.0507 0900 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/04/23 15:41:07.0663 0900 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 2011/04/23 15:41:07.0819 0900 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/04/23 15:41:07.0897 0900 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/04/23 15:41:07.0943 0900 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/04/23 15:41:07.0990 0900 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys 2011/04/23 15:41:08.0068 0900 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/04/23 15:41:08.0396 0900 ================================================================================ 2011/04/23 15:41:08.0396 0900 Scan finished 2011/04/23 15:41:08.0396 0900 ================================================================================ ____________________________________________________ Gruß Carsten |
23.04.2011, 15:54 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei-Trojaner. Ist er weg ? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
23.04.2011, 20:19 | #11 |
| Bundespolizei-Trojaner. Ist er weg ? Hallo Arne, mein Laptop läuft mittlerweile immer schlechter. Sicher habe irgendwo etwas falsch gemacht. Wie auch immer, ich habe jetzt keinen Bock mehr und setze das System neu auf. Meine Daten hatte ich ausreichend gesichert, so dass es hier für mich nur um den Zeitaufwand geht. Auf jeden Fall möchte ich dir aber sagen, daß ich deine Kompetenz und deine Hilfsbereitschaft sehr zu schätzen weiss und ich möchte mich bei dir recht herzlich bedanken. Gruß Carsten |
Themen zu Bundespolizei-Trojaner. Ist er weg ? |
alternate, antivir, any video converter, audiograbber, autorun, avgntflt.sys, avira, bho, bundespolizei-trojaner, converter, defender, desktop.ini, error, festplatte, firefox, flash player, format, frage, gruppe, home, homepage, install.exe, jdownloader, keine programme, location, mozilla, mozilla thunderbird, ntdll.dll, nvlddmkm.sys, oldtimer, plug-in, port, registry, rundll, saver, scan, searchplugins, security, shell32.dll, software, sptd.sys, start menu, super, tcp, udp, usb, usbport.sys, video converter, vista, winload toolbar, xperia |