Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bundeskriminalamt Trojaner (https://www.trojaner-board.de/106541-bundeskriminalamt-trojaner.html)

Fee56 19.12.2011 13:57
Bundeskriminalamt Trojaner
 
Hallo,

ich habe gestern beim surfen die Anzeige vom "Bundeskriminalamt" bekommen, dass mein Betriebssystem gesperrt ist und ich 100 Euro zahlen müsste, um es wieder zu entsperren.
Die Anzeige ist jetzt zwar nicht mehr da und ich kann den Laptop normal benutzen, aber manchmal kommt das Bild zwischendurch wieder auf den Bildschirm.
Ich habe jetzt die empfohlenen Logs gemacht und hoffe, dass ihr mir helfen könnt!

lG Fee56

cosinus 19.12.2011 13:58
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Fee56 19.12.2011 14:40
Liste der Anhänge anzeigen (Anzahl: 1)
Ok, also den Malwarebytes-Scan hab ich schon gemacht.

Bei dem ESET Online Scanner sagt er bei der Installtion: "Can not get update. Is proxy configured?" (Screenshot im Anhang)
Da weiß ich jetzt leider nicht, was ich damit machen soll..

und danke schonmal für deine Hilfe =)

cosinus 19.12.2011 14:54
Zitat:
Art des Suchlaufs: Quick-Scan
Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!

Fee56 19.12.2011 16:24
ok sry, wer lesen kann ist klar im vorteil ;)
hab jetzt den vollständigen scan gemacht

cosinus 19.12.2011 18:48
Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
Zu ESET mal bitte das beachten => http://www.trojaner-board.de/94344-p...n-pruefen.html

Fee56 19.12.2011 22:15
hier der ESET Log

Code:
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=efc1e8655650664090c77aac66a4b327
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-19 09:12:10
# local_time=2011-12-19 10:12:10 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775141 100 100 166289 99838571 61938 0
# compatibility_mode=8192 67108863 100 0 26559 26559 0 0
# scanned=74865
# found=1
# cleaned=0
# scan_time=5887
C:\Dokumente und Einstellungen\Wolfgang\Eigene Dateien\Downloads\SoftonicDownloader_fuer_goodnight-timer.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

cosinus 19.12.2011 23:06
Mach bitte ein neues OTL-Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Fee56 19.12.2011 23:38
Ok hab ich gemacht.

OTL Logfile:
Code:
OTL logfile created on: 19.12.2011 23:17:24 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,36 Mb Total Physical Memory | 405,76 Mb Available Physical Memory | 40,00% Memory free
2,38 Gb Paging File | 1,85 Gb Available in Paging File | 77,50% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 145,61 Gb Total Space | 69,24 Gb Free Space | 47,55% Space Free | Partition Type: NTFS
 
Computer Name: WOLFGANGLENOVA | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.19 10:18:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.01 09:28:16 | 000,124,480 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.5\ICQ.exe
PRC - [2011.04.18 13:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Lenovo\System Update\SUService.exe
PRC - [2009.07.21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.22 11:05:26 | 000,323,584 | ---- | M] () -- C:\Programme\Lenovo\VeriFaceIII\PManage.exe
PRC - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.26 14:31:20 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009.03.02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.01.16 16:56:42 | 001,456,768 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\BTStackServer.exe
PRC - [2009.01.16 16:56:42 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\BTTray.exe
PRC - [2009.01.16 16:56:42 | 000,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe
PRC - [2008.12.01 17:32:30 | 000,307,200 | -H-- | M] (DeviceVM) -- C:\QSTART.SYS\config\DVMExportService.exe
PRC - [2008.08.28 14:10:18 | 001,283,984 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2008.07.09 15:21:20 | 004,456,448 | ---- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.04 09:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008.03.04 09:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
PRC - [2007.09.26 16:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2003.08.19 11:00:40 | 000,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark X1100 Series\lxbkbmon.exe
PRC - [2003.08.19 10:51:44 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe
PRC - [2003.06.17 16:14:40 | 000,050,688 | ---- | M] (Microsoft® Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.26 22:19:10 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011.10.26 22:18:28 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011.10.25 21:18:59 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011.10.25 21:11:01 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011.10.25 21:09:29 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2009.05.22 11:05:29 | 009,338,880 | ---- | M] () -- C:\WINDOWS\system32\Facev.dll
MOD - [2009.05.22 11:05:28 | 009,502,720 | ---- | M] () -- C:\WINDOWS\system32\FaceVerify.dll
MOD - [2009.05.22 11:05:28 | 001,564,672 | ---- | M] () -- C:\WINDOWS\system32\MainOp.dll
MOD - [2009.05.22 11:05:28 | 000,241,752 | ---- | M] () -- C:\WINDOWS\system32\IcnOvrly.dll
MOD - [2009.05.22 11:05:28 | 000,221,184 | ---- | M] () -- C:\WINDOWS\system32\SetDev.dll
MOD - [2009.05.22 11:05:28 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\VideoOp.dll
MOD - [2009.05.22 11:05:28 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\FunFrm.dll
MOD - [2009.05.22 11:05:27 | 001,167,360 | ---- | M] () -- C:\WINDOWS\system32\PicNotify.dll
MOD - [2009.05.22 11:05:27 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\Momo.dll
MOD - [2009.05.22 11:05:26 | 000,974,848 | ---- | M] () -- C:\WINDOWS\system32\Apblend.dll
MOD - [2009.05.22 11:05:26 | 000,323,584 | ---- | M] () -- C:\Programme\Lenovo\VeriFaceIII\PManage.exe
MOD - [2009.05.22 11:05:25 | 000,208,896 | ---- | M] () -- C:\WINDOWS\system32\image.dll
MOD - [2009.05.22 11:05:24 | 000,241,664 | ---- | M] () -- C:\WINDOWS\system32\3DImageRenderer.dll
MOD - [2009.05.22 10:50:01 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2009.01.28 15:03:49 | 000,326,401 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009.01.16 16:55:38 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2009.01.16 16:53:32 | 000,069,697 | ---- | M] () -- C:\Programme\Lenovo\Bluetooth Software\BTKeyInd.dll
MOD - [2008.05.21 16:33:22 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2008.04.14 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2005.06.24 02:05:02 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll
MOD - [2003.07.29 09:27:40 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBKPP5C.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.04.18 13:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009.07.21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.03.26 14:31:20 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.01.16 16:56:42 | 000,346,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008.12.01 17:32:30 | 000,307,200 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\QSTART.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.03.04 09:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007.09.26 16:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009.12.08 13:56:07 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.10.08 20:06:37 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ACEDRV05.sys -- (ACEDRV05)
DRV - [2009.10.06 10:20:20 | 000,043,136 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009.05.11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.18 11:31:04 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.01.07 23:18:58 | 000,991,784 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008.10.30 21:19:14 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008.09.10 18:14:48 | 001,386,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008.08.05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.07.24 09:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008.07.23 03:03:24 | 000,157,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008.06.19 19:43:36 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008.05.30 03:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008.04.14 13:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.14 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008.04.14 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2008.02.04 09:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008.01.11 13:58:42 | 000,009,472 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2007.02.19 06:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006.01.04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.11.16 22:55:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.11.16 22:55:15 | 000,000,000 | ---D | M]
 
[2009.10.08 16:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Extensions
[2011.12.19 02:37:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\vryqgn9d.default\extensions
[2010.11.14 18:42:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\vryqgn9d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.10.08 17:00:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.05 03:43:10 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.05 03:43:10 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.05 03:43:10 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 03:43:10 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 03:43:10 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [URRZ_WLAN-Profile] C:\WINDOWS\system32\reg.exe DELETE HKCU\Software\Microsoft\EAPOL\UserEapInfo /f File not found
O4 - HKLM..\Run: [VeriFaceManager] C:\Programme\Lenovo\VeriFaceIII\PManage.exe ()
O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E46233D5-CD5B-45BF-B051-BD8C2D4BA372}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PicNotify: DllName - (PicNotify.dll) - C:\WINDOWS\System32\PicNotify.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.21 06:02:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.19 23:13:05 | 000,000,000 | -H-D | C] -- C:\dvmexp
[2011.12.19 14:11:45 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.12.19 14:10:30 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\esetsmartinstaller_enu.exe
[2011.12.19 14:02:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Malwarebytes
[2011.12.19 14:02:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.12.19 14:02:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.12.19 14:02:17 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.12.19 14:02:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.12.19 10:18:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2 C:\Dokumente und Einstellungen\Wolfgang\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Wolfgang\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.19 23:17:17 | 000,444,864 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.12.19 23:17:16 | 000,463,408 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.12.19 23:17:16 | 000,086,234 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.12.19 23:17:16 | 000,072,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.12.19 23:12:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.19 23:12:52 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.19 14:10:35 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\esetsmartinstaller_enu.exe
[2011.12.19 10:19:42 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ot8jccy4.exe
[2011.12.19 10:18:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2011.12.19 10:16:18 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2011.12.19 10:15:11 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2011.12.19 10:12:58 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.19 05:21:47 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.12.19 02:44:42 | 000,308,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.12.19 02:41:03 | 000,000,761 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\wpbt0.dll.lnk
[2011.12.19 02:29:50 | 000,025,846 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\wklnhst.dat
[2011.12.19 02:25:23 | 000,033,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.17 23:39:03 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.12.16 02:03:15 | 000,000,059 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\GoodnightTimer.ini
[2 C:\Dokumente und Einstellungen\Wolfgang\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Wolfgang\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.19 10:19:41 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ot8jccy4.exe
[2011.12.19 10:16:18 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2011.12.19 10:15:10 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2011.12.19 02:41:03 | 000,000,761 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\wpbt0.dll.lnk
[2011.12.02 23:25:43 | 001,908,018 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Eigene Dateien\Martin, George R. R. - Das Lied von Eis & Feuer 08 - Die dunkle Königin.pdf
[2011.12.02 23:25:42 | 002,282,377 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Eigene Dateien\Martin, George R. R. - Das Lied von Eis & Feuer 06 - Die K_nigin der Drachen.pdf
[2011.12.02 23:25:42 | 001,694,313 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Eigene Dateien\Martin, George R. R. - Das Lied von Eis & Feuer 07 - Zeit der Krähen.pdf
[2011.12.02 23:25:41 | 002,064,742 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Eigene Dateien\Martin, George R. R. - Das Lied von Eis & Feuer 05 - Sturm der Schwerter.pdf
[2011.12.02 23:25:41 | 002,007,054 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Eigene Dateien\Martin, George R. R. - Das Lied von Eis & Feuer 04 - Die Saat des goldenen L_wen.pdf
[2011.12.02 23:25:40 | 002,316,878 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Eigene Dateien\Martin, George R. R. - Das Lied von Eis & Feuer 03 - Der Thron der Sieben Koenigreiche.pdf
[2011.12.02 23:25:39 | 001,002,735 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Eigene Dateien\Martin, George R. R. - Das Lied von Eis & Feuer 02 - Das Erbe von Winterfell.pdf
[2011.12.02 23:25:38 | 002,063,906 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Eigene Dateien\Martin, George R. R. - Das Lied von Eis & Feuer 01 - Die Herren von Winterfell.pdf
[2011.02.09 23:37:52 | 000,000,059 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\GoodnightTimer.ini
[2009.11.02 22:12:47 | 000,000,297 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2009.11.02 22:12:22 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBKIH.EXE
[2009.11.02 22:12:22 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2009.11.02 22:12:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2009.11.02 22:12:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2009.11.02 22:11:58 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2009.10.09 15:59:42 | 000,045,568 | R--- | C] () -- C:\WINDOWS\UniFish3.exe
[2009.10.08 19:28:13 | 000,033,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.08 16:48:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.10.06 20:01:11 | 000,025,846 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\wklnhst.dat
[2009.10.06 19:21:03 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.08.25 04:42:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009.08.01 19:21:07 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.05.22 12:06:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.05.22 11:10:02 | 000,148,792 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2009.05.22 11:05:29 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll
[2009.05.22 11:05:29 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\picn.dll
[2009.05.22 11:05:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll
[2009.05.22 11:05:28 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll
[2009.05.22 11:05:28 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll
[2009.05.22 11:05:28 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2009.05.22 11:05:28 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
[2009.05.22 11:05:28 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll
[2009.05.22 11:05:28 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll
[2009.05.22 11:05:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll
[2009.05.22 11:05:27 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
[2009.05.22 11:05:27 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\PicNotify.dll
[2009.05.22 11:05:27 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll
[2009.05.22 11:05:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll
[2009.05.22 11:05:26 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll
[2009.05.22 11:05:26 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll
[2009.05.22 11:05:24 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
[2009.05.22 10:56:24 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.05.22 10:54:57 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009.05.22 10:50:05 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2009.01.16 16:55:38 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008.12.01 17:32:30 | 000,012,240 | ---- | C] () -- C:\WINDOWS\System32\dvmio.sys
[2008.07.21 16:38:00 | 000,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.07.21 15:51:20 | 000,463,408 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008.07.21 15:51:20 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008.07.21 15:51:20 | 000,086,234 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008.07.21 15:51:20 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008.07.21 15:51:07 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.07.21 15:51:05 | 000,444,864 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.07.21 15:51:05 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.07.21 15:51:05 | 000,072,740 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.07.21 15:51:05 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.07.21 15:51:04 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.07.21 15:51:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.07.21 15:51:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008.07.21 15:50:58 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.07.21 15:50:58 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.07.21 15:50:51 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.07.21 15:50:47 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.07.21 06:56:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.07.21 06:56:03 | 000,308,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.07.21 06:04:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.07.21 06:01:14 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2010.09.03 20:49:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VeriFace
[2009.10.04 11:33:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011.12.10 11:33:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\ICQ
[2010.11.16 20:36:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\OpenOffice.org
[2009.10.31 15:50:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\ScummVM
[2011.02.16 22:38:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\SharePod
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.10.20 11:47:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Adobe
[2009.10.22 22:29:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Apple Computer
[2010.06.15 21:55:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\DivX
[2011.11.25 16:55:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\dvdcss
[2009.11.19 18:08:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Help
[2011.12.10 11:33:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\ICQ
[2008.07.21 06:05:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Identities
[2009.05.22 10:54:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\InstallShield
[2009.08.01 15:27:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Macromedia
[2011.12.19 14:02:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Malwarebytes
[2009.10.08 16:40:35 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Microsoft
[2010.04.18 15:39:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Move Networks
[2009.10.08 16:48:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla
[2010.11.16 20:36:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\OpenOffice.org
[2009.10.31 15:50:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\ScummVM
[2011.02.16 22:38:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\SharePod
[2011.11.27 15:12:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\vlc
[2009.10.08 20:15:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.04.18 15:39:19 | 001,811,472 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Move Networks\MoveMediaPlayerWin_071802000001.exe
[2010.04.18 15:39:26 | 000,144,053 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Move Networks\uninstall.exe
[2010.02.11 20:31:38 | 000,097,216 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Move Networks\ie_bin\MovePlayerUpgrade.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS
 
< MD5 for: ATAPI.SYS  >
[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 13:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 13:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.04.14 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.07.21 07:55:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.07.21 07:55:31 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.07.21 07:55:31 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<          >

< End of report >
--- --- ---

cosinus 20.12.2011 00:06
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
[2011.12.19 23:13:05 | 000,000,000 | -H-D | C] -- C:\dvmexp
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Fee56 20.12.2011 14:35
Das hab ich auch gemacht.

Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
C:\dvmexp folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: Michael
->Temp folder emptied: 704399 bytes
->Temporary Internet Files folder emptied: 228213 bytes
->FireFox cache emptied: 3429554 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Wolfgang
->Temp folder emptied: 287274031 bytes
->Temporary Internet Files folder emptied: 5431653 bytes
->FireFox cache emptied: 93345714 bytes
->Flash cache emptied: 38239 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1533279 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37578821 bytes
RecycleBin emptied: 731716491 bytes
 
Total Files Cleaned = 1.108,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12202011_142608

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 20.12.2011 15:08
Bitte nun (im normalen Modus!) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Fee56 20.12.2011 15:57
ok hab das gemacht und ich kann auf meine eigenen dateien ganz normal zugreifen
Code:
15:50:02.0375 2024        TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
15:50:02.0609 2024        ============================================================
15:50:02.0609 2024        Current date / time: 2011/12/20 15:50:02.0609
15:50:02.0609 2024        SystemInfo:
15:50:02.0609 2024       
15:50:02.0609 2024        OS Version: 5.1.2600 ServicePack: 3.0
15:50:02.0609 2024        Product type: Workstation
15:50:02.0609 2024        ComputerName: WOLFGANGLENOVA
15:50:02.0609 2024        UserName: Wolfgang
15:50:02.0609 2024        Windows directory: C:\WINDOWS
15:50:02.0609 2024        System windows directory: C:\WINDOWS
15:50:02.0609 2024        Processor architecture: Intel x86
15:50:02.0609 2024        Number of processors: 2
15:50:02.0609 2024        Page size: 0x1000
15:50:02.0609 2024        Boot type: Normal boot
15:50:02.0609 2024        ============================================================
15:50:04.0343 2024        Initialize success
15:50:59.0203 3444        ============================================================
15:50:59.0203 3444        Scan started
15:50:59.0203 3444        Mode: Manual; SigCheck; TDLFS;
15:50:59.0203 3444        ============================================================
15:50:59.0875 3444        Abiosdsk - ok
15:50:59.0968 3444        abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:51:01.0578 3444        abp480n5 - ok
15:51:01.0718 3444        ACEDRV05        (0a1e97197609f92d2425b67da0bb0a7f) C:\WINDOWS\system32\drivers\ACEDRV05.sys
15:51:02.0250 3444        ACEDRV05 ( UnsignedFile.Multi.Generic ) - warning
15:51:02.0250 3444        ACEDRV05 - detected UnsignedFile.Multi.Generic (1)
15:51:02.0312 3444        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:51:02.0765 3444        ACPI - ok
15:51:02.0781 3444        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:51:03.0328 3444        ACPIEC - ok
15:51:03.0375 3444        ACPIVPC        (5508e9f55799c6551d54dfbc4a068b68) C:\WINDOWS\system32\DRIVERS\AcpiVpc.sys
15:51:03.0468 3444        ACPIVPC - ok
15:51:03.0531 3444        adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:51:03.0968 3444        adpu160m - ok
15:51:04.0062 3444        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:51:04.0531 3444        aec - ok
15:51:04.0609 3444        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:51:04.0765 3444        AFD - ok
15:51:04.0812 3444        agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:51:05.0234 3444        agp440 - ok
15:51:05.0250 3444        agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:51:05.0671 3444        agpCPQ - ok
15:51:05.0687 3444        Aha154x        (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:51:05.0875 3444        Aha154x - ok
15:51:05.0921 3444        aic78u2        (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:51:06.0312 3444        aic78u2 - ok
15:51:06.0359 3444        aic78xx        (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:51:06.0796 3444        aic78xx - ok
15:51:06.0859 3444        AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:51:07.0250 3444        AliIde - ok
15:51:07.0265 3444        alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:51:07.0703 3444        alim1541 - ok
15:51:07.0859 3444        Ambfilt        (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
15:51:08.0296 3444        Ambfilt - ok
15:51:08.0312 3444        amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:51:08.0734 3444        amdagp - ok
15:51:08.0781 3444        amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:51:08.0968 3444        amsint - ok
15:51:09.0015 3444        asc            (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:51:09.0437 3444        asc - ok
15:51:09.0468 3444        asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:51:09.0687 3444        asc3350p - ok
15:51:09.0718 3444        asc3550        (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:51:10.0125 3444        asc3550 - ok
15:51:10.0187 3444        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:51:10.0593 3444        AsyncMac - ok
15:51:10.0671 3444        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:51:11.0078 3444        atapi - ok
15:51:11.0125 3444        Atdisk - ok
15:51:11.0156 3444        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:51:11.0546 3444        Atmarpc - ok
15:51:11.0593 3444        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:51:11.0984 3444        audstub - ok
15:51:12.0109 3444        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
15:51:12.0171 3444        avgio - ok
15:51:12.0187 3444        avgntflt        (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:51:12.0406 3444        avgntflt - ok
15:51:12.0531 3444        avipbb          (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:51:12.0593 3444        avipbb - ok
15:51:12.0656 3444        b57w2k          (58911390115465bf6d8048f21f48655a) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
15:51:12.0828 3444        b57w2k - ok
15:51:12.0921 3444        BCM43XX        (cc03987ee5d0f956706b40d2f91f9e4f) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
15:51:13.0453 3444        BCM43XX - ok
15:51:13.0515 3444        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:51:13.0968 3444        Beep - ok
15:51:14.0093 3444        btaudio        (4b43dfe1c1fbb305a1dc5504ef9bb34e) C:\WINDOWS\system32\drivers\btaudio.sys
15:51:14.0218 3444        btaudio - ok
15:51:14.0281 3444        BTDriver        (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
15:51:14.0328 3444        BTDriver - ok
15:51:14.0390 3444        BTKRNL          (cf47c53d294abcb5159b02b68b37ba89) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
15:51:14.0593 3444        BTKRNL - ok
15:51:14.0640 3444        BTWDNDIS        (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
15:51:14.0718 3444        BTWDNDIS - ok
15:51:14.0734 3444        BTWUSB          (6b622612fe21b59faee2ca4385959778) C:\WINDOWS\system32\Drivers\btwusb.sys
15:51:14.0781 3444        BTWUSB - ok
15:51:14.0859 3444        cbidf          (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:51:15.0281 3444        cbidf - ok
15:51:15.0343 3444        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:51:15.0734 3444        cbidf2k - ok
15:51:15.0750 3444        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:51:16.0187 3444        CCDECODE - ok
15:51:16.0234 3444        cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:51:16.0421 3444        cd20xrnt - ok
15:51:16.0453 3444        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:51:16.0828 3444        Cdaudio - ok
15:51:16.0843 3444        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:51:17.0281 3444        Cdfs - ok
15:51:17.0375 3444        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:51:17.0781 3444        Cdrom - ok
15:51:17.0796 3444        Changer - ok
15:51:17.0875 3444        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:51:18.0296 3444        CmBatt - ok
15:51:18.0328 3444        CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:51:18.0703 3444        CmdIde - ok
15:51:18.0765 3444        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:51:19.0156 3444        Compbatt - ok
15:51:19.0203 3444        Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:51:19.0625 3444        Cpqarray - ok
15:51:19.0656 3444        dac2w2k        (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:51:20.0062 3444        dac2w2k - ok
15:51:20.0078 3444        dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:51:20.0515 3444        dac960nt - ok
15:51:20.0546 3444        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:51:20.0968 3444        Disk - ok
15:51:21.0046 3444        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
15:51:21.0609 3444        dmboot - ok
15:51:21.0640 3444        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
15:51:22.0296 3444        dmio - ok
15:51:22.0328 3444        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:51:22.0921 3444        dmload - ok
15:51:23.0046 3444        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:51:23.0765 3444        DMusic - ok
15:51:23.0828 3444        dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:51:24.0375 3444        dpti2o - ok
15:51:24.0406 3444        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:51:24.0859 3444        drmkaud - ok
15:51:24.0921 3444        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:51:25.0359 3444        Fastfat - ok
15:51:25.0406 3444        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:51:25.0812 3444        Fdc - ok
15:51:25.0859 3444        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
15:51:26.0281 3444        Fips - ok
15:51:26.0296 3444        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:51:26.0734 3444        Flpydisk - ok
15:51:26.0796 3444        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:51:27.0234 3444        FltMgr - ok
15:51:27.0250 3444        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:51:27.0640 3444        Fs_Rec - ok
15:51:27.0656 3444        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:51:28.0093 3444        Ftdisk - ok
15:51:28.0187 3444        GEARAspiWDM    (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:51:28.0234 3444        GEARAspiWDM - ok
15:51:28.0281 3444        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:51:28.0718 3444        Gpc - ok
15:51:28.0765 3444        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:51:29.0156 3444        HDAudBus - ok
15:51:29.0250 3444        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:51:29.0703 3444        HidUsb - ok
15:51:29.0718 3444        hpn            (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:51:30.0187 3444        hpn - ok
15:51:30.0281 3444        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:51:30.0406 3444        HTTP - ok
15:51:30.0453 3444        i2omgmt        (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:51:30.0859 3444        i2omgmt - ok
15:51:30.0906 3444        i2omp          (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:51:31.0437 3444        i2omp - ok
15:51:31.0593 3444        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:51:32.0015 3444        i8042prt - ok
15:51:32.0359 3444        ialm            (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:51:33.0140 3444        ialm - ok
15:51:33.0312 3444        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:51:33.0703 3444        Imapi - ok
15:51:33.0781 3444        ini910u        (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:51:34.0203 3444        ini910u - ok
15:51:34.0484 3444        IntcAzAudAddService (42d9da46b6d1c40daab37947d8a4490b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:51:35.0140 3444        IntcAzAudAddService - ok
15:51:35.0171 3444        IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:51:35.0562 3444        IntelIde - ok
15:51:35.0609 3444        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:51:36.0031 3444        intelppm - ok
15:51:36.0078 3444        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:51:36.0515 3444        Ip6Fw - ok
15:51:36.0656 3444        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:51:37.0125 3444        IpFilterDriver - ok
15:51:37.0140 3444        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:51:37.0578 3444        IpInIp - ok
15:51:37.0625 3444        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:51:38.0031 3444        IpNat - ok
15:51:38.0093 3444        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:51:38.0500 3444        IPSec - ok
15:51:38.0562 3444        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:51:38.0750 3444        IRENUM - ok
15:51:38.0828 3444        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:51:39.0234 3444        isapnp - ok
15:51:39.0265 3444        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:51:39.0687 3444        Kbdclass - ok
15:51:39.0734 3444        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:51:40.0140 3444        kmixer - ok
15:51:40.0218 3444        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:51:40.0406 3444        KSecDD - ok
15:51:40.0437 3444        lbrtfdc - ok
15:51:40.0500 3444        MBAMProtector  (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
15:51:40.0578 3444        MBAMProtector - ok
15:51:40.0609 3444        MBAMSwissArmy - ok
15:51:40.0656 3444        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:51:41.0078 3444        mnmdd - ok
15:51:41.0125 3444        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
15:51:41.0687 3444        Modem - ok
15:51:41.0781 3444        Monfilt        (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
15:51:42.0187 3444        Monfilt - ok
15:51:42.0250 3444        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:51:42.0656 3444        Mouclass - ok
15:51:42.0734 3444        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:51:43.0375 3444        mouhid - ok
15:51:43.0421 3444        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:51:43.0968 3444        MountMgr - ok
15:51:44.0031 3444        mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:51:44.0468 3444        mraid35x - ok
15:51:44.0500 3444        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:51:44.0937 3444        MRxDAV - ok
15:51:45.0031 3444        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:51:45.0281 3444        MRxSmb - ok
15:51:45.0328 3444        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:51:45.0750 3444        Msfs - ok
15:51:46.0109 3444        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:51:46.0546 3444        MSKSSRV - ok
15:51:46.0593 3444        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:51:47.0000 3444        MSPCLOCK - ok
15:51:47.0046 3444        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:51:47.0484 3444        MSPQM - ok
15:51:47.0531 3444        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:51:47.0921 3444        mssmbios - ok
15:51:47.0984 3444        MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:51:48.0562 3444        MSTEE - ok
15:51:48.0671 3444        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:51:48.0843 3444        Mup - ok
15:51:48.0937 3444        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:51:49.0562 3444        NABTSFEC - ok
15:51:49.0625 3444        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:51:50.0093 3444        NDIS - ok
15:51:50.0140 3444        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:51:50.0609 3444        NdisIP - ok
15:51:50.0687 3444        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:51:50.0828 3444        NdisTapi - ok
15:51:50.0843 3444        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:51:51.0265 3444        Ndisuio - ok
15:51:51.0328 3444        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:51:51.0890 3444        NdisWan - ok
15:51:51.0968 3444        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:51:52.0125 3444        NDProxy - ok
15:51:52.0156 3444        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:51:52.0656 3444        NetBIOS - ok
15:51:52.0718 3444        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:51:53.0156 3444        NetBT - ok
15:51:53.0234 3444        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:51:53.0718 3444        Npfs - ok
15:51:53.0781 3444        NSCIRDA        (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
15:51:53.0968 3444        NSCIRDA - ok
15:51:54.0078 3444        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:51:54.0593 3444        Ntfs - ok
15:51:54.0671 3444        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:51:55.0109 3444        Null - ok
15:51:55.0265 3444        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:51:55.0781 3444        NwlnkFlt - ok
15:51:55.0796 3444        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:51:56.0203 3444        NwlnkFwd - ok
15:51:56.0265 3444        NwlnkIpx        (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
15:51:57.0000 3444        NwlnkIpx - ok
15:51:57.0015 3444        NwlnkNb        (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
15:51:57.0468 3444        NwlnkNb - ok
15:51:57.0531 3444        NwlnkSpx        (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
15:51:57.0953 3444        NwlnkSpx - ok
15:51:58.0000 3444        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
15:51:58.0468 3444        Parport - ok
15:51:58.0515 3444        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:51:58.0906 3444        PartMgr - ok
15:51:58.0937 3444        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
15:51:59.0343 3444        ParVdm - ok
15:51:59.0406 3444        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
15:51:59.0906 3444        PCI - ok
15:51:59.0921 3444        PCIDump - ok
15:51:59.0937 3444        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:52:00.0343 3444        PCIIde - ok
15:52:00.0406 3444        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:52:00.0953 3444        Pcmcia - ok
15:52:00.0984 3444        PDCOMP - ok
15:52:01.0000 3444        PDFRAME - ok
15:52:01.0031 3444        PDRELI - ok
15:52:01.0062 3444        PDRFRAME - ok
15:52:01.0125 3444        perc2          (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:52:01.0687 3444        perc2 - ok
15:52:01.0703 3444        perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:52:02.0109 3444        perc2hib - ok
15:52:02.0218 3444        PMEM            (fa292805788528c083f416e151b60ab6) C:\WINDOWS\system32\drivers\PMEMNT.SYS
15:52:02.0250 3444        PMEM ( UnsignedFile.Multi.Generic ) - warning
15:52:02.0250 3444        PMEM - detected UnsignedFile.Multi.Generic (1)
15:52:02.0312 3444        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:52:02.0750 3444        PptpMiniport - ok
15:52:02.0828 3444        psadd          (651d3abc1d82d61b6cfb40cb947b3db3) C:\WINDOWS\system32\DRIVERS\psadd.sys
15:52:02.0921 3444        psadd - ok
15:52:02.0937 3444        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:52:03.0671 3444        PSched - ok
15:52:03.0703 3444        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:52:04.0093 3444        Ptilink - ok
15:52:04.0156 3444        ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:52:04.0562 3444        ql1080 - ok
15:52:04.0578 3444        Ql10wnt        (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:52:05.0000 3444        Ql10wnt - ok
15:52:05.0015 3444        ql12160        (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:52:05.0437 3444        ql12160 - ok
15:52:05.0453 3444        ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:52:05.0859 3444        ql1240 - ok
15:52:05.0875 3444        ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:52:06.0296 3444        ql1280 - ok
15:52:06.0375 3444        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:52:06.0750 3444        RasAcd - ok
15:52:06.0781 3444        Rasirda        (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
15:52:06.0953 3444        Rasirda - ok
15:52:07.0015 3444        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:52:07.0406 3444        Rasl2tp - ok
15:52:07.0437 3444        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:52:07.0828 3444        RasPppoe - ok
15:52:07.0859 3444        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:52:08.0234 3444        Raspti - ok
15:52:08.0296 3444        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:52:08.0734 3444        Rdbss - ok
15:52:08.0781 3444        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:52:09.0156 3444        RDPCDD - ok
15:52:09.0218 3444        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:52:09.0656 3444        rdpdr - ok
15:52:09.0750 3444        RDPWD          (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:52:09.0890 3444        RDPWD - ok
15:52:09.0921 3444        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:52:10.0343 3444        redbook - ok
15:52:10.0390 3444        ROOTMODEM      (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
15:52:10.0781 3444        ROOTMODEM - ok
15:52:10.0875 3444        RSUSBSTOR      (4290417463801d31b7c6d1adb0f8bb4c) C:\WINDOWS\system32\Drivers\RTS5121.sys
15:52:10.0968 3444        RSUSBSTOR - ok
15:52:11.0000 3444        Rts516xIR - ok
15:52:11.0078 3444        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:52:11.0296 3444        Secdrv - ok
15:52:11.0375 3444        Ser2pl          (e42f03d1081c4f60d3db6c38235b1456) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
15:52:11.0406 3444        Ser2pl ( UnsignedFile.Multi.Generic ) - warning
15:52:11.0406 3444        Ser2pl - detected UnsignedFile.Multi.Generic (1)
15:52:11.0421 3444        Serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:52:11.0812 3444        Serenum - ok
15:52:11.0843 3444        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
15:52:12.0265 3444        Serial - ok
15:52:12.0328 3444        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:52:12.0781 3444        Sfloppy - ok
15:52:12.0812 3444        Simbad - ok
15:52:12.0859 3444        sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:52:13.0250 3444        sisagp - ok
15:52:13.0562 3444        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:52:14.0031 3444        SLIP - ok
15:52:14.0093 3444        Sparrow        (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:52:14.0281 3444        Sparrow - ok
15:52:14.0343 3444        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:52:14.0734 3444        splitter - ok
15:52:14.0781 3444        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
15:52:14.0968 3444        sr - ok
15:52:15.0046 3444        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:52:15.0234 3444        Srv - ok
15:52:15.0312 3444        ssmdrv          (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:52:15.0375 3444        ssmdrv - ok
15:52:15.0406 3444        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:52:15.0812 3444        streamip - ok
15:52:15.0875 3444        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:52:16.0250 3444        swenum - ok
15:52:16.0343 3444        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:52:16.0750 3444        swmidi - ok
15:52:16.0812 3444        symc810        (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:52:17.0203 3444        symc810 - ok
15:52:17.0234 3444        symc8xx        (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:52:17.0640 3444        symc8xx - ok
15:52:17.0656 3444        sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:52:18.0046 3444        sym_hi - ok
15:52:18.0062 3444        sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:52:18.0468 3444        sym_u3 - ok
15:52:18.0546 3444        SynTP          (6bd4fd6c3ee76c247ecaf484cb590b72) C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:52:18.0734 3444        SynTP - ok
15:52:18.0812 3444        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:52:19.0203 3444        sysaudio - ok
15:52:19.0281 3444        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:52:19.0468 3444        Tcpip - ok
15:52:19.0515 3444        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:52:19.0937 3444        TDPIPE - ok
15:52:19.0984 3444        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:52:20.0390 3444        TDTCP - ok
15:52:20.0437 3444        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:52:20.0843 3444        TermDD - ok
15:52:20.0875 3444        TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
15:52:21.0296 3444        TosIde - ok
15:52:21.0328 3444        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:52:21.0734 3444        Udfs - ok
15:52:21.0750 3444        ultra          (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:52:21.0937 3444        ultra - ok
15:52:22.0000 3444        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:52:22.0437 3444        Update - ok
15:52:22.0500 3444        USBAAPL        (026f7f224f088ee11e383bca448fff81) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:52:22.0625 3444        USBAAPL - ok
15:52:22.0656 3444        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:52:23.0062 3444        usbccgp - ok
15:52:23.0109 3444        USBCCID - ok
15:52:23.0187 3444        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:52:23.0703 3444        usbehci - ok
15:52:23.0734 3444        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:52:24.0140 3444        usbhub - ok
15:52:24.0281 3444        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:52:24.0687 3444        usbprint - ok
15:52:24.0765 3444        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:52:25.0156 3444        usbscan - ok
15:52:25.0218 3444        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:52:25.0671 3444        USBSTOR - ok
15:52:25.0718 3444        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:52:26.0109 3444        usbuhci - ok
15:52:26.0156 3444        usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
15:52:26.0593 3444        usbvideo - ok
15:52:26.0656 3444        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:52:27.0046 3444        VgaSave - ok
15:52:27.0062 3444        viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:52:27.0500 3444        viaagp - ok
15:52:27.0531 3444        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:52:27.0921 3444        ViaIde - ok
15:52:27.0968 3444        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
15:52:28.0390 3444        VolSnap - ok
15:52:28.0468 3444        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:52:28.0968 3444        Wanarp - ok
15:52:29.0000 3444        WDICA - ok
15:52:29.0109 3444        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:52:29.0531 3444        wdmaud - ok
15:52:29.0625 3444        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:52:30.0031 3444        WSTCODEC - ok
15:52:30.0156 3444        MBR (0x1B8)    (579624b4daa5a6a70ebead6b390b843c) \Device\Harddisk0\DR0
15:52:30.0390 3444        \Device\Harddisk0\DR0 - ok
15:52:30.0406 3444        Boot (0x1200)  (f8f4810b95e8d9ffd7a4468dfa00bd0c) \Device\Harddisk0\DR0\Partition0
15:52:30.0421 3444        \Device\Harddisk0\DR0\Partition0 - ok
15:52:30.0421 3444        ============================================================
15:52:30.0421 3444        Scan finished
15:52:30.0421 3444        ============================================================
15:52:30.0593 3660        Detected object count: 3
15:52:30.0593 3660        Actual detected object count: 3
15:52:40.0187 3660        ACEDRV05 ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:40.0187 3660        ACEDRV05 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:40.0187 3660        PMEM ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:40.0187 3660        PMEM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:40.0203 3660        Ser2pl ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:40.0203 3660        Ser2pl ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 20.12.2011 16:08
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Fee56 20.12.2011 21:51
gut hab ich gemacht.
Combofix Logfile:
Code:
ComboFix 11-12-20.04 - Wolfgang 20.12.2011  21:32:35.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1014.407 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Wolfgang\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Wolfgang\WINDOWS
c:\windows\system32\Thumbs.db
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-11-20 bis 2011-12-20  ))))))))))))))))))))))))))))))
.
.
2011-12-20 20:15 . 2011-12-20 20:15        --------        d-----w-        C:\dvmexp
2011-12-20 13:26 . 2011-12-20 13:26        --------        d-----w-        C:\_OTL
2011-12-19 13:11 . 2011-12-19 13:11        --------        d-----w-        c:\programme\ESET
2011-12-19 13:02 . 2011-12-19 13:02        --------        d-----w-        c:\dokumente und einstellungen\Wolfgang\Anwendungsdaten\Malwarebytes
2011-12-19 13:02 . 2011-12-19 13:02        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-12-19 13:02 . 2011-12-19 13:02        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2011-12-19 13:02 . 2011-08-31 16:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 14:40 . 2008-07-21 14:51        1859712        ----a-w-        c:\windows\system32\win32k.sys
2011-11-05 02:57 . 2011-11-05 02:57        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-01 16:07 . 2008-07-21 14:51        1288704        ----a-w-        c:\windows\system32\ole32.dll
2011-10-31 23:36 . 2008-07-21 14:51        832512        ----a-w-        c:\windows\system32\wininet.dll
2011-10-31 23:36 . 2008-07-21 14:50        1830912        ----a-w-        c:\windows\system32\inetcpl.cpl
2011-10-31 23:36 . 2008-07-21 14:50        78336        ----a-w-        c:\windows\system32\ieencode.dll
2011-10-31 23:36 . 2008-07-21 14:50        17408        ----a-w-        c:\windows\system32\corpol.dll
2011-10-28 05:31 . 2008-07-21 14:50        33280        ----a-w-        c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2008-04-14 07:30        2029568        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2008-04-14 07:29        2151424        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-10-18 11:13 . 2008-07-21 14:50        186880        ----a-w-        c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2008-07-21 05:01        692736        ----a-w-        c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2008-07-21 14:50        604160        ----a-w-        c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 18:59        614912        ----a-w-        c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2008-07-21 14:51        23040        ----a-w-        c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2008-07-21 14:51        220160        ----a-w-        c:\windows\system32\oleacc.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2009-05-22 10:05        241752        ----a-w-        c:\windows\system32\IcnOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\programme\ICQ7.5\ICQ.exe" [2011-08-01 124480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"URRZ_WLAN-Profile"="c:\windows\system32\reg.exe DELETE HKCU\Software\Microsoft\EAPOL\UserEapInfo" [X]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2008-08-28 1283984]
"VeriFaceManager"="c:\programme\Lenovo\VeriFaceIII\PManage.exe" [2009-05-22 323584]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2008-05-23 1146880]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-17 17508864]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-01-05 413696]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"Microsoft Works Update Detection"="c:\programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-17 50688]
"Lexmark X1100 Series"="c:\programme\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2008-07-09 4456448]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TVT Scheduler Proxy"="c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Wolfgang\Startmenü\Programme\Autostart\
wpbt0.dll.lnk - c:\windows\system32\rundll32.exe [2008-7-21 33792]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
BTTray.lnk - c:\programme\Lenovo\Bluetooth Software\BTTray.exe [2009-1-16 604776]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PicNotify]
2009-05-22 10:05        1167360        ----a-w-        c:\windows\system32\PicNotify.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\ICQ7.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [15.08.2009 04:14 108289]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\qstart.sys\config\DVMExportService.exe [01.12.2008 17:32 307200]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [19.12.2011 14:02 366152]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [22.05.2009 10:54 9472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19.12.2011 14:02 22216]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [22.05.2009 10:59 157696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22.05.2009 10:54 1684736]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mLocal Page =
mStart Page =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programme\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\vryqgn9d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-20 21:44
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\PicNotify.dll
c:\windows\system32\FaceVerify.dll
c:\windows\system32\MainOp.dll
c:\windows\system32\VideoOp.dll
c:\windows\system32\Image.dll
c:\windows\system32\Momo.dll
c:\windows\system32\Apblend.dll
c:\windows\system32\SetDev.dll
c:\windows\system32\FunFrm.dll
c:\windows\system32\facev.dll
c:\windows\system32\3DImageRenderer.dll
c:\windows\system32\d3dx9_35.dll
c:\windows\system32\DevIL.dll
c:\windows\system32\ILU.dll
c:\windows\system32\CamOpex.dll
c:\windows\system32\DRMClien.DLL
.
Zeit der Fertigstellung: 2011-12-20  21:48:32
ComboFix-quarantined-files.txt  2011-12-20 20:48
.
Vor Suchlauf: 17 Verzeichnis(se), 75.307.069.440 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 75.415.515.136 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 0E8FF56B78787D2181178498AADCCEBD
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:22 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19