Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows gesperrt - bezahlen... (https://www.trojaner-board.de/110761-windows-gesperrt-bezahlen.html)

rookie-5 02.03.2012 17:33
Windows gesperrt - bezahlen...
 
Hallo,

habe die anderen Beiträge zu diesem Thema gelesen. Wäre super wenn mir jemand weiterhelfen könnte.

anbei sind die txt.dateien der logs.

vielen Dank im Vorraus.

cosinus 02.03.2012 20:10
Zitat:
Boot Mode: SafeMode with Networking |
na wenn der Modus geht wirst du erstmal MBAM/ESET probieren können:

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

rookie-5 02.03.2012 22:53
Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.02.04

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Oliver Gräßer :: ROOKIE [Administrator]

Schutz: Deaktiviert

02.03.2012 20:19:44
mbam-log-2012-03-02 (20-24-53).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 197902
Laufzeit: 4 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{40E72E3E-7529-11DD-B7F6-806E6F6E6963} (Backdoor.Messa) -> Daten: C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\torrent.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Oliver Gräßer\AppData\Roaming\msnsvconfig.txt (Malware.Trace) -> Keine Aktion durchgeführt.
C:\Users\Oliver Gräßer\AppData\Local\Temp\0.47462910465231734.exe (Exploit.Drop.2) -> Keine Aktion durchgeführt.
C:\Users\Oliver Gräßer\AppData\Local\Temp\0.796138540254269.exe (Exploit.Drop.2) -> Keine Aktion durchgeführt.
C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\torrent.exe (Backdoor.Messa) -> Keine Aktion durchgeführt.

(Ende)
Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f19d73bf4dd0dd4a821ec217323b533f
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-02 07:51:02
# local_time=2012-03-02 08:51:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 5398938 5398938 0 0
# compatibility_mode=5892 16776574 100 100 23658 168249871 0 0
# compatibility_mode=8192 67108863 100 0 4131 4131 0 0
# scanned=22267
# found=0
# cleaned=0
# scan_time=719
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f19d73bf4dd0dd4a821ec217323b533f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-02 09:44:34
# local_time=2012-03-02 10:44:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 5399697 5399697 0 0
# compatibility_mode=5892 16776574 100 100 24417 168250630 0 0
# compatibility_mode=8192 67108863 100 0 4890 4890 0 0
# scanned=231862
# found=1
# cleaned=0
# scan_time=6772
C:\Program Files\pdfforge Toolbar\SearchSettings.exe        Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

rookie-5 05.03.2012 11:25
:heulen: kann mir noch jemand weiterhelfen :heulen:

cosinus 05.03.2012 14:15
Ja. Du könntest mal das umsetzen was man in der Anleitung gepostet hat

Zitat:
Art des Suchlaufs: Quick-Scan
Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!

Und poste alle Logs von Malwarebytes, die im Reiter Logdateien zu sehen sind

rookie-5 05.03.2012 23:20
mein Fehler,danke für die Info...

anbei alle logs:

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.05.08

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Oliver Gräßer :: ROOKIE [Administrator]

Schutz: Deaktiviert

05.03.2012 22:12:19
mbam-log-2012-03-05 (22-12-19).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 394777
Laufzeit: 1 Stunde(n), 1 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.02.04

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Oliver Gräßer :: ROOKIE [Administrator]

Schutz: Deaktiviert

02.03.2012 20:19:44
mbam-log-2012-03-02 (20-19-44).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 197902
Laufzeit: 4 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{40E72E3E-7529-11DD-B7F6-806E6F6E6963} (Backdoor.Messa) -> Daten: C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\torrent.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Oliver Gräßer\AppData\Roaming\msnsvconfig.txt (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Oliver Gräßer\AppData\Local\Temp\0.47462910465231734.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Oliver Gräßer\AppData\Local\Temp\0.796138540254269.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\torrent.exe (Backdoor.Messa) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
2012/03/05 20:47:22 +0100        ROOKIE        (null)        MESSAGE        Executing scheduled update:  Daily
2012/03/05 20:47:24 +0100        ROOKIE        (null)        ERROR        Scheduled update failed:  No address found failed with error code 11004

cosinus 06.03.2012 12:46
Funktioniert jetzt der normale Modus wieder oder nicht?

rookie-5 06.03.2012 13:54
es scheint wieder zu funktionieren :Boogie: muss ich noch ich noch weitere schritte beachten?

cosinus 06.03.2012 14:10
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

rookie-5 06.03.2012 16:17
Code:
OTL logfile created on: 06.03.2012 15:33:05 - Run 2
OTL by OldTimer - Version 3.2.34.0    Folder = C:\Users\Oliver Gräßer\Desktop\Trojaner
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 64,17% Memory free
6,20 Gb Paging File | 4,93 Gb Available in Paging File | 79,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76,00 Gb Total Space | 16,68 Gb Free Space | 21,94% Space Free | Partition Type: NTFS
Drive D: | 148,09 Gb Total Space | 147,99 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
 
Computer Name: ROOKIE | User Name: Oliver Gräßer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Oliver Gräßer\Desktop\Trojaner\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Lexware\LxWebAccess\LxWebAccess.exe (Lexware GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe (Fujitsu Technology Solutions)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\C&E\OSD\osd.exe (C&E)
PRC - C:\Program Files\Lexmark 4800 Series\lxdemon.exe ()
PRC - C:\Program Files\Lexmark 4800 Series\lxdeamon.exe ()
PRC - C:\Windows\System32\lxdecoms.exe ( )
PRC - C:\Windows\System32\spool\drivers\w32x86\3\lxdeserv.exe (Lexmark International, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\Belkin\F1U201.401\usbshare.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\e3e1fd8ccf76e9eb0147484fb8dd773a\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7390d789557549200e474b9bbeca3d1a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\aa90407cafb9b4a0dc5e3fdff170fee9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll ()
MOD - C:\Program Files\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll ()
MOD - C:\Program Files\Lexmark 4800 Series\lxdemon.exe ()
MOD - C:\Program Files\Lexmark 4800 Series\app4r.monitor.core.dll ()
MOD - C:\Program Files\Lexmark 4800 Series\app4r.monitor.common.dll ()
MOD - C:\Program Files\Lexmark 4800 Series\app4r.devmons.mcmdevmon.dll ()
MOD - C:\Program Files\Lexmark 4800 Series\app4r.devmons.mcmdevmon.autoplayutil.dll ()
MOD - C:\Program Files\Lexmark 4800 Series\lxdeamon.exe ()
MOD - C:\Program Files\Lexmark 4800 Series\lxdescw.dll ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\lxdedatr.dll ()
MOD - C:\Program Files\ArcSoft\TotalMedia 3.5\uPiApi.dll ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\lxdecats.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56ita.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56esp.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56brz.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56kor.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56ger.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56fra.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56dnk.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56jpn.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56cht.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56chs.dll ()
MOD - C:\Program Files\Belkin\F1U201.401\usbshare.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Lexware_Datenbank_Plus) -- C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
SRV - (TestHandler) -- C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe (Fujitsu Technology Solutions)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (OsdService) -- C:\Program Files\C&E\OSD\OsdService\OsdService.exe ()
SRV - (lxde_device) -- C:\Windows\System32\lxdecoms.exe ( )
SRV - (lxdeCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdeserv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RTL2832U_IRHID) -- C:\Windows\System32\drivers\RTL2832U_IRHID.sys (Realtek)
DRV - (RTL2832UUSB) -- C:\Windows\System32\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (RTL2832UBDA) -- C:\Windows\System32\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (CEBFilter) -- C:\Program Files\C&E\OSD\OsdService\cebuffer.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (CEIO) -- C:\Program Files\C&E\OSD\OsdService\ceio.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (cKBFilter) -- C:\Program Files\C&E\OSD\OsdService\kbfiltr.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (Cam5603D) -- C:\Windows\System32\drivers\BisonCam.sys ()
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (Si3531) -- C:\Windows\system32\DRIVERS\Si3531.sys (Silicon Image, Inc)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (SiRemFil) -- C:\Windows\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.)
DRV - (SiFilter) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found
IE - HKU\..\SearchScopes,DefaultScope =
IE - HKU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_DE
IE - HKU\..\SearchScopes\{1E2576B3-CBBE-454F-BB1F-B3BD6BF69DC7}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKU\..\SearchScopes\{402A7386-7397-48A4-AB48-B491835C9908}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_deDE356
IE - HKU\..\SearchScopes\{72A01BE8-36E6-4E3E-A212-EEAA937D7AC3}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\..\SearchScopes\{A1804725-6852-46FC-B62D-1F28FF49F4ED}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Oliver Gräßer\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
 
 
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [lxdeamon] C:\Program Files\Lexmark 4800 Series\lxdeamon.exe ()
O4 - HKLM..\Run: [lxdemon.exe] C:\Program Files\Lexmark 4800 Series\lxdemon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe (C&E)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O7 - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Oliver Gräßer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Oliver Gräßer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{644959B3-FC4D-4DCB-AC67-42F5087751D1}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF0F9B18-BF57-4021-B073-C27A35EFC145}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Google EULA Launcher - hkey= - key= - c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger -  File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\CYBERL~1\PowerDV\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.05 23:29:04 | 000,000,000 | ---D | C] -- C:\Users\Oliver Gräßer\Desktop\Trojaner
[2012.03.02 20:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.02 20:16:57 | 000,000,000 | ---D | C] -- C:\Users\Oliver Gräßer\AppData\Roaming\Malwarebytes
[2012.03.02 20:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.02 20:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.02 20:16:49 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.02 20:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.02 17:34:13 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.02.29 03:02:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.02.05 19:28:06 | 000,000,000 | ---D | C] -- C:\Users\Oliver Gräßer\Documents\Steuererklärung
[15 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[15 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.06 15:24:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.06 15:24:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.06 15:16:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.06 13:32:03 | 002,833,274 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.06 13:32:02 | 007,881,110 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.06 13:32:02 | 002,507,678 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.06 13:32:02 | 002,252,068 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.06 13:25:31 | 000,223,107 | ---- | M] () -- C:\Users\Oliver Gräßer\AppData\Roaming\nvModes.001
[2012.03.06 13:24:25 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.06 13:24:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.06 13:23:58 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.06 13:22:43 | 000,001,356 | ---- | M] () -- C:\Users\Oliver Gräßer\AppData\Local\d3d9caps.dat
[2012.03.05 23:33:58 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.03.02 15:31:44 | 000,306,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.28 15:31:54 | 000,223,107 | ---- | M] () -- C:\Users\Oliver Gräßer\AppData\Roaming\nvModes.dat
[2012.02.27 14:06:26 | 000,002,653 | ---- | M] () -- C:\Users\Public\Desktop\TAXMAN 2012.lnk
[2012.02.21 13:46:36 | 000,133,262 | ---- | M] () -- C:\Users\Oliver Gräßer\Documents\WV Begünstigte 21.02.2012 13;46;36.PDF
[2012.02.17 16:40:09 | 316,193,826 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.02.17 16:24:13 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[15 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[15 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.06 13:23:57 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.21 13:46:52 | 000,133,262 | ---- | C] () -- C:\Users\Oliver Gräßer\Documents\WV Begünstigte 21.02.2012 13;46;36.PDF
[2012.01.23 18:48:59 | 000,000,147 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.09.27 11:17:26 | 000,198,144 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2011.09.27 11:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll
[2011.09.27 11:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll
[2011.09.27 11:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll
[2010.10.21 14:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2010.10.21 14:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2010.10.21 14:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2010.05.15 17:16:04 | 000,001,356 | ---- | C] () -- C:\Users\Oliver Gräßer\AppData\Local\d3d9caps.dat
[2010.04.04 16:52:27 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdecoin.dll
[2010.04.04 16:50:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2010.04.04 16:50:04 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2010.04.04 16:48:04 | 000,000,060 | ---- | C] () -- C:\Windows\System32\lxderwrd.ini
[2010.04.04 16:47:51 | 000,434,176 | ---- | C] ( ) -- C:\Windows\System32\lxdehcp.dll
[2010.04.04 16:47:51 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdeinst.dll
[2010.04.04 16:47:50 | 001,200,128 | ---- | C] ( ) -- C:\Windows\System32\lxdeserv.dll
[2010.04.04 16:47:50 | 000,950,272 | ---- | C] ( ) -- C:\Windows\System32\lxdeusb1.dll
[2010.04.04 16:47:50 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdeinpa.dll
[2010.04.04 16:47:50 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdeiesc.dll
[2010.04.04 16:47:49 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdepmui.dll
[2010.04.04 16:47:49 | 000,565,248 | ---- | C] ( ) -- C:\Windows\System32\lxdelmpm.dll
[2010.04.04 16:47:49 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdeprox.dll
[2010.04.04 16:47:48 | 000,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdeih.exe
[2010.04.04 16:47:47 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdehbn3.dll
[2010.04.04 16:47:47 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdegrd.dll
[2010.04.04 16:47:46 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdecomc.dll
[2010.04.04 16:47:46 | 000,598,960 | ---- | C] ( ) -- C:\Windows\System32\lxdecoms.exe
[2010.04.04 16:47:46 | 000,365,488 | ---- | C] ( ) -- C:\Windows\System32\lxdecfg.exe
[2010.04.04 16:47:46 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdecomm.dll
 
========== LOP Check ==========
 
[2011.12.19 12:58:23 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\1&1 Mail & Media GmbH
[2009.02.08 19:40:30 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\biu software
[2011.05.20 21:31:36 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\BOM
[2010.01.23 22:15:02 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Canneverbe_Limited
[2011.12.19 16:34:21 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\DVDVideoSoft
[2011.09.18 15:38:46 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.08 10:34:32 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular
[2011.01.05 23:26:26 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\eMusic
[2009.02.07 17:26:24 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\GlarySoft
[2008.12.02 19:41:45 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\IrfanView
[2010.04.04 17:11:46 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Lexmark Productivity Studio
[2008.12.15 23:00:30 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Lexware
[2008.09.13 20:22:20 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\PeerNetworking
[2012.03.02 16:34:10 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\RayV
[2009.03.26 20:15:45 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Samsung
[2008.09.13 11:22:44 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Template
[2011.01.21 20:26:39 | 000,000,000 | ---D | M] -- C:\Users\Steuer\AppData\Roaming\elsterformular
[2009.04.17 14:39:55 | 000,000,000 | ---D | M] -- C:\Users\Steuer\AppData\Roaming\Haufe
[2009.05.16 13:31:01 | 000,000,000 | ---D | M] -- C:\Users\Steuer\AppData\Roaming\Lexmark Productivity Studio
[2008.12.15 23:23:03 | 000,000,000 | ---D | M] -- C:\Users\Steuer\AppData\Roaming\Lexware
[2012.03.05 23:33:59 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.19 12:58:23 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\1&1 Mail & Media GmbH
[2008.09.13 12:32:25 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Adobe
[2009.10.10 21:25:10 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\ArcSoft
[2011.12.31 10:02:37 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Avira
[2009.02.08 19:40:30 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\biu software
[2011.05.20 21:31:36 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\BOM
[2010.01.23 22:15:02 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Canneverbe_Limited
[2008.08.31 09:29:24 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\CyberLink
[2010.06.25 10:52:52 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\DivX
[2011.12.19 16:34:21 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\DVDVideoSoft
[2011.09.18 15:38:46 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.08 10:34:32 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular
[2011.01.05 23:26:26 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\eMusic
[2008.12.25 11:31:46 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\FaxCtr
[2009.02.07 17:26:24 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\GlarySoft
[2008.08.28 19:34:49 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Google
[2008.08.28 19:10:05 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Identities
[2008.12.15 23:37:13 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\InstallShield
[2008.12.02 19:41:45 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\IrfanView
[2010.04.04 17:11:46 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Lexmark Productivity Studio
[2008.12.15 23:00:30 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Lexware
[2008.08.28 20:43:32 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Macromedia
[2012.03.02 20:16:57 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Media Center Programs
[2009.04.11 07:27:36 | 000,000,000 | --SD | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft
[2010.03.17 22:35:35 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Move Networks
[2010.08.01 09:32:42 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Mozilla
[2010.08.01 09:32:51 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Mozilla-Cache
[2008.10.05 18:12:42 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Nero
[2008.09.13 20:22:20 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\PeerNetworking
[2012.03.02 16:34:10 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\RayV
[2009.03.26 20:15:45 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Samsung
[2008.09.13 11:22:44 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Template
[2008.11.23 01:30:31 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.01.09 22:01:39 | 004,051,632 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_10_7094_7699.exe
[2012.01.09 22:03:01 | 004,048,168 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_11_7094_7699.exe
[2012.01.09 22:04:21 | 004,067,576 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_09_7094_7699.exe
[2012.01.09 22:05:25 | 004,058,240 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_10_7094_7699.exe
[2012.01.09 22:06:23 | 004,052,104 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_11_7094_7699.exe
[2012.01.09 22:07:35 | 004,049,248 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_10_7094_7699.exe
[2012.01.09 22:08:37 | 004,051,088 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_11_7094_7699.exe
[2011.10.08 10:32:29 | 011,250,312 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular\update\ElsterFormular_update-12_3_2_6814u.exe
[2012.01.23 18:27:24 | 000,086,016 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\Installer\{1D081AB0-B1CC-11E0-80C0-005056B12123}\ARPPRODUCTICON.exe
[2008.08.28 19:09:32 | 000,008,704 | R--- | M] () -- C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\Installer\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}\Icon9A3BC1573.exe
[2008.12.15 23:10:57 | 000,086,016 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\Installer\{A4E86B6A-6EEC-41FD-8960-26947F0E3353}\ARPPRODUCTICON.exe
[2009.01.09 20:23:12 | 000,086,016 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\Installer\{D5C8E140-6E6F-11DD-9AA9-0050560400B1}\ARPPRODUCTICON.exe
[2009.01.09 20:23:40 | 000,086,016 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\Installer\{F48AAE0F-52F4-11DD-B1F7-0050560400B1}\ARPPRODUCTICON.exe
[2010.03.17 22:35:35 | 000,144,053 | ---- | M] () -- C:\Users\Oliver Gräßer\AppData\Roaming\Move Networks\uninstall.exe
[2009.02.12 19:37:34 | 000,097,144 | ---- | M] () -- C:\Users\Oliver Gräßer\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2008.05.27 12:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Windows\System32\drivers\ahcix86s.sys
[2008.05.27 12:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_c617648e\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.06.03 04:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2008.06.03 04:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2008.06.03 04:27:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2008.06.03 04:27:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_41af7b1f\iaStor.sys
[2007.02.12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\DRIVER\SATA\INTEL\iaStor.sys
[2007.02.12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
[2007.02.12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.08.07 13:34:48 | 013,115,392 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.08.07 13:34:39 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.08.07 13:34:48 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008.08.07 13:34:58 | 017,633,280 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008.08.07 13:35:00 | 006,705,152 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

cosinus 06.03.2012 19:48
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://supertoolbar.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_DE
IE - HKU\..\SearchScopes\{1E2576B3-CBBE-454F-BB1F-B3BD6BF69DC7}: "URL" = http://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = http://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKU\..\SearchScopes\{402A7386-7397-48A4-AB48-B491835C9908}: "URL" = http://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_deDE356
IE - HKU\..\SearchScopes\{72A01BE8-36E6-4E3E-A212-EEAA937D7AC3}: "URL" = http://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\..\SearchScopes\{A1804725-6852-46FC-B62D-1F28FF49F4ED}: "URL" = http://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O7 - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
:Files
C:\Program Files\pdfforge Toolbar
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

rookie-5 06.03.2012 20:17
Code:
All processes killed
========== OTL ==========
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{1E2576B3-CBBE-454F-BB1F-B3BD6BF69DC7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E2576B3-CBBE-454F-BB1F-B3BD6BF69DC7}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{402A7386-7397-48A4-AB48-B491835C9908}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{402A7386-7397-48A4-AB48-B491835C9908}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{72A01BE8-36E6-4E3E-A212-EEAA937D7AC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72A01BE8-36E6-4E3E-A212-EEAA937D7AC3}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{A1804725-6852-46FC-B62D-1F28FF49F4ED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1804725-6852-46FC-B62D-1F28FF49F4ED}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ deleted successfully.
C:\Program Files\Lexmark Toolbar\toolband.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ deleted successfully.
C:\Program Files\WEB.DE Toolbar\IE\uitb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
File C:\Program Files\Lexmark Toolbar\toolband.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C424171E-592A-415a-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415a-9EB1-DFD6D95D3530}\ deleted successfully.
File C:\Program Files\WEB.DE Toolbar\IE\uitb.dll not found.
Registry value HKEY_USERS\S-1-5-21-3359374848-750208709-1910855389-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
File C:\Program Files\Lexmark Toolbar\toolband.dll not found.
Registry value HKEY_USERS\S-1-5-21-3359374848-750208709-1910855389-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
File C:\Program Files\Lexmark Toolbar\toolband.dll not found.
Registry value HKEY_USERS\S-1-5-21-3359374848-750208709-1910855389-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found.
File C:\Program Files\WEB.DE Toolbar\IE\uitb.dll not found.
Registry value HKEY_USERS\S-1-5-21-3359374848-750208709-1910855389-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\add to &BOM\ deleted successfully.
File move failed. C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta scheduled to be moved on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== FILES ==========
C:\Program Files\pdfforge Toolbar\Res folder moved successfully.
C:\Program Files\pdfforge Toolbar folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Oliver Gräßer
->Temp folder emptied: 300770193 bytes
->Temporary Internet Files folder emptied: 1107652437 bytes
->Java cache emptied: 39147454 bytes
->Flash cache emptied: 95213 bytes
 
User: Public
 
User: Steuer
->Temp folder emptied: 2156909 bytes
->Temporary Internet Files folder emptied: 135238340 bytes
->Java cache emptied: 24268233 bytes
->Flash cache emptied: 24447 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 79431643 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 11026356 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 19689711 bytes
RecycleBin emptied: 5258760 bytes
 
Total Files Cleaned = 1.645,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.34.0 log created on 03062012_195553

Files\Folders moved on Reboot...
File\Folder C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta not found!
File\Folder C:\Users\Oliver Gräßer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VYDCNNB3\n=Europa;w_lan=DE;w_reg=BW;w_ort=Cleebronn;w_plz=74389;w_tmi=9;w_tma=15;w_pic=1;w_wx=2;xx=pl;xx=wp;xx=pb;xx=pr;wefo=pu1;wefo=fb2;wefo=rt1;wefo=sc1;tile=1;ord=5892113329[1] not found!
File\Folder C:\Users\Oliver Gräßer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VYDCNNB3\n=Europa;w_lan=DE;w_reg=BW;w_ort=Cleebronn;w_plz=74389;w_tmi=9;w_tma=15;w_pic=1;w_wx=2;xx=pl;xx=wp;xx=pb;xx=pr;wefo=pu1;wefo=fb2;wefo=rt1;wefo=sc1;tile=5;ord=5892113329[1] not found!
File\Folder C:\Users\Oliver Gräßer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\4U0BLN4Q\n=Europa;w_lan=DE;w_reg=BW;w_ort=Cleebronn;w_plz=74389;w_tmi=9;w_tma=15;w_pic=1;w_wx=2;xx=pl;xx=wp;xx=pb;xx=pr;wefo=pu1;wefo=fb2;wefo=rt1;wefo=sc1;tile=3;ord=5892113329[1] not found!
File\Folder C:\Users\Oliver Gräßer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2GB73HT2\n=Europa;w_lan=DE;w_reg=BW;w_ort=Cleebronn;w_plz=74389;w_tmi=9;w_tma=15;w_pic=1;w_wx=2;xx=pl;xx=wp;xx=pb;xx=pr;wefo=pu1;wefo=fb2;wefo=rt1;wefo=sc1;tile=2;ord=5892113329[1] not found!
File\Folder C:\Users\Oliver Gräßer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2GB73HT2\n=Europa;w_lan=DE;w_reg=BW;w_ort=Cleebronn;w_plz=74389;w_tmi=9;w_tma=15;w_pic=1;w_wx=2;xx=pl;xx=wp;xx=pb;xx=pr;wefo=pu1;wefo=fb2;wefo=rt1;wefo=sc1;tile=4;ord=5892113329[1] not found!
File move failed. C:\Windows\temp\asat0000.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 06.03.2012 20:21
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

rookie-5 06.03.2012 20:53
Code:
20:48:07.0727 4908        TDSS rootkit removing tool 2.7.19.0 Mar  5 2012 11:23:39
20:48:07.0976 4908        ============================================================
20:48:07.0976 4908        Current date / time: 2012/03/06 20:48:07.0976
20:48:07.0976 4908        SystemInfo:
20:48:07.0976 4908       
20:48:07.0976 4908        OS Version: 6.0.6002 ServicePack: 2.0
20:48:07.0976 4908        Product type: Workstation
20:48:07.0976 4908        ComputerName: ROOKIE
20:48:07.0976 4908        UserName: Oliver Gräßer
20:48:07.0976 4908        Windows directory: C:\Windows
20:48:07.0976 4908        System windows directory: C:\Windows
20:48:07.0976 4908        Processor architecture: Intel x86
20:48:07.0976 4908        Number of processors: 2
20:48:07.0976 4908        Page size: 0x1000
20:48:07.0976 4908        Boot type: Normal boot
20:48:07.0976 4908        ============================================================
20:48:08.0866 4908        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:48:08.0881 4908        \Device\Harddisk0\DR0:
20:48:08.0881 4908        MBR used
20:48:08.0881 4908        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1194800, BlocksNum 0x9800800
20:48:08.0881 4908        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xA995000, BlocksNum 0x12830170
20:48:08.0990 4908        Initialize success
20:48:08.0990 4908        ============================================================
20:50:29.0406 4212        ============================================================
20:50:29.0406 4212        Scan started
20:50:29.0406 4212        Mode: Manual; SigCheck; TDLFS;
20:50:29.0406 4212        ============================================================
20:50:29.0936 4212        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:50:30.0155 4212        ACPI - ok
20:50:30.0217 4212        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:50:30.0248 4212        adp94xx - ok
20:50:30.0295 4212        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:50:30.0326 4212        adpahci - ok
20:50:30.0358 4212        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:50:30.0373 4212        adpu160m - ok
20:50:30.0404 4212        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:50:30.0436 4212        adpu320 - ok
20:50:30.0498 4212        Afc            (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
20:50:30.0545 4212        Afc - ok
20:50:30.0607 4212        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:50:30.0685 4212        AFD - ok
20:50:30.0748 4212        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:50:30.0763 4212        agp440 - ok
20:50:30.0826 4212        ahcix86s        (fbe4016f9ef3ab3db547e40a936b6cd9) C:\Windows\system32\drivers\ahcix86s.sys
20:50:30.0841 4212        ahcix86s - ok
20:50:30.0872 4212        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:50:30.0904 4212        aic78xx - ok
20:50:30.0935 4212        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:50:30.0950 4212        aliide - ok
20:50:30.0982 4212        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:50:30.0997 4212        amdagp - ok
20:50:31.0028 4212        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:50:31.0044 4212        amdide - ok
20:50:31.0075 4212        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:50:31.0216 4212        AmdK7 - ok
20:50:31.0247 4212        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:50:31.0309 4212        AmdK8 - ok
20:50:31.0403 4212        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:50:31.0418 4212        arc - ok
20:50:31.0465 4212        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:50:31.0481 4212        arcsas - ok
20:50:31.0512 4212        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:50:31.0590 4212        AsyncMac - ok
20:50:31.0621 4212        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:50:31.0652 4212        atapi - ok
20:50:31.0715 4212        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
20:50:31.0730 4212        avgntflt - ok
20:50:31.0762 4212        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
20:50:31.0777 4212        avipbb - ok
20:50:31.0808 4212        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
20:50:31.0824 4212        avkmgr - ok
20:50:31.0855 4212        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:50:31.0918 4212        Beep - ok
20:50:31.0964 4212        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:50:32.0027 4212        blbdrive - ok
20:50:32.0074 4212        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:50:32.0136 4212        bowser - ok
20:50:32.0183 4212        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:50:32.0292 4212        BrFiltLo - ok
20:50:32.0323 4212        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:50:32.0386 4212        BrFiltUp - ok
20:50:32.0432 4212        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:50:32.0651 4212        Brserid - ok
20:50:32.0682 4212        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:50:32.0776 4212        BrSerWdm - ok
20:50:32.0791 4212        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:50:32.0885 4212        BrUsbMdm - ok
20:50:32.0900 4212        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:50:32.0994 4212        BrUsbSer - ok
20:50:33.0056 4212        BthEnum        (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
20:50:33.0103 4212        BthEnum - ok
20:50:33.0150 4212        BTHMODEM        (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
20:50:33.0212 4212        BTHMODEM - ok
20:50:33.0259 4212        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
20:50:33.0337 4212        BthPan - ok
20:50:33.0400 4212        BTHPORT        (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
20:50:33.0509 4212        BTHPORT - ok
20:50:33.0556 4212        BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
20:50:33.0602 4212        BTHUSB - ok
20:50:33.0680 4212        Cam5603D        (166eba385178229475b6aeb950e0a082) C:\Windows\system32\Drivers\BisonCam.sys
20:50:33.0805 4212        Cam5603D - ok
20:50:33.0868 4212        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:50:33.0930 4212        cdfs - ok
20:50:33.0992 4212        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:50:34.0039 4212        cdrom - ok
20:50:34.0117 4212        CEBFilter      (039f27ea2344c541cb6a0ef288bc8996) C:\Program Files\C&E\OSD\OsdService\cebuffer.sys
20:50:34.0133 4212        CEBFilter ( UnsignedFile.Multi.Generic ) - warning
20:50:34.0133 4212        CEBFilter - detected UnsignedFile.Multi.Generic (1)
20:50:34.0148 4212        CEIO            (147019abeb922507f2fa107032c480ce) C:\Program Files\C&E\OSD\OsdService\ceio.sys
20:50:34.0148 4212        CEIO ( UnsignedFile.Multi.Generic ) - warning
20:50:34.0148 4212        CEIO - detected UnsignedFile.Multi.Generic (1)
20:50:34.0195 4212        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
20:50:34.0258 4212        circlass - ok
20:50:34.0273 4212        cKBFilter      (cb11e608025aa6e601ff0c097e6009bd) C:\Program Files\C&E\OSD\OsdService\kbfiltr.sys
20:50:34.0289 4212        cKBFilter ( UnsignedFile.Multi.Generic ) - warning
20:50:34.0289 4212        cKBFilter - detected UnsignedFile.Multi.Generic (1)
20:50:34.0351 4212        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:50:34.0382 4212        CLFS - ok
20:50:34.0460 4212        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:50:34.0507 4212        CmBatt - ok
20:50:34.0538 4212        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:50:34.0554 4212        cmdide - ok
20:50:34.0585 4212        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:50:34.0601 4212        Compbatt - ok
20:50:34.0616 4212        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:50:34.0648 4212        crcdisk - ok
20:50:34.0663 4212        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:50:34.0726 4212        Crusoe - ok
20:50:34.0804 4212        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:50:34.0866 4212        DfsC - ok
20:50:34.0975 4212        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:50:34.0991 4212        disk - ok
20:50:35.0069 4212        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:50:35.0131 4212        drmkaud - ok
20:50:35.0225 4212        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:50:35.0350 4212        DXGKrnl - ok
20:50:35.0428 4212        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:50:35.0490 4212        E1G60 - ok
20:50:35.0552 4212        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:50:35.0584 4212        Ecache - ok
20:50:35.0630 4212        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:50:35.0662 4212        elxstor - ok
20:50:35.0708 4212        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:50:35.0771 4212        ErrDev - ok
20:50:35.0849 4212        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:50:35.0927 4212        exfat - ok
20:50:35.0974 4212        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:50:36.0020 4212        fastfat - ok
20:50:36.0067 4212        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:50:36.0130 4212        fdc - ok
20:50:36.0176 4212        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:50:36.0192 4212        FileInfo - ok
20:50:36.0223 4212        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:50:36.0286 4212        Filetrace - ok
20:50:36.0317 4212        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:50:36.0379 4212        flpydisk - ok
20:50:36.0473 4212        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:50:36.0504 4212        FltMgr - ok
20:50:36.0582 4212        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:50:36.0660 4212        Fs_Rec - ok
20:50:36.0691 4212        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:50:36.0707 4212        gagp30kx - ok
20:50:36.0847 4212        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:50:36.0956 4212        HdAudAddService - ok
20:50:37.0019 4212        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:50:37.0112 4212        HDAudBus - ok
20:50:37.0144 4212        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:50:37.0237 4212        HidBth - ok
20:50:37.0284 4212        HidIr          (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
20:50:37.0346 4212        HidIr - ok
20:50:37.0409 4212        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:50:37.0456 4212        HidUsb - ok
20:50:37.0518 4212        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:50:37.0534 4212        HpCISSs - ok
20:50:37.0580 4212        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:50:37.0690 4212        HTTP - ok
20:50:37.0736 4212        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:50:37.0752 4212        i2omp - ok
20:50:37.0799 4212        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:50:37.0861 4212        i8042prt - ok
20:50:37.0908 4212        iaStor          (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
20:50:37.0939 4212        iaStor - ok
20:50:37.0970 4212        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:50:38.0002 4212        iaStorV - ok
20:50:38.0048 4212        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:50:38.0064 4212        iirsp - ok
20:50:38.0189 4212        IntcAzAudAddService (5d854cbac8b7b4b964406f9808c95fae) C:\Windows\system32\drivers\RTKVHDA.sys
20:50:38.0329 4212        IntcAzAudAddService - ok
20:50:38.0392 4212        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:50:38.0454 4212        intelide - ok
20:50:38.0532 4212        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:50:38.0594 4212        intelppm - ok
20:50:38.0641 4212        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:50:38.0704 4212        IpFilterDriver - ok
20:50:38.0719 4212        IpInIp - ok
20:50:38.0766 4212        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:50:38.0844 4212        IPMIDRV - ok
20:50:38.0875 4212        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:50:38.0938 4212        IPNAT - ok
20:50:38.0969 4212        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:50:39.0016 4212        IRENUM - ok
20:50:39.0047 4212        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:50:39.0078 4212        isapnp - ok
20:50:39.0125 4212        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:50:39.0156 4212        iScsiPrt - ok
20:50:39.0187 4212        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:50:39.0203 4212        iteatapi - ok
20:50:39.0265 4212        itecir          (e4b04a0d8b237ecf026d849439f1bcce) C:\Windows\system32\DRIVERS\itecir.sys
20:50:39.0296 4212        itecir - ok
20:50:39.0312 4212        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:50:39.0328 4212        iteraid - ok
20:50:39.0374 4212        JRAID          (c36f3a1a4e8416ef43f30deab7701730) C:\Windows\system32\drivers\jraid.sys
20:50:39.0421 4212        JRAID - ok
20:50:39.0452 4212        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:50:39.0484 4212        kbdclass - ok
20:50:39.0530 4212        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:50:39.0593 4212        kbdhid - ok
20:50:39.0655 4212        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
20:50:39.0718 4212        KSecDD - ok
20:50:39.0796 4212        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:50:39.0920 4212        lltdio - ok
20:50:40.0061 4212        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:50:40.0076 4212        LSI_FC - ok
20:50:40.0108 4212        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:50:40.0139 4212        LSI_SAS - ok
20:50:40.0170 4212        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:50:40.0201 4212        LSI_SCSI - ok
20:50:40.0232 4212        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:50:40.0295 4212        luafv - ok
20:50:40.0388 4212        MBAMProtector  (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
20:50:40.0404 4212        MBAMProtector - ok
20:50:40.0451 4212        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:50:40.0466 4212        megasas - ok
20:50:40.0529 4212        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:50:40.0607 4212        MegaSR - ok
20:50:40.0669 4212        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:50:40.0732 4212        Modem - ok
20:50:40.0888 4212        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:50:40.0934 4212        monitor - ok
20:50:41.0075 4212        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:50:41.0090 4212        mouclass - ok
20:50:41.0153 4212        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:50:41.0215 4212        mouhid - ok
20:50:41.0262 4212        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:50:41.0278 4212        MountMgr - ok
20:50:41.0512 4212        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:50:41.0527 4212        mpio - ok
20:50:41.0574 4212        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:50:41.0621 4212        mpsdrv - ok
20:50:41.0714 4212        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:50:41.0730 4212        Mraid35x - ok
20:50:41.0777 4212        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:50:41.0839 4212        MRxDAV - ok
20:50:41.0886 4212        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:50:41.0948 4212        mrxsmb - ok
20:50:41.0995 4212        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:50:42.0042 4212        mrxsmb10 - ok
20:50:42.0073 4212        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:50:42.0104 4212        mrxsmb20 - ok
20:50:42.0151 4212        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
20:50:42.0182 4212        msahci - ok
20:50:42.0198 4212        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:50:42.0229 4212        msdsm - ok
20:50:42.0260 4212        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:50:42.0323 4212        Msfs - ok
20:50:42.0354 4212        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:50:42.0385 4212        msisadrv - ok
20:50:42.0448 4212        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:50:42.0510 4212        MSKSSRV - ok
20:50:42.0526 4212        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:50:42.0588 4212        MSPCLOCK - ok
20:50:42.0619 4212        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:50:42.0791 4212        MSPQM - ok
20:50:42.0853 4212        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:50:42.0900 4212        MsRPC - ok
20:50:42.0931 4212        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:50:42.0962 4212        mssmbios - ok
20:50:42.0994 4212        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:50:43.0118 4212        MSTEE - ok
20:50:43.0181 4212        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:50:43.0196 4212        Mup - ok
20:50:43.0259 4212        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:50:43.0306 4212        NativeWifiP - ok
20:50:43.0384 4212        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:50:43.0446 4212        NDIS - ok
20:50:43.0493 4212        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:50:43.0555 4212        NdisTapi - ok
20:50:43.0571 4212        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:50:43.0618 4212        Ndisuio - ok
20:50:43.0664 4212        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:50:43.0727 4212        NdisWan - ok
20:50:43.0742 4212        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:50:43.0805 4212        NDProxy - ok
20:50:43.0836 4212        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:50:43.0898 4212        NetBIOS - ok
20:50:43.0945 4212        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:50:43.0976 4212        netbt - ok
20:50:44.0132 4212        NETw4v32        (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys
20:50:44.0320 4212        NETw4v32 - ok
20:50:44.0382 4212        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:50:44.0413 4212        nfrd960 - ok
20:50:44.0460 4212        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:50:44.0491 4212        Npfs - ok
20:50:44.0522 4212        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:50:44.0585 4212        nsiproxy - ok
20:50:44.0663 4212        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:50:44.0725 4212        Ntfs - ok
20:50:44.0756 4212        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:50:44.0866 4212        ntrigdigi - ok
20:50:44.0912 4212        NuidFltr        (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
20:50:44.0944 4212        NuidFltr - ok
20:50:44.0959 4212        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:50:45.0022 4212        Null - ok
20:50:45.0302 4212        nvlddmkm        (fe6bebb8fc2a1e50426624025d7c30d6) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:50:45.0848 4212        nvlddmkm - ok
20:50:45.0895 4212        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:50:45.0911 4212        nvraid - ok
20:50:45.0942 4212        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:50:45.0973 4212        nvstor - ok
20:50:45.0989 4212        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:50:46.0020 4212        nv_agp - ok
20:50:46.0020 4212        NwlnkFlt - ok
20:50:46.0051 4212        NwlnkFwd - ok
20:50:46.0114 4212        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:50:46.0145 4212        ohci1394 - ok
20:50:46.0207 4212        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:50:46.0301 4212        Parport - ok
20:50:46.0363 4212        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:50:46.0379 4212        partmgr - ok
20:50:46.0410 4212        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:50:46.0504 4212        Parvdm - ok
20:50:46.0550 4212        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:50:46.0566 4212        pci - ok
20:50:46.0613 4212        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
20:50:46.0628 4212        pciide - ok
20:50:46.0660 4212        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:50:46.0675 4212        pcmcia - ok
20:50:46.0738 4212        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:50:46.0940 4212        PEAUTH - ok
20:50:47.0096 4212        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:50:47.0159 4212        PptpMiniport - ok
20:50:47.0174 4212        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:50:47.0237 4212        Processor - ok
20:50:47.0299 4212        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:50:47.0330 4212        PSched - ok
20:50:47.0408 4212        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:50:47.0502 4212        ql2300 - ok
20:50:47.0533 4212        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:50:47.0564 4212        ql40xx - ok
20:50:47.0596 4212        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:50:47.0642 4212        QWAVEdrv - ok
20:50:47.0674 4212        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:50:47.0736 4212        RasAcd - ok
20:50:47.0767 4212        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:50:47.0830 4212        Rasl2tp - ok
20:50:47.0892 4212        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:50:47.0939 4212        RasPppoe - ok
20:50:47.0970 4212        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:50:48.0001 4212        RasSstp - ok
20:50:48.0032 4212        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:50:48.0095 4212        rdbss - ok
20:50:48.0110 4212        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:50:48.0173 4212        RDPCDD - ok
20:50:48.0204 4212        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:50:48.0266 4212        rdpdr - ok
20:50:48.0298 4212        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:50:48.0344 4212        RDPENCDD - ok
20:50:48.0376 4212        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
20:50:48.0422 4212        RDPWD - ok
20:50:48.0500 4212        RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
20:50:48.0547 4212        RFCOMM - ok
20:50:48.0594 4212        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:50:48.0656 4212        rspndr - ok
20:50:48.0703 4212        RTL2832UBDA    (3f2e468d0659cec13aeb57f09860a47b) C:\Windows\system32\drivers\RTL2832UBDA.sys
20:50:48.0734 4212        RTL2832UBDA - ok
20:50:48.0781 4212        RTL2832UUSB    (a2cef3feec543fd0a027222fddb87ecd) C:\Windows\system32\Drivers\RTL2832UUSB.sys
20:50:48.0797 4212        RTL2832UUSB - ok
20:50:48.0828 4212        RTL2832U_IRHID  (cf9b3fc317b6ea27531c0e8e04df286e) C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys
20:50:48.0844 4212        RTL2832U_IRHID - ok
20:50:48.0890 4212        RTL8169        (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys
20:50:48.0953 4212        RTL8169 - ok
20:50:48.0984 4212        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:50:49.0000 4212        sbp2port - ok
20:50:49.0062 4212        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:50:49.0140 4212        secdrv - ok
20:50:49.0171 4212        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:50:49.0265 4212        Serenum - ok
20:50:49.0296 4212        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:50:49.0374 4212        Serial - ok
20:50:49.0405 4212        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:50:49.0468 4212        sermouse - ok
20:50:49.0514 4212        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:50:49.0561 4212        sffdisk - ok
20:50:49.0592 4212        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:50:49.0639 4212        sffp_mmc - ok
20:50:49.0670 4212        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:50:49.0717 4212        sffp_sd - ok
20:50:49.0764 4212        sfloppy        (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
20:50:49.0826 4212        sfloppy - ok
20:50:49.0889 4212        Si3531          (8613e8fe6c190f377240a3989fad5d5e) C:\Windows\system32\DRIVERS\Si3531.sys
20:50:49.0904 4212        Si3531 - ok
20:50:49.0936 4212        SiFilter        (72cf151fb410e544904dbc7d7f29b796) C:\Windows\system32\DRIVERS\SiWinAcc.sys
20:50:49.0982 4212        SiFilter - ok
20:50:49.0998 4212        SiRemFil        (41a59f484188be629087ba391ff60d74) C:\Windows\system32\DRIVERS\SiRemFil.sys
20:50:50.0029 4212        SiRemFil - ok
20:50:50.0076 4212        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:50:50.0092 4212        sisagp - ok
20:50:50.0123 4212        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:50:50.0138 4212        SiSRaid2 - ok
20:50:50.0170 4212        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:50:50.0201 4212        SiSRaid4 - ok
20:50:50.0248 4212        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:50:50.0294 4212        Smb - ok
20:50:50.0357 4212        smserial        (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\Windows\system32\DRIVERS\smserial.sys
20:50:50.0466 4212        smserial - ok
20:50:50.0513 4212        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:50:50.0528 4212        spldr - ok
20:50:50.0575 4212        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:50:50.0638 4212        srv - ok
20:50:50.0684 4212        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:50:50.0747 4212        srv2 - ok
20:50:50.0794 4212        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:50:50.0840 4212        srvnet - ok
20:50:50.0887 4212        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
20:50:50.0903 4212        ssmdrv - ok
20:50:50.0965 4212        StarOpen - ok
20:50:50.0996 4212        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:50:51.0028 4212        swenum - ok
20:50:51.0043 4212        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:50:51.0074 4212        Symc8xx - ok
20:50:51.0121 4212        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:50:51.0152 4212        Sym_hi - ok
20:50:51.0168 4212        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:50:51.0199 4212        Sym_u3 - ok
20:50:51.0293 4212        Tcpip          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
20:50:51.0418 4212        Tcpip - ok
20:50:51.0496 4212        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
20:50:51.0574 4212        Tcpip6 - ok
20:50:51.0620 4212        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:50:51.0667 4212        tcpipreg - ok
20:50:51.0714 4212        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:50:51.0761 4212        TDPIPE - ok
20:50:51.0792 4212        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:50:51.0854 4212        TDTCP - ok
20:50:51.0901 4212        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:50:51.0964 4212        tdx - ok
20:50:52.0026 4212        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:50:52.0042 4212        TermDD - ok
20:50:52.0120 4212        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:50:52.0166 4212        tssecsrv - ok
20:50:52.0182 4212        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:50:52.0229 4212        tunmp - ok
20:50:52.0276 4212        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:50:52.0307 4212        tunnel - ok
20:50:52.0338 4212        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:50:52.0369 4212        uagp35 - ok
20:50:52.0432 4212        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:50:52.0494 4212        udfs - ok
20:50:52.0541 4212        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:50:52.0556 4212        uliagpkx - ok
20:50:52.0603 4212        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:50:52.0634 4212        uliahci - ok
20:50:52.0666 4212        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:50:52.0681 4212        UlSata - ok
20:50:52.0712 4212        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:50:52.0728 4212        ulsata2 - ok
20:50:52.0759 4212        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:50:52.0822 4212        umbus - ok
20:50:52.0900 4212        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:50:52.0946 4212        usbccgp - ok
20:50:52.0978 4212        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:50:53.0071 4212        usbcir - ok
20:50:53.0102 4212        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:50:53.0149 4212        usbehci - ok
20:50:53.0196 4212        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:50:53.0258 4212        usbhub - ok
20:50:53.0290 4212        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:50:53.0383 4212        usbohci - ok
20:50:53.0430 4212        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:50:53.0492 4212        usbprint - ok
20:50:53.0539 4212        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:50:53.0586 4212        usbscan - ok
20:50:53.0617 4212        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:50:53.0664 4212        USBSTOR - ok
20:50:53.0695 4212        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:50:53.0742 4212        usbuhci - ok
20:50:53.0773 4212        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:50:53.0836 4212        vga - ok
20:50:53.0867 4212        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:50:53.0929 4212        VgaSave - ok
20:50:53.0976 4212        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:50:53.0992 4212        viaagp - ok
20:50:54.0023 4212        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:50:54.0070 4212        ViaC7 - ok
20:50:54.0101 4212        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:50:54.0116 4212        viaide - ok
20:50:54.0148 4212        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:50:54.0163 4212        volmgr - ok
20:50:54.0210 4212        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:50:54.0241 4212        volmgrx - ok
20:50:54.0288 4212        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:50:54.0319 4212        volsnap - ok
20:50:54.0350 4212        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:50:54.0382 4212        vsmraid - ok
20:50:54.0428 4212        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:50:54.0538 4212        WacomPen - ok
20:50:54.0569 4212        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:50:54.0616 4212        Wanarp - ok
20:50:54.0631 4212        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:50:54.0678 4212        Wanarpv6 - ok
20:50:54.0709 4212        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:50:54.0725 4212        Wd - ok
20:50:54.0772 4212        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:50:54.0834 4212        Wdf01000 - ok
20:50:54.0928 4212        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:50:54.0959 4212        WmiAcpi - ok
20:50:55.0037 4212        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:50:55.0099 4212        WpdUsb - ok
20:50:55.0130 4212        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:50:55.0193 4212        ws2ifsl - ok
20:50:55.0240 4212        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:50:55.0302 4212        WUDFRd - ok
20:50:55.0349 4212        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:50:55.0567 4212        \Device\Harddisk0\DR0 - ok
20:50:55.0567 4212        Boot (0x1200)  (579a7a032e337a3761f23e619d0a8322) \Device\Harddisk0\DR0\Partition0
20:50:55.0583 4212        \Device\Harddisk0\DR0\Partition0 - ok
20:50:55.0614 4212        Boot (0x1200)  (e36eb5ffc005f3a5f9a19d4e34b70750) \Device\Harddisk0\DR0\Partition1
20:50:55.0614 4212        \Device\Harddisk0\DR0\Partition1 - ok
20:50:55.0614 4212        ============================================================
20:50:55.0614 4212        Scan finished
20:50:55.0614 4212        ============================================================
20:50:55.0630 4356        Detected object count: 3
20:50:55.0630 4356        Actual detected object count: 3
20:52:06.0235 4356        CEBFilter ( UnsignedFile.Multi.Generic ) - skipped by user
20:52:06.0235 4356        CEBFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:52:06.0235 4356        CEIO ( UnsignedFile.Multi.Generic ) - skipped by user
20:52:06.0235 4356        CEIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:52:06.0235 4356        cKBFilter ( UnsignedFile.Multi.Generic ) - skipped by user
20:52:06.0235 4356        cKBFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 06.03.2012 21:22
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:23 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55