Trojaner-Board - Absicherung des Systems nach BDS/Sinowal.knfa Infektion

OTL

OTL Logfile:

Code:

OTL logfile created on: 12/28/2011 12:09:15 AM - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Ole\Desktop\TB tools

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy

 

1014.11 Mb Total Physical Memory | 585.38 Mb Available Physical Memory | 57.72% Memory free

2.38 Gb Paging File | 2.03 Gb Available in Paging File | 84.96% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 80.01 Gb Total Space | 26.32 Gb Free Space | 32.90% Space Free | Partition Type: NTFS

Drive D: | 62.16 Gb Total Space | 61.94 Gb Free Space | 99.65% Space Free | Partition Type: NTFS

 

Computer Name: OLENB | User Name: Ole | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011/12/27 12:57:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ole\Desktop\TB tools\OTL.exe

PRC - [2011/12/07 16:46:59 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe

PRC - [2011/10/11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011/10/11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2011/10/11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011/10/11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe

PRC - [2011/05/04 13:59:46 | 000,252,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2010/01/27 13:21:28 | 000,995,752 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsAcpiSvr.exe

PRC - [2009/06/26 22:13:00 | 000,118,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsTray.exe

PRC - [2009/05/09 01:54:20 | 000,098,304 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsEPCMon.exe

PRC - [2009/04/30 19:49:42 | 000,385,024 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

PRC - [2008/04/14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011/10/11 13:59:51 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)

SRV - [2011/12/07 16:46:59 | 000,161,664 | ---- | M] (Oracle Corporation) [Disabled | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2011/10/11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/10/11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)

SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2008/04/14 13:00:00 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)

SRV - [2008/04/14 13:00:00 | 000,036,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)

SRV - [2006/10/26 23:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011/10/11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/10/11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011/10/11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)

DRV - [2010/01/18 09:57:50 | 005,819,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2009/11/18 00:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2009/11/18 00:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2009/10/27 15:17:04 | 000,044,400 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jmcam.sys -- (JmUsbVideo)

DRV - [2009/10/27 13:24:54 | 000,024,176 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jmcam_lo.sys -- (JmUsbVideo2)

DRV - [2009/10/26 07:49:32 | 000,015,216 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jmccgp.sys -- (JmUsbCcgp)

DRV - [2009/08/12 01:04:30 | 001,582,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)

DRV - [2009/07/27 08:09:52 | 000,044,032 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)

DRV - [2009/07/06 03:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)

DRV - [2008/11/03 08:03:28 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbfiltr.sys -- (kbfiltr)

DRV - [2008/04/09 03:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

 

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - Extension: Babylon Chrome OCR = C:\Dokumente und Einstellungen\Ole\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\

 

O1 HOSTS File: ([2011/12/26 23:32:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4 - HKLM..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SuperHybridEngine.lnk = C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found

O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290903601171 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1290903589015 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)

O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Ole\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Ole\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/01/23 10:11:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011/12/27 12:54:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ole\Desktop\TB tools

[2011/12/27 04:11:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\SUPERAntiSpyware.com

[2011/12/27 04:11:06 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware

[2011/12/27 04:11:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com

[2011/12/27 03:31:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ole\Desktop\Sec Tools

[2011/12/27 03:18:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ole\ntsvcfg

[2011/12/26 23:47:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/12/26 23:44:09 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll

[2011/12/26 23:44:09 | 000,017,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui

[2011/12/26 23:24:00 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/12/26 23:21:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/12/26 23:21:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/12/26 23:21:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/12/26 23:21:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/12/26 23:21:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/12/26 23:21:11 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/12/26 23:21:06 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Ole\Startmenü\Programme\Verwaltung

[2011/12/26 23:21:06 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos

[2011/12/26 17:57:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\Malwarebytes

[2011/12/26 17:57:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2011/12/26 17:57:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2011/12/26 17:57:35 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/12/26 17:57:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011/12/18 18:04:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ole\Desktop\[X]

[2011/12/14 09:54:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Opera

[2011/12/14 09:54:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Opera

[2011/12/14 09:50:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe

[2011/12/08 22:23:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ETS

[2011/12/08 22:22:58 | 000,000,000 | ---D | C] -- C:\Programme\ETS

[2011/12/08 22:22:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ole\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations

[2011/12/08 20:14:29 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OpenOffice.org 3.3

[2011/12/08 20:12:11 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2011/12/08 20:12:10 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2011/12/08 20:12:10 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2011/12/08 15:29:21 | 075,647,482 | ---- | C] (ETS) -- C:\Dokumente und Einstellungen\Ole\Desktop\toeflSample.exe

[2011/12/07 18:00:01 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java

[2011/12/07 16:47:19 | 000,128,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl

[2011/12/07 16:46:49 | 000,000,000 | ---D | C] -- C:\Programme\Java

[2011/12/07 16:37:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ole\Lokale Einstellungen\Anwendungsdaten\NPE

[2011/12/07 16:37:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton

[2011/12/07 16:28:00 | 020,197,256 | ---- | C] (Oracle Corporation) -- C:\Dokumente und Einstellungen\Ole\Desktop\jre-7u1-windows-i586.exe

[2011/12/07 16:12:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ole\Lokale Einstellungen\Anwendungsdaten\Sun

[2011/12/07 11:24:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Sophos

[2011/12/07 11:23:59 | 000,000,000 | ---D | C] -- C:\Programme\Sophos

[2011/12/03 21:10:57 | 236,175,118 | ---- | C] (OPK Mod Team) -- C:\Dokumente und Einstellungen\Ole\Desktop\OPK2_0.3_LEVELS_setup.exe

[2009/11/04 07:53:14 | 000,013,880 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\kbfiltr.sys

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011/12/27 12:56:11 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Ole\defogger_reenable

[2011/12/27 12:52:33 | 000,442,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/12/27 12:52:33 | 000,071,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/12/27 12:52:32 | 000,422,640 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2011/12/27 12:52:32 | 000,068,834 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2011/12/27 12:45:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/12/27 11:42:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/12/26 23:32:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/12/26 23:24:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011/12/26 22:54:46 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2011/12/26 13:17:10 | 000,209,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/12/26 12:37:59 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/12/25 18:49:02 | 009,478,984 | ---- | M] () -- C:\Dokumente und Einstellungen\Ole\Desktop\wbnews_20111224-1000a.mp3

[2011/12/25 18:49:02 | 008,808,964 | ---- | M] () -- C:\Dokumente und Einstellungen\Ole\Desktop\wbnews_20111223-1815a.mp3

[2011/12/25 18:49:02 | 005,220,488 | ---- | M] () -- C:\Dokumente und Einstellungen\Ole\Desktop\gdn.biz.111221.pm.business-podcast.mp3

[2011/12/25 18:49:02 | 003,814,259 | ---- | M] () -- C:\Dokumente und Einstellungen\Ole\Desktop\gdn.111214.pm.rogues-business-podcast.mp3

[2011/12/22 01:10:47 | 000,025,832 | ---- | M] () -- C:\Dokumente und Einstellungen\Ole\Desktop\cpp.JPG

[2011/12/22 01:10:06 | 000,512,294 | ---- | M] () -- C:\Dokumente und Einstellungen\Ole\Desktop\cpp.bmp

[2011/12/08 20:14:31 | 000,000,857 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\OpenOffice.org 3.3.lnk

[2011/12/08 19:58:11 | 158,067,944 | ---- | M] () -- C:\Dokumente und Einstellungen\Ole\Desktop\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe

[2011/12/08 15:32:49 | 075,647,482 | ---- | M] (ETS) -- C:\Dokumente und Einstellungen\Ole\Desktop\toeflSample.exe

[2011/12/07 16:46:58 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2011/12/07 16:46:57 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2011/12/07 16:46:57 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2011/12/07 16:46:57 | 000,128,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl

[2011/12/07 16:46:56 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll

[2011/12/07 16:28:54 | 020,197,256 | ---- | M] (Oracle Corporation) -- C:\Dokumente und Einstellungen\Ole\Desktop\jre-7u1-windows-i586.exe

[2011/12/07 12:48:37 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

[2011/12/07 11:19:44 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2011/12/05 00:09:22 | 000,064,233 | ---- | M] () -- C:\Dokumente und Einstellungen\Ole\Desktop\384879_239445212788113_100001679095966_592158_99234315_n.jpg

[2011/12/03 21:28:37 | 236,175,118 | ---- | M] (OPK Mod Team) -- C:\Dokumente und Einstellungen\Ole\Desktop\OPK2_0.3_LEVELS_setup.exe

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011/12/27 12:56:11 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Ole\defogger_reenable

[2011/12/26 23:24:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011/12/26 23:24:02 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011/12/26 23:21:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/12/26 23:21:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/12/26 23:21:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/12/26 23:21:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/12/26 23:21:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/12/25 09:51:57 | 003,814,259 | ---- | C] () -- C:\Dokumente und Einstellungen\Ole\Desktop\gdn.111214.pm.rogues-business-podcast.mp3

[2011/12/25 09:51:31 | 005,220,488 | ---- | C] () -- C:\Dokumente und Einstellungen\Ole\Desktop\gdn.biz.111221.pm.business-podcast.mp3

[2011/12/25 09:50:02 | 008,808,964 | ---- | C] () -- C:\Dokumente und Einstellungen\Ole\Desktop\wbnews_20111223-1815a.mp3

[2011/12/25 09:49:52 | 009,478,984 | ---- | C] () -- C:\Dokumente und Einstellungen\Ole\Desktop\wbnews_20111224-1000a.mp3

[2011/12/22 01:10:46 | 000,025,832 | ---- | C] () -- C:\Dokumente und Einstellungen\Ole\Desktop\cpp.JPG

[2011/12/22 01:10:05 | 000,512,294 | ---- | C] () -- C:\Dokumente und Einstellungen\Ole\Desktop\cpp.bmp

[2011/12/08 20:14:31 | 000,000,857 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\OpenOffice.org 3.3.lnk

[2011/12/08 19:41:57 | 158,067,944 | ---- | C] () -- C:\Dokumente und Einstellungen\Ole\Desktop\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe

[2011/12/07 12:48:36 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2011/12/07 12:30:29 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2011/12/05 00:09:21 | 000,064,233 | ---- | C] () -- C:\Dokumente und Einstellungen\Ole\Desktop\384879_239445212788113_100001679095966_592158_99234315_n.jpg

[2011/08/28 18:22:53 | 000,006,637 | ---- | C] () -- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\.freeciv-client-rc-2.3

[2010/11/28 23:16:27 | 000,075,776 | ---- | C] () -- C:\Dokumente und Einstellungen\Ole\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/28 01:34:37 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2010/11/27 07:45:39 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Ole\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2010/11/27 07:44:03 | 000,004,692 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat

[2010/03/04 19:47:59 | 000,025,616 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini

[2010/03/04 19:47:59 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini

[2010/03/04 19:23:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uvcrecordfix.exe

[2010/03/04 19:23:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\Sleep.exe

[2010/03/04 19:19:20 | 000,011,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys

[2010/03/04 19:19:10 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini

[2010/03/04 19:15:03 | 000,013,930 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat

[2010/03/04 14:17:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2010/01/23 10:13:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/01/23 10:09:06 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010/01/23 01:05:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/01/23 01:04:39 | 000,209,696 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/01/23 00:59:00 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2010/01/23 00:58:55 | 000,422,640 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2010/01/23 00:58:55 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2010/01/23 00:58:55 | 000,068,834 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2010/01/23 00:58:55 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2010/01/23 00:58:48 | 000,442,140 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2010/01/23 00:58:48 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2010/01/23 00:58:48 | 000,071,910 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2010/01/23 00:58:48 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2010/01/23 00:58:48 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2010/01/23 00:58:47 | 000,004,562 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2010/01/23 00:58:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2010/01/23 00:58:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2010/01/23 00:58:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2010/01/23 00:58:44 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2010/01/23 00:58:42 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2010/01/23 00:58:40 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2009/10/26 04:38:22 | 000,000,176 | ---- | C] () -- C:\WINDOWS\explorer.exe.config

 
 ========== LOP Check ==========

 

[2010/03/04 19:32:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EBI

[2010/11/29 00:31:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Langenscheidt

[2010/03/04 19:15:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ralink Driver

[2010/03/04 19:32:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RSMR

[2011/08/28 18:22:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\.freeciv

[2010/11/27 14:54:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\Asus

[2010/12/25 09:57:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\COWON

[2011/11/01 00:19:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\DVDVideoSoft

[2011/05/07 02:27:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\DVDVideoSoftIEHelpers

[2010/11/29 00:31:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\Langenscheidt

[2010/11/28 17:47:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\Lingo4u

[2011/02/03 02:49:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\OpenOffice.org

[2010/11/27 02:41:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\Opera

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---

OTL Extras

OTL Logfile:

Code:

OTL Extras logfile created on: 12/28/2011 12:09:15 AM - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Ole\Desktop\TB tools

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy

 

1014.11 Mb Total Physical Memory | 585.38 Mb Available Physical Memory | 57.72% Memory free

2.38 Gb Paging File | 2.03 Gb Available in Paging File | 84.96% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 80.01 Gb Total Space | 26.32 Gb Free Space | 32.90% Space Free | Partition Type: NTFS

Drive D: | 62.16 Gb Total Space | 61.94 Gb Free Space | 99.65% Space Free | Partition Type: NTFS

 

Computer Name: OLENB | User Name: Ole | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

https [open] -- "C:\Programme\Opera\opera.exe" "%1" (Opera Software)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

"65533:TCP" = 65533:TCP:*:Enabled:Services

"52344:TCP" = 52344:TCP:*:Enabled:Services

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

"65533:TCP" = 65533:TCP:*:Enabled:Services

"52344:TCP" = 52344:TCP:*:Enabled:Services

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver

"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.2

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java(TM) 7 Update 1

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate

"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook

"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine

"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card

"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9F29F322-6C42-4fdd-ADBF-5D525FC901B8}" = USB2.0 UVC VGA WebCam

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A8E9FAEE-4AC2-4A38-99D9-55D1F26F8163}" = TOEFL Sample Questions

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3

"{DBBC37B3-6920-4C33-842F-EBD0B8E3FC74}" = ebi.BookReader3J

"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic VX

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Alarm_is1" = Alarm 2.0.1

"Avira AntiVir Desktop" = Avira Free Antivirus

"CCleaner" = CCleaner

"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"ie8" = Windows Internet Explorer 8

"LingoPad_is1" = LingoPad 2.6 (Build 360)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Opera 11.60.1185" = Opera 11.60

"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 1.1.5

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"WinRAR archiver" = WinRAR 4.00 (32-Bit)

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 5/4/2011 2:46:35 PM | Computer Name = OLENB | Source = Ci | ID = 4124

Description = Der Inhaltsindex auf d:\system volume information\catalog.wci ist 

beschädigt. Fahren Sie den  Indexdienst (cisvc) herunter, und starten Sie ihn erneut.

 

Error - 5/4/2011 2:46:35 PM | Computer Name = OLENB | Source = Ci | ID = 4126

Description = Die Metadaten des Inhaltsindex auf d:\system volume information\catalog.wci

 werden aufgeräumt. Wiederherstellen des Indexes erfolgt  automatisch durch erneutes

 Filtern aller Dokumente.

 

Error - 5/27/2011 7:26:39 AM | Computer Name = OLENB | Source = Ci | ID = 4124

Description = Der Inhaltsindex auf d:\system volume information\catalog.wci ist 

beschädigt. Fahren Sie den  Indexdienst (cisvc) herunter, und starten Sie ihn erneut.

 

Error - 5/27/2011 7:26:39 AM | Computer Name = OLENB | Source = Ci | ID = 4126

Description = Die Metadaten des Inhaltsindex auf d:\system volume information\catalog.wci

 werden aufgeräumt. Wiederherstellen des Indexes erfolgt  automatisch durch erneutes

 Filtern aller Dokumente.

 

Error - 6/17/2011 11:17:48 AM | Computer Name = OLENB | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung explorer.exe, Version 6.0.2900.5512, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 6/17/2011 1:05:54 PM | Computer Name = OLENB | Source = Ci | ID = 4124

Description = Der Inhaltsindex auf d:\system volume information\catalog.wci ist 

beschädigt. Fahren Sie den  Indexdienst (cisvc) herunter, und starten Sie ihn erneut.

 

Error - 6/17/2011 1:05:54 PM | Computer Name = OLENB | Source = Ci | ID = 4126

Description = Die Metadaten des Inhaltsindex auf d:\system volume information\catalog.wci

 werden aufgeräumt. Wiederherstellen des Indexes erfolgt  automatisch durch erneutes

 Filtern aller Dokumente.

 

Error - 6/24/2011 8:24:13 AM | Computer Name = OLENB | Source = Ci | ID = 4124

Description = Der Inhaltsindex auf d:\system volume information\catalog.wci ist 

beschädigt. Fahren Sie den  Indexdienst (cisvc) herunter, und starten Sie ihn erneut.

 

Error - 6/24/2011 8:24:13 AM | Computer Name = OLENB | Source = Ci | ID = 4126

Description = Die Metadaten des Inhaltsindex auf d:\system volume information\catalog.wci

 werden aufgeräumt. Wiederherstellen des Indexes erfolgt  automatisch durch erneutes

 Filtern aller Dokumente.

 

Error - 6/24/2011 6:20:46 PM | Computer Name = OLENB | Source = Ci | ID = 4126

Description = Die Metadaten des Inhaltsindex auf d:\system volume information\catalog.wci

 werden aufgeräumt. Wiederherstellen des Indexes erfolgt  automatisch durch erneutes

 Filtern aller Dokumente.

 

[ System Events ]

Error - 12/8/2011 3:09:10 PM | Computer Name = OLENB | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 12/8/2011 3:09:10 PM | Computer Name = OLENB | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 12/8/2011 3:09:10 PM | Computer Name = OLENB | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 12/8/2011 3:09:10 PM | Computer Name = OLENB | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 12/8/2011 3:09:10 PM | Computer Name = OLENB | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 12/11/2011 10:45:01 AM | Computer Name = OLENB | Source = DCOM | ID = 10016

Description = Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der

 SID (S-1-5-18) für Benutzer NT-AUTORITÄT\SYSTEM keine Startberechtigung (Lokal)

 für die COM-Serveranwendung mit CLSID   {D851F103-8C90-4321-AFF0-58BA5BD421C2}   gewährt.

 Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste

 geändert werden.

 

Error - 12/11/2011 10:45:01 AM | Computer Name = OLENB | Source = DCOM | ID = 10016

Description = Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der

 SID (S-1-5-18) für Benutzer NT-AUTORITÄT\SYSTEM keine Startberechtigung (Lokal)

 für die COM-Serveranwendung mit CLSID   {D851F103-8C90-4321-AFF0-58BA5BD421C2}   gewährt.

 Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste

 geändert werden.

 

Error - 12/11/2011 10:45:01 AM | Computer Name = OLENB | Source = DCOM | ID = 10016

Description = Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der

 SID (S-1-5-18) für Benutzer NT-AUTORITÄT\SYSTEM keine Startberechtigung (Lokal)

 für die COM-Serveranwendung mit CLSID   {D851F103-8C90-4321-AFF0-58BA5BD421C2}   gewährt.

 Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste

 geändert werden.

 

Error - 12/11/2011 10:45:01 AM | Computer Name = OLENB | Source = DCOM | ID = 10016

Description = Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der

 SID (S-1-5-18) für Benutzer NT-AUTORITÄT\SYSTEM keine Startberechtigung (Lokal)

 für die COM-Serveranwendung mit CLSID   {D851F103-8C90-4321-AFF0-58BA5BD421C2}   gewährt.

 Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste

 geändert werden.

 

Error - 12/11/2011 10:45:01 AM | Computer Name = OLENB | Source = DCOM | ID = 10016

Description = Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der

 SID (S-1-5-18) für Benutzer NT-AUTORITÄT\SYSTEM keine Startberechtigung (Lokal)

 für die COM-Serveranwendung mit CLSID   {D851F103-8C90-4321-AFF0-58BA5BD421C2}   gewährt.

 Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste

 geändert werden.

 

 

< End of report >

--- --- ---

TDSS

HTML-Code:

00:29:35.0000 3332        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

00:29:35.0781 3332        ============================================================

00:29:35.0781 3332        Current date / time: 2011/12/28 00:29:35.0781

00:29:35.0781 3332        SystemInfo:

00:29:35.0781 3332        

00:29:35.0781 3332        OS Version: 5.1.2600 ServicePack: 3.0

00:29:35.0781 3332        Product type: Workstation

00:29:35.0781 3332        ComputerName: OLENB

00:29:35.0781 3332        UserName: Ole

00:29:35.0781 3332        Windows directory: C:\WINDOWS

00:29:35.0781 3332        System windows directory: C:\WINDOWS

00:29:35.0781 3332        Processor architecture: Intel x86

00:29:35.0781 3332        Number of processors: 2

00:29:35.0781 3332        Page size: 0x1000

00:29:35.0781 3332        Boot type: Normal boot

00:29:35.0781 3332        ============================================================

00:29:37.0031 3332        Initialize success

00:29:41.0390 1152        ============================================================

00:29:41.0390 1152        Scan started

00:29:41.0390 1152        Mode: Manual; 

00:29:41.0390 1152        ============================================================

00:29:42.0171 1152        Abiosdsk - ok

00:29:42.0203 1152        abp480n5 - ok

00:29:42.0250 1152        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

00:29:42.0312 1152        ACPI - ok

00:29:42.0343 1152        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

00:29:42.0359 1152        ACPIEC - ok

00:29:42.0375 1152        adpu160m - ok

00:29:42.0453 1152        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

00:29:42.0484 1152        aec - ok

00:29:42.0546 1152        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

00:29:42.0562 1152        AFD - ok

00:29:42.0578 1152        Aha154x - ok

00:29:42.0609 1152        aic78u2 - ok

00:29:42.0625 1152        aic78xx - ok

00:29:42.0656 1152        AliIde - ok

00:29:42.0812 1152        Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys

00:29:43.0046 1152        Ambfilt - ok

00:29:43.0125 1152        amsint - ok

00:29:43.0281 1152        AR5416          (d4e1bfc2b1dda9272e8144deca080c3a) C:\WINDOWS\system32\DRIVERS\athw.sys

00:29:43.0359 1152        AR5416 - ok

00:29:43.0375 1152        asc - ok

00:29:43.0406 1152        asc3350p - ok

00:29:43.0421 1152        asc3550 - ok

00:29:43.0500 1152        AsUpIO          (e67493490466b5f04b58c22d2590e8ca) C:\WINDOWS\system32\drivers\AsUpIO.sys

00:29:43.0546 1152        AsUpIO - ok

00:29:43.0609 1152        AsusACPI        (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys

00:29:43.0609 1152        AsusACPI - ok

00:29:43.0687 1152        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

00:29:43.0687 1152        AsyncMac - ok

00:29:43.0765 1152        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys

00:29:43.0781 1152        atapi - ok

00:29:43.0796 1152        Atdisk - ok

00:29:43.0843 1152        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

00:29:43.0859 1152        Atmarpc - ok

00:29:43.0937 1152        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

00:29:43.0968 1152        audstub - ok

00:29:44.0015 1152        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

00:29:44.0078 1152        avgntflt - ok

00:29:44.0156 1152        avipbb          (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys

00:29:44.0203 1152        avipbb - ok

00:29:44.0234 1152        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys

00:29:44.0281 1152        avkmgr - ok

00:29:44.0343 1152        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

00:29:44.0343 1152        Beep - ok

00:29:44.0375 1152        btaudio - ok

00:29:44.0421 1152        BTDriver - ok

00:29:44.0437 1152        BTWDNDIS - ok

00:29:44.0453 1152        btwhid - ok

00:29:44.0484 1152        BTWUSB - ok

00:29:44.0656 1152        catchme - ok

00:29:44.0703 1152        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

00:29:44.0718 1152        cbidf2k - ok

00:29:44.0750 1152        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

00:29:44.0765 1152        CCDECODE - ok

00:29:44.0812 1152        cd20xrnt - ok

00:29:44.0875 1152        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

00:29:44.0906 1152        Cdaudio - ok

00:29:44.0953 1152        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

00:29:44.0984 1152        Cdfs - ok

00:29:45.0031 1152        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

00:29:45.0078 1152        Cdrom - ok

00:29:45.0093 1152        Changer - ok

00:29:45.0171 1152        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

00:29:45.0203 1152        CmBatt - ok

00:29:45.0218 1152        CmdIde - ok

00:29:45.0250 1152        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

00:29:45.0265 1152        Compbatt - ok

00:29:45.0296 1152        Cpqarray - ok

00:29:45.0312 1152        dac2w2k - ok

00:29:45.0343 1152        dac960nt - ok

00:29:45.0375 1152        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

00:29:45.0406 1152        Disk - ok

00:29:45.0468 1152        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

00:29:45.0562 1152        dmboot - ok

00:29:45.0656 1152        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

00:29:45.0687 1152        dmio - ok

00:29:45.0734 1152        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

00:29:45.0750 1152        dmload - ok

00:29:45.0812 1152        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

00:29:45.0859 1152        DMusic - ok

00:29:45.0875 1152        dpti2o - ok

00:29:45.0906 1152        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

00:29:45.0906 1152        drmkaud - ok

00:29:45.0984 1152        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

00:29:46.0046 1152        Fastfat - ok

00:29:46.0093 1152        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

00:29:46.0093 1152        Fdc - ok

00:29:46.0125 1152        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

00:29:46.0140 1152        Fips - ok

00:29:46.0203 1152        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

00:29:46.0234 1152        Flpydisk - ok

00:29:46.0296 1152        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

00:29:46.0359 1152        FltMgr - ok

00:29:46.0375 1152        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

00:29:46.0390 1152        Fs_Rec - ok

00:29:46.0468 1152        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

00:29:46.0515 1152        Ftdisk - ok

00:29:46.0578 1152        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

00:29:46.0593 1152        Gpc - ok

00:29:46.0671 1152        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

00:29:46.0734 1152        HDAudBus - ok

00:29:46.0781 1152        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

00:29:46.0796 1152        HidUsb - ok

00:29:46.0812 1152        hpn - ok

00:29:46.0890 1152        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

00:29:46.0968 1152        HTTP - ok

00:29:47.0031 1152        hwdatacard - ok

00:29:47.0062 1152        i2omgmt - ok

00:29:47.0109 1152        i2omp - ok

00:29:47.0187 1152        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

00:29:47.0234 1152        i8042prt - ok

00:29:47.0500 1152        ialm            (1832e58852ad2ac231abc02c1ddb1309) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

00:29:47.0609 1152        ialm - ok

00:29:47.0828 1152        iaStor          (d483687eace0c065ee772481a96e05f5) C:\WINDOWS\system32\drivers\iaStor.sys

00:29:47.0828 1152        iaStor - ok

00:29:47.0906 1152        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

00:29:47.0937 1152        Imapi - ok

00:29:47.0953 1152        ini910u - ok

00:29:48.0234 1152        IntcAzAudAddService (e6e95f68420d0f138aeba91c1a6bb7c4) C:\WINDOWS\system32\drivers\RtkHDAud.sys

00:29:48.0390 1152        IntcAzAudAddService - ok

00:29:48.0406 1152        IntelIde - ok

00:29:48.0468 1152        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

00:29:48.0515 1152        intelppm - ok

00:29:48.0546 1152        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

00:29:48.0562 1152        Ip6Fw - ok

00:29:48.0578 1152        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

00:29:48.0625 1152        IpFilterDriver - ok

00:29:48.0625 1152        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

00:29:48.0656 1152        IpInIp - ok

00:29:48.0703 1152        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

00:29:48.0750 1152        IpNat - ok

00:29:48.0812 1152        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

00:29:48.0843 1152        IPSec - ok

00:29:48.0890 1152        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

00:29:48.0906 1152        IRENUM - ok

00:29:48.0953 1152        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

00:29:49.0000 1152        isapnp - ok

00:29:49.0046 1152        JmUsbCcgp       (8816dfb2e4175c4e0f33d3c7a80699e1) C:\WINDOWS\system32\DRIVERS\jmccgp.sys

00:29:49.0062 1152        JmUsbCcgp - ok

00:29:49.0125 1152        JmUsbVideo      (ff91264f045cf2570a751096a4eaef9d) C:\WINDOWS\system32\Drivers\jmcam.sys

00:29:49.0125 1152        JmUsbVideo - ok

00:29:49.0187 1152        JmUsbVideo2     (2e89cc5e24a218b03131227b3081b478) C:\WINDOWS\system32\Drivers\jmcam_lo.sys

00:29:49.0187 1152        JmUsbVideo2 - ok

00:29:49.0265 1152        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

00:29:49.0312 1152        Kbdclass - ok

00:29:49.0328 1152        kbfiltr         (7f2b8d0b31fb4a797e5786ef124c5a80) C:\WINDOWS\system32\DRIVERS\kbfiltr.sys

00:29:49.0343 1152        kbfiltr - ok

00:29:49.0421 1152        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

00:29:49.0484 1152        kmixer - ok

00:29:49.0531 1152        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

00:29:49.0578 1152        KSecDD - ok

00:29:49.0593 1152        l176i_ub.sys - ok

00:29:49.0656 1152        L1c             (96478fe91c5a37c673ebe3da87c1a115) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys

00:29:49.0703 1152        L1c - ok

00:29:49.0718 1152        lbrtfdc - ok

00:29:49.0765 1152        MEMSWEEP2 - ok

00:29:49.0828 1152        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

00:29:49.0859 1152        mnmdd - ok

00:29:49.0906 1152        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

00:29:49.0953 1152        Modem - ok

00:29:50.0046 1152        Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys

00:29:50.0234 1152        Monfilt - ok

00:29:50.0343 1152        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

00:29:50.0375 1152        Mouclass - ok

00:29:50.0421 1152        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

00:29:50.0453 1152        mouhid - ok

00:29:50.0484 1152        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

00:29:50.0531 1152        MountMgr - ok

00:29:50.0546 1152        mraid35x - ok

00:29:50.0593 1152        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

00:29:50.0625 1152        MRxDAV - ok

00:29:50.0703 1152        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

00:29:50.0781 1152        MRxSmb - ok

00:29:50.0812 1152        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

00:29:50.0828 1152        Msfs - ok

00:29:50.0859 1152        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

00:29:50.0890 1152        MSKSSRV - ok

00:29:50.0906 1152        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

00:29:50.0921 1152        MSPCLOCK - ok

00:29:50.0953 1152        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

00:29:50.0984 1152        MSPQM - ok

00:29:51.0031 1152        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

00:29:51.0062 1152        mssmbios - ok

00:29:51.0093 1152        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

00:29:51.0109 1152        MSTEE - ok

00:29:51.0187 1152        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

00:29:51.0234 1152        Mup - ok

00:29:51.0296 1152        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

00:29:51.0343 1152        NABTSFEC - ok

00:29:51.0406 1152        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

00:29:51.0453 1152        NDIS - ok

00:29:51.0484 1152        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

00:29:51.0515 1152        NdisIP - ok

00:29:51.0578 1152        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

00:29:51.0609 1152        NdisTapi - ok

00:29:51.0656 1152        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

00:29:51.0656 1152        Ndisuio - ok

00:29:51.0671 1152        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

00:29:51.0718 1152        NdisWan - ok

00:29:51.0796 1152        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

00:29:51.0796 1152        NDProxy - ok

00:29:51.0828 1152        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

00:29:51.0828 1152        NetBIOS - ok

00:29:51.0875 1152        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

00:29:51.0906 1152        NetBT - ok

00:29:51.0984 1152        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

00:29:52.0031 1152        Npfs - ok

00:29:52.0093 1152        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

00:29:52.0156 1152        Ntfs - ok

00:29:52.0218 1152        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

00:29:52.0250 1152        Null - ok

00:29:52.0281 1152        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

00:29:52.0312 1152        NwlnkFlt - ok

00:29:52.0359 1152        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

00:29:52.0406 1152        NwlnkFwd - ok

00:29:52.0484 1152        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys

00:29:52.0531 1152        Parport - ok

00:29:52.0593 1152        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

00:29:52.0640 1152        PartMgr - ok

00:29:52.0671 1152        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

00:29:52.0703 1152        ParVdm - ok

00:29:52.0718 1152        PCASp50 - ok

00:29:52.0781 1152        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

00:29:52.0828 1152        PCI - ok

00:29:52.0843 1152        PCIDump - ok

00:29:52.0859 1152        PCIIde - ok

00:29:52.0921 1152        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

00:29:52.0984 1152        Pcmcia - ok

00:29:52.0984 1152        PDCOMP - ok

00:29:53.0015 1152        PDFRAME - ok

00:29:53.0031 1152        PDRELI - ok

00:29:53.0046 1152        PDRFRAME - ok

00:29:53.0062 1152        perc2 - ok

00:29:53.0078 1152        perc2hib - ok

00:29:53.0187 1152        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

00:29:53.0234 1152        PptpMiniport - ok

00:29:53.0250 1152        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

00:29:53.0265 1152        PSched - ok

00:29:53.0281 1152        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

00:29:53.0312 1152        Ptilink - ok

00:29:53.0328 1152        ql1080 - ok

00:29:53.0343 1152        Ql10wnt - ok

00:29:53.0359 1152        ql12160 - ok

00:29:53.0375 1152        ql1240 - ok

00:29:53.0390 1152        ql1280 - ok

00:29:53.0437 1152        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

00:29:53.0468 1152        RasAcd - ok

00:29:53.0531 1152        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

00:29:53.0562 1152        Rasl2tp - ok

00:29:53.0593 1152        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

00:29:53.0625 1152        RasPppoe - ok

00:29:53.0671 1152        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

00:29:53.0671 1152        Raspti - ok

00:29:53.0703 1152        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

00:29:53.0750 1152        Rdbss - ok

00:29:53.0765 1152        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

00:29:53.0781 1152        RDPCDD - ok

00:29:53.0859 1152        RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

00:29:53.0890 1152        RDPWD - ok

00:29:53.0953 1152        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

00:29:54.0000 1152        redbook - ok

00:29:54.0187 1152        SASDIFSV        (39763504067962108505bff25f024345) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS

00:29:54.0234 1152        SASDIFSV - ok

00:29:54.0265 1152        SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS

00:29:54.0312 1152        SASKUTIL - ok

00:29:54.0421 1152        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

00:29:54.0453 1152        Secdrv - ok

00:29:54.0515 1152        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys

00:29:54.0546 1152        Serial - ok

00:29:54.0609 1152        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

00:29:54.0640 1152        Sfloppy - ok

00:29:54.0671 1152        Simbad - ok

00:29:54.0718 1152        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

00:29:54.0750 1152        SLIP - ok

00:29:54.0765 1152        Sparrow - ok

00:29:54.0843 1152        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

00:29:54.0875 1152        splitter - ok

00:29:54.0937 1152        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

00:29:54.0984 1152        sr - ok

00:29:55.0062 1152        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

00:29:55.0125 1152        Srv - ok

00:29:55.0203 1152        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

00:29:55.0218 1152        ssmdrv - ok

00:29:55.0265 1152        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

00:29:55.0281 1152        streamip - ok

00:29:55.0343 1152        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

00:29:55.0390 1152        swenum - ok

00:29:55.0437 1152        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

00:29:55.0484 1152        swmidi - ok

00:29:55.0500 1152        symc810 - ok

00:29:55.0531 1152        symc8xx - ok

00:29:55.0546 1152        sym_hi - ok

00:29:55.0562 1152        sym_u3 - ok

00:29:55.0625 1152        SynTP           (8bd10dc8809dc69a1c5a795cb10add76) C:\WINDOWS\system32\DRIVERS\SynTP.sys

00:29:55.0656 1152        SynTP - ok

00:29:55.0718 1152        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

00:29:55.0765 1152        sysaudio - ok

00:29:55.0843 1152        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

00:29:55.0875 1152        Tcpip - ok

00:29:55.0937 1152        Tcpip6          (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys

00:29:55.0968 1152        Tcpip6 - ok

00:29:56.0015 1152        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

00:29:56.0046 1152        TDPIPE - ok

00:29:56.0062 1152        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

00:29:56.0078 1152        TDTCP - ok

00:29:56.0125 1152        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

00:29:56.0156 1152        TermDD - ok

00:29:56.0203 1152        TosIde - ok

00:29:56.0296 1152        tunmp           (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys

00:29:56.0312 1152        tunmp - ok

00:29:56.0359 1152        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

00:29:56.0390 1152        Udfs - ok

00:29:56.0390 1152        ultra - ok

00:29:56.0468 1152        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

00:29:56.0515 1152        Update - ok

00:29:56.0593 1152        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

00:29:56.0640 1152        usbccgp - ok

00:29:56.0687 1152        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

00:29:56.0734 1152        usbehci - ok

00:29:56.0781 1152        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

00:29:56.0828 1152        usbhub - ok

00:29:56.0875 1152        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

00:29:56.0921 1152        usbprint - ok

00:29:56.0984 1152        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

00:29:57.0000 1152        usbscan - ok

00:29:57.0046 1152        usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

00:29:57.0078 1152        usbstor - ok

00:29:57.0140 1152        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

00:29:57.0171 1152        usbuhci - ok

00:29:57.0234 1152        usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

00:29:57.0296 1152        usbvideo - ok

00:29:57.0328 1152        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

00:29:57.0375 1152        VgaSave - ok

00:29:57.0390 1152        ViaIde - ok

00:29:57.0421 1152        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

00:29:57.0453 1152        VolSnap - ok

00:29:57.0531 1152        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

00:29:57.0562 1152        Wanarp - ok

00:29:57.0640 1152        Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

00:29:57.0718 1152        Wdf01000 - ok

00:29:57.0734 1152        WDICA - ok

00:29:57.0781 1152        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

00:29:57.0828 1152        wdmaud - ok

00:29:57.0921 1152        WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

00:29:57.0968 1152        WmiAcpi - ok

00:29:58.0015 1152        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

00:29:58.0046 1152        WSTCODEC - ok

00:29:58.0109 1152        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

00:29:58.0156 1152        WudfPf - ok

00:29:58.0203 1152        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

00:29:58.0250 1152        WudfRd - ok

00:29:58.0281 1152        xcpip - ok

00:29:58.0296 1152        xpsec - ok

00:29:58.0343 1152        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

00:29:58.0562 1152        \Device\Harddisk0\DR0 - ok

00:29:58.0562 1152        Boot (0x1200)   (1a8aba3944d475e5b994cd9d6cb90c50) \Device\Harddisk0\DR0\Partition0

00:29:58.0578 1152        \Device\Harddisk0\DR0\Partition0 - ok

00:29:58.0609 1152        Boot (0x1200)   (713a82280446707cdccdd987c6d8c6e5) \Device\Harddisk0\DR0\Partition1

00:29:58.0609 1152        \Device\Harddisk0\DR0\Partition1 - ok

00:29:58.0609 1152        ============================================================

00:29:58.0609 1152        Scan finished

00:29:58.0609 1152        ============================================================

00:29:58.0640 4040        Detected object count: 0

00:29:58.0640 4040        Actual detected object count: 0

Habe die alten Logs doch noch gefunden, hoffe hier sieht noch jemand, dass alle posts von mir stammen, naja wohl selber schuld mit meiner logflut:wtf:

TDSS

HTML-Code:

23:14:48.0218 3996        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

23:14:48.0578 3996        ============================================================

23:14:48.0578 3996        Current date / time: 2011/12/26 23:14:48.0578

23:14:48.0578 3996        SystemInfo:

23:14:48.0578 3996        

23:14:48.0578 3996        OS Version: 5.1.2600 ServicePack: 3.0

23:14:48.0578 3996        Product type: Workstation

23:14:48.0578 3996        ComputerName: OLENB

23:14:48.0578 3996        UserName: Ole

23:14:48.0578 3996        Windows directory: C:\WINDOWS

23:14:48.0578 3996        System windows directory: C:\WINDOWS

23:14:48.0578 3996        Processor architecture: Intel x86

23:14:48.0578 3996        Number of processors: 2

23:14:48.0578 3996        Page size: 0x1000

23:14:48.0578 3996        Boot type: Normal boot

23:14:48.0578 3996        ============================================================

23:14:49.0281 3996        Initialize success

23:14:56.0921 3304        ============================================================

23:14:56.0921 3304        Scan started

23:14:56.0921 3304        Mode: Manual; 

23:14:56.0921 3304        ============================================================

23:14:57.0296 3304        Abiosdsk - ok

23:14:57.0359 3304        abp480n5 - ok

23:14:57.0406 3304        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

23:14:57.0406 3304        ACPI - ok

23:14:57.0453 3304        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

23:14:57.0453 3304        ACPIEC - ok

23:14:57.0468 3304        adpu160m - ok

23:14:57.0546 3304        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

23:14:57.0546 3304        aec - ok

23:14:57.0609 3304        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

23:14:57.0625 3304        AFD - ok

23:14:57.0625 3304        Aha154x - ok

23:14:57.0656 3304        aic78u2 - ok

23:14:57.0671 3304        aic78xx - ok

23:14:57.0703 3304        AliIde - ok

23:14:57.0890 3304        Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys

23:14:58.0000 3304        Ambfilt - ok

23:14:58.0015 3304        amsint - ok

23:14:58.0187 3304        AR5416          (d4e1bfc2b1dda9272e8144deca080c3a) C:\WINDOWS\system32\DRIVERS\athw.sys

23:14:58.0250 3304        AR5416 - ok

23:14:58.0265 3304        asc - ok

23:14:58.0281 3304        asc3350p - ok

23:14:58.0312 3304        asc3550 - ok

23:14:58.0421 3304        AsUpIO          (e67493490466b5f04b58c22d2590e8ca) C:\WINDOWS\system32\drivers\AsUpIO.sys

23:14:58.0421 3304        AsUpIO - ok

23:14:58.0500 3304        AsusACPI        (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys

23:14:58.0500 3304        AsusACPI - ok

23:14:58.0562 3304        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

23:14:58.0562 3304        AsyncMac - ok

23:14:58.0625 3304        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys

23:14:58.0625 3304        atapi - ok

23:14:58.0640 3304        Atdisk - ok

23:14:58.0671 3304        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

23:14:58.0687 3304        Atmarpc - ok

23:14:58.0734 3304        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

23:14:58.0734 3304        audstub - ok

23:14:58.0796 3304        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

23:14:58.0796 3304        avgntflt - ok

23:14:58.0875 3304        avipbb          (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys

23:14:58.0875 3304        avipbb - ok

23:14:58.0906 3304        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys

23:14:58.0906 3304        avkmgr - ok

23:14:58.0984 3304        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

23:14:58.0984 3304        Beep - ok

23:14:59.0000 3304        btaudio - ok

23:14:59.0031 3304        BTDriver - ok

23:14:59.0062 3304        BTWDNDIS - ok

23:14:59.0078 3304        btwhid - ok

23:14:59.0093 3304        BTWUSB - ok

23:14:59.0156 3304        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

23:14:59.0156 3304        cbidf2k - ok

23:14:59.0203 3304        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

23:14:59.0203 3304        CCDECODE - ok

23:14:59.0218 3304        cd20xrnt - ok

23:14:59.0296 3304        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

23:14:59.0296 3304        Cdaudio - ok

23:14:59.0312 3304        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

23:14:59.0328 3304        Cdfs - ok

23:14:59.0343 3304        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

23:14:59.0343 3304        Cdrom - ok

23:14:59.0359 3304        Changer - ok

23:14:59.0406 3304        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

23:14:59.0406 3304        CmBatt - ok

23:14:59.0421 3304        CmdIde - ok

23:14:59.0437 3304        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

23:14:59.0437 3304        Compbatt - ok

23:14:59.0468 3304        Cpqarray - ok

23:14:59.0500 3304        dac2w2k - ok

23:14:59.0515 3304        dac960nt - ok

23:14:59.0546 3304        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

23:14:59.0546 3304        Disk - ok

23:14:59.0625 3304        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

23:14:59.0656 3304        dmboot - ok

23:14:59.0703 3304        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

23:14:59.0703 3304        dmio - ok

23:14:59.0750 3304        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

23:14:59.0750 3304        dmload - ok

23:14:59.0796 3304        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

23:14:59.0796 3304        DMusic - ok

23:14:59.0828 3304        dpti2o - ok

23:14:59.0875 3304        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

23:14:59.0875 3304        drmkaud - ok

23:14:59.0984 3304        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

23:14:59.0984 3304        Fastfat - ok

23:15:00.0015 3304        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

23:15:00.0015 3304        Fdc - ok

23:15:00.0093 3304        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

23:15:00.0093 3304        Fips - ok

23:15:00.0140 3304        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

23:15:00.0140 3304        Flpydisk - ok

23:15:00.0203 3304        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

23:15:00.0203 3304        FltMgr - ok

23:15:00.0234 3304        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

23:15:00.0234 3304        Fs_Rec - ok

23:15:00.0281 3304        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

23:15:00.0281 3304        Ftdisk - ok

23:15:00.0328 3304        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

23:15:00.0328 3304        Gpc - ok

23:15:00.0406 3304        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

23:15:00.0421 3304        HDAudBus - ok

23:15:00.0468 3304        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

23:15:00.0484 3304        HidUsb - ok

23:15:00.0500 3304        hpn - ok

23:15:00.0562 3304        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

23:15:00.0578 3304        HTTP - ok

23:15:00.0593 3304        hwdatacard - ok

23:15:00.0625 3304        i2omgmt - ok

23:15:00.0656 3304        i2omp - ok

23:15:00.0734 3304        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

23:15:00.0734 3304        i8042prt - ok

23:15:01.0015 3304        ialm            (1832e58852ad2ac231abc02c1ddb1309) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

23:15:01.0109 3304        ialm - ok

23:15:01.0156 3304        iaStor          (d483687eace0c065ee772481a96e05f5) C:\WINDOWS\system32\drivers\iaStor.sys

23:15:01.0171 3304        iaStor - ok

23:15:01.0234 3304        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

23:15:01.0234 3304        Imapi - ok

23:15:01.0250 3304        ini910u - ok

23:15:01.0500 3304        IntcAzAudAddService (e6e95f68420d0f138aeba91c1a6bb7c4) C:\WINDOWS\system32\drivers\RtkHDAud.sys

23:15:01.0640 3304        IntcAzAudAddService - ok

23:15:01.0656 3304        IntelIde - ok

23:15:01.0734 3304        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

23:15:01.0734 3304        intelppm - ok

23:15:01.0750 3304        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

23:15:01.0750 3304        Ip6Fw - ok

23:15:01.0781 3304        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

23:15:01.0781 3304        IpFilterDriver - ok

23:15:01.0796 3304        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

23:15:01.0796 3304        IpInIp - ok

23:15:01.0828 3304        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

23:15:01.0828 3304        IpNat - ok

23:15:01.0921 3304        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

23:15:01.0921 3304        IPSec - ok

23:15:01.0984 3304        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

23:15:01.0984 3304        IRENUM - ok

23:15:02.0046 3304        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

23:15:02.0046 3304        isapnp - ok

23:15:02.0109 3304        JmUsbCcgp       (8816dfb2e4175c4e0f33d3c7a80699e1) C:\WINDOWS\system32\DRIVERS\jmccgp.sys

23:15:02.0109 3304        JmUsbCcgp - ok

23:15:02.0156 3304        JmUsbVideo      (ff91264f045cf2570a751096a4eaef9d) C:\WINDOWS\system32\Drivers\jmcam.sys

23:15:02.0156 3304        JmUsbVideo - ok

23:15:02.0218 3304        JmUsbVideo2     (2e89cc5e24a218b03131227b3081b478) C:\WINDOWS\system32\Drivers\jmcam_lo.sys

23:15:02.0218 3304        JmUsbVideo2 - ok

23:15:02.0281 3304        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

23:15:02.0281 3304        Kbdclass - ok

23:15:02.0296 3304        kbfiltr         (7f2b8d0b31fb4a797e5786ef124c5a80) C:\WINDOWS\system32\DRIVERS\kbfiltr.sys

23:15:02.0296 3304        kbfiltr - ok

23:15:02.0375 3304        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

23:15:02.0390 3304        kmixer - ok

23:15:02.0453 3304        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

23:15:02.0453 3304        KSecDD - ok

23:15:02.0468 3304        l176i_ub.sys - ok

23:15:02.0546 3304        L1c             (96478fe91c5a37c673ebe3da87c1a115) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys

23:15:02.0546 3304        L1c - ok

23:15:02.0562 3304        lbrtfdc - ok

23:15:02.0593 3304        MEMSWEEP2 - ok

23:15:02.0656 3304        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

23:15:02.0656 3304        mnmdd - ok

23:15:02.0687 3304        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

23:15:02.0687 3304        Modem - ok

23:15:02.0796 3304        Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys

23:15:02.0843 3304        Monfilt - ok

23:15:02.0953 3304        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

23:15:02.0953 3304        Mouclass - ok

23:15:03.0000 3304        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

23:15:03.0015 3304        mouhid - ok

23:15:03.0062 3304        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

23:15:03.0062 3304        MountMgr - ok

23:15:03.0062 3304        mraid35x - ok

23:15:03.0109 3304        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

23:15:03.0109 3304        MRxDAV - ok

23:15:03.0171 3304        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

23:15:03.0187 3304        MRxSmb - ok

23:15:03.0234 3304        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

23:15:03.0234 3304        Msfs - ok

23:15:03.0265 3304        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

23:15:03.0265 3304        MSKSSRV - ok

23:15:03.0296 3304        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

23:15:03.0296 3304        MSPCLOCK - ok

23:15:03.0312 3304        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

23:15:03.0312 3304        MSPQM - ok

23:15:03.0375 3304        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

23:15:03.0375 3304        mssmbios - ok

23:15:03.0390 3304        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

23:15:03.0390 3304        MSTEE - ok

23:15:03.0453 3304        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

23:15:03.0453 3304        Mup - ok

23:15:03.0468 3304        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

23:15:03.0468 3304        NABTSFEC - ok

23:15:03.0546 3304        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

23:15:03.0546 3304        NDIS - ok

23:15:03.0593 3304        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

23:15:03.0593 3304        NdisIP - ok

23:15:03.0656 3304        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

23:15:03.0656 3304        NdisTapi - ok

23:15:03.0734 3304        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

23:15:03.0734 3304        Ndisuio - ok

23:15:03.0750 3304        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

23:15:03.0750 3304        NdisWan - ok

23:15:03.0812 3304        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

23:15:03.0812 3304        NDProxy - ok

23:15:03.0828 3304        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

23:15:03.0843 3304        NetBIOS - ok

23:15:03.0921 3304        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

23:15:03.0921 3304        NetBT - ok

23:15:03.0968 3304        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

23:15:03.0968 3304        Npfs - ok

23:15:04.0015 3304        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

23:15:04.0031 3304        Ntfs - ok

23:15:04.0109 3304        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

23:15:04.0109 3304        Null - ok

23:15:04.0171 3304        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

23:15:04.0171 3304        NwlnkFlt - ok

23:15:04.0218 3304        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

23:15:04.0218 3304        NwlnkFwd - ok

23:15:04.0281 3304        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys

23:15:04.0281 3304        Parport - ok

23:15:04.0359 3304        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

23:15:04.0359 3304        PartMgr - ok

23:15:04.0515 3304        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

23:15:04.0515 3304        ParVdm - ok

23:15:04.0531 3304        PCASp50 - ok

23:15:04.0562 3304        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

23:15:04.0562 3304        PCI - ok

23:15:04.0578 3304        PCIDump - ok

23:15:04.0593 3304        PCIIde - ok

23:15:04.0640 3304        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

23:15:04.0640 3304        Pcmcia - ok

23:15:04.0656 3304        PDCOMP - ok

23:15:04.0671 3304        PDFRAME - ok

23:15:04.0687 3304        PDRELI - ok

23:15:04.0703 3304        PDRFRAME - ok

23:15:04.0718 3304        perc2 - ok

23:15:04.0734 3304        perc2hib - ok

23:15:04.0828 3304        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

23:15:04.0828 3304        PptpMiniport - ok

23:15:04.0859 3304        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

23:15:04.0859 3304        PSched - ok

23:15:04.0875 3304        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

23:15:04.0875 3304        Ptilink - ok

23:15:04.0890 3304        ql1080 - ok

23:15:04.0890 3304        Ql10wnt - ok

23:15:04.0906 3304        ql12160 - ok

23:15:04.0921 3304        ql1240 - ok

23:15:04.0953 3304        ql1280 - ok

23:15:05.0000 3304        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

23:15:05.0000 3304        RasAcd - ok

23:15:05.0015 3304        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

23:15:05.0015 3304        Rasl2tp - ok

23:15:05.0062 3304        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

23:15:05.0062 3304        RasPppoe - ok

23:15:05.0078 3304        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

23:15:05.0078 3304        Raspti - ok

23:15:05.0125 3304        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

23:15:05.0140 3304        Rdbss - ok

23:15:05.0203 3304        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

23:15:05.0203 3304        RDPCDD - ok

23:15:05.0281 3304        RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

23:15:05.0281 3304        RDPWD - ok

23:15:05.0328 3304        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

23:15:05.0328 3304        redbook - ok

23:15:05.0375 3304        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

23:15:05.0390 3304        Secdrv - ok

23:15:05.0437 3304        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys

23:15:05.0437 3304        Serial - ok

23:15:05.0468 3304        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

23:15:05.0484 3304        Sfloppy - ok

23:15:05.0500 3304        Simbad - ok

23:15:05.0546 3304        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

23:15:05.0546 3304        SLIP - ok

23:15:05.0609 3304        SMR210          (1e6bbf7a09fca7c25e3a70767115988d) C:\WINDOWS\system32\drivers\SMR210.SYS

23:15:05.0609 3304        SMR210 - ok

23:15:05.0640 3304        Sparrow - ok

23:15:05.0703 3304        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

23:15:05.0703 3304        splitter - ok

23:15:05.0781 3304        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

23:15:05.0781 3304        sr - ok

23:15:05.0906 3304        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

23:15:05.0906 3304        Srv - ok

23:15:05.0984 3304        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

23:15:05.0984 3304        ssmdrv - ok

23:15:06.0015 3304        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

23:15:06.0015 3304        streamip - ok

23:15:06.0062 3304        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

23:15:06.0062 3304        swenum - ok

23:15:06.0140 3304        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

23:15:06.0140 3304        swmidi - ok

23:15:06.0156 3304        symc810 - ok

23:15:06.0171 3304        symc8xx - ok

23:15:06.0187 3304        sym_hi - ok

23:15:06.0203 3304        sym_u3 - ok

23:15:06.0281 3304        SynTP           (8bd10dc8809dc69a1c5a795cb10add76) C:\WINDOWS\system32\DRIVERS\SynTP.sys

23:15:06.0281 3304        SynTP - ok

23:15:06.0312 3304        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

23:15:06.0328 3304        sysaudio - ok

23:15:06.0421 3304        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

23:15:06.0421 3304        Tcpip - ok

23:15:06.0500 3304        Tcpip6          (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys

23:15:06.0515 3304        Tcpip6 - ok

23:15:06.0546 3304        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

23:15:06.0562 3304        TDPIPE - ok

23:15:06.0562 3304        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

23:15:06.0578 3304        TDTCP - ok

23:15:06.0625 3304        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

23:15:06.0625 3304        TermDD - ok

23:15:06.0656 3304        TosIde - ok

23:15:06.0703 3304        tunmp           (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys

23:15:06.0703 3304        tunmp - ok

23:15:06.0718 3304        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

23:15:06.0734 3304        Udfs - ok

23:15:06.0734 3304        ultra - ok

23:15:06.0781 3304        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

23:15:06.0781 3304        Update - ok

23:15:06.0843 3304        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

23:15:06.0843 3304        usbccgp - ok

23:15:06.0921 3304        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

23:15:06.0921 3304        usbehci - ok

23:15:06.0937 3304        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

23:15:06.0937 3304        usbhub - ok

23:15:07.0000 3304        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

23:15:07.0000 3304        usbprint - ok

23:15:07.0062 3304        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

23:15:07.0062 3304        usbscan - ok

23:15:07.0125 3304        usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

23:15:07.0125 3304        usbstor - ok

23:15:07.0203 3304        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

23:15:07.0203 3304        usbuhci - ok

23:15:07.0281 3304        usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

23:15:07.0281 3304        usbvideo - ok

23:15:07.0296 3304        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

23:15:07.0312 3304        VgaSave - ok

23:15:07.0312 3304        ViaIde - ok

23:15:07.0406 3304        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

23:15:07.0406 3304        VolSnap - ok

23:15:07.0437 3304        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

23:15:07.0437 3304        Wanarp - ok

23:15:07.0531 3304        Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

23:15:07.0531 3304        Wdf01000 - ok

23:15:07.0546 3304        WDICA - ok

23:15:07.0609 3304        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

23:15:07.0625 3304        wdmaud - ok

23:15:07.0687 3304        WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

23:15:07.0687 3304        WmiAcpi - ok

23:15:07.0734 3304        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

23:15:07.0734 3304        WSTCODEC - ok

23:15:07.0796 3304        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

23:15:07.0796 3304        WudfPf - ok

23:15:07.0828 3304        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

23:15:07.0828 3304        WudfRd - ok

23:15:07.0843 3304        xcpip - ok

23:15:07.0875 3304        xpsec - ok

23:15:07.0906 3304        MBR (0x1B8)     (f381baacfc1778337c007982b0c32d82) \Device\Harddisk0\DR0

23:15:07.0906 3304        \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected

23:15:07.0921 3304        \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)

23:15:07.0921 3304        Boot (0x1200)   (1a8aba3944d475e5b994cd9d6cb90c50) \Device\Harddisk0\DR0\Partition0

23:15:07.0921 3304        \Device\Harddisk0\DR0\Partition0 - ok

23:15:07.0953 3304        Boot (0x1200)   (713a82280446707cdccdd987c6d8c6e5) \Device\Harddisk0\DR0\Partition1

23:15:07.0953 3304        \Device\Harddisk0\DR0\Partition1 - ok

23:15:07.0953 3304        ============================================================

23:15:07.0953 3304        Scan finished

23:15:07.0968 3304        ============================================================

23:15:07.0984 3016        Detected object count: 1

23:15:07.0984 3016        Actual detected object count: 1

23:15:57.0281 3016        \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot

23:15:57.0281 3016        \Device\Harddisk0\DR0 - ok

23:15:57.0281 3016        \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure 

23:16:09.0828 3944        Deinitialize success

CombiFix
Combofix Logfile:

Code:

ComboFix 11-12-26.03 - Ole 12/26/2011  23:26:14.1.2 - x86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1031.18.1014.537 [GMT 1:00]

Running from: c:\dokumente und einstellungen\Ole\Desktop\cofi.exe

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\dokumente und einstellungen\All Users\FullRemove.exe

c:\windows\system32\Thumbs.db

.

.

(((((((((((((((((((((((((   Files Created from 2011-11-26 to 2011-12-26  )))))))))))))))))))))))))))))))

.

.

2011-12-26 16:57 . 2011-12-26 16:57        --------        d-----w-        c:\dokumente und einstellungen\Ole\Anwendungsdaten\Malwarebytes

2011-12-26 16:57 . 2011-12-26 16:57        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2011-12-26 16:57 . 2011-08-31 16:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-12-26 16:57 . 2011-12-26 16:57        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2011-12-14 08:54 . 2011-12-14 08:54        --------        d-----w-        c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Opera

2011-12-14 08:54 . 2011-12-14 08:54        --------        d-----r-        c:\dokumente und einstellungen\LocalService\Eigene Dateien

2011-12-14 08:50 . 2011-12-14 08:50        --------        d-----r-        c:\dokumente und einstellungen\LocalService\Favoriten

2011-12-08 21:22 . 2011-12-08 21:22        --------        d-----w-        c:\programme\ETS

2011-12-08 21:22 . 2011-12-08 21:22        --------        d-----w-        c:\dokumente und einstellungen\Ole\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations

2011-12-07 17:00 . 2011-12-07 17:00        --------        d-----w-        c:\programme\Gemeinsame Dateien\Java

2011-12-07 15:47 . 2011-12-07 15:46        128000        ----a-w-        c:\windows\system32\javacpl.cpl

2011-12-07 15:46 . 2011-12-08 19:11        --------        d-----w-        c:\programme\Java

2011-12-07 15:37 . 2011-12-26 21:54        --------        d-----w-        c:\dokumente und einstellungen\Ole\Lokale Einstellungen\Anwendungsdaten\NPE

2011-12-07 15:37 . 2011-12-07 15:37        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton

2011-12-07 15:12 . 2011-12-07 15:12        --------        d-----w-        c:\dokumente und einstellungen\Ole\Lokale Einstellungen\Anwendungsdaten\Sun

2011-12-07 10:23 . 2011-12-07 10:23        --------        d-----w-        c:\programme\Sophos

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-07 15:46 . 2010-11-29 19:27        544656        ----a-w-        c:\windows\system32\deployJava1.dll

2011-12-07 10:19 . 2011-08-09 01:29        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-23 14:40 . 2010-01-22 23:58        1859712        ----a-w-        c:\windows\system32\win32k.sys

2011-11-04 19:13 . 2010-01-22 23:58        916992        ----a-w-        c:\windows\system32\wininet.dll

2011-11-04 19:13 . 2010-01-22 23:58        43520        ----a-w-        c:\windows\system32\licmgr10.dll

2011-11-04 19:13 . 2010-01-22 23:58        1469440        ----a-w-        c:\windows\system32\inetcpl.cpl

2011-11-04 11:23 . 2010-01-22 23:58        385024        ----a-w-        c:\windows\system32\html.iec

2011-11-01 16:07 . 2010-01-22 23:58        1288704        ----a-w-        c:\windows\system32\ole32.dll

2011-10-28 05:31 . 2010-01-22 23:58        33280        ----a-w-        c:\windows\system32\csrsrv.dll

2011-10-26 10:49 . 2008-04-14 07:30        2029568        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2011-10-26 10:49 . 2008-04-14 07:29        2151424        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-10-18 11:13 . 2010-01-22 23:58        186880        ----a-w-        c:\windows\system32\encdec.dll

2011-10-11 13:00 . 2011-10-22 23:05        74640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-10-11 13:00 . 2011-10-22 23:05        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2011-10-11 13:00 . 2011-10-22 23:05        134344        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-10-10 14:22 . 2010-01-23 09:09        692736        ----a-w-        c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2010-01-22 23:58        604160        ----a-w-        c:\windows\system32\crypt32.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-28 141336]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-28 141336]

"SynAsusAcpi"="c:\programme\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]

"AsusACPIServer"="c:\programme\EeePC\ACPI\AsAcpiSvr.exe" [2010-01-27 995752]

"AsusEPCMonitor"="c:\programme\EeePC\ACPI\AsEPCMon.exe" [2009-05-09 98304]

"AsusTray"="c:\programme\EeePC\ACPI\AsTray.exe" [2009-06-26 118784]

"RTHDCPL"="RTHDCPL.EXE" [2010-01-18 18790432]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-05-04 252136]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\dokumente und einstellungen\Ole\Startmenü\Programme\Autostart\

OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\programme\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\

SuperHybridEngine.lnk - c:\programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2010-3-4 385024]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Ole^Startmenü^Programme^Autostart^OpenOffice.org 3.3.lnk]

path=c:\dokumente und einstellungen\Ole\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk

backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 10:55        937920        ----a-w-        c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CapsHook]

2010-02-04 16:19        440224        ----a-w-        c:\programme\EeePC\CapsHook\CapsHook.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]

2011-10-22 22:34        247968        ----a-w-        c:\windows\system32\Macromed\Flash\FlashUtil11c_Plugin.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-09-28 13:59        173592        ----a-w-        c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate]

2010-01-29 19:18        751592        ----a-w-        c:\programme\ASUS\LiveUpdate\LiveUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-05-04 12:59        252136        ----a-w-        c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"JavaQuickStarterService"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Programme\\Opera\\opera.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [3/4/2010 7:19 PM 11448]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [10/23/2011 12:05 AM 36000]

R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [10/23/2011 12:05 AM 86224]

R2 Iprip;RIP-Überwachung;c:\windows\System32\svchost.exe -k netsvcs [1/23/2010 12:58 AM 14336]

R3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;c:\windows\system32\drivers\jmccgp.sys [11/27/2010 7:44 AM 15216]

R3 JmUsbVideo;JMicron 31x Upper Filter Driver;c:\windows\system32\drivers\jmcam.sys [11/27/2010 7:44 AM 44400]

R3 JmUsbVideo2;JMicron 31x Lower Filter Driver;c:\windows\system32\drivers\jmcam_lo.sys [11/27/2010 7:44 AM 24176]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [11/3/2009 9:34 AM 44032]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/27/2010 7:43 AM 1691480]

S3 l176i_ub.sys;l176i_ub.sys;\??\c:\windows\system32\drivers\l176i_ub.sys --> c:\windows\system32\drivers\l176i_ub.sys [?]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3.tmp --> c:\windows\system32\3.tmp [?]

S3 xcpip;TCP/IP-Protokolltreiber;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]

S3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 22259425

*Deregistered* - 22259425

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc        REG_MULTI_SZ           p2psvc p2pimsvc p2pgasvc PNRPSvc

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.de/

IE: Free YouTube Download - c:\dokumente und einstellungen\Ole\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Ole\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Senden an Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.178.1

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

MSConfigStartUp-AdobeUpdater6 - c:\programme\Gemeinsame Dateien\Adobe\Updater6\Adobe_Updater.exe

MSConfigStartUp-ICQ - c:\programme\ICQ7.2\ICQ.exe

MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe

MSConfigStartUp-QuickTime Task - c:\programme\QuickTime\QTTask.exe

MSConfigStartUp-Steam - c:\programme\Steam\Steam.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-12-26 23:32

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...  

.

scanning hidden autostart entries ... 

.

scanning hidden files ...  

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\3.tmp"

.

Completion time: 2011-12-26  23:35:09

ComboFix-quarantined-files.txt  2011-12-26 22:35

.

Pre-Run: 5 Verzeichnis(se), 24,056,881,152 Bytes frei

Post-Run: 7 Verzeichnis(se), 24,164,376,576 Bytes frei

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 8B6053B2F1325440E0F87F2812E34146

--- --- ---

ComboFix-quarantined-files -Wichtig??-

HTML-Code:

2011-12-28 20:32:44 . 2011-12-28 20:32:44                0 ----a-w-  C:\Qoobox\Quarantine\Replicators\Replicator_1.txt

2011-12-26 22:34:19 . 2011-12-26 22:34:19              576 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Steam.reg.dat

2011-12-26 22:34:19 . 2011-12-26 22:34:19              614 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-QuickTime Task.reg.dat

2011-12-26 22:34:19 . 2011-12-26 22:34:19              640 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-MsnMsgr.reg.dat

2011-12-26 22:34:19 . 2011-12-26 22:34:19              588 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-ICQ.reg.dat

2011-12-26 22:34:18 . 2011-12-26 22:34:18              668 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-AdobeUpdater6.reg.dat

2011-12-26 22:34:18 . 2011-12-26 22:34:18              668 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Adobe Reader Speed Launcher.reg.dat

2011-12-26 22:29:45 . 2011-12-28 20:31:06            7,146 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2011-12-26 22:21:19 . 2011-12-28 20:24:06              102 ----a-w-  C:\Qoobox\Quarantine\catchme.log

2010-03-04 18:49:18 . 2009-09-10 15:34:58          131,368 ----a-w-  C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\All Users\FullRemove.exe.vir

2010-01-22 23:59:00 . 2008-07-02 03:33:00            4,608 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\Thumbs.db.vir