Sinowal ?!

gerd076 · 23.10.2011, 21:20

Hallo zusammen,

gleich vorneweg, ich hab nicht wirklich viel Ahnung, beiße mich aber durch und hoffe auf Eure Hilfe:
Mein Antivir hat Alarm geschlagen und für mehrere Dateien BDS/Sinowal.380901 gemeldet. Ich habe daraufhin einen vollständige Systemprüfung mit Antivir gemacht und die infizierten Dateien später auch unter Quarantäne stellen lassen.

Ich hab dann den Rechner nochmal mit der Kaspersky-Rescue CD geprüft. Da wurden mir zwei .tmp Dateien mit Sinowal.oyz gemeldet, die ich gelöscht habe.

Seitdem kommen keine Warnungen mehr.
Hab aber gelesen, dass man Sinowal nicht so ohne weiteres los wird ?!

Hänge hier noch den antivir-report das GMER logfile dran.
Was soll ich tun ?

gerd076 · 23.10.2011, 21:33

Hier noch das OTL Logfile

cosinus · 24.10.2011, 11:36

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

gerd076 · 24.10.2011, 14:35

Das ist das Malwarebytes Logfile von gestern abend:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8006

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

23.10.2011 21:49:27
mbam-log-2011-10-23 (21-49-27).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 161419
Laufzeit: 5 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Irgendwie kann ich Malwarebytes gerade nicht aktualisieren.
Das hängt sich da immer auf. Ich probier mal noch bissel...

cosinus · 24.10.2011, 14:56

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Zitat:

Art des Suchlaufs: Quick-Scan

Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!

gerd076 · 24.10.2011, 16:22

So, also Aktualisierung von Malwarebyte geht absolut nicht. Soll ich es nochmal neu installieren ? Hab den Vollscan mit der Version von gestern abend gemacht. Andere Logfiles hab ich nicht.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8006

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

24.10.2011 17:17:51
mbam-log-2011-10-24 (17-17-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|I:\|)
Durchsuchte Objekte: 300244
Laufzeit: 1 Stunde(n), 35 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

ESET log folgt.
Vielen Dank schonmal.

gerd076 · 24.10.2011, 16:25

So, also Aktualisierung von Malwarebytes geht absolut nicht. Soll ich es nochmal neu installieren ? Hab den Vollscan mit der Version von gestern abend gemacht. Andere logfiles hab ich nicht.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8006

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

24.10.2011 17:17:51
mbam-log-2011-10-24 (17-17-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|I:\|)
Durchsuchte Objekte: 300244
Laufzeit: 1 Stunde(n), 35 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

ESET log folgt.

Vielen Dank schonmal.

gerd076 · 25.10.2011, 04:20

Malwarebytes Log nach Aktualisierung

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8013

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

24.10.2011 21:53:55
mbam-log-2011-10-24 (21-53-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 300385
Laufzeit: 1 Stunde(n), 30 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

ESET Log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9f386078d47c7046b93e80d79bfb20a0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-24 09:31:07
# local_time=2011-10-24 11:31:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 259378 259378 0 0
# compatibility_mode=5892 16776573 100 100 449 157019320 0 0
# compatibility_mode=8192 67108863 100 0 144 144 0 0
# scanned=149065
# found=0
# cleaned=0
# scan_time=5275

MfG Gerd

cosinus · 25.10.2011, 11:13

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

gerd076 · 25.10.2011, 13:29

OTL Log

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 25.10.2011 13:59:48 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\gk\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 64,04% Memory free
5,72 Gb Paging File | 4,66 Gb Available in Paging File | 81,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 87,22 Gb Free Space | 60,55% Space Free | Partition Type: NTFS
Drive D: | 144,04 Gb Total Space | 101,21 Gb Free Space | 70,27% Space Free | Partition Type: NTFS
Drive F: | 61,33 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: GK-PC | User Name: gk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\gk\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Users\gk\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\ACER\Mobility Center\MobilityService.exe ()
PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\74c35ed223614a5c164e8da4188690ae\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6a39ee17f7cefb77c8e98dbfb72b058b\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\Programme\Launch Manager\PowerUtl.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (AVM IGD CTRL Service) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (de_serv) -- C:\Programme\Common Files\AVM\De_serv.exe (AVM Berlin)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NetPeeker) -- C:\Windows\System32\drivers\netpeeker.sys (eMing Software Inc.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (s1039mdm) -- C:\Windows\System32\drivers\s1039mdm.sys (MCCI Corporation)
DRV - (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1039unic.sys (MCCI Corporation)
DRV - (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1039mgmt.sys (MCCI Corporation)
DRV - (s1039obex) -- C:\Windows\System32\drivers\s1039obex.sys (MCCI Corporation)
DRV - (s1039bus) Sony Ericsson Device 1039 driver (WDM) -- C:\Windows\System32\drivers\s1039bus.sys (MCCI Corporation)
DRV - (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1039nd5.sys (MCCI Corporation)
DRV - (s1039mdfl) -- C:\Windows\System32\drivers\s1039mdfl.sys (MCCI Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (HPFXBULK) -- C:\Windows\System32\drivers\hpfxbulk.sys (Hewlett Packard)
DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.arcor.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.05.06 10:58:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.30 08:36:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.24 12:02:35 | 000,000,000 | ---D | M]
 
[2010.07.20 15:34:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gk\AppData\Roaming\mozilla\Extensions
[2010.02.14 08:51:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gk\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.10.24 15:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gk\AppData\Roaming\mozilla\Firefox\Profiles\ysoa0361.default\extensions
[2010.07.20 15:39:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\gk\AppData\Roaming\mozilla\Firefox\Profiles\ysoa0361.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.23 00:43:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\gk\AppData\Roaming\mozilla\Firefox\Profiles\ysoa0361.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.10.19 13:51:10 | 000,000,917 | ---- | M] () -- C:\Users\gk\AppData\Roaming\Mozilla\Firefox\Profiles\ysoa0361.default\searchplugins\conduit.xml
[2011.10.24 12:02:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.09.30 09:03:36 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.10.24 12:02:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.10.24 12:02:35 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.06.23 23:15:23 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.23 23:15:23 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.23 23:15:23 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.23 23:15:23 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.23 23:15:23 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Felder mit Bestellhelfer ausfüllen - C:\Program Files\DHL\DHL Bestellhelfer\fillFormContext.html ()
O8 - Extra context menu item: Felder mit Bestellhelfer merken - C:\Program Files\DHL\DHL Bestellhelfer\assignContext.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: DHL Bestellhelfer - {AC38BD53-2101-4ec8-A4D7-D1E58C690E71} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : DHL Bestellhelfer - {AC38BD53-2101-4ec8-A4D7-D1E58C690E71} - Reg Error: Key error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D13BB00-D191-4664-A7AB-70C1FE2A1D71}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.07.07 22:46:00 | 000,000,113 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2ef1b102-a44a-11de-9d24-00235a5332dc}\Shell - "" = AutoRun
O33 - MountPoints2\{2ef1b102-a44a-11de-9d24-00235a5332dc}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 04:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\{2ef1b107-a44a-11de-9d24-00235a5332dc}\Shell - "" = AutoRun
O33 - MountPoints2\{2ef1b107-a44a-11de-9d24-00235a5332dc}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{62812691-162d-11de-b22a-00235a5332dc}\Shell - "" = AutoRun
O33 - MountPoints2\{62812691-162d-11de-b22a-00235a5332dc}\Shell\AutoRun\command - "" = G:\autorun.exe de
O33 - MountPoints2\{86d5f771-1933-11df-9839-00235a5332dc}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe
O33 - MountPoints2\{ab3657be-31bd-11e0-a0cc-a9513bcf59d2}\Shell - "" = AutoRun
O33 - MountPoints2\{ab3657be-31bd-11e0-a0cc-a9513bcf59d2}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 04:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\{ba7763a4-a454-11de-97f7-00235a5332dc}\Shell - "" = AutoRun
O33 - MountPoints2\{ba7763a4-a454-11de-97f7-00235a5332dc}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 04:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\{d465a0e0-3dd1-11e0-aea7-c5e25171a7db}\Shell - "" = AutoRun
O33 - MountPoints2\{d465a0e0-3dd1-11e0-aea7-c5e25171a7db}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 04:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.24 22:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.10.24 22:00:17 | 002,322,184 | ---- | C] (ESET) -- C:\Users\gk\Desktop\esetsmartinstaller_enu.exe
[2011.10.24 12:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.10.24 12:03:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.10.23 22:21:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\gk\Desktop\OTL.exe
[2011.10.23 22:15:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.10.23 22:07:59 | 000,000,000 | ---D | C] -- C:\log2
[2011.10.23 21:43:06 | 000,000,000 | ---D | C] -- C:\Users\gk\AppData\Roaming\Malwarebytes
[2011.10.23 21:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.23 21:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.23 21:42:52 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.10.23 21:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.10.23 19:46:17 | 000,000,000 | ---D | C] -- C:\logs
[2011.10.23 16:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetPeeker
[2011.10.23 16:00:18 | 000,236,400 | ---- | C] (eMing Software Inc.) -- C:\Windows\System32\drivers\netpeeker.sys
[2011.10.23 16:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\NetPeeker
[2011.10.23 15:59:03 | 000,000,000 | ---D | C] -- C:\Neuer Ordner
[2011.10.22 23:46:38 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011.10.22 23:46:38 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.10.22 08:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2011.10.22 08:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2011.10.22 08:04:18 | 000,000,000 | ---D | C] -- C:\Users\gk\AppData\Roaming\Canneverbe Limited
[2011.10.22 08:04:04 | 000,000,000 | ---D | C] -- C:\Users\gk\AppData\Roaming\OpenCandy
[2011.10.22 08:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2011.10.22 08:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011.10.22 08:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011.10.22 08:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\Winload
[2011.10.22 08:03:06 | 000,000,000 | ---D | C] -- C:\Users\gk\AppData\Local\Conduit
[2011.10.22 00:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.10.21 22:33:01 | 000,000,000 | ---D | C] -- C:\Windows\Profiles
[2011.10.21 22:06:20 | 000,000,000 | ---D | C] -- C:\Users\gk\AppData\Roaming\Avira
[2011.10.21 22:00:21 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.10.21 22:00:19 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.21 22:00:19 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.21 22:00:19 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.10.21 22:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.10.21 22:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.10.21 08:54:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011.10.21 07:47:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\IO
[2009.01.17 03:02:23 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.25 13:57:47 | 000,023,097 | ---- | M] () -- C:\Windows\NetPkr.str
[2011.10.25 13:51:49 | 000,637,346 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.25 13:51:49 | 000,594,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.25 13:51:49 | 000,128,786 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.25 13:51:49 | 000,106,596 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.25 13:48:45 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.25 13:46:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.25 13:46:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.25 13:46:37 | 000,088,050 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.10.25 13:46:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.25 13:46:28 | 2951,053,312 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.25 13:45:54 | 000,003,288 | ---- | M] () -- C:\Windows\NetPkr.Rul
[2011.10.25 05:12:13 | 000,088,050 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.10.25 01:07:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.24 22:00:23 | 002,322,184 | ---- | M] (ESET) -- C:\Users\gk\Desktop\esetsmartinstaller_enu.exe
[2011.10.24 12:06:56 | 000,000,697 | ---- | M] () -- C:\Windows\NPGUI.INI
[2011.10.24 11:44:29 | 000,003,166 | ---- | M] () -- C:\Windows\NETPKR.RUL.4
[2011.10.23 22:21:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\gk\Desktop\OTL.exe
[2011.10.23 21:42:58 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.23 16:06:36 | 000,003,166 | ---- | M] () -- C:\Windows\NETPKR.RUL.3
[2011.10.23 16:06:16 | 000,003,061 | ---- | M] () -- C:\Windows\NETPKR.RUL.2
[2011.10.23 16:05:47 | 000,002,955 | ---- | M] () -- C:\Windows\NETPKR.RUL.1
[2011.10.23 16:00:19 | 000,236,400 | ---- | M] (eMing Software Inc.) -- C:\Windows\System32\drivers\netpeeker.sys
[2011.10.23 16:00:19 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\NetPeeker 3.30.LNK
[2011.10.23 00:35:23 | 000,311,774 | ---- | M] () -- C:\Users\gk\AppData\Local\census.cache
[2011.10.23 00:35:01 | 000,235,883 | ---- | M] () -- C:\Users\gk\AppData\Local\ars.cache
[2011.10.23 00:24:00 | 000,000,036 | ---- | M] () -- C:\Users\gk\AppData\Local\housecall.guid.cache
[2011.10.22 23:46:36 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011.10.22 23:46:36 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2011.10.22 08:55:00 | 000,083,968 | ---- | M] () -- C:\Users\gk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.22 08:04:07 | 000,001,738 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2011.10.22 07:56:26 | 000,000,043 | ---- | M] () -- C:\Windows\gswin32.ini
[2011.10.22 07:55:59 | 000,001,832 | ---- | M] () -- C:\Users\gk\Desktop\Cyberlink PowerDirector.lnk
[2011.10.22 00:58:36 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.10.21 22:36:31 | 000,000,042 | ---- | M] () -- C:\Windows\System32\scud.udf
[2011.10.21 10:23:52 | 000,440,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.11 15:06:12 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.11 15:06:12 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.11 15:06:12 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.24 11:44:29 | 000,003,166 | ---- | C] () -- C:\Windows\NETPKR.RUL.4
[2011.10.23 21:42:58 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.23 16:06:36 | 000,003,166 | ---- | C] () -- C:\Windows\NETPKR.RUL.3
[2011.10.23 16:06:16 | 000,003,061 | ---- | C] () -- C:\Windows\NETPKR.RUL.2
[2011.10.23 16:05:47 | 000,002,955 | ---- | C] () -- C:\Windows\NETPKR.RUL.1
[2011.10.23 16:02:21 | 000,000,697 | ---- | C] () -- C:\Windows\NPGUI.INI
[2011.10.23 16:00:34 | 000,023,097 | ---- | C] () -- C:\Windows\NetPkr.str
[2011.10.23 16:00:19 | 000,003,288 | ---- | C] () -- C:\Windows\NetPkr.Rul
[2011.10.23 16:00:19 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\NetPeeker 3.30.LNK
[2011.10.23 00:35:23 | 000,311,774 | ---- | C] () -- C:\Users\gk\AppData\Local\census.cache
[2011.10.23 00:35:01 | 000,235,883 | ---- | C] () -- C:\Users\gk\AppData\Local\ars.cache
[2011.10.23 00:24:00 | 000,000,036 | ---- | C] () -- C:\Users\gk\AppData\Local\housecall.guid.cache
[2011.10.22 08:04:07 | 000,001,738 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2011.10.22 08:04:07 | 000,001,688 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2011.10.21 22:36:31 | 000,000,042 | ---- | C] () -- C:\Windows\System32\scud.udf
[2011.10.21 22:00:51 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.10.21 08:53:22 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011.10.21 08:53:22 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011.10.21 08:53:22 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011.03.31 10:01:54 | 000,195,266 | ---- | C] () -- C:\Windows\hppins13.dat
[2011.03.31 10:01:54 | 000,006,760 | ---- | C] () -- C:\Windows\hppmdl13.dat
[2011.03.31 10:01:43 | 000,000,619 | ---- | C] () -- C:\Windows\System32\hppapr13.dat
[2010.07.20 15:34:36 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.03.10 18:50:34 | 000,000,740 | ---- | C] () -- C:\Windows\wiso.ini
[2009.12.05 12:48:45 | 000,000,680 | ---- | C] () -- C:\Users\gk\AppData\Local\d3d9caps.dat
[2009.10.14 15:23:44 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.10.14 15:23:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2009.10.14 14:57:57 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2009.06.21 20:13:41 | 000,000,059 | ---- | C] () -- C:\Windows\wininit.ini
[2009.06.07 21:25:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.04.08 17:25:20 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009.03.25 17:48:07 | 000,024,206 | ---- | C] () -- C:\Users\gk\AppData\Roaming\UserTile.png
[2009.03.25 17:39:36 | 000,004,096 | -H-- | C] () -- C:\Users\gk\AppData\Local\keyfile3.drm
[2009.03.16 00:55:45 | 000,083,968 | ---- | C] () -- C:\Users\gk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.13 15:11:04 | 000,088,050 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.03.13 13:47:21 | 000,000,100 | ---- | C] () -- C:\Users\gk\AppData\Roaming\wklnhst.dat
[2009.03.13 13:41:10 | 000,088,050 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.02.21 15:45:50 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009.02.21 15:45:50 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009.02.21 15:45:50 | 000,009,216 | ---- | C] () -- C:\Windows\usbvideo_reg.exe
[2009.02.21 15:45:50 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009.01.17 03:00:54 | 000,014,640 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2009.01.16 20:57:26 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2009.01.16 20:57:26 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2009.01.16 19:40:41 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2009.01.16 19:40:41 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009.01.16 19:40:41 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009.01.16 19:40:41 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009.01.16 18:46:27 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.01.16 18:46:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.06.23 13:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.05.23 17:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2008.01.21 09:15:58 | 000,637,346 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,128,786 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.03.29 22:00:40 | 000,203,264 | ---- | C] () -- C:\Windows\System32\CddbCdda.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,440,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,594,776 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,106,596 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2009.01.16 20:31:31 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Acer GameZone Console
[2010.03.10 18:43:12 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Buhl Data Service
[2010.02.04 11:30:35 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Camfrog
[2011.10.22 08:04:18 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Canneverbe Limited
[2009.03.12 19:51:54 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\eSobi
[2009.03.13 13:48:16 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Flood Light Games
[2010.08.29 15:35:27 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Fraunhofer
[2009.03.13 16:06:11 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\FRITZ!
[2011.06.30 16:57:55 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\go
[2011.10.03 10:37:02 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\ICQ
[2009.05.06 11:00:56 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Nokia
[2009.10.04 01:37:52 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\OCS
[2011.10.22 08:04:04 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\OpenCandy
[2009.10.04 01:37:58 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Opera
[2009.05.06 11:01:03 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\PC Suite
[2009.03.25 17:48:07 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\PeerNetworking
[2009.03.27 21:44:45 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\PowerCinema
[2009.03.27 21:44:54 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\SoftDMA
[2011.02.21 20:23:51 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Sony
[2011.02.21 20:17:57 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Sony Setup
[2009.10.04 12:09:47 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\soul.im
[2009.03.13 13:47:21 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Template
[2010.02.14 08:51:42 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\TomTom
[2010.01.04 02:37:44 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\TuneUp Software
[2009.09.18 14:27:47 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Vodafone
[2009.11.27 18:21:38 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Windows Live Writer
[2011.10.25 05:23:28 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.01.16 20:31:31 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Acer GameZone Console
[2009.03.13 15:15:10 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Adobe
[2010.04.06 12:25:52 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Apple Computer
[2011.10.21 22:06:20 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Avira
[2010.03.10 18:43:12 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Buhl Data Service
[2010.02.04 11:30:35 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Camfrog
[2011.10.22 08:04:18 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Canneverbe Limited
[2009.03.27 21:44:56 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\CyberLink
[2010.03.03 11:42:17 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\dvdcss
[2009.03.12 19:51:54 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\eSobi
[2009.03.13 13:48:16 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Flood Light Games
[2010.08.29 15:35:27 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Fraunhofer
[2009.03.13 16:06:11 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\FRITZ!
[2011.06.30 16:57:55 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\go
[2009.03.15 00:11:53 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Google
[2011.10.03 10:37:02 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\ICQ
[2009.03.12 19:32:18 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Identities
[2009.03.12 19:32:45 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Macromedia
[2011.10.23 21:43:06 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Media Center Programs
[2010.07.08 23:25:21 | 000,000,000 | --SD | M] -- C:\Users\gk\AppData\Roaming\Microsoft
[2010.06.19 14:36:03 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Mozilla
[2009.05.06 11:00:56 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Nokia
[2009.10.04 01:37:52 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\OCS
[2011.10.22 08:04:04 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\OpenCandy
[2009.10.04 01:37:58 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Opera
[2009.05.06 11:01:03 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\PC Suite
[2009.03.25 17:48:07 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\PeerNetworking
[2009.03.27 21:44:45 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\PowerCinema
[2011.10.21 17:14:15 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Skype
[2011.05.28 11:56:08 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\skypePM
[2009.03.27 21:44:54 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\SoftDMA
[2011.02.21 20:23:51 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Sony
[2011.02.21 20:17:57 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Sony Setup
[2009.10.04 12:09:47 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\soul.im
[2009.03.13 13:47:21 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Template
[2010.02.14 08:51:42 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\TomTom
[2010.01.04 02:37:44 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\TuneUp Software
[2009.03.27 22:05:59 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\vlc
[2009.09.18 14:27:47 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Vodafone
[2011.03.24 22:57:41 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Winamp
[2009.11.27 18:21:38 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Windows Live Writer
[2009.03.28 23:45:18 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.02.06 17:40:14 | 000,001,406 | R--- | M] () -- C:\Users\gk\AppData\Roaming\Microsoft\Installer\{47D80D13-607F-4F1D-A99B-C66BE2C0293F}\_6FEFF9B68218417F98F549.exe
[2009.10.04 01:37:52 | 000,106,496 | ---- | M] () -- C:\Users\gk\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2009.10.04 01:37:52 | 000,040,960 | ---- | M] () -- C:\Users\gk\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2011.08.01 18:32:56 | 005,845,544 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\gk\AppData\Roaming\OpenCandy\OpenCandy_3BE2CBAB1D0040CFAD51E2A8565B8691\ds_DeDnCD_driverscanner.exe
[2011.10.22 08:04:06 | 000,416,160 | ---- | M] () -- C:\Users\gk\AppData\Roaming\OpenCandy\OpenCandy_3BE2CBAB1D0040CFAD51E2A8565B8691\LatestDLMgr.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 23:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\Cyberlink\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2008.08.19 04:58:42 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=2A0CC26D67B38460CC7563BC8313C1D6 -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset MCP79\IDE\WinVista\sataraid\nvstor32.sys
[2008.08.19 04:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset MCP79\IDE\WinVista\sata_ide\nvstor32.sys
[2008.08.19 04:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\Windows\System32\drivers\nvstor32.sys
[2008.08.19 04:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_de3b0723\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:05113FB9
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:F3176E45

< End of report >

--- --- ---

Danke
MfG Gerd

cosinus · 25.10.2011, 14:45

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.arcor.de/"
[2011.10.19 13:51:10 | 000,000,917 | ---- | M] () -- C:\Users\gk\AppData\Roaming\Mozilla\Firefox\Profiles\ysoa0361.default\searchplugins\conduit.xml
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.07.07 22:46:00 | 000,000,113 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2ef1b102-a44a-11de-9d24-00235a5332dc}\Shell - "" = AutoRun
O33 - MountPoints2\{2ef1b102-a44a-11de-9d24-00235a5332dc}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 04:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\{2ef1b107-a44a-11de-9d24-00235a5332dc}\Shell - "" = AutoRun
O33 - MountPoints2\{2ef1b107-a44a-11de-9d24-00235a5332dc}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{62812691-162d-11de-b22a-00235a5332dc}\Shell - "" = AutoRun
O33 - MountPoints2\{62812691-162d-11de-b22a-00235a5332dc}\Shell\AutoRun\command - "" = G:\autorun.exe de
O33 - MountPoints2\{86d5f771-1933-11df-9839-00235a5332dc}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe
O33 - MountPoints2\{ab3657be-31bd-11e0-a0cc-a9513bcf59d2}\Shell - "" = AutoRun
O33 - MountPoints2\{ab3657be-31bd-11e0-a0cc-a9513bcf59d2}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 04:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\{ba7763a4-a454-11de-97f7-00235a5332dc}\Shell - "" = AutoRun
O33 - MountPoints2\{ba7763a4-a454-11de-97f7-00235a5332dc}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 04:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\{d465a0e0-3dd1-11e0-aea7-c5e25171a7db}\Shell - "" = AutoRun
O33 - MountPoints2\{d465a0e0-3dd1-11e0-aea7-c5e25171a7db}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 04:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:05113FB9
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:F3176E45
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

gerd076 · 25.10.2011, 15:25

Ich habe zwar keine Ahnung, was ich hier tue, aber es ist auf jeden Fall sehr spannend

PHP-Code:

  All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully.

C:\Programme\Winload\prxtbWinl.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.

C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.

File C:\Programme\Winload\prxtbWinl.dll not found.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

Prefs.js: "Winload Customized Web Search" removed from browser.search.defaultthis.engineName

Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl

Prefs.js: "Winload Customized Web Search" removed from browser.search.selectedEngine

Prefs.js: "hxxp://www.arcor.de/" removed from browser.startup.homepage

C:\Users\gk\AppData\Roaming\Mozilla\Firefox\Profiles\ysoa0361.default\searchplugins\conduit.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

C:\Programme\ConduitEngine\prxConduitEngine.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.

File C:\Programme\Winload\prxtbWinl.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

File C:\Programme\ConduitEngine\prxConduitEngine.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.

File C:\Programme\Winload\prxtbWinl.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

File C:\Programme\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40C3CC16-7269-4B32-9531-17F2950FB06F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}\ not found.

File C:\Programme\Winload\prxtbWinl.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Programme\Ask.com\GenericAskToolbar.dll not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

File F:\Autorun.inf not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ef1b102-a44a-11de-9d24-00235a5332dc}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ef1b102-a44a-11de-9d24-00235a5332dc}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ef1b102-a44a-11de-9d24-00235a5332dc}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ef1b102-a44a-11de-9d24-00235a5332dc}\ not found.

File F:\setup_vmc_lite.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ef1b107-a44a-11de-9d24-00235a5332dc}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ef1b107-a44a-11de-9d24-00235a5332dc}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ef1b107-a44a-11de-9d24-00235a5332dc}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ef1b107-a44a-11de-9d24-00235a5332dc}\ not found.

File H:\setup_vmc_lite.exe /checkApplicationPresence not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62812691-162d-11de-b22a-00235a5332dc}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62812691-162d-11de-b22a-00235a5332dc}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62812691-162d-11de-b22a-00235a5332dc}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62812691-162d-11de-b22a-00235a5332dc}\ not found.

File G:\autorun.exe de not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86d5f771-1933-11df-9839-00235a5332dc}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86d5f771-1933-11df-9839-00235a5332dc}\ not found.

File I:\InstallTomTomHOME.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab3657be-31bd-11e0-a0cc-a9513bcf59d2}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab3657be-31bd-11e0-a0cc-a9513bcf59d2}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab3657be-31bd-11e0-a0cc-a9513bcf59d2}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab3657be-31bd-11e0-a0cc-a9513bcf59d2}\ not found.

File F:\setup_vmc_lite.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba7763a4-a454-11de-97f7-00235a5332dc}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba7763a4-a454-11de-97f7-00235a5332dc}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba7763a4-a454-11de-97f7-00235a5332dc}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba7763a4-a454-11de-97f7-00235a5332dc}\ not found.

File F:\setup_vmc_lite.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d465a0e0-3dd1-11e0-aea7-c5e25171a7db}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d465a0e0-3dd1-11e0-aea7-c5e25171a7db}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d465a0e0-3dd1-11e0-aea7-c5e25171a7db}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d465a0e0-3dd1-11e0-aea7-c5e25171a7db}\ not found.

File F:\Startme.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.

File F:\setup_vmc_lite.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.

File H:\setup_vmc_lite.exe /checkApplicationPresence not found.

ADS C:\ProgramData\Temp:A42A9F39 deleted successfully.

ADS C:\ProgramData\Temp:AB689DEA deleted successfully.

ADS C:\ProgramData\Temp:05113FB9 deleted successfully.

ADS C:\ProgramData\Temp:F3176E45 deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

 

User: gk

->Temp folder emptied: 304737475 bytes

->Java cache emptied: 63232514 bytes

->FireFox cache emptied: 57808965 bytes

->Flash cache emptied: 285020 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 30016 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 85234833 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 488,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 10252011_161652

 
Files\Folders moved on Reboot...

 
Registry entries deleted on Reboot...

MfG Gerd

cosinus · 25.10.2011, 15:43

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

gerd076 · 25.10.2011, 16:29

tdsskiller report

PHP-Code:

  17:22:51.0999 4280    TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21

17:22:52.0061 4280    ============================================================

17:22:52.0061 4280    Current date / time: 2011/10/25 17:22:52.0061

17:22:52.0061 4280    SystemInfo:

17:22:52.0061 4280    

17:22:52.0061 4280    OS Version: 6.0.6001 ServicePack: 1.0

17:22:52.0061 4280    Product type: Workstation

17:22:52.0061 4280    ComputerName: GK-PC

17:22:52.0061 4280    UserName: gk

17:22:52.0061 4280    Windows directory: C:\Windows

17:22:52.0061 4280    System windows directory: C:\Windows

17:22:52.0061 4280    Processor architecture: Intel x86

17:22:52.0061 4280    Number of processors: 2

17:22:52.0061 4280    Page size: 0x1000

17:22:52.0061 4280    Boot type: Normal boot

17:22:52.0061 4280    ============================================================

17:22:52.0592 4280    Initialize success

17:23:00.0516 4128    ============================================================

17:23:00.0516 4128    Scan started

17:23:00.0516 4128    Mode: Manual; SigCheck; TDLFS; 

17:23:00.0516 4128    ============================================================

17:23:01.0062 4128    ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys

17:23:01.0172 4128    ACPI - ok

17:23:01.0218 4128    adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

17:23:01.0250 4128    adp94xx - ok

17:23:01.0328 4128    adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

17:23:01.0343 4128    adpahci - ok

17:23:01.0406 4128    adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

17:23:01.0421 4128    adpu160m - ok

17:23:01.0452 4128    adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

17:23:01.0468 4128    adpu320 - ok

17:23:01.0562 4128    AFD             (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys

17:23:01.0624 4128    AFD - ok

17:23:01.0718 4128    agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

17:23:01.0718 4128    agp440 - ok

17:23:01.0749 4128    aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

17:23:01.0764 4128    aic78xx - ok

17:23:01.0780 4128    aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

17:23:01.0796 4128    aliide - ok

17:23:01.0874 4128    amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

17:23:01.0874 4128    amdagp - ok

17:23:01.0905 4128    amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

17:23:01.0920 4128    amdide - ok

17:23:01.0936 4128    AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

17:23:01.0967 4128    AmdK7 - ok

17:23:02.0045 4128    AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

17:23:02.0092 4128    AmdK8 - ok

17:23:02.0139 4128    arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

17:23:02.0154 4128    arc - ok

17:23:02.0248 4128    arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

17:23:02.0264 4128    arcsas - ok

17:23:02.0310 4128    AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

17:23:02.0342 4128    AsyncMac - ok

17:23:02.0420 4128    atapi           (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys

17:23:02.0435 4128    atapi - ok

17:23:02.0544 4128    athr            (44362605f5fff00c9b7696b47680a8c5) C:\Windows\system32\DRIVERS\athr.sys

17:23:02.0669 4128    athr - ok

17:23:02.0763 4128    avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys

17:23:02.0810 4128    avgntflt - ok

17:23:02.0841 4128    avipbb          (912d23140cd05980f6cdae790ddafc8d) C:\Windows\system32\DRIVERS\avipbb.sys

17:23:02.0856 4128    avipbb - ok

17:23:02.0888 4128    avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys

17:23:02.0903 4128    avkmgr - ok

17:23:02.0981 4128    b57nd60x        (ecb5707db7d5183e8bfbbc14b38c09bf) C:\Windows\system32\DRIVERS\b57nd60x.sys

17:23:03.0044 4128    b57nd60x - ok

17:23:03.0137 4128    Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

17:23:03.0168 4128    Beep - ok

17:23:03.0215 4128    blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

17:23:03.0246 4128    blbdrive - ok

17:23:03.0324 4128    bowser          (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys

17:23:03.0371 4128    bowser - ok

17:23:03.0465 4128    BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

17:23:03.0496 4128    BrFiltLo - ok

17:23:03.0543 4128    BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

17:23:03.0590 4128    BrFiltUp - ok

17:23:03.0668 4128    Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\DRIVERS\BrSerId.sys

17:23:03.0824 4128    Brserid - ok

17:23:03.0917 4128    BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

17:23:03.0980 4128    BrSerWdm - ok

17:23:04.0011 4128    BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

17:23:04.0073 4128    BrUsbMdm - ok

17:23:04.0136 4128    BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\DRIVERS\BrUsbSer.sys

17:23:04.0198 4128    BrUsbSer - ok

17:23:04.0245 4128    BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

17:23:04.0307 4128    BTHMODEM - ok

17:23:04.0385 4128    cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

17:23:04.0432 4128    cdfs - ok

17:23:04.0463 4128    cdrom           (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys

17:23:04.0510 4128    cdrom - ok

17:23:04.0588 4128    circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

17:23:04.0619 4128    circlass - ok

17:23:04.0666 4128    CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys

17:23:04.0682 4128    CLFS - ok

17:23:04.0760 4128    CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

17:23:04.0791 4128    CmBatt - ok

17:23:04.0822 4128    cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

17:23:04.0822 4128    cmdide - ok

17:23:04.0900 4128    Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

17:23:04.0900 4128    Compbatt - ok

17:23:04.0931 4128    crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

17:23:04.0947 4128    crcdisk - ok

17:23:04.0978 4128    Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

17:23:05.0009 4128    Crusoe - ok

17:23:05.0118 4128    DfsC            (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys

17:23:05.0150 4128    DfsC - ok

17:23:05.0196 4128    disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys

17:23:05.0212 4128    disk - ok

17:23:05.0274 4128    DKbFltr         (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys

17:23:05.0290 4128    DKbFltr - ok

17:23:05.0352 4128    DritekPortIO    (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys

17:23:05.0368 4128    DritekPortIO - ok

17:23:05.0462 4128    drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

17:23:05.0493 4128    drmkaud - ok

17:23:05.0540 4128    DXGKrnl         (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys

17:23:05.0633 4128    DXGKrnl - ok

17:23:05.0711 4128    E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

17:23:05.0758 4128    E1G60 - ok

17:23:05.0820 4128    Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys

17:23:05.0820 4128    Ecache - ok

17:23:05.0930 4128    elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

17:23:05.0945 4128    elxstor - ok

17:23:05.0976 4128    ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

17:23:06.0039 4128    ErrDev - ok

17:23:06.0148 4128    exfat           (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys

17:23:06.0195 4128    exfat - ok

17:23:06.0226 4128    fastfat         (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys

17:23:06.0257 4128    fastfat - ok

17:23:06.0335 4128    fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

17:23:06.0382 4128    fdc - ok

17:23:06.0429 4128    FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

17:23:06.0429 4128    FileInfo - ok

17:23:06.0507 4128    Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

17:23:06.0554 4128    Filetrace - ok

17:23:06.0585 4128    flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

17:23:06.0632 4128    flpydisk - ok

17:23:06.0710 4128    FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys

17:23:06.0725 4128    FltMgr - ok

17:23:06.0756 4128    Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

17:23:06.0803 4128    Fs_Rec - ok

17:23:06.0866 4128    gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

17:23:06.0881 4128    gagp30kx - ok

17:23:06.0928 4128    HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

17:23:06.0990 4128    HdAudAddService - ok

17:23:07.0022 4128    HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys

17:23:07.0084 4128    HDAudBus - ok

17:23:07.0146 4128    HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

17:23:07.0209 4128    HidBth - ok

17:23:07.0240 4128    HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

17:23:07.0287 4128    HidIr - ok

17:23:07.0365 4128    HidUsb          (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys

17:23:07.0396 4128    HidUsb - ok

17:23:07.0474 4128    HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

17:23:07.0490 4128    HpCISSs - ok

17:23:07.0552 4128    HPFXBULK        (299683d4c8aaa3f6f5d5d226a1782a6e) C:\Windows\system32\drivers\hpfxbulk.sys

17:23:07.0568 4128    HPFXBULK - ok

17:23:07.0646 4128    HTTP            (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys

17:23:07.0724 4128    HTTP - ok

17:23:07.0817 4128    hwdatacard      (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys

17:23:07.0848 4128    hwdatacard - ok

17:23:07.0942 4128    i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

17:23:07.0958 4128    i2omp - ok

17:23:07.0989 4128    i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

17:23:08.0020 4128    i8042prt - ok

17:23:08.0051 4128    iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

17:23:08.0051 4128    iaStorV - ok

17:23:08.0129 4128    iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

17:23:08.0145 4128    iirsp - ok

17:23:08.0238 4128    IntcAzAudAddService (56ac584fe02e0c1d5924892562cbd572) C:\Windows\system32\drivers\RTKVHDA.sys

17:23:08.0394 4128    IntcAzAudAddService - ok

17:23:08.0488 4128    intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

17:23:08.0504 4128    intelide - ok

17:23:08.0519 4128    intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

17:23:08.0550 4128    intelppm - ok

17:23:08.0582 4128    IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:23:08.0613 4128    IpFilterDriver - ok

17:23:08.0660 4128    IpInIp - ok

17:23:08.0722 4128    IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

17:23:08.0738 4128    IPMIDRV - ok

17:23:08.0769 4128    IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

17:23:08.0800 4128    IPNAT - ok

17:23:08.0862 4128    IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

17:23:08.0909 4128    IRENUM - ok

17:23:08.0925 4128    isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

17:23:08.0940 4128    isapnp - ok

17:23:08.0972 4128    iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys

17:23:08.0972 4128    iScsiPrt - ok

17:23:09.0050 4128    iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

17:23:09.0065 4128    iteatapi - ok

17:23:09.0112 4128    iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

17:23:09.0112 4128    iteraid - ok

17:23:09.0143 4128    JMCR            (4159687fbeeab60486cefd6a58f3a2d7) C:\Windows\system32\DRIVERS\jmcr.sys

17:23:09.0190 4128    JMCR - ok

17:23:09.0268 4128    kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

17:23:09.0284 4128    kbdclass - ok

17:23:09.0315 4128    kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys

17:23:09.0346 4128    kbdhid - ok

17:23:09.0408 4128    KSecDD          (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys

17:23:09.0440 4128    KSecDD - ok

17:23:09.0518 4128    lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

17:23:09.0549 4128    lltdio - ok

17:23:09.0596 4128    LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

17:23:09.0611 4128    LSI_FC - ok

17:23:09.0627 4128    LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

17:23:09.0642 4128    LSI_SAS - ok

17:23:09.0720 4128    LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

17:23:09.0736 4128    LSI_SCSI - ok

17:23:09.0767 4128    luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

17:23:09.0798 4128    luafv - ok

17:23:09.0830 4128    megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

17:23:09.0830 4128    megasas - ok

17:23:09.0908 4128    MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

17:23:09.0923 4128    MegaSR - ok

17:23:09.0986 4128    Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

17:23:10.0017 4128    Modem - ok

17:23:10.0079 4128    monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

17:23:10.0126 4128    monitor - ok

17:23:10.0157 4128    mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

17:23:10.0173 4128    mouclass - ok

17:23:10.0204 4128    mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

17:23:10.0251 4128    mouhid - ok

17:23:10.0313 4128    MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

17:23:10.0329 4128    MountMgr - ok

17:23:10.0391 4128    mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

17:23:10.0407 4128    mpio - ok

17:23:10.0469 4128    mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

17:23:10.0500 4128    mpsdrv - ok

17:23:10.0547 4128    Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

17:23:10.0563 4128    Mraid35x - ok

17:23:10.0578 4128    MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys

17:23:10.0625 4128    MRxDAV - ok

17:23:10.0703 4128    mrxsmb          (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:23:10.0734 4128    mrxsmb - ok

17:23:10.0812 4128    mrxsmb10        (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:23:10.0828 4128    mrxsmb10 - ok

17:23:10.0906 4128    mrxsmb20        (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:23:10.0922 4128    mrxsmb20 - ok

17:23:10.0984 4128    msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

17:23:11.0000 4128    msahci - ok

17:23:11.0046 4128    msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

17:23:11.0046 4128    msdsm - ok

17:23:11.0109 4128    Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

17:23:11.0156 4128    Msfs - ok

17:23:11.0187 4128    msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

17:23:11.0202 4128    msisadrv - ok

17:23:11.0265 4128    MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

17:23:11.0312 4128    MSKSSRV - ok

17:23:11.0343 4128    MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

17:23:11.0374 4128    MSPCLOCK - ok

17:23:11.0421 4128    MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

17:23:11.0452 4128    MSPQM - ok

17:23:11.0499 4128    MsRPC           (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys

17:23:11.0514 4128    MsRPC - ok

17:23:11.0577 4128    mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

17:23:11.0592 4128    mssmbios - ok

17:23:11.0655 4128    MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

17:23:11.0670 4128    MSTEE - ok

17:23:11.0686 4128    Mup             (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys

17:23:11.0702 4128    Mup - ok

17:23:11.0764 4128    NativeWifiP     (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys

17:23:11.0811 4128    NativeWifiP - ok

17:23:11.0904 4128    NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys

17:23:11.0920 4128    NDIS - ok

17:23:11.0951 4128    NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

17:23:11.0998 4128    NdisTapi - ok

17:23:12.0014 4128    Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

17:23:12.0045 4128    Ndisuio - ok

17:23:12.0107 4128    NdisWan         (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys

17:23:12.0123 4128    NdisWan - ok

17:23:12.0170 4128    NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

17:23:12.0216 4128    NDProxy - ok

17:23:12.0232 4128    NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

17:23:12.0279 4128    NetBIOS - ok

17:23:12.0341 4128    netbt           (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys

17:23:12.0372 4128    netbt - ok

17:23:12.0497 4128    NetPeeker       (3595a4d8ed987a5966060c0e5afcf1e2) C:\Windows\system32\DRIVERS\netpeeker.sys

17:23:12.0513 4128    NetPeeker - ok

17:23:12.0622 4128    netr28          (95725c00b580ed75a80e94acbc77cdbc) C:\Windows\system32\DRIVERS\netr28.sys

17:23:12.0700 4128    netr28 - ok

17:23:12.0809 4128    nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

17:23:12.0809 4128    nfrd960 - ok

17:23:12.0856 4128    nmwcd           (9a908a9bb857c2cceb2907eb9dcaeb8b) C:\Windows\system32\drivers\ccdcmb.sys

17:23:12.0887 4128    nmwcd - ok

17:23:12.0965 4128    nmwcdc          (68ec3ee2348e475ea62c66e6aafcfc9b) C:\Windows\system32\drivers\ccdcmbo.sys

17:23:12.0996 4128    nmwcdc - ok

17:23:13.0043 4128    Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys

17:23:13.0074 4128    Npfs - ok

17:23:13.0137 4128    nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

17:23:13.0168 4128    nsiproxy - ok

17:23:13.0230 4128    Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

17:23:13.0262 4128    Ntfs - ok

17:23:13.0324 4128    NTIDrvr         (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys

17:23:13.0340 4128    NTIDrvr - ok

17:23:13.0464 4128    ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

17:23:13.0527 4128    ntrigdigi - ok

17:23:13.0574 4128    Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

17:23:13.0605 4128    Null - ok

17:23:13.0683 4128    NVHDA           (faa22e6256d9fa2c7f77b67c68cdd749) C:\Windows\system32\drivers\nvhda32v.sys

17:23:13.0698 4128    NVHDA - ok

17:23:13.0917 4128    nvlddmkm        (996de3e355af722b340de8ef708651de) C:\Windows\system32\DRIVERS\nvlddmkm.sys

17:23:14.0260 4128    nvlddmkm - ok

17:23:14.0354 4128    nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

17:23:14.0354 4128    nvraid - ok

17:23:14.0385 4128    nvsmu           (af1bd777af00e96c45c77192d7453369) C:\Windows\system32\DRIVERS\nvsmu.sys

17:23:14.0416 4128    nvsmu - ok

17:23:14.0478 4128    nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

17:23:14.0494 4128    nvstor - ok

17:23:14.0541 4128    nvstor32        (8ee374b6fb3cb2bb8d70395218b464a5) C:\Windows\system32\DRIVERS\nvstor32.sys

17:23:14.0556 4128    nvstor32 - ok

17:23:14.0572 4128    nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

17:23:14.0588 4128    nv_agp - ok

17:23:14.0634 4128    NwlnkFlt - ok

17:23:14.0650 4128    NwlnkFwd - ok

17:23:14.0697 4128    ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

17:23:14.0759 4128    ohci1394 - ok

17:23:14.0790 4128    Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

17:23:14.0853 4128    Parport - ok

17:23:14.0915 4128    partmgr         (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys

17:23:14.0931 4128    partmgr - ok

17:23:14.0962 4128    Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

17:23:15.0009 4128    Parvdm - ok

17:23:15.0056 4128    pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys

17:23:15.0102 4128    pccsmcfd - ok

17:23:15.0165 4128    pci             (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys

17:23:15.0180 4128    pci - ok

17:23:15.0212 4128    pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

17:23:15.0227 4128    pciide - ok

17:23:15.0243 4128    pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

17:23:15.0258 4128    pcmcia - ok

17:23:15.0336 4128    PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

17:23:15.0399 4128    PEAUTH - ok

17:23:15.0539 4128    PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

17:23:15.0570 4128    PptpMiniport - ok

17:23:15.0617 4128    Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

17:23:15.0648 4128    Processor - ok

17:23:15.0726 4128    PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys

17:23:15.0758 4128    PSched - ok

17:23:15.0820 4128    ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

17:23:15.0929 4128    ql2300 - ok

17:23:16.0023 4128    ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

17:23:16.0038 4128    ql40xx - ok

17:23:16.0101 4128    QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

17:23:16.0116 4128    QWAVEdrv - ok

17:23:16.0132 4128    RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

17:23:16.0163 4128    RasAcd - ok

17:23:16.0226 4128    Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:23:16.0272 4128    Rasl2tp - ok

17:23:16.0304 4128    RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

17:23:16.0335 4128    RasPppoe - ok

17:23:16.0350 4128    RasSstp         (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

17:23:16.0366 4128    RasSstp - ok

17:23:16.0397 4128    rdbss           (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

17:23:16.0444 4128    rdbss - ok

17:23:16.0522 4128    RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:23:16.0569 4128    RDPCDD - ok

17:23:16.0600 4128    rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

17:23:16.0631 4128    rdpdr - ok

17:23:16.0647 4128    RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

17:23:16.0694 4128    RDPENCDD - ok

17:23:16.0772 4128    RDPWD           (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

17:23:16.0803 4128    RDPWD - ok

17:23:16.0850 4128    RkHit - ok

17:23:16.0881 4128    rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

17:23:16.0912 4128    rspndr - ok

17:23:16.0974 4128    s0016bus        (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys

17:23:16.0990 4128    s0016bus - ok

17:23:17.0052 4128    s0016mdfl       (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys

17:23:17.0068 4128    s0016mdfl - ok

17:23:17.0099 4128    s0016mdm        (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys

17:23:17.0115 4128    s0016mdm - ok

17:23:17.0177 4128    s0016mgmt       (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys

17:23:17.0193 4128    s0016mgmt - ok

17:23:17.0240 4128    s0016nd5        (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys

17:23:17.0255 4128    s0016nd5 - ok

17:23:17.0271 4128    s0016obex       (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys

17:23:17.0286 4128    s0016obex - ok

17:23:17.0349 4128    s0016unic       (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys

17:23:17.0380 4128    s0016unic - ok

17:23:17.0458 4128    s1039bus        (d0eedc88876b20d42157cdcca3e647f3) C:\Windows\system32\DRIVERS\s1039bus.sys

17:23:17.0474 4128    s1039bus - ok

17:23:17.0536 4128    s1039mdfl       (7b35091a7bb597c86262c589b0b57d06) C:\Windows\system32\DRIVERS\s1039mdfl.sys

17:23:17.0536 4128    s1039mdfl - ok

17:23:17.0598 4128    s1039mdm        (4cb1ab13c9813cbf3e4c6406f8043ec2) C:\Windows\system32\DRIVERS\s1039mdm.sys

17:23:17.0614 4128    s1039mdm - ok

17:23:17.0645 4128    s1039mgmt       (2649ca09585a7531126dcc116ad1f88c) C:\Windows\system32\DRIVERS\s1039mgmt.sys

17:23:17.0661 4128    s1039mgmt - ok

17:23:17.0708 4128    s1039nd5        (6d3f549efd6daedd7d12f3de2175053f) C:\Windows\system32\DRIVERS\s1039nd5.sys

17:23:17.0723 4128    s1039nd5 - ok

17:23:17.0801 4128    s1039obex       (305e3e3aca0037af2e2c1b50a383c91b) C:\Windows\system32\DRIVERS\s1039obex.sys

17:23:17.0817 4128    s1039obex - ok

17:23:17.0832 4128    s1039unic       (7dd02a58277c84c043442561589914f4) C:\Windows\system32\DRIVERS\s1039unic.sys

17:23:17.0848 4128    s1039unic - ok

17:23:17.0910 4128    sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

17:23:17.0926 4128    sbp2port - ok

17:23:17.0988 4128    sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys

17:23:18.0035 4128    sdbus - ok

17:23:18.0098 4128    secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

17:23:18.0144 4128    secdrv - ok

17:23:18.0191 4128    Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

17:23:18.0238 4128    Serenum - ok

17:23:18.0285 4128    Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

17:23:18.0332 4128    Serial - ok

17:23:18.0394 4128    sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

17:23:18.0425 4128    sermouse - ok

17:23:18.0456 4128    sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

17:23:18.0488 4128    sffdisk - ok

17:23:18.0550 4128    sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

17:23:18.0581 4128    sffp_mmc - ok

17:23:18.0644 4128    sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

17:23:18.0690 4128    sffp_sd - ok

17:23:18.0753 4128    sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

17:23:18.0800 4128    sfloppy - ok

17:23:18.0909 4128    sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

17:23:18.0924 4128    sisagp - ok

17:23:18.0956 4128    SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

17:23:18.0971 4128    SiSRaid2 - ok

17:23:19.0018 4128    SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

17:23:19.0034 4128    SiSRaid4 - ok

17:23:19.0096 4128    Smb             (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

17:23:19.0143 4128    Smb - ok

17:23:19.0268 4128    spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

17:23:19.0268 4128    spldr - ok

17:23:19.0330 4128    srv             (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys

17:23:19.0392 4128    srv - ok

17:23:19.0470 4128    srv2            (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys

17:23:19.0502 4128    srv2 - ok

17:23:19.0611 4128    srvnet          (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys

17:23:19.0642 4128    srvnet - ok

17:23:19.0689 4128    ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

17:23:19.0704 4128    ssmdrv - ok

17:23:19.0767 4128    swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

17:23:19.0782 4128    swenum - ok

17:23:19.0829 4128    Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

17:23:19.0845 4128    Symc8xx - ok

17:23:19.0876 4128    Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

17:23:19.0876 4128    Sym_hi - ok

17:23:19.0954 4128    Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

17:23:19.0954 4128    Sym_u3 - ok

17:23:20.0001 4128    SynTP           (32c0296ae115906679d94957f501e8db) C:\Windows\system32\DRIVERS\SynTP.sys

17:23:20.0016 4128    SynTP - ok

17:23:20.0126 4128    Tcpip           (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\drivers\tcpip.sys

17:23:20.0266 4128    Tcpip - ok

17:23:20.0406 4128    Tcpip6          (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\DRIVERS\tcpip.sys

17:23:20.0453 4128    Tcpip6 - ok

17:23:20.0516 4128    tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

17:23:20.0562 4128    tcpipreg - ok

17:23:20.0640 4128    TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

17:23:20.0672 4128    TDPIPE - ok

17:23:20.0750 4128    TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

17:23:20.0781 4128    TDTCP - ok

17:23:20.0812 4128    tdx             (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

17:23:20.0859 4128    tdx - ok

17:23:20.0890 4128    TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys

17:23:20.0906 4128    TermDD - ok

17:23:21.0015 4128    tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:23:21.0046 4128    tssecsrv - ok

17:23:21.0124 4128    TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys

17:23:21.0140 4128    TuneUpUtilitiesDrv - ok

17:23:21.0218 4128    tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

17:23:21.0249 4128    tunmp - ok

17:23:21.0280 4128    tunnel          (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys

17:23:21.0296 4128    tunnel - ok

17:23:21.0358 4128    uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

17:23:21.0374 4128    uagp35 - ok

17:23:21.0420 4128    UBHelper        (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys

17:23:21.0436 4128    UBHelper - ok

17:23:21.0452 4128    udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys

17:23:21.0483 4128    udfs - ok

17:23:21.0576 4128    uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

17:23:21.0592 4128    uliagpkx - ok

17:23:21.0654 4128    uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

17:23:21.0670 4128    uliahci - ok

17:23:21.0686 4128    UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

17:23:21.0701 4128    UlSata - ok

17:23:21.0779 4128    ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

17:23:21.0779 4128    ulsata2 - ok

17:23:21.0826 4128    umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

17:23:21.0857 4128    umbus - ok

17:23:21.0904 4128    upperdev        (a34560a5d516a2f5240180370866b99d) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys

17:23:21.0920 4128    upperdev - ok

17:23:21.0998 4128    usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

17:23:22.0013 4128    usbccgp - ok

17:23:22.0060 4128    usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

17:23:22.0107 4128    usbcir - ok

17:23:22.0122 4128    usbehci         (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys

17:23:22.0169 4128    usbehci - ok

17:23:22.0247 4128    usbhub          (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys

17:23:22.0278 4128    usbhub - ok

17:23:22.0310 4128    usbohci         (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys

17:23:22.0341 4128    usbohci - ok

17:23:22.0372 4128    usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

17:23:22.0419 4128    usbprint - ok

17:23:22.0497 4128    usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

17:23:22.0544 4128    usbscan - ok

17:23:22.0606 4128    usbser          (a96191470581a7091420d25ecd444502) C:\Windows\system32\drivers\usbser.sys

17:23:22.0637 4128    usbser - ok

17:23:22.0715 4128    UsbserFilt      (6410eebd6e0427466812858ee84c8467) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys

17:23:22.0731 4128    UsbserFilt - ok

17:23:22.0778 4128    USBSTOR         (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:23:22.0824 4128    USBSTOR - ok

17:23:22.0902 4128    usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

17:23:22.0949 4128    usbuhci - ok

17:23:22.0980 4128    usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

17:23:23.0012 4128    usbvideo - ok

17:23:23.0074 4128    VClone - ok

17:23:23.0105 4128    vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

17:23:23.0152 4128    vga - ok

17:23:23.0168 4128    VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

17:23:23.0199 4128    VgaSave - ok

17:23:23.0261 4128    viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

17:23:23.0277 4128    viaagp - ok

17:23:23.0308 4128    ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

17:23:23.0339 4128    ViaC7 - ok

17:23:23.0355 4128    viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

17:23:23.0370 4128    viaide - ok

17:23:23.0433 4128    volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

17:23:23.0433 4128    volmgr - ok

17:23:23.0464 4128    volmgrx         (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

17:23:23.0480 4128    volmgrx - ok

17:23:23.0511 4128    volsnap         (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

17:23:23.0526 4128    volsnap - ok

17:23:23.0542 4128    vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

17:23:23.0558 4128    vsmraid - ok

17:23:23.0636 4128    WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

17:23:23.0698 4128    WacomPen - ok

17:23:23.0729 4128    Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

17:23:23.0760 4128    Wanarp - ok

17:23:23.0760 4128    Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

17:23:23.0792 4128    Wanarpv6 - ok

17:23:23.0870 4128    Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

17:23:23.0870 4128    Wd - ok

17:23:23.0932 4128    Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

17:23:23.0963 4128    Wdf01000 - ok

17:23:24.0104 4128    winusb          (f03110711b17ad31271cb2baf0dbb2b1) C:\Windows\system32\DRIVERS\winusb.sys

17:23:24.0150 4128    winusb - ok

17:23:24.0228 4128    WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

17:23:24.0275 4128    WmiAcpi - ok

17:23:24.0353 4128    WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

17:23:24.0384 4128    WpdUsb - ok

17:23:24.0462 4128    ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

17:23:24.0509 4128    ws2ifsl - ok

17:23:24.0556 4128    WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:23:24.0587 4128    WUDFRd - ok

17:23:24.0618 4128    MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

17:23:24.0696 4128    \Device\Harddisk0\DR0 - ok

17:23:24.0712 4128    Boot (0x1200)   (7e89af5869d05129a58c5de8606654f0) \Device\Harddisk0\DR0\Partition0

17:23:24.0712 4128    \Device\Harddisk0\DR0\Partition0 - ok

17:23:24.0728 4128    Boot (0x1200)   (afd315f54976c640ae2062d73a53bace) \Device\Harddisk0\DR0\Partition1

17:23:24.0728 4128    \Device\Harddisk0\DR0\Partition1 - ok

17:23:24.0728 4128    ============================================================

17:23:24.0728 4128    Scan finished

17:23:24.0728 4128    ============================================================

17:23:24.0759 1588    Detected object count: 0

17:23:24.0759 1588    Actual detected object count: 0

MfG Gerd

cosinus · 25.10.2011, 18:03

Bitte NICHT in PHP-Tags posten! Verwende CODE-Tags!

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Sinowal ?!

Plagegeister aller Art und deren Bekämpfung: Sinowal ?!

Sinowal ?!

Sinowal ?!

Sinowal ?!

Sinowal ?!

Sinowal ?!

Sinowal ?!

Sinowal ?!

Sinowal ?!

Sinowal ?!

Sinowal ?!

Sinowal ?!

Sinowal ?!

Sinowal ?!

Sinowal ?!

Sinowal ?!

Ähnliche Themen: Sinowal ?!

23.10.2011, 21:33	#2
gerd076	Sinowal ?! Hier noch das OTL Logfile __________________