Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Sinowal ?!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.10.2011, 21:20   #1
gerd076
 
Sinowal ?! - Standard

Sinowal ?!



Hallo zusammen,

gleich vorneweg, ich hab nicht wirklich viel Ahnung, beiße mich aber durch und hoffe auf Eure Hilfe:
Mein Antivir hat Alarm geschlagen und für mehrere Dateien BDS/Sinowal.380901 gemeldet. Ich habe daraufhin einen vollständige Systemprüfung mit Antivir gemacht und die infizierten Dateien später auch unter Quarantäne stellen lassen.


Ich hab dann den Rechner nochmal mit der Kaspersky-Rescue CD geprüft. Da wurden mir zwei .tmp Dateien mit Sinowal.oyz gemeldet, die ich gelöscht habe.

Seitdem kommen keine Warnungen mehr.
Hab aber gelesen, dass man Sinowal nicht so ohne weiteres los wird ?!

Hänge hier noch den antivir-report das GMER logfile dran.
Was soll ich tun ?

Alt 23.10.2011, 21:33   #2
gerd076
 
Sinowal ?! - Standard

Sinowal ?!



Hier noch das OTL Logfile
Angehängte Dateien
Dateityp: txt OTL.Txt (92,2 KB, 195x aufgerufen)
__________________


Alt 24.10.2011, 11:36   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sinowal ?! - Standard

Sinowal ?!



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
__________________

Alt 24.10.2011, 14:35   #4
gerd076
 
Sinowal ?! - Standard

Sinowal ?!



Das ist das Malwarebytes Logfile von gestern abend:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8006

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

23.10.2011 21:49:27
mbam-log-2011-10-23 (21-49-27).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 161419
Laufzeit: 5 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Irgendwie kann ich Malwarebytes gerade nicht aktualisieren.
Das hängt sich da immer auf. Ich probier mal noch bissel...
Miniaturansicht angehängter Grafiken
Sinowal ?!-malware.jpg  

Alt 24.10.2011, 14:56   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sinowal ?! - Standard

Sinowal ?!



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Zitat:
Art des Suchlaufs: Quick-Scan
Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.10.2011, 16:22   #6
gerd076
 
Sinowal ?! - Standard

Sinowal ?!



So, also Aktualisierung von Malwarebyte geht absolut nicht. Soll ich es nochmal neu installieren ? Hab den Vollscan mit der Version von gestern abend gemacht. Andere Logfiles hab ich nicht.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8006

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

24.10.2011 17:17:51
mbam-log-2011-10-24 (17-17-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|I:\|)
Durchsuchte Objekte: 300244
Laufzeit: 1 Stunde(n), 35 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


ESET log folgt.
Vielen Dank schonmal.

Alt 24.10.2011, 16:25   #7
gerd076
 
Sinowal ?! - Standard

Sinowal ?!



So, also Aktualisierung von Malwarebytes geht absolut nicht. Soll ich es nochmal neu installieren ? Hab den Vollscan mit der Version von gestern abend gemacht. Andere logfiles hab ich nicht.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8006

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

24.10.2011 17:17:51
mbam-log-2011-10-24 (17-17-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|I:\|)
Durchsuchte Objekte: 300244
Laufzeit: 1 Stunde(n), 35 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

ESET log folgt.

Vielen Dank schonmal.

Alt 25.10.2011, 04:20   #8
gerd076
 
Sinowal ?! - Standard

Sinowal ?!



Malwarebytes Log nach Aktualisierung

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8013

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

24.10.2011 21:53:55
mbam-log-2011-10-24 (21-53-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 300385
Laufzeit: 1 Stunde(n), 30 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


ESET Log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9f386078d47c7046b93e80d79bfb20a0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-24 09:31:07
# local_time=2011-10-24 11:31:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 259378 259378 0 0
# compatibility_mode=5892 16776573 100 100 449 157019320 0 0
# compatibility_mode=8192 67108863 100 0 144 144 0 0
# scanned=149065
# found=0
# cleaned=0
# scan_time=5275


MfG Gerd

Alt 25.10.2011, 11:13   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sinowal ?! - Standard

Sinowal ?!



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.10.2011, 13:29   #10
gerd076
 
Sinowal ?! - Standard

Sinowal ?!



OTL Log

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 25.10.2011 13:59:48 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\gk\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 64,04% Memory free
5,72 Gb Paging File | 4,66 Gb Available in Paging File | 81,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 87,22 Gb Free Space | 60,55% Space Free | Partition Type: NTFS
Drive D: | 144,04 Gb Total Space | 101,21 Gb Free Space | 70,27% Space Free | Partition Type: NTFS
Drive F: | 61,33 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: GK-PC | User Name: gk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\gk\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Users\gk\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\ACER\Mobility Center\MobilityService.exe ()
PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\74c35ed223614a5c164e8da4188690ae\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6a39ee17f7cefb77c8e98dbfb72b058b\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\Programme\Launch Manager\PowerUtl.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (AVM IGD CTRL Service) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (de_serv) -- C:\Programme\Common Files\AVM\De_serv.exe (AVM Berlin)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NetPeeker) -- C:\Windows\System32\drivers\netpeeker.sys (eMing Software Inc.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (s1039mdm) -- C:\Windows\System32\drivers\s1039mdm.sys (MCCI Corporation)
DRV - (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1039unic.sys (MCCI Corporation)
DRV - (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1039mgmt.sys (MCCI Corporation)
DRV - (s1039obex) -- C:\Windows\System32\drivers\s1039obex.sys (MCCI Corporation)
DRV - (s1039bus) Sony Ericsson Device 1039 driver (WDM) -- C:\Windows\System32\drivers\s1039bus.sys (MCCI Corporation)
DRV - (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1039nd5.sys (MCCI Corporation)
DRV - (s1039mdfl) -- C:\Windows\System32\drivers\s1039mdfl.sys (MCCI Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (HPFXBULK) -- C:\Windows\System32\drivers\hpfxbulk.sys (Hewlett Packard)
DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.arcor.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.05.06 10:58:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.30 08:36:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.24 12:02:35 | 000,000,000 | ---D | M]
 
[2010.07.20 15:34:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gk\AppData\Roaming\mozilla\Extensions
[2010.02.14 08:51:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gk\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.10.24 15:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gk\AppData\Roaming\mozilla\Firefox\Profiles\ysoa0361.default\extensions
[2010.07.20 15:39:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\gk\AppData\Roaming\mozilla\Firefox\Profiles\ysoa0361.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.23 00:43:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\gk\AppData\Roaming\mozilla\Firefox\Profiles\ysoa0361.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.10.19 13:51:10 | 000,000,917 | ---- | M] () -- C:\Users\gk\AppData\Roaming\Mozilla\Firefox\Profiles\ysoa0361.default\searchplugins\conduit.xml
[2011.10.24 12:02:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.09.30 09:03:36 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.10.24 12:02:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.10.24 12:02:35 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.06.23 23:15:23 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.23 23:15:23 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.23 23:15:23 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.23 23:15:23 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.23 23:15:23 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Felder mit Bestellhelfer ausfüllen - C:\Program Files\DHL\DHL Bestellhelfer\fillFormContext.html ()
O8 - Extra context menu item: Felder mit Bestellhelfer merken - C:\Program Files\DHL\DHL Bestellhelfer\assignContext.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: DHL Bestellhelfer - {AC38BD53-2101-4ec8-A4D7-D1E58C690E71} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : DHL Bestellhelfer - {AC38BD53-2101-4ec8-A4D7-D1E58C690E71} - Reg Error: Key error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D13BB00-D191-4664-A7AB-70C1FE2A1D71}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.07.07 22:46:00 | 000,000,113 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2ef1b102-a44a-11de-9d24-00235a5332dc}\Shell - "" = AutoRun
O33 - MountPoints2\{2ef1b102-a44a-11de-9d24-00235a5332dc}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 04:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\{2ef1b107-a44a-11de-9d24-00235a5332dc}\Shell - "" = AutoRun
O33 - MountPoints2\{2ef1b107-a44a-11de-9d24-00235a5332dc}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{62812691-162d-11de-b22a-00235a5332dc}\Shell - "" = AutoRun
O33 - MountPoints2\{62812691-162d-11de-b22a-00235a5332dc}\Shell\AutoRun\command - "" = G:\autorun.exe de
O33 - MountPoints2\{86d5f771-1933-11df-9839-00235a5332dc}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe
O33 - MountPoints2\{ab3657be-31bd-11e0-a0cc-a9513bcf59d2}\Shell - "" = AutoRun
O33 - MountPoints2\{ab3657be-31bd-11e0-a0cc-a9513bcf59d2}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 04:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\{ba7763a4-a454-11de-97f7-00235a5332dc}\Shell - "" = AutoRun
O33 - MountPoints2\{ba7763a4-a454-11de-97f7-00235a5332dc}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 04:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\{d465a0e0-3dd1-11e0-aea7-c5e25171a7db}\Shell - "" = AutoRun
O33 - MountPoints2\{d465a0e0-3dd1-11e0-aea7-c5e25171a7db}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 04:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.24 22:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.10.24 22:00:17 | 002,322,184 | ---- | C] (ESET) -- C:\Users\gk\Desktop\esetsmartinstaller_enu.exe
[2011.10.24 12:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.10.24 12:03:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.10.23 22:21:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\gk\Desktop\OTL.exe
[2011.10.23 22:15:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.10.23 22:07:59 | 000,000,000 | ---D | C] -- C:\log2
[2011.10.23 21:43:06 | 000,000,000 | ---D | C] -- C:\Users\gk\AppData\Roaming\Malwarebytes
[2011.10.23 21:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.23 21:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.23 21:42:52 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.10.23 21:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.10.23 19:46:17 | 000,000,000 | ---D | C] -- C:\logs
[2011.10.23 16:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetPeeker
[2011.10.23 16:00:18 | 000,236,400 | ---- | C] (eMing Software Inc.) -- C:\Windows\System32\drivers\netpeeker.sys
[2011.10.23 16:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\NetPeeker
[2011.10.23 15:59:03 | 000,000,000 | ---D | C] -- C:\Neuer Ordner
[2011.10.22 23:46:38 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011.10.22 23:46:38 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.10.22 08:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2011.10.22 08:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2011.10.22 08:04:18 | 000,000,000 | ---D | C] -- C:\Users\gk\AppData\Roaming\Canneverbe Limited
[2011.10.22 08:04:04 | 000,000,000 | ---D | C] -- C:\Users\gk\AppData\Roaming\OpenCandy
[2011.10.22 08:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2011.10.22 08:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011.10.22 08:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011.10.22 08:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\Winload
[2011.10.22 08:03:06 | 000,000,000 | ---D | C] -- C:\Users\gk\AppData\Local\Conduit
[2011.10.22 00:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.10.21 22:33:01 | 000,000,000 | ---D | C] -- C:\Windows\Profiles
[2011.10.21 22:06:20 | 000,000,000 | ---D | C] -- C:\Users\gk\AppData\Roaming\Avira
[2011.10.21 22:00:21 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.10.21 22:00:19 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.21 22:00:19 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.21 22:00:19 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.10.21 22:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.10.21 22:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.10.21 08:54:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011.10.21 07:47:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\IO
[2009.01.17 03:02:23 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.25 13:57:47 | 000,023,097 | ---- | M] () -- C:\Windows\NetPkr.str
[2011.10.25 13:51:49 | 000,637,346 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.25 13:51:49 | 000,594,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.25 13:51:49 | 000,128,786 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.25 13:51:49 | 000,106,596 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.25 13:48:45 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.25 13:46:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.25 13:46:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.25 13:46:37 | 000,088,050 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.10.25 13:46:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.25 13:46:28 | 2951,053,312 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.25 13:45:54 | 000,003,288 | ---- | M] () -- C:\Windows\NetPkr.Rul
[2011.10.25 05:12:13 | 000,088,050 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.10.25 01:07:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.24 22:00:23 | 002,322,184 | ---- | M] (ESET) -- C:\Users\gk\Desktop\esetsmartinstaller_enu.exe
[2011.10.24 12:06:56 | 000,000,697 | ---- | M] () -- C:\Windows\NPGUI.INI
[2011.10.24 11:44:29 | 000,003,166 | ---- | M] () -- C:\Windows\NETPKR.RUL.4
[2011.10.23 22:21:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\gk\Desktop\OTL.exe
[2011.10.23 21:42:58 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.23 16:06:36 | 000,003,166 | ---- | M] () -- C:\Windows\NETPKR.RUL.3
[2011.10.23 16:06:16 | 000,003,061 | ---- | M] () -- C:\Windows\NETPKR.RUL.2
[2011.10.23 16:05:47 | 000,002,955 | ---- | M] () -- C:\Windows\NETPKR.RUL.1
[2011.10.23 16:00:19 | 000,236,400 | ---- | M] (eMing Software Inc.) -- C:\Windows\System32\drivers\netpeeker.sys
[2011.10.23 16:00:19 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\NetPeeker 3.30.LNK
[2011.10.23 00:35:23 | 000,311,774 | ---- | M] () -- C:\Users\gk\AppData\Local\census.cache
[2011.10.23 00:35:01 | 000,235,883 | ---- | M] () -- C:\Users\gk\AppData\Local\ars.cache
[2011.10.23 00:24:00 | 000,000,036 | ---- | M] () -- C:\Users\gk\AppData\Local\housecall.guid.cache
[2011.10.22 23:46:36 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011.10.22 23:46:36 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2011.10.22 08:55:00 | 000,083,968 | ---- | M] () -- C:\Users\gk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.22 08:04:07 | 000,001,738 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2011.10.22 07:56:26 | 000,000,043 | ---- | M] () -- C:\Windows\gswin32.ini
[2011.10.22 07:55:59 | 000,001,832 | ---- | M] () -- C:\Users\gk\Desktop\Cyberlink PowerDirector.lnk
[2011.10.22 00:58:36 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.10.21 22:36:31 | 000,000,042 | ---- | M] () -- C:\Windows\System32\scud.udf
[2011.10.21 10:23:52 | 000,440,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.11 15:06:12 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.11 15:06:12 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.11 15:06:12 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.24 11:44:29 | 000,003,166 | ---- | C] () -- C:\Windows\NETPKR.RUL.4
[2011.10.23 21:42:58 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.23 16:06:36 | 000,003,166 | ---- | C] () -- C:\Windows\NETPKR.RUL.3
[2011.10.23 16:06:16 | 000,003,061 | ---- | C] () -- C:\Windows\NETPKR.RUL.2
[2011.10.23 16:05:47 | 000,002,955 | ---- | C] () -- C:\Windows\NETPKR.RUL.1
[2011.10.23 16:02:21 | 000,000,697 | ---- | C] () -- C:\Windows\NPGUI.INI
[2011.10.23 16:00:34 | 000,023,097 | ---- | C] () -- C:\Windows\NetPkr.str
[2011.10.23 16:00:19 | 000,003,288 | ---- | C] () -- C:\Windows\NetPkr.Rul
[2011.10.23 16:00:19 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\NetPeeker 3.30.LNK
[2011.10.23 00:35:23 | 000,311,774 | ---- | C] () -- C:\Users\gk\AppData\Local\census.cache
[2011.10.23 00:35:01 | 000,235,883 | ---- | C] () -- C:\Users\gk\AppData\Local\ars.cache
[2011.10.23 00:24:00 | 000,000,036 | ---- | C] () -- C:\Users\gk\AppData\Local\housecall.guid.cache
[2011.10.22 08:04:07 | 000,001,738 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2011.10.22 08:04:07 | 000,001,688 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2011.10.21 22:36:31 | 000,000,042 | ---- | C] () -- C:\Windows\System32\scud.udf
[2011.10.21 22:00:51 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.10.21 08:53:22 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011.10.21 08:53:22 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011.10.21 08:53:22 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011.03.31 10:01:54 | 000,195,266 | ---- | C] () -- C:\Windows\hppins13.dat
[2011.03.31 10:01:54 | 000,006,760 | ---- | C] () -- C:\Windows\hppmdl13.dat
[2011.03.31 10:01:43 | 000,000,619 | ---- | C] () -- C:\Windows\System32\hppapr13.dat
[2010.07.20 15:34:36 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.03.10 18:50:34 | 000,000,740 | ---- | C] () -- C:\Windows\wiso.ini
[2009.12.05 12:48:45 | 000,000,680 | ---- | C] () -- C:\Users\gk\AppData\Local\d3d9caps.dat
[2009.10.14 15:23:44 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.10.14 15:23:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2009.10.14 14:57:57 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2009.06.21 20:13:41 | 000,000,059 | ---- | C] () -- C:\Windows\wininit.ini
[2009.06.07 21:25:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.04.08 17:25:20 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009.03.25 17:48:07 | 000,024,206 | ---- | C] () -- C:\Users\gk\AppData\Roaming\UserTile.png
[2009.03.25 17:39:36 | 000,004,096 | -H-- | C] () -- C:\Users\gk\AppData\Local\keyfile3.drm
[2009.03.16 00:55:45 | 000,083,968 | ---- | C] () -- C:\Users\gk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.13 15:11:04 | 000,088,050 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.03.13 13:47:21 | 000,000,100 | ---- | C] () -- C:\Users\gk\AppData\Roaming\wklnhst.dat
[2009.03.13 13:41:10 | 000,088,050 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.02.21 15:45:50 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009.02.21 15:45:50 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009.02.21 15:45:50 | 000,009,216 | ---- | C] () -- C:\Windows\usbvideo_reg.exe
[2009.02.21 15:45:50 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009.01.17 03:00:54 | 000,014,640 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2009.01.16 20:57:26 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2009.01.16 20:57:26 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2009.01.16 19:40:41 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2009.01.16 19:40:41 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009.01.16 19:40:41 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009.01.16 19:40:41 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009.01.16 18:46:27 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.01.16 18:46:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.06.23 13:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.05.23 17:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2008.01.21 09:15:58 | 000,637,346 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,128,786 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.03.29 22:00:40 | 000,203,264 | ---- | C] () -- C:\Windows\System32\CddbCdda.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,440,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,594,776 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,106,596 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2009.01.16 20:31:31 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Acer GameZone Console
[2010.03.10 18:43:12 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Buhl Data Service
[2010.02.04 11:30:35 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Camfrog
[2011.10.22 08:04:18 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Canneverbe Limited
[2009.03.12 19:51:54 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\eSobi
[2009.03.13 13:48:16 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Flood Light Games
[2010.08.29 15:35:27 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Fraunhofer
[2009.03.13 16:06:11 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\FRITZ!
[2011.06.30 16:57:55 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\go
[2011.10.03 10:37:02 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\ICQ
[2009.05.06 11:00:56 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Nokia
[2009.10.04 01:37:52 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\OCS
[2011.10.22 08:04:04 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\OpenCandy
[2009.10.04 01:37:58 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Opera
[2009.05.06 11:01:03 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\PC Suite
[2009.03.25 17:48:07 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\PeerNetworking
[2009.03.27 21:44:45 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\PowerCinema
[2009.03.27 21:44:54 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\SoftDMA
[2011.02.21 20:23:51 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Sony
[2011.02.21 20:17:57 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Sony Setup
[2009.10.04 12:09:47 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\soul.im
[2009.03.13 13:47:21 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Template
[2010.02.14 08:51:42 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\TomTom
[2010.01.04 02:37:44 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\TuneUp Software
[2009.09.18 14:27:47 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Vodafone
[2009.11.27 18:21:38 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Windows Live Writer
[2011.10.25 05:23:28 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.01.16 20:31:31 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Acer GameZone Console
[2009.03.13 15:15:10 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Adobe
[2010.04.06 12:25:52 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Apple Computer
[2011.10.21 22:06:20 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Avira
[2010.03.10 18:43:12 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Buhl Data Service
[2010.02.04 11:30:35 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Camfrog
[2011.10.22 08:04:18 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Canneverbe Limited
[2009.03.27 21:44:56 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\CyberLink
[2010.03.03 11:42:17 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\dvdcss
[2009.03.12 19:51:54 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\eSobi
[2009.03.13 13:48:16 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Flood Light Games
[2010.08.29 15:35:27 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Fraunhofer
[2009.03.13 16:06:11 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\FRITZ!
[2011.06.30 16:57:55 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\go
[2009.03.15 00:11:53 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Google
[2011.10.03 10:37:02 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\ICQ
[2009.03.12 19:32:18 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Identities
[2009.03.12 19:32:45 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Macromedia
[2011.10.23 21:43:06 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Media Center Programs
[2010.07.08 23:25:21 | 000,000,000 | --SD | M] -- C:\Users\gk\AppData\Roaming\Microsoft
[2010.06.19 14:36:03 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Mozilla
[2009.05.06 11:00:56 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Nokia
[2009.10.04 01:37:52 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\OCS
[2011.10.22 08:04:04 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\OpenCandy
[2009.10.04 01:37:58 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Opera
[2009.05.06 11:01:03 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\PC Suite
[2009.03.25 17:48:07 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\PeerNetworking
[2009.03.27 21:44:45 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\PowerCinema
[2011.10.21 17:14:15 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Skype
[2011.05.28 11:56:08 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\skypePM
[2009.03.27 21:44:54 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\SoftDMA
[2011.02.21 20:23:51 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Sony
[2011.02.21 20:17:57 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Sony Setup
[2009.10.04 12:09:47 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\soul.im
[2009.03.13 13:47:21 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Template
[2010.02.14 08:51:42 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\TomTom
[2010.01.04 02:37:44 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\TuneUp Software
[2009.03.27 22:05:59 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\vlc
[2009.09.18 14:27:47 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Vodafone
[2011.03.24 22:57:41 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Winamp
[2009.11.27 18:21:38 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Windows Live Writer
[2009.03.28 23:45:18 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.02.06 17:40:14 | 000,001,406 | R--- | M] () -- C:\Users\gk\AppData\Roaming\Microsoft\Installer\{47D80D13-607F-4F1D-A99B-C66BE2C0293F}\_6FEFF9B68218417F98F549.exe
[2009.10.04 01:37:52 | 000,106,496 | ---- | M] () -- C:\Users\gk\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2009.10.04 01:37:52 | 000,040,960 | ---- | M] () -- C:\Users\gk\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2011.08.01 18:32:56 | 005,845,544 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\gk\AppData\Roaming\OpenCandy\OpenCandy_3BE2CBAB1D0040CFAD51E2A8565B8691\ds_DeDnCD_driverscanner.exe
[2011.10.22 08:04:06 | 000,416,160 | ---- | M] () -- C:\Users\gk\AppData\Roaming\OpenCandy\OpenCandy_3BE2CBAB1D0040CFAD51E2A8565B8691\LatestDLMgr.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 23:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\Cyberlink\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2008.08.19 04:58:42 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=2A0CC26D67B38460CC7563BC8313C1D6 -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset MCP79\IDE\WinVista\sataraid\nvstor32.sys
[2008.08.19 04:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset MCP79\IDE\WinVista\sata_ide\nvstor32.sys
[2008.08.19 04:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\Windows\System32\drivers\nvstor32.sys
[2008.08.19 04:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_de3b0723\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:05113FB9
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:F3176E45

< End of report >
         
--- --- ---


Danke
MfG Gerd

Alt 25.10.2011, 14:45   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sinowal ?! - Standard

Sinowal ?!



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.arcor.de/"
[2011.10.19 13:51:10 | 000,000,917 | ---- | M] () -- C:\Users\gk\AppData\Roaming\Mozilla\Firefox\Profiles\ysoa0361.default\searchplugins\conduit.xml
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.07.07 22:46:00 | 000,000,113 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2ef1b102-a44a-11de-9d24-00235a5332dc}\Shell - "" = AutoRun
O33 - MountPoints2\{2ef1b102-a44a-11de-9d24-00235a5332dc}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 04:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\{2ef1b107-a44a-11de-9d24-00235a5332dc}\Shell - "" = AutoRun
O33 - MountPoints2\{2ef1b107-a44a-11de-9d24-00235a5332dc}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{62812691-162d-11de-b22a-00235a5332dc}\Shell - "" = AutoRun
O33 - MountPoints2\{62812691-162d-11de-b22a-00235a5332dc}\Shell\AutoRun\command - "" = G:\autorun.exe de
O33 - MountPoints2\{86d5f771-1933-11df-9839-00235a5332dc}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe
O33 - MountPoints2\{ab3657be-31bd-11e0-a0cc-a9513bcf59d2}\Shell - "" = AutoRun
O33 - MountPoints2\{ab3657be-31bd-11e0-a0cc-a9513bcf59d2}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 04:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\{ba7763a4-a454-11de-97f7-00235a5332dc}\Shell - "" = AutoRun
O33 - MountPoints2\{ba7763a4-a454-11de-97f7-00235a5332dc}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 04:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\{d465a0e0-3dd1-11e0-aea7-c5e25171a7db}\Shell - "" = AutoRun
O33 - MountPoints2\{d465a0e0-3dd1-11e0-aea7-c5e25171a7db}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 04:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:05113FB9
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:F3176E45
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.10.2011, 15:25   #12
gerd076
 
Sinowal ?! - Standard

Sinowal ?!



Ich habe zwar keine Ahnung, was ich hier tue, aber es ist auf jeden Fall sehr spannend

PHP-Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06fdeleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully.
C:\Programme\Winload\prxtbWinl.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FCdeleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06fdeleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Programme\Winload\prxtbWinl.dll not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:/value set successfully!
Prefs.js"Winload Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs
.js"hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs
.js"Winload Customized Web Search" removed from browser.search.selectedEngine
Prefs
.js"hxxp://www.arcor.de/" removed from browser.startup.homepage
C
:\Users\gk\AppData\Roaming\Mozilla\Firefox\Profiles\ysoa0361.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Programme\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Programme\Winload\prxtbWinl.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249Ddeleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Programme\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{40c3cc16-7269-4b32-9531-17f2950fb06fdeleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Programme\Winload\prxtbWinl.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40C3CC16-7269-4B32-9531-17F2950FB06Fdeleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}\ not found.
File C:\Programme\Winload\prxtbWinl.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:/value set successfully!
C:\autoexec.bat moved successfully.
File F:\Autorun.inf not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ef1b102-a44a-11de-9d24-00235a5332dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ef1b102-a44a-11de-9d24-00235a5332dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ef1b102-a44a-11de-9d24-00235a5332dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ef1b102-a44a-11de-9d24-00235a5332dc}\ not found.
File F:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ef1b107-a44a-11de-9d24-00235a5332dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ef1b107-a44a-11de-9d24-00235a5332dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ef1b107-a44a-11de-9d24-00235a5332dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ef1b107-a44a-11de-9d24-00235a5332dc}\ not found.
File H:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62812691-162d-11de-b22a-00235a5332dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62812691-162d-11de-b22a-00235a5332dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62812691-162d-11de-b22a-00235a5332dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62812691-162d-11de-b22a-00235a5332dc}\ not found.
File G:\autorun.exe de not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86d5f771-1933-11df-9839-00235a5332dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86d5f771-1933-11df-9839-00235a5332dc}\ not found.
File I:\InstallTomTomHOME.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab3657be-31bd-11e0-a0cc-a9513bcf59d2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab3657be-31bd-11e0-a0cc-a9513bcf59d2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab3657be-31bd-11e0-a0cc-a9513bcf59d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab3657be-31bd-11e0-a0cc-a9513bcf59d2}\ not found.
File F:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba7763a4-a454-11de-97f7-00235a5332dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba7763a4-a454-11de-97f7-00235a5332dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba7763a4-a454-11de-97f7-00235a5332dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba7763a4-a454-11de-97f7-00235a5332dc}\ not found.
File F:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d465a0e0-3dd1-11e0-aea7-c5e25171a7db}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d465a0e0-3dd1-11e0-aea7-c5e25171a7db}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d465a0e0-3dd1-11e0-aea7-c5e25171a7db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d465a0e0-3dd1-11e0-aea7-c5e25171a7db}\ not found.
File F:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Fdeleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Fnot found.
File F:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Hdeleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Hnot found.
File H:\setup_vmc_lite.exe /checkApplicationPresence not found.
ADS C:\ProgramData\Temp:A42A9F39 deleted successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
ADS C:\ProgramData\Temp:05113FB9 deleted successfully.
ADS C:\ProgramData\Temp:F3176E45 deleted successfully.
========== 
COMMANDS ==========
 
[
EMPTYTEMP]
 
UserAll Users
 
User
: Default
->
Temp folder emptied0 bytes
 
User
: Default User
->Temp folder emptied0 bytes
 
User
gk
->Temp folder emptied304737475 bytes
->Java cache emptied63232514 bytes
->FireFox cache emptied57808965 bytes
->Flash cache emptied285020 bytes
 
User
: Public
 
%
systemdrive% .tmp files removed0 bytes
%systemroot% .tmp files removed0 bytes
%systemroot%\System32 .tmp files removed30016 bytes
%systemroot%\System32\drivers .tmp files removed0 bytes
Windows Temp folder emptied
85234833 bytes
RecycleBin emptied
0 bytes
 
Total Files Cleaned 
488,00 mb
 
C
:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer 
Version 3.2.31.0 log created on 10252011_161652

Files
\Folders moved on Reboot...

Registry entries deleted on Reboot... 
MfG Gerd

Alt 25.10.2011, 15:43   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sinowal ?! - Standard

Sinowal ?!



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.10.2011, 16:29   #14
gerd076
 
Sinowal ?! - Standard

Sinowal ?!



tdsskiller report

PHP-Code:
17:22:51.0999 4280    TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
17
:22:52.0061 4280    ============================================================
17:22:52.0061 4280    Current date time2011/10/25 17:22:52.0061
17
:22:52.0061 4280    SystemInfo:
17:22:52.0061 4280    
17
:22:52.0061 4280    OS Version6.0.6001 ServicePack1.0
17
:22:52.0061 4280    Product typeWorkstation
17
:22:52.0061 4280    ComputerNameGK-PC
17
:22:52.0061 4280    UserNamegk
17
:22:52.0061 4280    Windows directoryC:\Windows
17
:22:52.0061 4280    System windows directoryC:\Windows
17
:22:52.0061 4280    Processor architectureIntel x86
17
:22:52.0061 4280    Number of processors2
17
:22:52.0061 4280    Page size0x1000
17
:22:52.0061 4280    Boot typeNormal boot
17
:22:52.0061 4280    ============================================================
17:22:52.0592 4280    Initialize success
17
:23:00.0516 4128    ============================================================
17:23:00.0516 4128    Scan started
17
:23:00.0516 4128    ModeManualSigCheckTDLFS
17:23:00.0516 4128    ============================================================
17:23:01.0062 4128    ACPI            (fcb8c7210f0135e24c6580f7f649c73cC:\Windows\system32\drivers\acpi.sys
17
:23:01.0172 4128    ACPI ok
17
:23:01.0218 4128    adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303C:\Windows\system32\drivers\adp94xx.sys
17
:23:01.0250 4128    adp94xx ok
17
:23:01.0328 4128    adpahci         (60505e0041f7751bdbb80f88bf45c2ceC:\Windows\system32\drivers\adpahci.sys
17
:23:01.0343 4128    adpahci ok
17
:23:01.0406 4128    adpu160m        (8a42779b02aec986eab64ecfc98f8bd7C:\Windows\system32\drivers\adpu160m.sys
17
:23:01.0421 4128    adpu160m ok
17
:23:01.0452 4128    adpu320         (241c9e37f8ce45ef51c3de27515ca4e5C:\Windows\system32\drivers\adpu320.sys
17
:23:01.0468 4128    adpu320 ok
17
:23:01.0562 4128    AFD             (48eb99503533c27ac6135648e5474457C:\Windows\system32\drivers\afd.sys
17
:23:01.0624 4128    AFD ok
17
:23:01.0718 4128    agp440          (13f9e33747e6b41a3ff305c37db0d360C:\Windows\system32\drivers\agp440.sys
17
:23:01.0718 4128    agp440 ok
17
:23:01.0749 4128    aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592aC:\Windows\system32\drivers\djsvs.sys
17
:23:01.0764 4128    aic78xx ok
17
:23:01.0780 4128    aliide          (9eaef5fc9b8e351afa7e78a6fae91f91C:\Windows\system32\drivers\aliide.sys
17
:23:01.0796 4128    aliide ok
17
:23:01.0874 4128    amdagp          (c47344bc706e5f0b9dce369516661578C:\Windows\system32\drivers\amdagp.sys
17
:23:01.0874 4128    amdagp ok
17
:23:01.0905 4128    amdide          (9b78a39a4c173fdbc1321e0dd659b34cC:\Windows\system32\drivers\amdide.sys
17
:23:01.0920 4128    amdide ok
17
:23:01.0936 4128    AmdK7           (18f29b49ad23ecee3d2a826c725c8d48C:\Windows\system32\drivers\amdk7.sys
17
:23:01.0967 4128    AmdK7 ok
17
:23:02.0045 4128    AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442dC:\Windows\system32\drivers\amdk8.sys
17
:23:02.0092 4128    AmdK8 ok
17
:23:02.0139 4128    arc             (5d2888182fb46632511acee92fdad522C:\Windows\system32\drivers\arc.sys
17
:23:02.0154 4128    arc ok
17
:23:02.0248 4128    arcsas          (5e2a321bd7c8b3624e41fdec3e244945C:\Windows\system32\drivers\arcsas.sys
17
:23:02.0264 4128    arcsas ok
17
:23:02.0310 4128    AsyncMac        (53b202abee6455406254444303e87be1C:\Windows\system32\DRIVERS\asyncmac.sys
17
:23:02.0342 4128    AsyncMac ok
17
:23:02.0420 4128    atapi           (2d9c903dc76a66813d350a562de40ed9C:\Windows\system32\drivers\atapi.sys
17
:23:02.0435 4128    atapi ok
17
:23:02.0544 4128    athr            (44362605f5fff00c9b7696b47680a8c5C:\Windows\system32\DRIVERS\athr.sys
17
:23:02.0669 4128    athr ok
17
:23:02.0763 4128    avgntflt        (7713e4eb0276702faa08e52a6e23f2a6C:\Windows\system32\DRIVERS\avgntflt.sys
17
:23:02.0810 4128    avgntflt ok
17
:23:02.0841 4128    avipbb          (912d23140cd05980f6cdae790ddafc8dC:\Windows\system32\DRIVERS\avipbb.sys
17
:23:02.0856 4128    avipbb ok
17
:23:02.0888 4128    avkmgr          (271cfd1a989209b1964e24d969552bf7C:\Windows\system32\DRIVERS\avkmgr.sys
17
:23:02.0903 4128    avkmgr ok
17
:23:02.0981 4128    b57nd60x        (ecb5707db7d5183e8bfbbc14b38c09bfC:\Windows\system32\DRIVERS\b57nd60x.sys
17
:23:03.0044 4128    b57nd60x ok
17
:23:03.0137 4128    Beep            (67e506b75bd5326a3ec7b70bd014dfb6C:\Windows\system32\drivers\Beep.sys
17
:23:03.0168 4128    Beep ok
17
:23:03.0215 4128    blbdrive        (d4df28447741fd3d953526e33a617397C:\Windows\system32\drivers\blbdrive.sys
17
:23:03.0246 4128    blbdrive ok
17
:23:03.0324 4128    bowser          (8153396d5551276227fa146900f734e6C:\Windows\system32\DRIVERS\bowser.sys
17
:23:03.0371 4128    bowser ok
17
:23:03.0465 4128    BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309C:\Windows\system32\drivers\brfiltlo.sys
17
:23:03.0496 4128    BrFiltLo ok
17
:23:03.0543 4128    BrFiltUp        (56801ad62213a41f6497f96dee83755aC:\Windows\system32\drivers\brfiltup.sys
17
:23:03.0590 4128    BrFiltUp ok
17
:23:03.0668 4128    Brserid         (b304e75cff293029eddf094246747113C:\Windows\system32\DRIVERS\BrSerId.sys
17
:23:03.0824 4128    Brserid ok
17
:23:03.0917 4128    BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6bC:\Windows\system32\drivers\brserwdm.sys
17
:23:03.0980 4128    BrSerWdm ok
17
:23:04.0011 4128    BrUsbMdm        (bd456606156ba17e60a04e18016ae54bC:\Windows\system32\drivers\brusbmdm.sys
17
:23:04.0073 4128    BrUsbMdm ok
17
:23:04.0136 4128    BrUsbSer        (af72ed54503f717a43268b3cc5faec2eC:\Windows\system32\DRIVERS\BrUsbSer.sys
17
:23:04.0198 4128    BrUsbSer ok
17
:23:04.0245 4128    BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68C:\Windows\system32\drivers\bthmodem.sys
17
:23:04.0307 4128    BTHMODEM ok
17
:23:04.0385 4128    cdfs            (7add03e75beb9e6dd102c3081d29840aC:\Windows\system32\DRIVERS\cdfs.sys
17
:23:04.0432 4128    cdfs ok
17
:23:04.0463 4128    cdrom           (1ec25cea0de6ac4718bf89f9e1778b57C:\Windows\system32\DRIVERS\cdrom.sys
17
:23:04.0510 4128    cdrom ok
17
:23:04.0588 4128    circlass        (e5d4133f37219dbcfe102bc61072589dC:\Windows\system32\drivers\circlass.sys
17
:23:04.0619 4128    circlass ok
17
:23:04.0666 4128    CLFS            (465745561c832b29f7c48b488aab3842C:\Windows\system32\CLFS.sys
17
:23:04.0682 4128    CLFS ok
17
:23:04.0760 4128    CmBatt          (99afc3795b58cc478fbbbcdc658fcb56C:\Windows\system32\DRIVERS\CmBatt.sys
17
:23:04.0791 4128    CmBatt ok
17
:23:04.0822 4128    cmdide          (0ca25e686a4928484e9fdabd168ab629C:\Windows\system32\drivers\cmdide.sys
17
:23:04.0822 4128    cmdide ok
17
:23:04.0900 4128    Compbatt        (6afef0b60fa25de07c0968983ee4f60aC:\Windows\system32\DRIVERS\compbatt.sys
17
:23:04.0900 4128    Compbatt ok
17
:23:04.0931 4128    crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871C:\Windows\system32\drivers\crcdisk.sys
17
:23:04.0947 4128    crcdisk ok
17
:23:04.0978 4128    Crusoe          (1f07becdca750766a96cda811ba86410C:\Windows\system32\drivers\crusoe.sys
17
:23:05.0009 4128    Crusoe ok
17
:23:05.0118 4128    DfsC            (a3e9fa213f443ac77c7746119d13feecC:\Windows\system32\Drivers\dfsc.sys
17
:23:05.0150 4128    DfsC ok
17
:23:05.0196 4128    disk            (64109e623abd6955c8fb110b592e68b7C:\Windows\system32\drivers\disk.sys
17
:23:05.0212 4128    disk ok
17
:23:05.0274 4128    DKbFltr         (73baf270d24fe726b9cd7f80bb17a23dC:\Windows\system32\DRIVERS\DKbFltr.sys
17
:23:05.0290 4128    DKbFltr ok
17
:23:05.0352 4128    DritekPortIO    (5c918d413f5837e67a85775c9873775eC:\PROGRA~1\LAUNCH~1\DPortIO.sys
17
:23:05.0368 4128    DritekPortIO ok
17
:23:05.0462 4128    drmkaud         (97fef831ab90bee128c9af390e243f80C:\Windows\system32\drivers\drmkaud.sys
17
:23:05.0493 4128    drmkaud ok
17
:23:05.0540 4128    DXGKrnl         (85f33880b8cfb554bd3d9ccdb486845aC:\Windows\System32\drivers\dxgkrnl.sys
17
:23:05.0633 4128    DXGKrnl ok
17
:23:05.0711 4128    E1G60           (5425f74ac0c1dbd96a1e04f17d63f94cC:\Windows\system32\DRIVERS\E1G60I32.sys
17
:23:05.0758 4128    E1G60 ok
17
:23:05.0820 4128    Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68C:\Windows\system32\drivers\ecache.sys
17
:23:05.0820 4128    Ecache ok
17
:23:05.0930 4128    elxstor         (23b62471681a124889978f6295b3f4c6C:\Windows\system32\drivers\elxstor.sys
17
:23:05.0945 4128    elxstor ok
17
:23:05.0976 4128    ErrDev          (3db974f3935483555d7148663f726c61C:\Windows\system32\drivers\errdev.sys
17
:23:06.0039 4128    ErrDev ok
17
:23:06.0148 4128    exfat           (0d858eb20589a34efb25695acaa6aa2dC:\Windows\system32\drivers\exfat.sys
17
:23:06.0195 4128    exfat ok
17
:23:06.0226 4128    fastfat         (3c489390c2e2064563727752af8eab9eC:\Windows\system32\drivers\fastfat.sys
17
:23:06.0257 4128    fastfat ok
17
:23:06.0335 4128    fdc             (afe1e8b9782a0dd7fb46bbd88e43f89aC:\Windows\system32\DRIVERS\fdc.sys
17
:23:06.0382 4128    fdc ok
17
:23:06.0429 4128    FileInfo        (a8c0139a884861e3aae9cfe73b208a9fC:\Windows\system32\drivers\fileinfo.sys
17
:23:06.0429 4128    FileInfo ok
17
:23:06.0507 4128    Filetrace       (0ae429a696aecbc5970e3cf2c62635aeC:\Windows\system32\drivers\filetrace.sys
17
:23:06.0554 4128    Filetrace ok
17
:23:06.0585 4128    flpydisk        (85b7cf99d532820495d68d747fda9ebdC:\Windows\system32\DRIVERS\flpydisk.sys
17
:23:06.0632 4128    flpydisk ok
17
:23:06.0710 4128    FltMgr          (05ea53afe985443011e36dab07343b46C:\Windows\system32\drivers\fltmgr.sys
17
:23:06.0725 4128    FltMgr ok
17
:23:06.0756 4128    Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198C:\Windows\system32\drivers\Fs_Rec.sys
17
:23:06.0803 4128    Fs_Rec ok
17
:23:06.0866 4128    gagp30kx        (34582a6e6573d54a07ece5fe24a126b5C:\Windows\system32\drivers\gagp30kx.sys
17
:23:06.0881 4128    gagp30kx ok
17
:23:06.0928 4128    HdAudAddService (cb04c744be0a61b1d648faed182c3b59C:\Windows\system32\drivers\HdAudio.sys
17
:23:06.0990 4128    HdAudAddService ok
17
:23:07.0022 4128    HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99C:\Windows\system32\DRIVERS\HDAudBus.sys
17
:23:07.0084 4128    HDAudBus ok
17
:23:07.0146 4128    HidBth          (1338520e78d90154ed6be8f84de5fcebC:\Windows\system32\drivers\hidbth.sys
17
:23:07.0209 4128    HidBth ok
17
:23:07.0240 4128    HidIr           (ff3160c3a2445128c5a6d9b076da519eC:\Windows\system32\drivers\hidir.sys
17
:23:07.0287 4128    HidIr ok
17
:23:07.0365 4128    HidUsb          (854ca287ab7faf949617a788306d967eC:\Windows\system32\DRIVERS\hidusb.sys
17
:23:07.0396 4128    HidUsb ok
17
:23:07.0474 4128    HpCISSs         (16ee7b23a009e00d835cdb79574a91a6C:\Windows\system32\drivers\hpcisss.sys
17
:23:07.0490 4128    HpCISSs ok
17
:23:07.0552 4128    HPFXBULK        (299683d4c8aaa3f6f5d5d226a1782a6eC:\Windows\system32\drivers\hpfxbulk.sys
17
:23:07.0568 4128    HPFXBULK ok
17
:23:07.0646 4128    HTTP            (96e241624c71211a79c84f50a8e71cabC:\Windows\system32\drivers\HTTP.sys
17
:23:07.0724 4128    HTTP ok
17
:23:07.0817 4128    hwdatacard      (19e6885a061011d8dabe8f64498423faC:\Windows\system32\DRIVERS\ewusbmdm.sys
17
:23:07.0848 4128    hwdatacard ok
17
:23:07.0942 4128    i2omp           (c6b032d69650985468160fc9937cf5b4C:\Windows\system32\drivers\i2omp.sys
17
:23:07.0958 4128    i2omp ok
17
:23:07.0989 4128    i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bdC:\Windows\system32\DRIVERS\i8042prt.sys
17
:23:08.0020 4128    i8042prt ok
17
:23:08.0051 4128    iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14C:\Windows\system32\drivers\iastorv.sys
17
:23:08.0051 4128    iaStorV ok
17
:23:08.0129 4128    iirsp           (2d077bf86e843f901d8db709c95b49a5C:\Windows\system32\drivers\iirsp.sys
17
:23:08.0145 4128    iirsp ok
17
:23:08.0238 4128    IntcAzAudAddService (56ac584fe02e0c1d5924892562cbd572C:\Windows\system32\drivers\RTKVHDA.sys
17
:23:08.0394 4128    IntcAzAudAddService ok
17
:23:08.0488 4128    intelide        (83aa759f3189e6370c30de5dc5590718C:\Windows\system32\drivers\intelide.sys
17
:23:08.0504 4128    intelide ok
17
:23:08.0519 4128    intelppm        (224191001e78c89dfa78924c3ea595ffC:\Windows\system32\DRIVERS\intelppm.sys
17
:23:08.0550 4128    intelppm ok
17
:23:08.0582 4128    IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3C:\Windows\system32\DRIVERS\ipfltdrv.sys
17
:23:08.0613 4128    IpFilterDriver ok
17
:23:08.0660 4128    IpInIp ok
17
:23:08.0722 4128    IPMIDRV         (b25aaf203552b7b3491139d582b39ad1C:\Windows\system32\drivers\ipmidrv.sys
17
:23:08.0738 4128    IPMIDRV ok
17
:23:08.0769 4128    IPNAT           (8793643a67b42cec66490b2a0cf92d68C:\Windows\system32\DRIVERS\ipnat.sys
17
:23:08.0800 4128    IPNAT ok
17
:23:08.0862 4128    IRENUM          (109c0dfb82c3632fbd11949b73aeeac9C:\Windows\system32\drivers\irenum.sys
17
:23:08.0909 4128    IRENUM ok
17
:23:08.0925 4128    isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614C:\Windows\system32\drivers\isapnp.sys
17
:23:08.0940 4128    isapnp ok
17
:23:08.0972 4128    iScsiPrt        (f247eec28317f6c739c16de420097301C:\Windows\system32\DRIVERS\msiscsi.sys
17
:23:08.0972 4128    iScsiPrt ok
17
:23:09.0050 4128    iteatapi        (bced60d16156e428f8df8cf27b0df150C:\Windows\system32\drivers\iteatapi.sys
17
:23:09.0065 4128    iteatapi ok
17
:23:09.0112 4128    iteraid         (06fa654504a498c30adca8bec4e87e7eC:\Windows\system32\drivers\iteraid.sys
17
:23:09.0112 4128    iteraid ok
17
:23:09.0143 4128    JMCR            (4159687fbeeab60486cefd6a58f3a2d7C:\Windows\system32\DRIVERS\jmcr.sys
17
:23:09.0190 4128    JMCR ok
17
:23:09.0268 4128    kbdclass        (37605e0a8cf00cbba538e753e4344c6eC:\Windows\system32\DRIVERS\kbdclass.sys
17
:23:09.0284 4128    kbdclass ok
17
:23:09.0315 4128    kbdhid          (18247836959ba67e3511b62846b9c2e0C:\Windows\system32\DRIVERS\kbdhid.sys
17
:23:09.0346 4128    kbdhid ok
17
:23:09.0408 4128    KSecDD          (7a0cf7908b6824d6a2a1d313e5ae3dcaC:\Windows\system32\Drivers\ksecdd.sys
17
:23:09.0440 4128    KSecDD ok
17
:23:09.0518 4128    lltdio          (d1c5883087a0c3f1344d9d55a44901f6C:\Windows\system32\DRIVERS\lltdio.sys
17
:23:09.0549 4128    lltdio ok
17
:23:09.0596 4128    LSI_FC          (c7e15e82879bf3235b559563d4185365C:\Windows\system32\drivers\lsi_fc.sys
17
:23:09.0611 4128    LSI_FC ok
17
:23:09.0627 4128    LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920aC:\Windows\system32\drivers\lsi_sas.sys
17
:23:09.0642 4128    LSI_SAS ok
17
:23:09.0720 4128    LSI_SCSI        (912a04696e9ca30146a62afa1463dd5cC:\Windows\system32\drivers\lsi_scsi.sys
17
:23:09.0736 4128    LSI_SCSI ok
17
:23:09.0767 4128    luafv           (8f5c7426567798e62a3b3614965d62ccC:\Windows\system32\drivers\luafv.sys
17
:23:09.0798 4128    luafv ok
17
:23:09.0830 4128    megasas         (0001ce609d66632fa17b84705f658879C:\Windows\system32\drivers\megasas.sys
17
:23:09.0830 4128    megasas ok
17
:23:09.0908 4128    MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99C:\Windows\system32\drivers\megasr.sys
17
:23:09.0923 4128    MegaSR ok
17
:23:09.0986 4128    Modem           (e13b5ea0f51ba5b1512ec671393d09baC:\Windows\system32\drivers\modem.sys
17
:23:10.0017 4128    Modem ok
17
:23:10.0079 4128    monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8C:\Windows\system32\DRIVERS\monitor.sys
17
:23:10.0126 4128    monitor ok
17
:23:10.0157 4128    mouclass        (5bf6a1326a335c5298477754a506d263C:\Windows\system32\DRIVERS\mouclass.sys
17
:23:10.0173 4128    mouclass ok
17
:23:10.0204 4128    mouhid          (93b8d4869e12cfbe663915502900876fC:\Windows\system32\DRIVERS\mouhid.sys
17
:23:10.0251 4128    mouhid ok
17
:23:10.0313 4128    MountMgr        (bdafc88aa6b92f7842416ea6a48e1600C:\Windows\system32\drivers\mountmgr.sys
17
:23:10.0329 4128    MountMgr ok
17
:23:10.0391 4128    mpio            (511d011289755dd9f9a7579fb0b064e6C:\Windows\system32\drivers\mpio.sys
17
:23:10.0407 4128    mpio ok
17
:23:10.0469 4128    mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2eC:\Windows\system32\drivers\mpsdrv.sys
17
:23:10.0500 4128    mpsdrv ok
17
:23:10.0547 4128    Mraid35x        (4fbbb70d30fd20ec51f80061703b001eC:\Windows\system32\drivers\mraid35x.sys
17
:23:10.0563 4128    Mraid35x ok
17
:23:10.0578 4128    MRxDAV          (ae3de84536b6799d2267443cec8edbb9C:\Windows\system32\drivers\mrxdav.sys
17
:23:10.0625 4128    MRxDAV ok
17
:23:10.0703 4128    mrxsmb          (5734a0f2be7e495f7d3ed6efd4b9f5a1C:\Windows\system32\DRIVERS\mrxsmb.sys
17
:23:10.0734 4128    mrxsmb ok
17
:23:10.0812 4128    mrxsmb10        (6b5fa5adfacac9dbbe0991f4566d7d55C:\Windows\system32\DRIVERS\mrxsmb10.sys
17
:23:10.0828 4128    mrxsmb10 ok
17
:23:10.0906 4128    mrxsmb20        (5c80d8159181c7abf1b14ba703b01e0bC:\Windows\system32\DRIVERS\mrxsmb20.sys
17
:23:10.0922 4128    mrxsmb20 ok
17
:23:10.0984 4128    msahci          (28023e86f17001f7cd9b15a5bc9ae07dC:\Windows\system32\drivers\msahci.sys
17
:23:11.0000 4128    msahci ok
17
:23:11.0046 4128    msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7C:\Windows\system32\drivers\msdsm.sys
17
:23:11.0046 4128    msdsm ok
17
:23:11.0109 4128    Msfs            (a9927f4a46b816c92f461acb90cf8515C:\Windows\system32\drivers\Msfs.sys
17
:23:11.0156 4128    Msfs ok
17
:23:11.0187 4128    msisadrv        (0f400e306f385c56317357d6dea56f62C:\Windows\system32\drivers\msisadrv.sys
17
:23:11.0202 4128    msisadrv ok
17
:23:11.0265 4128    MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07C:\Windows\system32\drivers\MSKSSRV.sys
17
:23:11.0312 4128    MSKSSRV ok
17
:23:11.0343 4128    MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65eC:\Windows\system32\drivers\MSPCLOCK.sys
17
:23:11.0374 4128    MSPCLOCK ok
17
:23:11.0421 4128    MSPQM           (b572da05bf4e098d4bba3a4734fb505bC:\Windows\system32\drivers\MSPQM.sys
17
:23:11.0452 4128    MSPQM ok
17
:23:11.0499 4128    MsRPC           (b5614aecb05a9340aa0fb55bf561cc63C:\Windows\system32\drivers\MsRPC.sys
17
:23:11.0514 4128    MsRPC ok
17
:23:11.0577 4128    mssmbios        (e384487cb84be41d09711c30ca79646cC:\Windows\system32\DRIVERS\mssmbios.sys
17
:23:11.0592 4128    mssmbios ok
17
:23:11.0655 4128    MSTEE           (7199c1eec1e4993caf96b8c0a26bd58aC:\Windows\system32\drivers\MSTEE.sys
17
:23:11.0670 4128    MSTEE ok
17
:23:11.0686 4128    Mup             (6dfd1d322de55b0b7db7d21b90bec49cC:\Windows\system32\Drivers\mup.sys
17
:23:11.0702 4128    Mup ok
17
:23:11.0764 4128    NativeWifiP     (3c21ce48ff529bb73dadb98770b54025C:\Windows\system32\DRIVERS\nwifi.sys
17
:23:11.0811 4128    NativeWifiP ok
17
:23:11.0904 4128    NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1C:\Windows\system32\drivers\ndis.sys
17
:23:11.0920 4128    NDIS ok
17
:23:11.0951 4128    NdisTapi        (0e186e90404980569fb449ba7519ae61C:\Windows\system32\DRIVERS\ndistapi.sys
17
:23:11.0998 4128    NdisTapi ok
17
:23:12.0014 4128    Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389C:\Windows\system32\DRIVERS\ndisuio.sys
17
:23:12.0045 4128    Ndisuio ok
17
:23:12.0107 4128    NdisWan         (3d14c3b3496f88890d431e8aa022a411C:\Windows\system32\DRIVERS\ndiswan.sys
17
:23:12.0123 4128    NdisWan ok
17
:23:12.0170 4128    NDProxy         (71dab552b41936358f3b541ae5997fb3C:\Windows\system32\drivers\NDProxy.sys
17
:23:12.0216 4128    NDProxy ok
17
:23:12.0232 4128    NetBIOS         (bcd093a5a6777cf626434568dc7dba78C:\Windows\system32\DRIVERS\netbios.sys
17
:23:12.0279 4128    NetBIOS ok
17
:23:12.0341 4128    netbt           (7c5fee5b1c5728507cd96fb4a13e7a02C:\Windows\system32\DRIVERS\netbt.sys
17
:23:12.0372 4128    netbt ok
17
:23:12.0497 4128    NetPeeker       (3595a4d8ed987a5966060c0e5afcf1e2C:\Windows\system32\DRIVERS\netpeeker.sys
17
:23:12.0513 4128    NetPeeker ok
17
:23:12.0622 4128    netr28          (95725c00b580ed75a80e94acbc77cdbcC:\Windows\system32\DRIVERS\netr28.sys
17
:23:12.0700 4128    netr28 ok
17
:23:12.0809 4128    nfrd960         (2e7fb731d4790a1bc6270accefacb36eC:\Windows\system32\drivers\nfrd960.sys
17
:23:12.0809 4128    nfrd960 ok
17
:23:12.0856 4128    nmwcd           (9a908a9bb857c2cceb2907eb9dcaeb8bC:\Windows\system32\drivers\ccdcmb.sys
17
:23:12.0887 4128    nmwcd ok
17
:23:12.0965 4128    nmwcdc          (68ec3ee2348e475ea62c66e6aafcfc9bC:\Windows\system32\drivers\ccdcmbo.sys
17
:23:12.0996 4128    nmwcdc ok
17
:23:13.0043 4128    Npfs            (ecb5003f484f9ed6c608d6d6c7886cbbC:\Windows\system32\drivers\Npfs.sys
17
:23:13.0074 4128    Npfs ok
17
:23:13.0137 4128    nsiproxy        (609773e344a97410ce4ebf74a8914fcfC:\Windows\system32\drivers\nsiproxy.sys
17
:23:13.0168 4128    nsiproxy ok
17
:23:13.0230 4128    Ntfs            (b4effe29eb4f15538fd8a9681108492dC:\Windows\system32\drivers\Ntfs.sys
17
:23:13.0262 4128    Ntfs ok
17
:23:13.0324 4128    NTIDrvr         (2757d2ba59aee155209e24942ab127c9C:\Windows\system32\DRIVERS\NTIDrvr.sys
17
:23:13.0340 4128    NTIDrvr ok
17
:23:13.0464 4128    ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72C:\Windows\system32\drivers\ntrigdigi.sys
17
:23:13.0527 4128    ntrigdigi ok
17
:23:13.0574 4128    Null            (c5dbbcda07d780bda9b685df333bb41eC:\Windows\system32\drivers\Null.sys
17
:23:13.0605 4128    Null ok
17
:23:13.0683 4128    NVHDA           (faa22e6256d9fa2c7f77b67c68cdd749C:\Windows\system32\drivers\nvhda32v.sys
17
:23:13.0698 4128    NVHDA ok
17
:23:13.0917 4128    nvlddmkm        (996de3e355af722b340de8ef708651deC:\Windows\system32\DRIVERS\nvlddmkm.sys
17
:23:14.0260 4128    nvlddmkm ok
17
:23:14.0354 4128    nvraid          (2edf9e7751554b42cbb60116de727101C:\Windows\system32\drivers\nvraid.sys
17
:23:14.0354 4128    nvraid ok
17
:23:14.0385 4128    nvsmu           (af1bd777af00e96c45c77192d7453369C:\Windows\system32\DRIVERS\nvsmu.sys
17
:23:14.0416 4128    nvsmu ok
17
:23:14.0478 4128    nvstor          (abed0c09758d1d97db0042dbb2688177C:\Windows\system32\drivers\nvstor.sys
17
:23:14.0494 4128    nvstor ok
17
:23:14.0541 4128    nvstor32        (8ee374b6fb3cb2bb8d70395218b464a5C:\Windows\system32\DRIVERS\nvstor32.sys
17
:23:14.0556 4128    nvstor32 ok
17
:23:14.0572 4128    nv_agp          (18bbdf913916b71bd54575bdb6eeac0bC:\Windows\system32\drivers\nv_agp.sys
17
:23:14.0588 4128    nv_agp ok
17
:23:14.0634 4128    NwlnkFlt ok
17
:23:14.0650 4128    NwlnkFwd ok
17
:23:14.0697 4128    ohci1394        (be32da025a0be1878f0ee8d6d9386cd5C:\Windows\system32\drivers\ohci1394.sys
17
:23:14.0759 4128    ohci1394 ok
17
:23:14.0790 4128    Parport         (0fa9b5055484649d63c303fe404e5f4dC:\Windows\system32\drivers\parport.sys
17
:23:14.0853 4128    Parport ok
17
:23:14.0915 4128    partmgr         (3b38467e7c3daed009dfe359e17f139fC:\Windows\system32\drivers\partmgr.sys
17
:23:14.0931 4128    partmgr ok
17
:23:14.0962 4128    Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112C:\Windows\system32\drivers\parvdm.sys
17
:23:15.0009 4128    Parvdm ok
17
:23:15.0056 4128    pccsmcfd        (fd2041e9ba03db7764b2248f02475079C:\Windows\system32\DRIVERS\pccsmcfd.sys
17
:23:15.0102 4128    pccsmcfd ok
17
:23:15.0165 4128    pci             (01b94418deb235dff777cc80076354b4C:\Windows\system32\drivers\pci.sys
17
:23:15.0180 4128    pci ok
17
:23:15.0212 4128    pciide          (fc175f5ddab666d7f4d17449a547626fC:\Windows\system32\drivers\pciide.sys
17
:23:15.0227 4128    pciide ok
17
:23:15.0243 4128    pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5C:\Windows\system32\drivers\pcmcia.sys
17
:23:15.0258 4128    pcmcia ok
17
:23:15.0336 4128    PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92C:\Windows\system32\drivers\peauth.sys
17
:23:15.0399 4128    PEAUTH ok
17
:23:15.0539 4128    PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1C:\Windows\system32\DRIVERS\raspptp.sys
17
:23:15.0570 4128    PptpMiniport ok
17
:23:15.0617 4128    Processor       (2027293619dd0f047c584cf2e7df4ffdC:\Windows\system32\drivers\processr.sys
17
:23:15.0648 4128    Processor ok
17
:23:15.0726 4128    PSched          (bfef604508a0ed1eae2a73e872555ffbC:\Windows\system32\DRIVERS\pacer.sys
17
:23:15.0758 4128    PSched ok
17
:23:15.0820 4128    ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6C:\Windows\system32\drivers\ql2300.sys
17
:23:15.0929 4128    ql2300 ok
17
:23:16.0023 4128    ql40xx          (81a7e5c076e59995d54bc1ed3a16e60bC:\Windows\system32\drivers\ql40xx.sys
17
:23:16.0038 4128    ql40xx ok
17
:23:16.0101 4128    QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7C:\Windows\system32\drivers\qwavedrv.sys
17
:23:16.0116 4128    QWAVEdrv ok
17
:23:16.0132 4128    RasAcd          (147d7f9c556d259924351feb0de606c3C:\Windows\system32\DRIVERS\rasacd.sys
17
:23:16.0163 4128    RasAcd ok
17
:23:16.0226 4128    Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0C:\Windows\system32\DRIVERS\rasl2tp.sys
17
:23:16.0272 4128    Rasl2tp ok
17
:23:16.0304 4128    RasPppoe        (3e9d9b048107b40d87b97df2e48e0744C:\Windows\system32\DRIVERS\raspppoe.sys
17
:23:16.0335 4128    RasPppoe ok
17
:23:16.0350 4128    RasSstp         (a7d141684e9500ac928a772ed8e6b671C:\Windows\system32\DRIVERS\rassstp.sys
17
:23:16.0366 4128    RasSstp ok
17
:23:16.0397 4128    rdbss           (6e1c5d0457622f9ee35f683110e93d14C:\Windows\system32\DRIVERS\rdbss.sys
17
:23:16.0444 4128    rdbss ok
17
:23:16.0522 4128    RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899C:\Windows\system32\DRIVERS\RDPCDD.sys
17
:23:16.0569 4128    RDPCDD ok
17
:23:16.0600 4128    rdpdr           (fbc0bacd9c3d7f6956853f64a66e252dC:\Windows\system32\drivers\rdpdr.sys
17
:23:16.0631 4128    rdpdr ok
17
:23:16.0647 4128    RDPENCDD        (9d91fe5286f748862ecffa05f8a0710cC:\Windows\system32\drivers\rdpencdd.sys
17
:23:16.0694 4128    RDPENCDD ok
17
:23:16.0772 4128    RDPWD           (e1c18f4097a5abcec941dc4b2f99db7eC:\Windows\system32\drivers\RDPWD.sys
17
:23:16.0803 4128    RDPWD ok
17
:23:16.0850 4128    RkHit ok
17
:23:16.0881 4128    rspndr          (9c508f4074a39e8b4b31d27198146fadC:\Windows\system32\DRIVERS\rspndr.sys
17
:23:16.0912 4128    rspndr ok
17
:23:16.0974 4128    s0016bus        (59509ad6cbc28f2c73056268985b3e48C:\Windows\system32\DRIVERS\s0016bus.sys
17
:23:16.0990 4128    s0016bus ok
17
:23:17.0052 4128    s0016mdfl       (b98c3a6f91f4fba285af9606a240c6b4C:\Windows\system32\DRIVERS\s0016mdfl.sys
17
:23:17.0068 4128    s0016mdfl ok
17
:23:17.0099 4128    s0016mdm        (8a83426f4fb7b5212825d9de76368b1aC:\Windows\system32\DRIVERS\s0016mdm.sys
17
:23:17.0115 4128    s0016mdm ok
17
:23:17.0177 4128    s0016mgmt       (7a78bba97feb5e6d24c49e93a3bf7287C:\Windows\system32\DRIVERS\s0016mgmt.sys
17
:23:17.0193 4128    s0016mgmt ok
17
:23:17.0240 4128    s0016nd5        (34ef7b5f611957b73e7219dd5a222ad1C:\Windows\system32\DRIVERS\s0016nd5.sys
17
:23:17.0255 4128    s0016nd5 ok
17
:23:17.0271 4128    s0016obex       (36792935847143e4a3cda0dc87248487C:\Windows\system32\DRIVERS\s0016obex.sys
17
:23:17.0286 4128    s0016obex ok
17
:23:17.0349 4128    s0016unic       (927208754fb27fc3e7a659e77500c5d1C:\Windows\system32\DRIVERS\s0016unic.sys
17
:23:17.0380 4128    s0016unic ok
17
:23:17.0458 4128    s1039bus        (d0eedc88876b20d42157cdcca3e647f3C:\Windows\system32\DRIVERS\s1039bus.sys
17
:23:17.0474 4128    s1039bus ok
17
:23:17.0536 4128    s1039mdfl       (7b35091a7bb597c86262c589b0b57d06C:\Windows\system32\DRIVERS\s1039mdfl.sys
17
:23:17.0536 4128    s1039mdfl ok
17
:23:17.0598 4128    s1039mdm        (4cb1ab13c9813cbf3e4c6406f8043ec2C:\Windows\system32\DRIVERS\s1039mdm.sys
17
:23:17.0614 4128    s1039mdm ok
17
:23:17.0645 4128    s1039mgmt       (2649ca09585a7531126dcc116ad1f88cC:\Windows\system32\DRIVERS\s1039mgmt.sys
17
:23:17.0661 4128    s1039mgmt ok
17
:23:17.0708 4128    s1039nd5        (6d3f549efd6daedd7d12f3de2175053fC:\Windows\system32\DRIVERS\s1039nd5.sys
17
:23:17.0723 4128    s1039nd5 ok
17
:23:17.0801 4128    s1039obex       (305e3e3aca0037af2e2c1b50a383c91bC:\Windows\system32\DRIVERS\s1039obex.sys
17
:23:17.0817 4128    s1039obex ok
17
:23:17.0832 4128    s1039unic       (7dd02a58277c84c043442561589914f4C:\Windows\system32\DRIVERS\s1039unic.sys
17
:23:17.0848 4128    s1039unic ok
17
:23:17.0910 4128    sbp2port        (3ce8f073a557e172b330109436984e30C:\Windows\system32\drivers\sbp2port.sys
17
:23:17.0926 4128    sbp2port ok
17
:23:17.0988 4128    sdbus           (126ea89bcc413ee45e3004fb0764888fC:\Windows\system32\DRIVERS\sdbus.sys
17
:23:18.0035 4128    sdbus ok
17
:23:18.0098 4128    secdrv          (90a3935d05b494a5a39d37e71f09a677C:\Windows\system32\drivers\secdrv.sys
17
:23:18.0144 4128    secdrv ok
17
:23:18.0191 4128    Serenum         (68e44e331d46f0fb38f0863a84cd1a31C:\Windows\system32\drivers\serenum.sys
17
:23:18.0238 4128    Serenum ok
17
:23:18.0285 4128    Serial          (c70d69a918b178d3c3b06339b40c2e1bC:\Windows\system32\drivers\serial.sys
17
:23:18.0332 4128    Serial ok
17
:23:18.0394 4128    sermouse        (8af3d28a879bf75db53a0ee7a4289624C:\Windows\system32\drivers\sermouse.sys
17
:23:18.0425 4128    sermouse ok
17
:23:18.0456 4128    sffdisk         (3efa810bdca87f6ecc24f9832243fe86C:\Windows\system32\drivers\sffdisk.sys
17
:23:18.0488 4128    sffdisk ok
17
:23:18.0550 4128    sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5C:\Windows\system32\drivers\sffp_mmc.sys
17
:23:18.0581 4128    sffp_mmc ok
17
:23:18.0644 4128    sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979C:\Windows\system32\drivers\sffp_sd.sys
17
:23:18.0690 4128    sffp_sd ok
17
:23:18.0753 4128    sfloppy         (46ed8e91793b2e6f848015445a0ac188C:\Windows\system32\drivers\sfloppy.sys
17
:23:18.0800 4128    sfloppy ok
17
:23:18.0909 4128    sisagp          (1d76624a09a054f682d746b924e2dbc3C:\Windows\system32\drivers\sisagp.sys
17
:23:18.0924 4128    sisagp ok
17
:23:18.0956 4128    SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2C:\Windows\system32\drivers\sisraid2.sys
17
:23:18.0971 4128    SiSRaid2 ok
17
:23:19.0018 4128    SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94C:\Windows\system32\drivers\sisraid4.sys
17
:23:19.0034 4128    SiSRaid4 ok
17
:23:19.0096 4128    Smb             (031e6bcd53c9b2b9ace111eafec347b6C:\Windows\system32\DRIVERS\smb.sys
17
:23:19.0143 4128    Smb ok
17
:23:19.0268 4128    spldr           (7aebdeef071fe28b0eef2cdd69102bffC:\Windows\system32\drivers\spldr.sys
17
:23:19.0268 4128    spldr ok
17
:23:19.0330 4128    srv             (2252aef839b1093d16761189f45af885C:\Windows\system32\DRIVERS\srv.sys
17
:23:19.0392 4128    srv ok
17
:23:19.0470 4128    srv2            (b7ff59408034119476b00a81bb53d5d1C:\Windows\system32\DRIVERS\srv2.sys
17
:23:19.0502 4128    srv2 ok
17
:23:19.0611 4128    srvnet          (2accc9b12af02030f531e6cca6f8b76eC:\Windows\system32\DRIVERS\srvnet.sys
17
:23:19.0642 4128    srvnet ok
17
:23:19.0689 4128    ssmdrv          (a36ee93698802cd899f98bfd553d8185C:\Windows\system32\DRIVERS\ssmdrv.sys
17
:23:19.0704 4128    ssmdrv ok
17
:23:19.0767 4128    swenum          (7ba58ecf0c0a9a69d44b3dca62becf56C:\Windows\system32\DRIVERS\swenum.sys
17
:23:19.0782 4128    swenum ok
17
:23:19.0829 4128    Symc8xx         (192aa3ac01df071b541094f251deed10C:\Windows\system32\drivers\symc8xx.sys
17
:23:19.0845 4128    Symc8xx ok
17
:23:19.0876 4128    Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125C:\Windows\system32\drivers\sym_hi.sys
17
:23:19.0876 4128    Sym_hi ok
17
:23:19.0954 4128    Sym_u3          (8072af52b5fd103bbba387a1e49f62cbC:\Windows\system32\drivers\sym_u3.sys
17
:23:19.0954 4128    Sym_u3 ok
17
:23:20.0001 4128    SynTP           (32c0296ae115906679d94957f501e8dbC:\Windows\system32\DRIVERS\SynTP.sys
17
:23:20.0016 4128    SynTP ok
17
:23:20.0126 4128    Tcpip           (2eae4500984c2f8dacfb977060300a15C:\Windows\system32\drivers\tcpip.sys
17
:23:20.0266 4128    Tcpip ok
17
:23:20.0406 4128    Tcpip6          (2eae4500984c2f8dacfb977060300a15C:\Windows\system32\DRIVERS\tcpip.sys
17
:23:20.0453 4128    Tcpip6 ok
17
:23:20.0516 4128    tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76bC:\Windows\system32\drivers\tcpipreg.sys
17
:23:20.0562 4128    tcpipreg ok
17
:23:20.0640 4128    TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56C:\Windows\system32\drivers\tdpipe.sys
17
:23:20.0672 4128    TDPIPE ok
17
:23:20.0750 4128    TDTCP           (389c63e32b3cefed425b61ed92d3f021C:\Windows\system32\drivers\tdtcp.sys
17
:23:20.0781 4128    TDTCP ok
17
:23:20.0812 4128    tdx             (d09276b1fab033ce1d40dcbdf303d10fC:\Windows\system32\DRIVERS\tdx.sys
17
:23:20.0859 4128    tdx ok
17
:23:20.0890 4128    TermDD          (a048056f5e1a96a9bf3071b91741a5aaC:\Windows\system32\DRIVERS\termdd.sys
17
:23:20.0906 4128    TermDD ok
17
:23:21.0015 4128    tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206C:\Windows\system32\DRIVERS\tssecsrv.sys
17
:23:21.0046 4128    tssecsrv ok
17
:23:21.0124 4128    TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
17
:23:21.0140 4128    TuneUpUtilitiesDrv ok
17
:23:21.0218 4128    tunmp           (caecc0120ac49e3d2f758b9169872d38C:\Windows\system32\DRIVERS\tunmp.sys
17
:23:21.0249 4128    tunmp ok
17
:23:21.0280 4128    tunnel          (6042505ff6fa9ac1ef7684d0e03b6940C:\Windows\system32\DRIVERS\tunnel.sys
17
:23:21.0296 4128    tunnel ok
17
:23:21.0358 4128    uagp35          (7d33c4db2ce363c8518d2dfcf533941fC:\Windows\system32\drivers\uagp35.sys
17
:23:21.0374 4128    uagp35 ok
17
:23:21.0420 4128    UBHelper        (f763e070843ee2803de1395002b42938C:\Windows\system32\drivers\UBHelper.sys
17
:23:21.0436 4128    UBHelper ok
17
:23:21.0452 4128    udfs            (8b5088058fa1d1cd897a2113ccff6c58C:\Windows\system32\DRIVERS\udfs.sys
17
:23:21.0483 4128    udfs ok
17
:23:21.0576 4128    uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27C:\Windows\system32\drivers\uliagpkx.sys
17
:23:21.0592 4128    uliagpkx ok
17
:23:21.0654 4128    uliahci         (9224bb254f591de4ca8d572a5f0d635cC:\Windows\system32\drivers\uliahci.sys
17
:23:21.0670 4128    uliahci ok
17
:23:21.0686 4128    UlSata          (8514d0e5cd0534467c5fc61be94a569fC:\Windows\system32\drivers\ulsata.sys
17
:23:21.0701 4128    UlSata ok
17
:23:21.0779 4128    ulsata2         (38c3c6e62b157a6bc46594fada45c62bC:\Windows\system32\drivers\ulsata2.sys
17
:23:21.0779 4128    ulsata2 ok
17
:23:21.0826 4128    umbus           (32cff9f809ae9aed85464492bf3e32d2C:\Windows\system32\DRIVERS\umbus.sys
17
:23:21.0857 4128    umbus ok
17
:23:21.0904 4128    upperdev        (a34560a5d516a2f5240180370866b99dC:\Windows\system32\DRIVERS\usbser_lowerflt.sys
17
:23:21.0920 4128    upperdev ok
17
:23:21.0998 4128    usbccgp         (caf811ae4c147ffcd5b51750c7f09142C:\Windows\system32\DRIVERS\usbccgp.sys
17
:23:22.0013 4128    usbccgp ok
17
:23:22.0060 4128    usbcir          (e9476e6c486e76bc4898074768fb7131C:\Windows\system32\drivers\usbcir.sys
17
:23:22.0107 4128    usbcir ok
17
:23:22.0122 4128    usbehci         (cebe90821810e76320155beba722fcf9C:\Windows\system32\DRIVERS\usbehci.sys
17
:23:22.0169 4128    usbehci ok
17
:23:22.0247 4128    usbhub          (cc6b28e4ce39951357963119ce47b143C:\Windows\system32\DRIVERS\usbhub.sys
17
:23:22.0278 4128    usbhub ok
17
:23:22.0310 4128    usbohci         (7bdb7b0e7d45ac0402d78b90789ef47cC:\Windows\system32\DRIVERS\usbohci.sys
17
:23:22.0341 4128    usbohci ok
17
:23:22.0372 4128    usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5C:\Windows\system32\DRIVERS\usbprint.sys
17
:23:22.0419 4128    usbprint ok
17
:23:22.0497 4128    usbscan         (a508c9bd8724980512136b039bba65e9C:\Windows\system32\DRIVERS\usbscan.sys
17
:23:22.0544 4128    usbscan ok
17
:23:22.0606 4128    usbser          (a96191470581a7091420d25ecd444502C:\Windows\system32\drivers\usbser.sys
17
:23:22.0637 4128    usbser ok
17
:23:22.0715 4128    UsbserFilt      (6410eebd6e0427466812858ee84c8467C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
17
:23:22.0731 4128    UsbserFilt ok
17
:23:22.0778 4128    USBSTOR         (87ba6b83c5d19b69160968d07d6e2982C:\Windows\system32\DRIVERS\USBSTOR.SYS
17
:23:22.0824 4128    USBSTOR ok
17
:23:22.0902 4128    usbuhci         (814d653efc4d48be3b04a307eceff56fC:\Windows\system32\DRIVERS\usbuhci.sys
17
:23:22.0949 4128    usbuhci ok
17
:23:22.0980 4128    usbvideo        (e67998e8f14cb0627a769f6530bcb352C:\Windows\system32\Drivers\usbvideo.sys
17
:23:23.0012 4128    usbvideo ok
17
:23:23.0074 4128    VClone ok
17
:23:23.0105 4128    vga             (87b06e1f30b749a114f74622d013f8d4C:\Windows\system32\DRIVERS\vgapnp.sys
17
:23:23.0152 4128    vga ok
17
:23:23.0168 4128    VgaSave         (2e93ac0a1d8c79d019db6c51f036636cC:\Windows\System32\drivers\vga.sys
17
:23:23.0199 4128    VgaSave ok
17
:23:23.0261 4128    viaagp          (5d7159def58a800d5781ba3a879627bcC:\Windows\system32\drivers\viaagp.sys
17
:23:23.0277 4128    viaagp ok
17
:23:23.0308 4128    ViaC7           (c4f3a691b5bad343e6249bd8c2d45deeC:\Windows\system32\drivers\viac7.sys
17
:23:23.0339 4128    ViaC7 ok
17
:23:23.0355 4128    viaide          (aadf5587a4063f52c2c3fed7887426fcC:\Windows\system32\drivers\viaide.sys
17
:23:23.0370 4128    viaide ok
17
:23:23.0433 4128    volmgr          (69503668ac66c77c6cd7af86fbdf8c43C:\Windows\system32\drivers\volmgr.sys
17
:23:23.0433 4128    volmgr ok
17
:23:23.0464 4128    volmgrx         (98f5ffe6316bd74e9e2c97206c190196C:\Windows\system32\drivers\volmgrx.sys
17
:23:23.0480 4128    volmgrx ok
17
:23:23.0511 4128    volsnap         (d8b4a53dd2769f226b3eb374374987c9C:\Windows\system32\drivers\volsnap.sys
17
:23:23.0526 4128    volsnap ok
17
:23:23.0542 4128    vsmraid         (587253e09325e6bf226b299774b728a9C:\Windows\system32\drivers\vsmraid.sys
17
:23:23.0558 4128    vsmraid ok
17
:23:23.0636 4128    WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031C:\Windows\system32\drivers\wacompen.sys
17
:23:23.0698 4128    WacomPen ok
17
:23:23.0729 4128    Wanarp          (55201897378cca7af8b5efd874374a26C:\Windows\system32\DRIVERS\wanarp.sys
17
:23:23.0760 4128    Wanarp ok
17
:23:23.0760 4128    Wanarpv6        (55201897378cca7af8b5efd874374a26C:\Windows\system32\DRIVERS\wanarp.sys
17
:23:23.0792 4128    Wanarpv6 ok
17
:23:23.0870 4128    Wd              (78fe9542363f297b18c027b2d7e7c07fC:\Windows\system32\drivers\wd.sys
17
:23:23.0870 4128    Wd ok
17
:23:23.0932 4128    Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96C:\Windows\system32\drivers\Wdf01000.sys
17
:23:23.0963 4128    Wdf01000 ok
17
:23:24.0104 4128    winusb          (f03110711b17ad31271cb2baf0dbb2b1C:\Windows\system32\DRIVERS\winusb.sys
17
:23:24.0150 4128    winusb ok
17
:23:24.0228 4128    WmiAcpi         (2e7255d172df0b8283cdfb7b433b864eC:\Windows\system32\DRIVERS\wmiacpi.sys
17
:23:24.0275 4128    WmiAcpi ok
17
:23:24.0353 4128    WpdUsb          (0cec23084b51b8288099eb710224e955C:\Windows\system32\DRIVERS\wpdusb.sys
17
:23:24.0384 4128    WpdUsb ok
17
:23:24.0462 4128    ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389cC:\Windows\system32\drivers\ws2ifsl.sys
17
:23:24.0509 4128    ws2ifsl ok
17
:23:24.0556 4128    WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6C:\Windows\system32\DRIVERS\WUDFRd.sys
17
:23:24.0587 4128    WUDFRd ok
17
:23:24.0618 4128    MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17
:23:24.0696 4128    \Device\Harddisk0\DR0 ok
17
:23:24.0712 4128    Boot (0x1200)   (7e89af5869d05129a58c5de8606654f0) \Device\Harddisk0\DR0\Partition0
17
:23:24.0712 4128    \Device\Harddisk0\DR0\Partition0 ok
17
:23:24.0728 4128    Boot (0x1200)   (afd315f54976c640ae2062d73a53bace) \Device\Harddisk0\DR0\Partition1
17
:23:24.0728 4128    \Device\Harddisk0\DR0\Partition1 ok
17
:23:24.0728 4128    ============================================================
17:23:24.0728 4128    Scan finished
17
:23:24.0728 4128    ============================================================
17:23:24.0759 1588    Detected object count0
17
:23:24.0759 1588    Actual detected object count

MfG Gerd

Alt 25.10.2011, 18:03   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sinowal ?! - Standard

Sinowal ?!



Bitte NICHT in PHP-Tags posten! Verwende CODE-Tags!

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Sinowal ?!
ahnung, alarm, antivir, dateien, gelöscht, gmer, gmer logfile, hallo zusammen, hoffe, infizierte, infizierten, logfile, mehrere dateien, quarantäne, rechner, sinowal, stelle, systemprüfung, vollständige, warnungen, weiteres, wirklich, zusammen



Ähnliche Themen: Sinowal ?!


  1. Wie entferne ich BDS/Sinowal.knfal oder generell Sinowal?
    Plagegeister aller Art und deren Bekämpfung - 31.12.2011 (17)
  2. BOO/Sinowal.A
    Plagegeister aller Art und deren Bekämpfung - 24.05.2011 (1)
  3. Exp/Sinowal.F ?
    Log-Analyse und Auswertung - 09.05.2011 (1)
  4. RKIT/MBR.Sinowal.J ...Boo/Sinowal.C ...W32/Stanit
    Plagegeister aller Art und deren Bekämpfung - 25.02.2011 (15)
  5. BOO/Sinowal.F
    Log-Analyse und Auswertung - 22.07.2010 (2)
  6. BOO/ Sinowal.D
    Plagegeister aller Art und deren Bekämpfung - 11.08.2009 (4)
  7. BOO/Sinowal.D
    Plagegeister aller Art und deren Bekämpfung - 02.08.2009 (18)
  8. BOO/Sinowal.A
    Plagegeister aller Art und deren Bekämpfung - 19.04.2009 (15)
  9. B00 / Sinowal.A
    Plagegeister aller Art und deren Bekämpfung - 17.03.2009 (4)
  10. B00 / Sinowal.A
    Log-Analyse und Auswertung - 05.03.2009 (0)
  11. BOO/Sinowal.A
    Plagegeister aller Art und deren Bekämpfung - 21.02.2009 (4)
  12. BOO/Sinowal.A
    Plagegeister aller Art und deren Bekämpfung - 20.02.2009 (1)
  13. BOO/Sinowal.A
    Plagegeister aller Art und deren Bekämpfung - 14.01.2009 (5)
  14. boo/sinowal.A
    Plagegeister aller Art und deren Bekämpfung - 17.11.2008 (21)
  15. BOO/Sinowal.A
    Plagegeister aller Art und deren Bekämpfung - 03.11.2008 (7)
  16. BOO/Sinowal.A
    Plagegeister aller Art und deren Bekämpfung - 01.09.2008 (9)
  17. BOO/Sinowal.A
    Log-Analyse und Auswertung - 07.07.2008 (1)

Zum Thema Sinowal ?! - Hallo zusammen, gleich vorneweg, ich hab nicht wirklich viel Ahnung, beiße mich aber durch und hoffe auf Eure Hilfe: Mein Antivir hat Alarm geschlagen und für mehrere Dateien BDS/Sinowal.380901 gemeldet. - Sinowal ?!...
Archiv
Du betrachtest: Sinowal ?! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.