Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 08.11.2011, 12:06   #1
ausdemFF
 
Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I - Unglücklich

Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I



Hallo,

ich bin Marcel und habe einen Trojaner.

Dieser hat sich gestern im Laufe des Vormittags bemerkbar gemacht da meine Firewall ständig andere Programme blocken wollte. Einmal war es ebay.exe und auch mal Ploizz.exe .

Ich hab mir da nicht soviel Gedanken gemacht und gesehen das eine 0kb SVCHOST da ist erstellt in users/mein Name/App Data/ Roaming/Microsoft/
Diese + alle weiteren die das Programm erstellt hat hab ich gelöscht. DANACH am Abend hat mich Windows Defender erst drauf aufmerksam gemacht das

TrojanDownloader:Win32/Small.gen!I

hier nicht sein sollte. Seitdem ist mein Downspeed auf 350kb anstatt ca 800 (PERMANENT) und der Upstream auf 35 von 75. Hab geschaut ob ichs allein irgendwie lösen kann, aber, hier bin ich nun.

Es gab auch zeitgleich mehrere TCP & UDP Flood Angriffe auif meinen Router wenn ich das richtig gelesen habe. Die Logfile ist mit in der Zip in welcher auch Scans sind.

Betriebssystem Windows 7 + Avira Professional + Windows Defender + CCleaner & Tweak Me!

OTL:

Code:
ATTFilter
OTL logfile created on: 08.11.2011 11:44:00 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\xxx\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 69,68% Memory free
6,00 Gb Paging File | 4,93 Gb Available in Paging File | 82,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 13,65 Gb Free Space | 5,86% Space Free | Partition Type: NTFS
Drive D: | 465,70 Gb Total Space | 5,06 Gb Free Space | 1,09% Space Free | Partition Type: FAT32
 
Computer Name: xxx | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.08 11:40:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
PRC - [2011.11.08 11:33:51 | 000,050,477 | ---- | M] () -- C:\Users\xxx\Desktop\Defogger.exe
PRC - [2011.11.05 13:37:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.11.05 13:34:56 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011.11.05 13:34:50 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.11.05 13:34:33 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011.11.05 13:34:21 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.11.05 13:34:15 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.11.05 13:34:11 | 000,616,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.08.03 12:50:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.08.01 14:56:42 | 001,821,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2011.07.29 20:31:40 | 001,249,064 | ---- | M] () -- C:\ProgramData\TVersity\Media Server\MediaServer.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.10.02 13:14:48 | 000,643,592 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioTaskBarIcon.exe
PRC - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2008.09.29 12:15:00 | 000,155,648 | ---- | M] (NVIDIA) -- C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2008.09.10 12:31:36 | 000,114,688 | ---- | M] (NVIDIA) -- C:\Programme\NVIDIA Corporation\System Update\UpdateCenterService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.08 11:33:51 | 000,050,477 | ---- | M] () -- C:\Users\xxx\Desktop\Defogger.exe
MOD - [2011.07.18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.07.24 22:51:32 | 000,299,008 | ---- | M] () -- C:\Programme\IconChanger\IconChng.dll
MOD - [2005.07.18 16:46:08 | 000,074,240 | ---- | M] () -- C:\Programme\iPhone Folders\zlibwapi.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (FileZilla Server)
SRV - [2011.11.05 13:37:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.11.05 13:34:56 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.11.05 13:34:33 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.11.05 13:34:21 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.11.05 13:34:11 | 000,616,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2011.10.12 22:30:31 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.07.29 20:31:40 | 001,249,064 | ---- | M] () [Auto | Running] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.12.28 09:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.09.29 12:15:00 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2008.09.10 12:31:36 | 000,114,688 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.11.05 13:38:12 | 000,111,160 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2011.11.05 13:38:12 | 000,091,096 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2011.10.11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.03 12:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.07.29 12:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011.07.29 12:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011.05.18 07:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.07 06:49:28 | 000,061,824 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCL01132.sys -- (SCL01132)
DRV - [2009.10.02 13:14:42 | 000,042,248 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioConectiv_DFU.sys -- (MADFUCONECTIV)
DRV - [2009.10.02 13:14:38 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioConectiv.sys -- (MAUSBCONECTIV)
DRV - [2009.07.13 23:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.09.29 12:17:06 | 000,029,952 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclock.sys -- (NVR0Dev)
DRV - [2008.09.10 12:28:48 | 000,036,896 | ---- | M] (NVidia Corp.) [Kernel | Auto | Running] -- C:\Windows\nvflash.sys -- (NVR0FLASHDev)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 6E 2B 63 8B 71 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.03 16:22:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.07 07:01:44 | 000,000,000 | ---D | M]
 
[2011.06.20 17:49:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2011.06.20 17:49:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.11.06 13:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\nxh9q5dv.default\extensions
[2011.11.06 02:42:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\nxh9q5dv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.04 23:39:04 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\nxh9q5dv.default\extensions\foxmarks@kei.com
[2011.11.05 13:56:20 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\nxh9q5dv.default\extensions\support@lastpass.com
[2011.10.25 14:42:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.25 14:42:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NXH9Q5DV.DEFAULT\EXTENSIONS\{023E9CA0-63F3-47B1-BCB2-9BADF9D9EF28}.XPI
() (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NXH9Q5DV.DEFAULT\EXTENSIONS\{578E7CAA-210F-4967-A0D3-88FE5B59A39F}.XPI
() (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NXH9Q5DV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.10.28 19:16:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.09 05:49:04 | 001,037,112 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.28 19:16:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.28 19:16:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.28 19:16:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.28 19:16:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.28 19:16:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.28 19:16:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.09.11 07:57:32 | 000,001,411 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKCU..\Run: [ncid.Net] C:\Programme\ncid.Net\ncid.Net.exe (Gerhard Junker)
O4 - HKCU..\Run: [Pidgin] C:\Program Files\Pidgin\pidgin.exe (The Pidgin developer community)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O8 - Extra context menu item: &Alles mit BitComet herunterladen - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Mit BitComet herunter&laden - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42C4B1FC-554F-4648-B813-04C89BADD8D0}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C5B3D2D-DB52-402B-AEC3-0285D1BECEC7}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{05978b59-c5d8-11e0-850e-406186c2d919}\Shell - "" = AutoRun
O33 - MountPoints2\{05978b59-c5d8-11e0-850e-406186c2d919}\Shell\AutoRun\command - "" = "L:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{8f7f0038-9b51-11e0-8582-406186c2d919}\Shell - "" = AutoRun
O33 - MountPoints2\{8f7f0038-9b51-11e0-8582-406186c2d919}\Shell\AutoRun\command - "" = J:\autorun\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B8DB38AA-C10B-9756-993B-9481422BFC9C} - Browser Customizations
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: NVIDIA nTune - hkey= - key= - C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.08 11:40:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2011.11.08 00:02:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.11.07 18:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Gerhard Junker
[2011.11.07 18:47:14 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Gerhard_Junker
[2011.11.07 18:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ncid.Net
[2011.11.07 18:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\ncid.Net
[2011.11.07 18:02:01 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Network Monitor 3
[2011.11.07 17:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NET Traffic Meter
[2011.11.07 17:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\NET Traffic Meter
[2011.11.07 17:38:31 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\NetMeter
[2011.11.07 17:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeter
[2011.11.07 17:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\DeskSoft
[2011.11.07 17:25:35 | 000,024,816 | ---- | C] (DeskSoft) -- C:\Windows\System32\drivers\dsnpfd.sys
[2011.11.07 17:25:34 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DeskSoft
[2011.11.07 15:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Axence NetTools Pro 4.0
[2011.11.07 15:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\Axence
[2011.11.07 08:56:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\gtk-2.0
[2011.11.07 08:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.11.07 08:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2011.11.07 07:42:42 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\.purple
[2011.11.07 07:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\Pidgin
[2011.11.07 03:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011.11.07 03:52:54 | 000,000,000 | ---D | C] -- C:\Program Settings
[2011.11.06 00:08:44 | 000,000,000 | ---D | C] -- C:\Windows\W7SBC
[2011.11.05 23:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
[2011.11.05 23:58:58 | 000,000,000 | ---D | C] -- C:\Program Files\RocketDock
[2011.11.05 23:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\foobar2000
[2011.11.05 23:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IconChanger
[2011.11.05 23:58:09 | 000,000,000 | ---D | C] -- C:\Program Files\IconChanger
[2011.11.05 23:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Rainmeter
[2011.11.05 18:34:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Stardock
[2011.11.05 18:33:55 | 000,042,672 | ---- | C] (Stardock.Net, Inc) -- C:\Windows\System32\wbsys.dll
[2011.11.05 18:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
[2011.11.05 18:18:29 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Auslogics
[2011.11.05 18:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2011.11.05 18:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2011.11.05 17:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\Setup Files
[2011.11.05 16:17:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Verknüpfungen
[2011.11.05 15:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\Dr. Hardware 2011
[2011.11.05 14:46:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakMe!
[2011.11.05 14:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\TweakMe!
[2011.11.05 14:35:17 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Frameworkx.com
[2011.11.05 14:20:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\NeoSmart_Technologies
[2011.11.05 14:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
[2011.11.05 14:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\NeoSmart Technologies
[2011.11.05 13:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.11.05 13:43:05 | 000,111,160 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys
[2011.11.05 13:43:05 | 000,091,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys
[2011.11.05 06:01:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Xilisoft
[2011.11.05 01:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter
[2011.11.05 01:32:47 | 000,307,200 | ---- | C] (FLV.com) -- C:\Windows\System32\TubeFinder.exe
[2011.11.05 01:32:42 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\FreeFLVConverter
[2011.11.05 01:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter
[2011.11.04 14:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011.11.03 17:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011.11.03 16:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet
[2011.11.03 16:22:39 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\BitComet
[2011.11.03 16:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\BitComet
[2011.11.03 10:56:49 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.11.03 10:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.11.03 10:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011.11.02 17:46:53 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Installer5804
[2011.11.02 17:40:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Installer5848
[2011.11.01 11:18:44 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Outlook-Dateien
[2011.11.01 09:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.11.01 09:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011.11.01 09:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.11.01 09:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.10.31 09:36:17 | 009,925,160 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[2011.10.31 09:36:14 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
[2011.10.31 09:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
[2011.10.31 09:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\LastPass
[2011.10.28 07:18:56 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\MicroVision Applications
[2011.10.28 07:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SureThing
[2011.10.28 07:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SureThing Shared
[2011.10.28 07:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\SureThing
[2011.10.28 07:17:29 | 000,000,000 | ---D | C] -- C:\Windows\MVUNINST
[2011.10.25 13:07:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\iZotope
[2011.10.23 20:59:33 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\backup
[2011.10.22 23:53:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
[2011.10.22 23:49:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
[2011.10.18 11:35:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Avira
[2011.10.18 11:35:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.10.18 11:35:05 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.18 11:35:05 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.18 11:35:05 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.10.18 11:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.10.18 11:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.10.14 00:59:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\TempDIR
[2011.10.13 23:59:43 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlexyDeskop
[2011.10.13 23:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\plexydesk
[2011.10.13 23:51:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Bump Technologies, Inc
[2011.10.13 23:46:52 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Bump Technologies, Inc
[2011.10.13 23:41:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011.10.13 21:51:11 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\MediaMonkey
[2011.10.13 21:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\MediaMonkey
[2011.10.13 21:37:56 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~BT
[2011.10.13 21:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Partition Master 9.1.0 Home Edition
[2011.10.13 21:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2011.10.12 22:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
[2011.10.12 22:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
[2011.10.12 22:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone
[2011.10.12 18:34:42 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\GForce
[2011.10.12 18:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\GForce
[2011.10.12 18:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Arturia
[2011.10.12 08:20:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Kontakte Alt
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.08 11:40:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2011.11.08 11:39:39 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable
[2011.11.08 11:39:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.08 11:33:51 | 000,050,477 | ---- | M] () -- C:\Users\xxx\Desktop\Defogger.exe
[2011.11.08 11:23:23 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.08 11:16:17 | 000,020,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.08 11:16:17 | 000,020,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.08 11:09:00 | 000,000,843 | ---- | M] () -- C:\Windows\System32\tversity.cookies
[2011.11.08 11:08:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.08 07:18:48 | 000,233,472 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.07 22:47:07 | 000,717,336 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.07 22:47:07 | 000,667,932 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.07 22:47:07 | 000,155,856 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.07 22:47:07 | 000,125,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.07 18:47:16 | 000,000,081 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011.11.07 18:19:03 | 000,003,124 | ---- | M] () -- C:\Users\xxx\Documents\cc_20111107_181859.reg
[2011.11.07 17:25:35 | 000,024,816 | ---- | M] (DeskSoft) -- C:\Windows\System32\drivers\dsnpfd.sys
[2011.11.07 10:50:13 | 000,013,326 | ---- | M] () -- C:\Users\xxx\Documents\cc_20111107_105010.reg
[2011.11.07 08:28:57 | 000,007,608 | ---- | M] () -- C:\Users\xxx\AppData\Local\Resmon.ResmonCfg
[2011.11.07 07:39:37 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Pidgin.lnk
[2011.11.07 07:04:43 | 000,001,886 | ---- | M] () -- C:\Users\xxx\Documents\cc_20111107_070440.reg
[2011.11.06 13:40:46 | 000,001,516 | ---- | M] () -- C:\Users\xxx\Documents\cc_20111106_134043.reg
[2011.11.06 10:13:12 | 002,281,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.11.06 10:05:56 | 000,091,306 | ---- | M] () -- C:\Users\xxx\Documents\cc_20111106_100546.reg
[2011.11.05 20:51:55 | 000,005,554 | ---- | M] () -- C:\Windows\System32\Utility.xml
[2011.11.05 14:08:27 | 000,000,466 | ---- | M] () -- C:\Users\xxx\Documents\bibo.reg
[2011.11.05 13:38:12 | 000,111,160 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys
[2011.11.05 13:38:12 | 000,091,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys
[2011.11.05 02:25:07 | 000,000,176 | ---- | M] () -- C:\Windows\System32\w3data.vss
[2011.11.05 02:25:07 | 000,000,176 | ---- | M] () -- C:\Windows\System32\msvcsv60.dll
[2011.11.05 02:25:07 | 000,000,176 | ---- | M] () -- C:\Windows\msocreg32.dat
[2011.11.03 10:59:16 | 000,000,600 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\winscp.rnd
[2011.11.02 14:48:47 | 000,049,382 | ---- | M] () -- C:\Users\xxx\Documents\dragon age 2.rtf
[2011.10.31 09:36:17 | 009,925,160 | ---- | M] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[2011.10.28 07:25:35 | 000,054,444 | ---- | M] () -- C:\Users\xxx\Documents\cordless1.std
[2011.10.20 17:04:23 | 001,866,317 | ---- | M] () -- C:\Users\xxx\Documents\IMG_0235.JPG
[2011.10.20 17:04:22 | 001,751,155 | ---- | M] () -- C:\Users\xxx\Documents\IMG_0230.JPG
[2011.10.20 17:04:22 | 001,708,458 | ---- | M] () -- C:\Users\xxx\Documents\IMG_0231.JPG
[2011.10.20 16:58:00 | 000,055,926 | ---- | M] () -- C:\Users\xxx\Documents\Unbenanntes Dokument 2.pdf
[2011.10.20 16:58:00 | 000,000,032 | ---- | M] () -- C:\Users\xxx\Documents\Teil 1.3
[2011.10.16 15:10:03 | 000,399,876 | RHS- | M] () -- C:\TOGMY
[2011.10.16 15:10:03 | 000,000,000 | RHS- | M] () -- C:\jkcv.ld
[2011.10.14 08:42:17 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011.10.13 21:47:23 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011.10.13 21:47:23 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011.10.13 21:22:38 | 000,001,119 | -H-- | M] () -- C:\Windows\EPMBatch.ept
[2011.10.12 17:57:27 | 000,022,648 | ---- | M] () -- C:\Users\xxx\Documents\cc_20111012_185722.reg
[2011.10.11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
[2011.11.08 11:39:39 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable
[2011.11.08 11:33:47 | 000,050,477 | ---- | C] () -- C:\Users\xxx\Desktop\Defogger.exe
[2011.11.07 18:47:16 | 000,000,081 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011.11.07 18:19:01 | 000,003,124 | ---- | C] () -- C:\Users\xxx\Documents\cc_20111107_181859.reg
[2011.11.07 10:50:11 | 000,013,326 | ---- | C] () -- C:\Users\xxx\Documents\cc_20111107_105010.reg
[2011.11.07 08:28:57 | 000,007,608 | ---- | C] () -- C:\Users\xxx\AppData\Local\Resmon.ResmonCfg
[2011.11.07 07:39:37 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Pidgin.lnk
[2011.11.07 07:04:42 | 000,001,886 | ---- | C] () -- C:\Users\xxx\Documents\cc_20111107_070440.reg
[2011.11.06 13:40:44 | 000,001,516 | ---- | C] () -- C:\Users\xxx\Documents\cc_20111106_134043.reg
[2011.11.06 10:05:48 | 000,091,306 | ---- | C] () -- C:\Users\xxx\Documents\cc_20111106_100546.reg
[2011.11.05 20:51:55 | 000,005,554 | ---- | C] () -- C:\Windows\System32\Utility.xml
[2011.11.05 18:34:05 | 000,057,904 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2011.11.05 14:08:27 | 000,000,466 | ---- | C] () -- C:\Users\xxx\Documents\bibo.reg
[2011.11.05 13:42:28 | 000,000,512 | R--- | C] () -- C:\Users\xxx\Documents\HBEDV.KEY
[2011.11.05 01:32:44 | 000,208,500 | ---- | C] () -- C:\Windows\System32\ReyXpBasics.tlb
[2011.11.05 01:32:43 | 000,364,544 | ---- | C] () -- C:\Windows\System32\PropertyGrid.ocx
[2011.11.05 01:32:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ControlSubX.ocx
[2011.11.02 17:41:24 | 000,001,361 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2011.11.02 14:48:46 | 000,049,382 | ---- | C] () -- C:\Users\xxx\Documents\dragon age 2.rtf
[2011.10.28 07:25:35 | 000,054,444 | ---- | C] () -- C:\Users\xxx\Documents\cordless1.std
[2011.10.20 17:04:23 | 001,866,317 | ---- | C] () -- C:\Users\xxx\Documents\IMG_0235.JPG
[2011.10.20 17:04:22 | 001,751,155 | ---- | C] () -- C:\Users\xxx\Documents\IMG_0230.JPG
[2011.10.20 17:04:22 | 001,708,458 | ---- | C] () -- C:\Users\xxx\Documents\IMG_0231.JPG
[2011.10.20 16:57:39 | 000,000,032 | ---- | C] () -- C:\Users\xxx\Documents\Teil 1.3
[2011.10.20 16:57:34 | 000,055,926 | ---- | C] () -- C:\Users\xxx\Documents\Unbenanntes Dokument 2.pdf
[2011.10.16 15:10:03 | 000,000,000 | RHS- | C] () -- C:\jkcv.ld
[2011.10.16 15:10:02 | 000,399,876 | RHS- | C] () -- C:\TOGMY
[2011.10.14 08:42:15 | 000,000,001 | -HS- | C] () -- C:\BOOTNXT
[2011.10.13 21:19:26 | 000,001,119 | -H-- | C] () -- C:\Windows\EPMBatch.ept
[2011.10.13 21:13:10 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011.10.13 21:13:09 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011.10.13 21:13:09 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011.10.13 21:13:09 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011.10.13 21:13:09 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011.10.12 21:56:35 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011.10.12 21:56:35 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2011.10.12 17:57:24 | 000,022,648 | ---- | C] () -- C:\Users\xxx\Documents\cc_20111012_185722.reg
[2011.09.26 10:54:25 | 000,000,072 | ---- | C] () -- C:\Windows\SSB.ini
[2011.09.25 23:24:05 | 000,000,000 | -H-- | C] () -- C:\Users\xxx\AppData\Roaming\.51BEE852859F7D89.sys
[2011.09.25 22:11:27 | 000,000,034 | ---- | C] () -- C:\Windows\System32\mnprxpd2e.bin
[2011.09.12 13:19:03 | 000,403,912 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.09.11 08:27:55 | 000,000,600 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\winscp.rnd
[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.07.16 03:32:11 | 000,002,756 | ---- | C] () -- C:\Windows\System32\ssolekuy.dll
[2011.07.16 03:32:11 | 000,002,756 | ---- | C] () -- C:\Windows\System32\ssoleht.dll
[2011.07.16 03:32:11 | 000,002,756 | ---- | C] () -- C:\Windows\System32\sslibkh.dll
[2011.07.16 03:32:11 | 000,002,756 | ---- | C] () -- C:\Windows\System32\sslibjy.dll
[2011.07.16 03:32:11 | 000,002,756 | ---- | C] () -- C:\Windows\System32\sslibfg.dll
[2011.07.16 03:32:11 | 000,002,756 | ---- | C] () -- C:\Windows\System32\sslibeh.dll
[2011.07.16 03:32:11 | 000,002,756 | ---- | C] () -- C:\Windows\System32\slibff.dll
[2011.07.16 03:32:11 | 000,002,756 | ---- | C] () -- C:\Windows\System32\slibddf.dll
[2011.07.16 03:32:06 | 000,678,746 | ---- | C] () -- C:\Windows\unins000.exe
[2011.07.16 03:32:05 | 000,021,007 | ---- | C] () -- C:\Windows\unins000.dat
[2011.07.07 03:19:44 | 000,000,176 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2011.07.07 03:19:44 | 000,000,176 | ---- | C] () -- C:\Windows\msocreg32.dat
[2011.07.06 12:06:29 | 000,040,960 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\TweetAdder
[2011.07.05 08:42:31 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2011.06.27 22:21:31 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys
[2011.06.27 22:19:29 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg
[2011.06.27 22:19:27 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe
[2011.06.27 19:05:28 | 000,058,141 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\SQLite3.dll
[2011.06.27 18:53:25 | 001,032,266 | ---- | C] () -- C:\Windows\System32\libmmd.dll
[2011.06.27 18:36:27 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ArtFfct.dll
[2011.06.26 20:43:31 | 000,233,472 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.20 18:41:22 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.20 18:40:28 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.20 17:49:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.06.20 17:35:57 | 000,067,584 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\chrtmp
[2011.06.20 17:32:53 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.06.20 17:32:52 | 000,644,608 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.06.20 17:32:52 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.06.20 17:32:52 | 000,073,216 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.06.20 17:27:03 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.06.20 16:47:42 | 000,111,104 | ---- | C] () -- C:\Windows\System32\Uharc.exe
[2011.06.20 16:47:42 | 000,008,636 | ---- | C] () -- C:\Windows\System32\modifype.exe
[2011.06.20 14:45:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.06.20 14:45:46 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.12.06 14:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\System32\abgx360.exe
[2009.11.17 16:13:12 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2009.11.17 16:11:26 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2009.11.17 16:09:36 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2009.11.17 16:09:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2009.07.28 21:46:36 | 000,717,336 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.28 21:46:36 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.28 21:46:36 | 000,155,856 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.28 21:46:36 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 002,281,928 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,667,932 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,125,766 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2005.04.04 19:56:28 | 000,229,536 | -H-- | C] () -- C:\Users\xxx\AppData\Roaming\logs.dat
 
========== LOP Check ==========
 
[2011.11.08 11:42:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\.purple
[2011.07.06 21:09:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ableton
[2011.08.16 02:02:15 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Anvil Studio
[2011.11.05 18:18:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Auslogics
[2011.11.05 15:52:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\BitComet
[2011.10.13 23:46:52 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Bump Technologies, Inc
[2011.08.11 19:13:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canneverbe Limited
[2011.11.07 17:25:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DeskSoft
[2011.07.16 02:42:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FabFilter
[2011.06.28 18:06:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FlashFXP
[2011.06.20 20:45:15 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Foxit Software
[2011.11.05 03:22:09 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FreeFLVConverter
[2011.11.07 08:56:03 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\gtk-2.0
[2011.08.12 06:34:09 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ImgBurn
[2011.08.15 06:30:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Intermedia Software
[2011.10.13 04:59:52 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\iZotope
[2011.08.08 09:01:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Lexware
[2011.08.02 09:32:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MAGIX
[2011.09.12 00:50:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MotionDSP
[2011.08.16 04:55:09 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Music Recognition
[2011.11.07 17:43:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\NetMeter
[2011.11.08 08:05:02 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Notepad++
[2011.07.27 15:46:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SongManager
[2011.08.28 01:58:19 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TeamViewer
[2011.06.27 18:55:48 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Teragon Audio
[2011.06.20 17:49:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Thunderbird
[2011.06.20 16:29:59 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Trillian
[2011.07.26 18:52:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2011.06.27 18:50:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Waves Audio
[2011.09.28 22:30:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\WindSolutions
[2011.11.05 06:01:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Xilisoft
[2011.11.07 09:38:15 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.07.06 08:04:45 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.10.13 21:37:56 | 000,000,000 | -H-D | M] -- C:\$WINDOWS.~BT
[2011.11.08 19:47:34 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.11.08 03:01:07 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.06.20 15:08:44 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.11.07 12:29:29 | 000,000,000 | ---D | M] -- C:\Downloads
[2011.09.12 21:40:38 | 000,000,000 | ---D | M] -- C:\HP Universal Print Driver
[2011.09.14 14:12:01 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.09.12 01:08:33 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.11.07 18:43:03 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.11.07 03:52:54 | 000,000,000 | ---D | M] -- C:\Program Settings
[2011.11.07 18:47:16 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.06.20 15:08:44 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.10.13 22:58:43 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.11.08 11:45:26 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.09.12 01:05:03 | 000,000,000 | R--D | M] -- C:\Users
[2011.11.08 10:08:26 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoRebootWithLoggedOnUsers" = 1
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-07 23:04:42
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:24721E3C

< End of report >
         
Bin euch schonmal im vorraus dankbar. Wenn es nicht anders geht mach ich Ihn halt Platt am Ende. Aber es wäre toll wenn ihr eine Lösung hättet.

Marcel

Alt 08.11.2011, 14:22   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I - Standard

Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________

Alt 08.11.2011, 15:35   #3
ausdemFF
 
Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I - Standard

Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I



Hallo & Danke für die rasche Antwort

Malwarebytes:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8114

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

08.11.2011 16:26:43
mbam-log-2011-11-08 (16-26-43).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 210983
Laufzeit: 3 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\xxx\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
         
Der Andere folgt
__________________

Alt 08.11.2011, 18:01   #4
ausdemFF
 
Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I - Standard

Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I



Hat etwas gedauert ^^

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ba306feb600c8b44ade34fefa7d73618
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-08 05:53:53
# local_time=2011-11-08 06:53:53 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 1832761 1832761 0 0
# compatibility_mode=5893 16776573 100 94 4146 72398019 0 0
# compatibility_mode=8192 67108863 100 0 3794 3794 0 0
# scanned=441657
# found=3
# cleaned=0
# scan_time=8005
C:\Users\xxx\AppData\Local\Temp\ICReinstall\cnet_NetTrafficMeter_exe.exe	a variant of Win32/InstallCore.D application (unable to clean)	00000000000000000000000000000000	I
C:\Users\xxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\4875e6ca-71f85835	a variant of Win32/Injector.KRN trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\xxx\Downloads\SoftonicDownloader_fuer_du-meter.exe.part	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
         

Geändert von ausdemFF (08.11.2011 um 18:53 Uhr)

Alt 08.11.2011, 19:09   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I - Standard

Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I



Zitat:
Art des Suchlaufs: Quick-Scan
Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.11.2011, 14:48   #6
ausdemFF
 
Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I - Standard

Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I



Hallo,

hab ich wohl überlesen

Hier der Scan:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8122

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

09.11.2011 15:44:13
mbam-log-2011-11-09 (15-44-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 477963
Laufzeit: 2 Stunde(n), 42 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\marcel fink\AppData\LocalLow\Sun\Java\deployment\cache\6.0\10\4875e6ca-71f85835 (Trojan.VBKrypt) -> Quarantined and deleted successfully.
         

Alt 10.11.2011, 09:06   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I - Standard

Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!


Code:
ATTFilter
:OTL
SRV - File not found [On_Demand | Stopped] --  -- (FileZilla Server)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 6E 2B 63 8B 71 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{05978b59-c5d8-11e0-850e-406186c2d919}\Shell - "" = AutoRun
O33 - MountPoints2\{05978b59-c5d8-11e0-850e-406186c2d919}\Shell\AutoRun\command - "" = "L:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{8f7f0038-9b51-11e0-8582-406186c2d919}\Shell - "" = AutoRun
O33 - MountPoints2\{8f7f0038-9b51-11e0-8582-406186c2d919}\Shell\AutoRun\command - "" = J:\autorun\autorun.exe
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:24721E3C
:Files
c:\Users\marcel fink\AppData\LocalLow\Sun\Java\deployment\cache\6.0
C:\Users\xxx\Downloads\Softonic*
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.11.2011, 21:05   #8
ausdemFF
 
Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I - Standard

Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I



Code:
ATTFilter
All processes killed
========== OTL ==========
Service FileZilla Server stopped successfully!
Service FileZilla Server deleted successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ deleted successfully.
C:\Programme\BitComet\tools\BitCometBHO_1.5.4.11.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05978b59-c5d8-11e0-850e-406186c2d919}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05978b59-c5d8-11e0-850e-406186c2d919}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05978b59-c5d8-11e0-850e-406186c2d919}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05978b59-c5d8-11e0-850e-406186c2d919}\ not found.
File "L:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f7f0038-9b51-11e0-8582-406186c2d919}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f7f0038-9b51-11e0-8582-406186c2d919}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f7f0038-9b51-11e0-8582-406186c2d919}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f7f0038-9b51-11e0-8582-406186c2d919}\ not found.
File J:\autorun\autorun.exe not found.
ADS C:\ProgramData\TEMP:8CE646EE deleted successfully.
ADS C:\ProgramData\TEMP:24721E3C deleted successfully.
========== FILES ==========
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\tmp folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\muffin folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\host folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\9 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\8 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\7 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\63 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\62 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\61 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\60 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\6 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\59 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\58 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\57 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\56 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\55 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\54 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\53 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\52 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\51 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\50 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\5 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\49 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\48 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\47 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\46 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\45 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\44 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\43 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\42 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\41 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\40 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\4 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\39 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\38 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\37 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\36 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\35 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\34 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\33 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\32 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\31 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\30 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\3 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\29 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\28 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\27 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\26 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\25 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\24 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\23 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\22 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\21 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\20 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\2 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\19 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\18 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\17 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\16 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\15 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\14 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\13 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\12 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\11 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\10 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\1 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\0 folder moved successfully.
c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0 folder moved successfully.
File\Folder C:\Users\xxx\Downloads\Softonic* not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: xxx
->Temp folder emptied: 5794906 bytes
->Temporary Internet Files folder emptied: 17185738 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 187560412 bytes
->Flash cache emptied: 3603 bytes
 
User: Mcx1-xxx-PC
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 146847 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1065410 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 202,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 11102011_214800

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
Herzlichen dank schonmal. Ich kann jetzt garnicht sagen ob Sich was verändert hat.

Sollte es das gewesen sein, was sollt ich behalten von den vielen tools?

Ich habe hier auch wieder das UAC angemacht und eure Tipps befolgt zum sicher machen.

Hab natürlich auch ne Spende fertig gemacht grad. Ist ja ein Hammer Board.

Alt 10.11.2011, 21:07   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I - Standard

Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.11.2011, 21:37   #10
ausdemFF
 
Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I - Standard

Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I



Done:

Code:
ATTFilter
22:32:16.0557 5316	TDSS rootkit removing tool 2.6.17.0 Nov  9 2011 16:48:26
22:32:18.0558 5316	============================================================
22:32:18.0558 5316	Current date / time: 2011/11/10 22:32:18.0558
22:32:18.0558 5316	SystemInfo:
22:32:18.0558 5316	
22:32:18.0558 5316	OS Version: 6.1.7601 ServicePack: 1.0
22:32:18.0558 5316	Product type: Workstation
22:32:18.0559 5316	ComputerName: xxx-PC
22:32:18.0559 5316	UserName: xxx
22:32:18.0559 5316	Windows directory: C:\Windows
22:32:18.0559 5316	System windows directory: C:\Windows
22:32:18.0559 5316	Processor architecture: Intel x86
22:32:18.0559 5316	Number of processors: 1
22:32:18.0559 5316	Page size: 0x1000
22:32:18.0559 5316	Boot type: Normal boot
22:32:18.0559 5316	============================================================
22:32:24.0272 5316	Initialize success
22:34:09.0979 3044	============================================================
22:34:09.0979 3044	Scan started
22:34:09.0979 3044	Mode: Manual; SigCheck; TDLFS; 
22:34:09.0979 3044	============================================================
22:34:11.0446 3044	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
22:34:11.0539 3044	1394ohci - ok
22:34:11.0633 3044	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
22:34:11.0649 3044	ACPI - ok
22:34:11.0711 3044	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
22:34:11.0789 3044	AcpiPmi - ok
22:34:11.0898 3044	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:34:11.0992 3044	adp94xx - ok
22:34:12.0085 3044	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:34:12.0117 3044	adpahci - ok
22:34:12.0163 3044	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:34:12.0195 3044	adpu320 - ok
22:34:12.0319 3044	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
22:34:12.0397 3044	AFD - ok
22:34:12.0460 3044	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
22:34:12.0491 3044	agp440 - ok
22:34:12.0569 3044	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:34:12.0600 3044	aic78xx - ok
22:34:12.0725 3044	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
22:34:12.0725 3044	aliide - ok
22:34:12.0772 3044	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
22:34:12.0772 3044	amdagp - ok
22:34:12.0819 3044	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
22:34:12.0834 3044	amdide - ok
22:34:12.0897 3044	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:34:13.0021 3044	AmdK8 - ok
22:34:13.0131 3044	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:34:13.0146 3044	AmdPPM - ok
22:34:13.0271 3044	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
22:34:13.0302 3044	amdsata - ok
22:34:13.0396 3044	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:34:13.0427 3044	amdsbs - ok
22:34:13.0474 3044	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
22:34:13.0505 3044	amdxata - ok
22:34:13.0677 3044	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
22:34:13.0817 3044	AppID - ok
22:34:13.0989 3044	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:34:14.0004 3044	arc - ok
22:34:14.0051 3044	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:34:14.0082 3044	arcsas - ok
22:34:14.0145 3044	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:34:14.0254 3044	AsyncMac - ok
22:34:14.0347 3044	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
22:34:14.0347 3044	atapi - ok
22:34:14.0472 3044	atikmdag        (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\drivers\atikmdag.sys
22:34:14.0722 3044	atikmdag - ok
22:34:14.0815 3044	avfwim          (83d71e1911f235e9c0d2f53d54df3129) C:\Windows\system32\DRIVERS\avfwim.sys
22:34:14.0878 3044	avfwim - ok
22:34:15.0003 3044	avfwot          (ae0c5d218e815af8f38670a8c5773e6e) C:\Windows\system32\DRIVERS\avfwot.sys
22:34:15.0018 3044	avfwot - ok
22:34:15.0143 3044	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
22:34:15.0174 3044	avgntflt - ok
22:34:15.0237 3044	avipbb          (912d23140cd05980f6cdae790ddafc8d) C:\Windows\system32\DRIVERS\avipbb.sys
22:34:15.0268 3044	avipbb - ok
22:34:15.0361 3044	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
22:34:15.0393 3044	avkmgr - ok
22:34:15.0471 3044	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:34:15.0533 3044	b06bdrv - ok
22:34:15.0627 3044	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:34:15.0705 3044	b57nd60x - ok
22:34:15.0829 3044	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:34:15.0876 3044	Beep - ok
22:34:16.0001 3044	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:34:16.0048 3044	blbdrive - ok
22:34:16.0110 3044	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
22:34:16.0173 3044	bowser - ok
22:34:16.0266 3044	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:34:16.0297 3044	BrFiltLo - ok
22:34:16.0329 3044	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:34:16.0360 3044	BrFiltUp - ok
22:34:16.0422 3044	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:34:16.0516 3044	Brserid - ok
22:34:16.0594 3044	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:34:16.0641 3044	BrSerWdm - ok
22:34:16.0687 3044	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:34:16.0750 3044	BrUsbMdm - ok
22:34:16.0843 3044	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:34:16.0890 3044	BrUsbSer - ok
22:34:16.0999 3044	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:34:17.0031 3044	BTHMODEM - ok
22:34:17.0109 3044	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:34:17.0171 3044	cdfs - ok
22:34:17.0265 3044	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
22:34:17.0311 3044	cdrom - ok
22:34:17.0374 3044	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:34:17.0405 3044	circlass - ok
22:34:17.0499 3044	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:34:17.0545 3044	CLFS - ok
22:34:17.0670 3044	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:34:17.0733 3044	CmBatt - ok
22:34:17.0795 3044	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
22:34:17.0795 3044	cmdide - ok
22:34:17.0857 3044	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
22:34:17.0920 3044	CNG - ok
22:34:17.0998 3044	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:34:18.0045 3044	Compbatt - ok
22:34:18.0091 3044	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
22:34:18.0154 3044	CompositeBus - ok
22:34:18.0263 3044	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:34:18.0294 3044	crcdisk - ok
22:34:18.0435 3044	CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
22:34:18.0497 3044	CSC - ok
22:34:18.0575 3044	dc3d            (7caaf4af453ef3582fef65dd72caa0aa) C:\Windows\system32\DRIVERS\dc3d.sys
22:34:18.0669 3044	dc3d - ok
22:34:18.0762 3044	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
22:34:18.0856 3044	DfsC - ok
22:34:18.0981 3044	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:34:19.0027 3044	discache - ok
22:34:19.0121 3044	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:34:19.0152 3044	Disk - ok
22:34:19.0246 3044	dot4            (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
22:34:19.0293 3044	dot4 - ok
22:34:19.0371 3044	Dot4Print       (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:34:19.0417 3044	Dot4Print - ok
22:34:19.0464 3044	dot4usb         (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
22:34:19.0511 3044	dot4usb - ok
22:34:19.0620 3044	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:34:19.0667 3044	drmkaud - ok
22:34:19.0761 3044	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
22:34:19.0792 3044	DXGKrnl - ok
22:34:19.0917 3044	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:34:20.0057 3044	ebdrv - ok
22:34:20.0166 3044	ElbyCDIO        (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
22:34:20.0197 3044	ElbyCDIO - ok
22:34:20.0260 3044	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:34:20.0291 3044	elxstor - ok
22:34:20.0369 3044	epmntdrv        (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
22:34:20.0447 3044	epmntdrv ( UnsignedFile.Multi.Generic ) - warning
22:34:20.0447 3044	epmntdrv - detected UnsignedFile.Multi.Generic (1)
22:34:20.0541 3044	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
22:34:20.0587 3044	ErrDev - ok
22:34:20.0712 3044	EuGdiDrv        (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
22:34:20.0743 3044	EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
22:34:20.0743 3044	EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
22:34:20.0821 3044	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:34:20.0884 3044	exfat - ok
22:34:20.0993 3044	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:34:21.0055 3044	fastfat - ok
22:34:21.0133 3044	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:34:21.0180 3044	fdc - ok
22:34:21.0243 3044	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:34:21.0274 3044	FileInfo - ok
22:34:21.0336 3044	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:34:21.0383 3044	Filetrace - ok
22:34:21.0477 3044	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:34:21.0508 3044	flpydisk - ok
22:34:21.0539 3044	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:34:21.0586 3044	FltMgr - ok
22:34:21.0664 3044	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:34:21.0695 3044	FsDepends - ok
22:34:21.0742 3044	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
22:34:21.0773 3044	Fs_Rec - ok
22:34:21.0835 3044	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
22:34:21.0898 3044	fvevol - ok
22:34:21.0991 3044	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:34:22.0023 3044	gagp30kx - ok
22:34:22.0085 3044	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:34:22.0116 3044	GEARAspiWDM - ok
22:34:22.0241 3044	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:34:22.0319 3044	hcw85cir - ok
22:34:22.0413 3044	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
22:34:22.0444 3044	HdAudAddService - ok
22:34:22.0506 3044	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
22:34:22.0522 3044	HDAudBus - ok
22:34:22.0569 3044	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:34:22.0600 3044	HidBatt - ok
22:34:22.0647 3044	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:34:22.0693 3044	HidBth - ok
22:34:22.0771 3044	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:34:22.0818 3044	HidIr - ok
22:34:22.0943 3044	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
22:34:22.0959 3044	HidUsb - ok
22:34:23.0037 3044	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
22:34:23.0068 3044	HpSAMD - ok
22:34:23.0130 3044	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
22:34:23.0224 3044	HTTP - ok
22:34:23.0317 3044	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
22:34:23.0349 3044	hwpolicy - ok
22:34:23.0395 3044	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
22:34:23.0442 3044	i8042prt - ok
22:34:23.0536 3044	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
22:34:23.0583 3044	iaStorV - ok
22:34:23.0629 3044	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:34:23.0661 3044	iirsp - ok
22:34:23.0723 3044	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
22:34:23.0754 3044	intelide - ok
22:34:23.0817 3044	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:34:23.0863 3044	intelppm - ok
22:34:23.0973 3044	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:34:24.0066 3044	IpFilterDriver - ok
22:34:24.0191 3044	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
22:34:24.0238 3044	IPMIDRV - ok
22:34:24.0300 3044	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:34:24.0347 3044	IPNAT - ok
22:34:24.0456 3044	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:34:24.0534 3044	IRENUM - ok
22:34:24.0597 3044	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
22:34:24.0612 3044	isapnp - ok
22:34:24.0659 3044	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
22:34:24.0706 3044	iScsiPrt - ok
22:34:24.0815 3044	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:34:24.0846 3044	kbdclass - ok
22:34:24.0909 3044	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
22:34:24.0940 3044	kbdhid - ok
22:34:25.0002 3044	KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
22:34:25.0033 3044	KSecDD - ok
22:34:25.0080 3044	KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
22:34:25.0127 3044	KSecPkg - ok
22:34:25.0221 3044	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:34:25.0283 3044	lltdio - ok
22:34:25.0377 3044	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:34:25.0408 3044	LSI_FC - ok
22:34:25.0470 3044	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:34:25.0501 3044	LSI_SAS - ok
22:34:25.0564 3044	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:34:25.0595 3044	LSI_SAS2 - ok
22:34:25.0657 3044	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:34:25.0689 3044	LSI_SCSI - ok
22:34:25.0751 3044	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:34:25.0829 3044	luafv - ok
22:34:25.0891 3044	MADFUCONECTIV   (ee28e121821a2b1aed99cff4eba72fb0) C:\Windows\system32\DRIVERS\MAudioConectiv_DFU.sys
22:34:25.0923 3044	MADFUCONECTIV - ok
22:34:25.0969 3044	MAUSBCONECTIV   (c266d86b15bcd1a1b1e2633c15ac9212) C:\Windows\system32\DRIVERS\MAudioConectiv.sys
22:34:25.0969 3044	MAUSBCONECTIV - ok
22:34:26.0063 3044	MBAMSwissArmy - ok
22:34:26.0110 3044	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:34:26.0141 3044	megasas - ok
22:34:26.0203 3044	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:34:26.0266 3044	MegaSR - ok
22:34:26.0375 3044	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:34:26.0422 3044	Modem - ok
22:34:26.0515 3044	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:34:26.0547 3044	monitor - ok
22:34:26.0593 3044	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
22:34:26.0625 3044	mouclass - ok
22:34:26.0703 3044	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:34:26.0749 3044	mouhid - ok
22:34:26.0812 3044	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
22:34:26.0827 3044	mountmgr - ok
22:34:26.0905 3044	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
22:34:26.0937 3044	mpio - ok
22:34:27.0030 3044	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:34:27.0077 3044	mpsdrv - ok
22:34:27.0124 3044	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
22:34:27.0202 3044	MRxDAV - ok
22:34:27.0295 3044	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:34:27.0358 3044	mrxsmb - ok
22:34:27.0451 3044	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:34:27.0514 3044	mrxsmb10 - ok
22:34:27.0561 3044	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:34:27.0607 3044	mrxsmb20 - ok
22:34:27.0701 3044	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
22:34:27.0732 3044	msahci - ok
22:34:27.0795 3044	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
22:34:27.0841 3044	msdsm - ok
22:34:27.0935 3044	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:34:27.0982 3044	Msfs - ok
22:34:28.0029 3044	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:34:28.0091 3044	mshidkmdf - ok
22:34:28.0153 3044	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
22:34:28.0185 3044	msisadrv - ok
22:34:28.0263 3044	MSI_MSIBIOS_010507 - ok
22:34:28.0356 3044	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:34:28.0419 3044	MSKSSRV - ok
22:34:28.0512 3044	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:34:28.0575 3044	MSPCLOCK - ok
22:34:28.0621 3044	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:34:28.0668 3044	MSPQM - ok
22:34:28.0731 3044	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:34:28.0762 3044	MsRPC - ok
22:34:28.0840 3044	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
22:34:28.0855 3044	mssmbios - ok
22:34:28.0918 3044	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:34:28.0980 3044	MSTEE - ok
22:34:29.0074 3044	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:34:29.0121 3044	MTConfig - ok
22:34:29.0167 3044	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:34:29.0214 3044	Mup - ok
22:34:29.0277 3044	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:34:29.0339 3044	NativeWifiP - ok
22:34:29.0417 3044	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
22:34:29.0464 3044	NDIS - ok
22:34:29.0526 3044	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:34:29.0589 3044	NdisCap - ok
22:34:29.0667 3044	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:34:29.0729 3044	NdisTapi - ok
22:34:29.0791 3044	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
22:34:29.0854 3044	Ndisuio - ok
22:34:29.0916 3044	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
22:34:29.0947 3044	NdisWan - ok
22:34:30.0025 3044	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
22:34:30.0088 3044	NDProxy - ok
22:34:30.0150 3044	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:34:30.0213 3044	NetBIOS - ok
22:34:30.0291 3044	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
22:34:30.0337 3044	NetBT - ok
22:34:30.0462 3044	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:34:30.0509 3044	nfrd960 - ok
22:34:30.0634 3044	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:34:30.0696 3044	Npfs - ok
22:34:30.0805 3044	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:34:30.0852 3044	nsiproxy - ok
22:34:30.0930 3044	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
22:34:31.0039 3044	Ntfs - ok
22:34:31.0086 3044	NTIOLib_1_0_4 - ok
22:34:31.0211 3044	NuidFltr        (37be10ff10a92031fc5a01e8363925cc) C:\Windows\system32\DRIVERS\NuidFltr.sys
22:34:31.0242 3044	NuidFltr - ok
22:34:31.0305 3044	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:34:31.0367 3044	Null - ok
22:34:31.0617 3044	nvlddmkm        (4152708c0c24e30dae7fa87d5afe1d7b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:34:31.0975 3044	nvlddmkm - ok
22:34:32.0022 3044	NVR0Dev         (d396332f9d7b71c10b3b83da030690f0) C:\Windows\nvoclock.sys
22:34:32.0069 3044	NVR0Dev ( UnsignedFile.Multi.Generic ) - warning
22:34:32.0069 3044	NVR0Dev - detected UnsignedFile.Multi.Generic (1)
22:34:32.0100 3044	NVR0FLASHDev    (318c9b917f6080f5dcc34d889bb42113) C:\Windows\nvflash.sys
22:34:32.0116 3044	NVR0FLASHDev - ok
22:34:32.0209 3044	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
22:34:32.0241 3044	nvraid - ok
22:34:32.0303 3044	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
22:34:32.0319 3044	nvstor - ok
22:34:32.0397 3044	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
22:34:32.0428 3044	nv_agp - ok
22:34:32.0506 3044	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
22:34:32.0521 3044	ohci1394 - ok
22:34:32.0631 3044	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:34:32.0662 3044	Parport - ok
22:34:32.0724 3044	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
22:34:32.0755 3044	partmgr - ok
22:34:32.0833 3044	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:34:32.0880 3044	Parvdm - ok
22:34:32.0927 3044	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
22:34:32.0958 3044	pci - ok
22:34:33.0021 3044	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
22:34:33.0021 3044	pciide - ok
22:34:33.0067 3044	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:34:33.0099 3044	pcmcia - ok
22:34:33.0192 3044	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:34:33.0223 3044	pcw - ok
22:34:33.0286 3044	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:34:33.0395 3044	PEAUTH - ok
22:34:33.0535 3044	Point32         (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
22:34:33.0535 3044	Point32 - ok
22:34:33.0598 3044	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:34:33.0660 3044	PptpMiniport - ok
22:34:33.0754 3044	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:34:33.0785 3044	Processor - ok
22:34:33.0910 3044	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:34:33.0941 3044	Psched - ok
22:34:34.0019 3044	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:34:34.0113 3044	ql2300 - ok
22:34:34.0191 3044	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:34:34.0222 3044	ql40xx - ok
22:34:34.0269 3044	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:34:34.0315 3044	QWAVEdrv - ok
22:34:34.0378 3044	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:34:34.0425 3044	RasAcd - ok
22:34:34.0518 3044	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:34:34.0581 3044	RasAgileVpn - ok
22:34:34.0674 3044	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:34:34.0737 3044	Rasl2tp - ok
22:34:34.0846 3044	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:34:34.0893 3044	RasPppoe - ok
22:34:34.0971 3044	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:34:35.0033 3044	RasSstp - ok
22:34:35.0080 3044	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
22:34:35.0127 3044	rdbss - ok
22:34:35.0189 3044	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:34:35.0220 3044	rdpbus - ok
22:34:35.0267 3044	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:34:35.0314 3044	RDPCDD - ok
22:34:35.0392 3044	RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
22:34:35.0439 3044	RDPDR - ok
22:34:35.0517 3044	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:34:35.0563 3044	RDPENCDD - ok
22:34:35.0610 3044	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:34:35.0673 3044	RDPREFMP - ok
22:34:35.0766 3044	RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
22:34:35.0797 3044	RdpVideoMiniport - ok
22:34:35.0875 3044	RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
22:34:35.0891 3044	RDPWD - ok
22:34:35.0985 3044	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
22:34:36.0016 3044	rdyboost - ok
22:34:36.0141 3044	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:34:36.0187 3044	rspndr - ok
22:34:36.0234 3044	RTL8167         (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
22:34:36.0281 3044	RTL8167 - ok
22:34:36.0359 3044	s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
22:34:36.0421 3044	s3cap - ok
22:34:36.0515 3044	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
22:34:36.0531 3044	sbp2port - ok
22:34:36.0593 3044	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
22:34:36.0640 3044	scfilter - ok
22:34:36.0765 3044	SCL01132        (7a0db9bc5b3e9cdf3b53a67ebdd8a5db) C:\Windows\system32\DRIVERS\SCL01132.sys
22:34:36.0796 3044	SCL01132 - ok
22:34:36.0889 3044	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:34:36.0936 3044	secdrv - ok
22:34:37.0045 3044	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:34:37.0061 3044	Serenum - ok
22:34:37.0108 3044	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:34:37.0155 3044	Serial - ok
22:34:37.0248 3044	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:34:37.0279 3044	sermouse - ok
22:34:37.0342 3044	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
22:34:37.0389 3044	sffdisk - ok
22:34:37.0467 3044	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
22:34:37.0513 3044	sffp_mmc - ok
22:34:37.0576 3044	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
22:34:37.0623 3044	sffp_sd - ok
22:34:37.0685 3044	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:34:37.0732 3044	sfloppy - ok
22:34:37.0810 3044	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
22:34:37.0810 3044	sisagp - ok
22:34:37.0872 3044	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:34:37.0888 3044	SiSRaid2 - ok
22:34:37.0935 3044	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:34:37.0981 3044	SiSRaid4 - ok
22:34:38.0044 3044	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:34:38.0091 3044	Smb - ok
22:34:38.0200 3044	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:34:38.0231 3044	spldr - ok
22:34:38.0340 3044	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
22:34:38.0418 3044	srv - ok
22:34:38.0481 3044	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
22:34:38.0543 3044	srv2 - ok
22:34:38.0605 3044	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
22:34:38.0668 3044	srvnet - ok
22:34:38.0793 3044	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:34:38.0839 3044	ssmdrv - ok
22:34:38.0886 3044	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:34:38.0917 3044	stexstor - ok
22:34:39.0011 3044	storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
22:34:39.0027 3044	storflt - ok
22:34:39.0058 3044	storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
22:34:39.0073 3044	storvsc - ok
22:34:39.0105 3044	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
22:34:39.0105 3044	swenum - ok
22:34:39.0183 3044	Synth3dVsc - ok
22:34:39.0261 3044	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
22:34:39.0385 3044	Tcpip - ok
22:34:39.0526 3044	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
22:34:39.0557 3044	TCPIP6 - ok
22:34:39.0619 3044	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
22:34:39.0666 3044	tcpipreg - ok
22:34:39.0760 3044	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
22:34:39.0822 3044	TDPIPE - ok
22:34:39.0900 3044	TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
22:34:39.0931 3044	TDTCP - ok
22:34:39.0994 3044	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
22:34:40.0041 3044	tdx - ok
22:34:40.0150 3044	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
22:34:40.0181 3044	TermDD - ok
22:34:40.0321 3044	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:34:40.0368 3044	tssecsrv - ok
22:34:40.0431 3044	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
22:34:40.0493 3044	TsUsbFlt - ok
22:34:40.0555 3044	tsusbhub - ok
22:34:40.0618 3044	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
22:34:40.0680 3044	tunnel - ok
22:34:40.0789 3044	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:34:40.0836 3044	uagp35 - ok
22:34:40.0899 3044	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
22:34:40.0945 3044	udfs - ok
22:34:41.0008 3044	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
22:34:41.0023 3044	uliagpkx - ok
22:34:41.0070 3044	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
22:34:41.0117 3044	umbus - ok
22:34:41.0211 3044	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:34:41.0257 3044	UmPass - ok
22:34:41.0320 3044	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
22:34:41.0382 3044	USBAAPL - ok
22:34:41.0460 3044	usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
22:34:41.0523 3044	usbaudio - ok
22:34:41.0585 3044	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
22:34:41.0632 3044	usbccgp - ok
22:34:41.0725 3044	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
22:34:41.0741 3044	usbcir - ok
22:34:41.0788 3044	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
22:34:41.0819 3044	usbehci - ok
22:34:41.0897 3044	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
22:34:41.0944 3044	usbhub - ok
22:34:41.0975 3044	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
22:34:42.0006 3044	usbohci - ok
22:34:42.0053 3044	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:34:42.0100 3044	usbprint - ok
22:34:42.0147 3044	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:34:42.0193 3044	USBSTOR - ok
22:34:42.0240 3044	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
22:34:42.0271 3044	usbuhci - ok
22:34:42.0318 3044	VClone          (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
22:34:42.0381 3044	VClone - ok
22:34:42.0459 3044	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
22:34:42.0474 3044	vdrvroot - ok
22:34:42.0537 3044	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:34:42.0583 3044	vga - ok
22:34:42.0661 3044	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:34:42.0708 3044	VgaSave - ok
22:34:42.0786 3044	VGPU - ok
22:34:42.0833 3044	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
22:34:42.0849 3044	vhdmp - ok
22:34:42.0911 3044	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
22:34:42.0911 3044	viaagp - ok
22:34:42.0958 3044	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:34:42.0989 3044	ViaC7 - ok
22:34:43.0051 3044	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
22:34:43.0083 3044	viaide - ok
22:34:43.0145 3044	vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
22:34:43.0192 3044	vmbus - ok
22:34:43.0223 3044	VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
22:34:43.0254 3044	VMBusHID - ok
22:34:43.0285 3044	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
22:34:43.0317 3044	volmgr - ok
22:34:43.0379 3044	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:34:43.0395 3044	volmgrx - ok
22:34:43.0441 3044	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
22:34:43.0504 3044	volsnap - ok
22:34:43.0566 3044	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:34:43.0582 3044	vsmraid - ok
22:34:43.0644 3044	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
22:34:43.0660 3044	vwifibus - ok
22:34:43.0738 3044	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:34:43.0800 3044	WacomPen - ok
22:34:43.0863 3044	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:34:43.0909 3044	WANARP - ok
22:34:43.0925 3044	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:34:43.0941 3044	Wanarpv6 - ok
22:34:44.0050 3044	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:34:44.0050 3044	Wd - ok
22:34:44.0097 3044	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:34:44.0143 3044	Wdf01000 - ok
22:34:44.0284 3044	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:34:44.0331 3044	WfpLwf - ok
22:34:44.0409 3044	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:34:44.0424 3044	WIMMount - ok
22:34:44.0502 3044	winusb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\winusb.sys
22:34:44.0549 3044	winusb - ok
22:34:44.0627 3044	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
22:34:44.0643 3044	WmiAcpi - ok
22:34:44.0767 3044	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:34:44.0830 3044	ws2ifsl - ok
22:34:44.0908 3044	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
22:34:44.0939 3044	WudfPf - ok
22:34:45.0017 3044	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:34:45.0064 3044	WUDFRd - ok
22:34:45.0111 3044	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:34:45.0173 3044	\Device\Harddisk0\DR0 - ok
22:34:45.0173 3044	MBR (0x1B8)     (c06575b18b90345ce86ab291b56db94d) \Device\Harddisk1\DR1
22:34:45.0423 3044	\Device\Harddisk1\DR1 - ok
22:34:45.0423 3044	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
22:34:59.0010 3044	\Device\Harddisk2\DR2 - ok
22:34:59.0010 3044	Boot (0x1200)   (082efc9b48237b95b4522a53a43a879a) \Device\Harddisk0\DR0\Partition0
22:34:59.0010 3044	\Device\Harddisk0\DR0\Partition0 - ok
22:34:59.0026 3044	Boot (0x1200)   (e76bb398c7fa517656528f53fca37d72) \Device\Harddisk2\DR2\Partition0
22:34:59.0026 3044	\Device\Harddisk2\DR2\Partition0 - ok
22:34:59.0026 3044	============================================================
22:34:59.0026 3044	Scan finished
22:34:59.0026 3044	============================================================
22:34:59.0041 2468	Detected object count: 3
22:34:59.0041 2468	Actual detected object count: 3
22:35:22.0379 2468	epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:22.0379 2468	epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:35:22.0379 2468	EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:22.0379 2468	EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:35:22.0379 2468	NVR0Dev ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:22.0379 2468	NVR0Dev ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 11.11.2011, 09:00   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I - Standard

Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.11.2011, 19:55   #12
ausdemFF
 
Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I - Standard

Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I



Hallo,

bitte sehr:

[CODE]
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-11-11.06 - xxx 11.11.2011  20:39:03.1.1 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3071.1968 [GMT 1:00]
ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\xxx\AppData\Local\TempDIR
c:\users\xxx\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\xxx\AppData\Roaming\chrtmp
c:\users\xxx\AppData\Roaming\SQLite3.dll
c:\windows\iun6002.exe
c:\windows\system32\msvcsv60.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-11 bis 2011-11-11  ))))))))))))))))))))))))))))))
.
.
2011-11-11 17:15 . 2011-11-11 17:15	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B0CC4C8-53FC-40A4-B5F1-0E9C92E1C51B}\offreg.dll
2011-11-11 17:15 . 2011-10-07 03:48	6668624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B0CC4C8-53FC-40A4-B5F1-0E9C92E1C51B}\mpengine.dll
2011-11-11 02:22 . 2011-11-11 02:22	--------	d-----w-	c:\program files\ZDF
2011-11-11 02:11 . 2011-11-11 02:11	--------	d-----w-	c:\program files\maxdome - Online Videothek
2011-11-11 02:03 . 2011-11-11 02:03	--------	d-----w-	c:\program files\BMWi
2011-11-11 01:32 . 2011-11-11 01:32	--------	d-----w-	c:\program files\n-tv
2011-11-11 01:32 . 2011-11-11 01:32	--------	d-----w-	c:\program files\BILD
2011-11-10 20:48 . 2011-11-10 20:48	--------	d-----w-	C:\_OTL
2011-11-10 12:23 . 2011-11-10 12:23	--------	d-----w-	c:\users\Public\Transcode360
2011-11-10 12:23 . 2011-11-11 01:05	--------	d-----w-	c:\program files\Transcode360
2011-11-10 12:14 . 2011-11-10 12:14	--------	d-----w-	c:\program files\MediaBrowser
2011-11-10 12:14 . 2011-11-11 17:14	--------	d-----w-	c:\programdata\MediaBrowser
2011-11-10 11:43 . 2011-11-10 11:43	--------	d-----w-	c:\users\Mcx1-xxx-PC
2011-11-10 10:50 . 2011-11-10 10:50	--------	d-----w-	c:\users\xxx\AppData\Roaming\BID
2011-11-10 07:34 . 2011-11-10 07:35	--------	d-----w-	c:\program files\Jtag Tool
2011-11-10 01:09 . 2011-11-10 01:09	1092400	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-09 16:27 . 2011-11-09 16:28	--------	d-----w-	c:\program files\Gavotte RamDisk
2011-11-09 07:19 . 2011-10-01 04:37	708608	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-11-09 07:19 . 2011-09-29 16:03	1290608	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-09 07:18 . 2011-09-29 03:37	2341888	----a-w-	c:\windows\system32\win32k.sys
2011-11-08 15:37 . 2011-11-08 15:37	--------	d-----w-	c:\program files\ESET
2011-11-08 15:10 . 2011-11-08 15:10	--------	d-----w-	c:\users\xxx\AppData\Roaming\Malwarebytes
2011-11-08 15:09 . 2011-11-08 15:09	--------	d-----w-	c:\programdata\Malwarebytes
2011-11-08 15:09 . 2011-11-08 15:09	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-11-08 15:09 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-07 17:47 . 2011-11-07 17:47	--------	d-----w-	c:\programdata\Gerhard Junker
2011-11-07 17:47 . 2011-11-07 17:47	--------	d-----w-	c:\users\xxx\AppData\Local\Gerhard_Junker
2011-11-07 17:43 . 2011-11-09 14:52	--------	d-----w-	c:\program files\ncid.Net
2011-11-07 17:43 . 2011-11-07 17:48	--------	d-----w-	c:\programdata\ncid.Net
2011-11-07 16:48 . 2011-11-07 16:55	--------	d-----w-	c:\program files\NET Traffic Meter
2011-11-07 16:38 . 2011-11-07 16:43	--------	d-----w-	c:\users\xxx\AppData\Roaming\NetMeter
2011-11-07 16:38 . 2011-11-07 16:44	--------	d-----w-	c:\program files\NetMeter
2011-11-07 16:26 . 2011-11-07 16:26	--------	d-----w-	c:\programdata\DeskSoft
2011-11-07 16:25 . 2011-11-07 16:25	24816	----a-w-	c:\windows\system32\drivers\dsnpfd.sys
2011-11-07 16:25 . 2011-11-07 16:25	--------	d-----w-	c:\users\xxx\AppData\Roaming\DeskSoft
2011-11-07 14:05 . 2011-11-07 14:05	--------	d-----w-	c:\program files\Axence
2011-11-07 07:56 . 2011-11-07 07:56	--------	d-----w-	c:\users\xxx\AppData\Roaming\gtk-2.0
2011-11-07 07:38 . 2011-11-07 08:16	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-11-07 07:36 . 2011-11-07 13:51	--------	d-----w-	c:\program files\Spybot - Search & Destroy 2
2011-11-07 06:42 . 2011-11-11 19:33	--------	d-----w-	c:\users\xxx\AppData\Roaming\.purple
2011-11-07 06:39 . 2011-11-07 06:39	--------	d-----w-	c:\program files\Pidgin
2011-11-07 02:54 . 2011-11-07 02:54	--------	d-----w-	c:\program files\MSECache
2011-11-07 02:52 . 2011-11-07 02:52	--------	d-----w-	C:\Program Settings
2011-11-05 23:08 . 2011-11-05 23:08	--------	d-----w-	c:\windows\W7SBC
2011-11-05 23:08 . 2011-02-25 05:30	2616320	----a-w-	c:\windows\explorer_edit_w7sbc.exe
2011-11-05 23:08 . 2011-02-25 05:30	2616320	----a-w-	c:\windows\explorer_backup_w7sbc.exe
2011-11-05 22:58 . 2011-11-05 22:59	--------	d-----w-	c:\program files\RocketDock
2011-11-05 22:58 . 2011-11-05 22:58	--------	d-----w-	c:\program files\IconChanger
2011-11-05 22:57 . 2011-11-07 06:00	--------	d-----w-	c:\program files\Rainmeter
2011-11-05 17:34 . 2010-06-07 13:59	57904	----a-w-	c:\windows\system32\wbload.dll
2011-11-05 17:33 . 2008-04-26 14:14	42672	----a-w-	c:\windows\system32\wbsys.dll
2011-11-05 17:33 . 2011-11-05 17:33	--------	d-----w-	c:\program files\Stardock
2011-11-05 17:18 . 2011-11-05 17:18	--------	d-----w-	c:\users\xxx\AppData\Roaming\Auslogics
2011-11-05 17:18 . 2011-11-05 17:18	--------	d-----w-	c:\program files\Auslogics
2011-11-05 16:55 . 2011-11-05 16:55	--------	d-----w-	c:\program files\Setup Files
2011-11-05 14:27 . 2011-11-06 09:01	--------	d-----w-	c:\program files\Dr. Hardware 2011
2011-11-05 13:46 . 2011-11-05 13:52	--------	d-----w-	c:\program files\TweakMe!
2011-11-05 13:35 . 2011-11-05 13:35	--------	d-----w-	c:\users\xxx\AppData\Local\Frameworkx.com
2011-11-05 13:20 . 2011-11-05 13:20	--------	d-----w-	c:\users\xxx\AppData\Local\NeoSmart_Technologies
2011-11-05 13:17 . 2011-11-05 13:17	--------	d-----w-	c:\program files\NeoSmart Technologies
2011-11-05 12:43 . 2011-11-05 12:38	91096	----a-w-	c:\windows\system32\drivers\avfwim.sys
2011-11-05 12:43 . 2011-11-05 12:38	111160	----a-w-	c:\windows\system32\drivers\avfwot.sys
2011-11-05 05:01 . 2011-11-05 05:01	--------	d-----w-	c:\users\xxx\AppData\Roaming\Xilisoft
2011-11-05 00:32 . 2011-08-05 14:59	307200	----a-w-	c:\windows\system32\TubeFinder.exe
2011-11-05 00:32 . 2009-06-19 18:51	119568	----a-w-	c:\windows\system32\VB6FR.DLL
2011-11-05 00:32 . 2009-06-19 18:51	101888	----a-w-	c:\windows\system32\VB6STKIT.DLL
2011-11-05 00:32 . 2009-06-19 18:51	9728	----a-w-	c:\windows\system32\PCCLPFR.DLL
2011-11-05 00:32 . 2009-06-19 18:51	84512	----a-w-	c:\windows\system32\PICCLP32.OCX
2011-11-05 00:32 . 2009-06-19 18:51	364544	----a-w-	c:\windows\system32\PropertyGrid.ocx
2011-11-05 00:32 . 2009-06-19 18:51	141312	----a-w-	c:\windows\system32\MSCMCFR.DLL
2011-11-05 00:32 . 2011-11-05 02:22	--------	d-----w-	c:\users\xxx\AppData\Roaming\FreeFLVConverter
2011-11-05 00:32 . 2011-11-05 00:33	--------	d-----w-	c:\program files\Free FLV Converter
2011-11-05 00:32 . 2009-06-19 18:51	32768	----a-w-	c:\windows\system32\CMDLGFR.DLL
2011-11-05 00:32 . 2009-06-19 18:51	24576	----a-w-	c:\windows\system32\ControlSubX.ocx
2011-11-03 16:55 . 2011-11-03 16:55	--------	d-----w-	c:\program files\Microsoft CAPICOM 2.1.0.2
2011-11-03 15:22 . 2011-11-05 14:52	--------	d-----w-	c:\users\xxx\AppData\Roaming\BitComet
2011-11-03 15:22 . 2011-11-03 15:22	--------	d-----w-	c:\program files\BitComet
2011-11-03 09:34 . 2011-11-03 09:34	--------	d-----w-	c:\program files\Microsoft Silverlight
2011-11-02 16:46 . 2011-11-02 16:46	--------	d-----w-	c:\users\xxx\AppData\Local\Installer5804
2011-11-02 16:40 . 2011-11-02 16:40	--------	d-----w-	c:\users\xxx\AppData\Local\Installer5848
2011-11-01 08:05 . 2011-11-01 08:05	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2011-11-01 08:05 . 2011-11-01 08:05	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-11-01 08:05 . 2011-11-01 08:05	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-11-01 08:05 . 2011-11-01 08:05	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-11-01 08:05 . 2011-11-01 08:05	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-11-01 08:05 . 2011-11-01 08:05	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-11-01 08:05 . 2011-11-01 08:05	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-11-01 08:05 . 2011-11-01 08:05	--------	d-----w-	c:\program files\QuickTime
2011-11-01 08:02 . 2011-11-01 08:02	--------	d-----w-	c:\program files\iPod
2011-10-31 08:36 . 2011-10-31 08:36	9925160	----a-w-	c:\program files\Common Files\lpuninstall.exe
2011-10-31 08:36 . 2011-10-31 08:36	--------	d-----w-	c:\program files\LastPass
2011-10-28 06:18 . 2011-10-28 06:18	--------	d-----w-	c:\users\xxx\AppData\Local\MicroVision Applications
2011-10-28 06:17 . 2011-10-28 06:17	--------	d-----w-	c:\program files\Common Files\SureThing Shared
2011-10-28 06:17 . 2011-10-28 06:17	--------	d-----w-	c:\program files\SureThing
2011-10-28 06:17 . 2011-10-28 06:17	--------	d-----w-	c:\windows\MVUNINST
2011-10-28 06:17 . 2002-01-05 01:37	344064	----a-w-	c:\windows\system32\msvcr70.dll
2011-10-28 06:17 . 1996-08-24 10:11	289552	----a-w-	c:\windows\system32\temp.001
2011-10-28 06:17 . 1993-10-14 16:51	28672	----a-w-	c:\windows\system32\temp.000
2011-10-25 13:42 . 2011-10-03 03:06	476904	----a-w-	c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-24 13:29 . 2011-10-24 13:29	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29	69632	----a-w-	c:\windows\system32\QuickTime.qts
2011-10-22 22:53 . 2011-10-22 22:54	--------	dc-h--w-	c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2011-10-22 22:49 . 2011-10-22 22:49	--------	dc-h--w-	c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2011-10-18 10:35 . 2011-10-18 10:35	--------	d-----w-	c:\users\xxx\AppData\Roaming\Avira
2011-10-18 10:35 . 2011-10-11 13:00	74640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-10-18 10:35 . 2011-10-11 13:00	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-10-18 10:35 . 2011-10-11 13:00	134344	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-10-18 10:34 . 2011-11-05 12:43	--------	d-----w-	c:\programdata\Avira
2011-10-18 10:34 . 2011-10-18 10:34	--------	d-----w-	c:\program files\Avira
2011-10-16 17:55 . 2011-10-16 17:55	18139008	----a-w-	c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2011-10-14 00:01 . 2010-11-20 12:17	941568	----a-w-	c:\windows\system32\mblctr.exe
2011-10-14 00:00 . 2010-11-20 12:21	750080	----a-w-	c:\windows\system32\sdcpl.dll
2011-10-13 23:59 . 2009-07-14 01:16	379904	----a-w-	c:\windows\system32\pnpui.dll
2011-10-13 23:59 . 2010-11-20 12:20	2494464	----a-w-	c:\windows\system32\netshell.dll
2011-10-13 23:59 . 2009-07-14 01:06	9053696	----a-w-	c:\windows\system32\mmres.dll
2011-10-13 23:59 . 2009-07-14 01:06	705536	----a-w-	c:\windows\system32\imagesp1.dll
2011-10-13 23:59 . 2009-07-14 01:15	56320	----a-w-	c:\windows\system32\hotplug.dll
2011-10-13 23:59 . 2010-11-20 12:18	744448	----a-w-	c:\windows\system32\ActionCenter.dll
2011-10-13 22:59 . 2011-10-13 23:01	--------	d-----w-	c:\program files\plexydesk
2011-10-13 22:51 . 2011-10-13 22:51	--------	d-----w-	c:\users\xxx\AppData\Local\Bump Technologies, Inc
2011-10-13 20:51 . 2011-11-03 09:58	--------	d-----w-	c:\users\xxx\AppData\Local\MediaMonkey
2011-10-13 20:51 . 2011-11-03 09:58	--------	d-----w-	c:\program files\MediaMonkey
2011-10-13 20:37 . 2011-10-13 20:37	--------	d-----w-	C:\$WINDOWS.~BT
2011-10-13 20:13 . 2011-07-29 11:54	19840	----a-w-	c:\windows\system32\EuEpmGdi.dll
2011-10-13 20:13 . 2011-09-09 16:23	2469760	----a-w-	c:\windows\system32\BootMan.exe
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-23 12:09 . 2011-08-09 04:43	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 03:06 . 2011-06-20 16:19	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-09-25 22:24 . 2011-09-25 22:24	0	---ha-w-	c:\users\xxx\AppData\Roaming\.51BEE852859F7D89.sys
2011-09-25 22:12 . 2011-09-25 22:12	49152	----a-r-	c:\users\xxx\AppData\Roaming\Microsoft\Installer\{2D314071-26CD-47EA-A01E-82FADDE951C5}\LiquidInstrument.exe_2D31407126CD47EAA01E82FADDE951C5.exe
2011-08-30 22:05 . 2011-08-30 22:05	83816	----a-w-	c:\windows\system32\dns-sd.exe
2011-08-30 22:05 . 2011-08-30 22:05	73064	----a-w-	c:\windows\system32\dnssd.dll
2011-08-30 22:05 . 2011-08-30 22:05	50536	----a-w-	c:\windows\system32\jdns_sd.dll
2011-08-30 22:05 . 2011-08-30 22:05	178536	----a-w-	c:\windows\system32\dnssdX.dll
2011-11-09 20:22 . 2011-08-09 03:18	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pidgin"="c:\program files\Pidgin\pidgin.exe" [2011-08-20 48618]
"ncid.Net"="c:\program files\ncid.Net\ncid.Net.exe" [2011-11-03 984064]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-09-29 106496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-10-02 643592]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-11-05 258512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Media Browser Service.lnk - c:\program files\MediaBrowser\MediaBrowser\MediaBrowserService.exe [2011-10-17 135168]
Media Browser.lnk - c:\windows\ehome\ehshell.exe [2009-7-14 100864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2008-09-29 11:14	106496	----a-w-	c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"LexwareInfoService"=c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 136176]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 136176]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [x]
R3 MSSQL$JTLWAWI;SQL Server (JTLWAWI);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SCL01132;SCL011 Contactless Reader;c:\windows\system32\DRIVERS\SCL01132.sys [2010-05-07 61824]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2011-11-05 111160]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2011-11-05 616400]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-11-05 342480]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-11-05 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-11-05 463824]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2011-11-05 91096]
S3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
S3 MADFUCONECTIV;Service for M-Audio Conectiv DFU;c:\windows\system32\DRIVERS\MAudioConectiv_DFU.sys [2009-10-02 42248]
S3 MAUSBCONECTIV;Service for M-Audio Conectiv;c:\windows\system32\DRIVERS\MAudioConectiv.sys [2009-10-02 158344]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 13:15]
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 13:15]
.
.
------- Zusätzlicher Suchlauf -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Alles mit BitComet herunterladen - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: BID Link Explorer: Öffne aktuelle Seite - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: BID: Link in Queue einreihen - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: BID: Seite in &Queue einreihen - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: BID: Öffne aktuelle Seite - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm
IE: BID: Öffne diesen &Link - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Mit BitComet herunter&laden - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\nxh9q5dv.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
------- Dateityp-Verknüpfung -------
.
.txt=Notepad++_file
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-BID Drop Box - c:\program files\Bulk Image Downloader\BIDDropBox.exe
AddRemove-PSP_Nitro - c:\windows\iun6002.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3208466087-60621075-3746657911-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{721F34D6-177E-0B5A-100D-6F2E2FB2D6A9}*]
"hagdjmlmbgfojoff"=hex:6a,61,61,63,69,67,69,6a,6e,65,6d,64,63,6b,6d,68,6f,64,
   6f,65,00,d4
"iamcdoknakfgojhdhg"=hex:6a,61,61,63,6e,61,6a,6a,67,6f,66,67,6e,62,6f,6f,61,6d,
   6c,6d,00,00
.
[HKEY_USERS\S-1-5-21-3208466087-60621075-3746657911-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A225EC91-5397-517E-C9B1-973E71617067}*]
"iaecmhkjhjfchkkjhp"=hex:6b,61,69,64,6e,69,6d,67,6a,61,62,65,6e,67,6d,68,66,63,
   6b,61,66,65,00,00
"hakbgomlhamfaklm"=hex:6b,61,69,64,6e,69,6d,67,6a,61,62,65,6e,67,6d,68,66,63,
   6b,61,66,65,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic\{1246792F-C12E-81AE-FE96-35D2FC917677}*_]
"fr"="078D534A595D51"
"lr"="078D4C40445D51"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-11-11  20:51:58
ComboFix-quarantined-files.txt  2011-11-11 19:51
.
Vor Suchlauf: 9 Verzeichnis(se), 15.784.644.608 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 15.696.977.920 Bytes frei
.
- - End Of File - - 900F9AEFA343D44E6B605B5B9E1DC5B8
         
--- --- ---

Alt 11.11.2011, 20:20   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I - Standard

Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
Dirlook::
c:\users\xxx\AppData\Roaming\BID
c:\windows\W7SBC
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.11.2011, 23:11   #14
ausdemFF
 
Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I - Standard

Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I



Auch erledigt

[CODE]
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-11-11.06 - xxx 11.11.2011  23:20:09.2.1 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3071.2024 [GMT 1:00]
ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\xxx\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-11 bis 2011-11-11  ))))))))))))))))))))))))))))))
.
.
2011-11-11 22:29 . 2011-11-11 22:29	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2011-11-11 22:29 . 2011-11-11 22:29	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-11 21:15 . 2011-11-11 21:15	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B0CC4C8-53FC-40A4-B5F1-0E9C92E1C51B}\offreg.dll
2011-11-11 19:52 . 2011-11-11 22:29	--------	d-----w-	c:\users\xxx\AppData\Local\temp
2011-11-11 17:15 . 2011-10-07 03:48	6668624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B0CC4C8-53FC-40A4-B5F1-0E9C92E1C51B}\mpengine.dll
2011-11-11 02:22 . 2011-11-11 02:22	--------	d-----w-	c:\program files\ZDF
2011-11-11 02:11 . 2011-11-11 02:11	--------	d-----w-	c:\program files\maxdome - Online Videothek
2011-11-11 02:03 . 2011-11-11 02:03	--------	d-----w-	c:\program files\BMWi
2011-11-11 01:32 . 2011-11-11 01:32	--------	d-----w-	c:\program files\n-tv
2011-11-11 01:32 . 2011-11-11 01:32	--------	d-----w-	c:\program files\BILD
2011-11-10 20:48 . 2011-11-10 20:48	--------	d-----w-	C:\_OTL
2011-11-10 12:23 . 2011-11-10 12:23	--------	d-----w-	c:\users\Public\Transcode360
2011-11-10 12:14 . 2011-11-11 21:30	--------	d-----w-	c:\programdata\MediaBrowser
2011-11-10 11:43 . 2011-11-10 11:43	--------	d-----w-	c:\users\Mcx1-xxx-PC
2011-11-10 10:50 . 2011-11-10 10:50	--------	d-----w-	c:\users\xxx\AppData\Roaming\BID
2011-11-10 07:34 . 2011-11-10 07:35	--------	d-----w-	c:\program files\Jtag Tool
2011-11-10 01:09 . 2011-11-10 01:09	1092400	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-09 16:27 . 2011-11-09 16:28	--------	d-----w-	c:\program files\Gavotte RamDisk
2011-11-09 07:19 . 2011-10-01 04:37	708608	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-11-09 07:19 . 2011-09-29 16:03	1290608	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-09 07:18 . 2011-09-29 03:37	2341888	----a-w-	c:\windows\system32\win32k.sys
2011-11-08 15:37 . 2011-11-08 15:37	--------	d-----w-	c:\program files\ESET
2011-11-08 15:10 . 2011-11-08 15:10	--------	d-----w-	c:\users\xxx\AppData\Roaming\Malwarebytes
2011-11-08 15:09 . 2011-11-08 15:09	--------	d-----w-	c:\programdata\Malwarebytes
2011-11-08 15:09 . 2011-11-08 15:09	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-11-08 15:09 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-07 17:47 . 2011-11-07 17:47	--------	d-----w-	c:\programdata\Gerhard Junker
2011-11-07 17:47 . 2011-11-07 17:47	--------	d-----w-	c:\users\xxx\AppData\Local\Gerhard_Junker
2011-11-07 17:43 . 2011-11-09 14:52	--------	d-----w-	c:\program files\ncid.Net
2011-11-07 17:43 . 2011-11-07 17:48	--------	d-----w-	c:\programdata\ncid.Net
2011-11-07 16:48 . 2011-11-07 16:55	--------	d-----w-	c:\program files\NET Traffic Meter
2011-11-07 16:38 . 2011-11-07 16:43	--------	d-----w-	c:\users\xxx\AppData\Roaming\NetMeter
2011-11-07 16:38 . 2011-11-07 16:44	--------	d-----w-	c:\program files\NetMeter
2011-11-07 16:26 . 2011-11-07 16:26	--------	d-----w-	c:\programdata\DeskSoft
2011-11-07 16:25 . 2011-11-07 16:25	24816	----a-w-	c:\windows\system32\drivers\dsnpfd.sys
2011-11-07 16:25 . 2011-11-07 16:25	--------	d-----w-	c:\users\xxx\AppData\Roaming\DeskSoft
2011-11-07 14:05 . 2011-11-07 14:05	--------	d-----w-	c:\program files\Axence
2011-11-07 07:56 . 2011-11-07 07:56	--------	d-----w-	c:\users\xxx\AppData\Roaming\gtk-2.0
2011-11-07 07:38 . 2011-11-07 08:16	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-11-07 07:36 . 2011-11-07 13:51	--------	d-----w-	c:\program files\Spybot - Search & Destroy 2
2011-11-07 06:42 . 2011-11-11 22:28	--------	d-----w-	c:\users\xxx\AppData\Roaming\.purple
2011-11-07 06:39 . 2011-11-07 06:39	--------	d-----w-	c:\program files\Pidgin
2011-11-07 02:54 . 2011-11-07 02:54	--------	d-----w-	c:\program files\MSECache
2011-11-07 02:52 . 2011-11-07 02:52	--------	d-----w-	C:\Program Settings
2011-11-05 23:08 . 2011-11-05 23:08	--------	d-----w-	c:\windows\W7SBC
2011-11-05 23:08 . 2011-02-25 05:30	2616320	----a-w-	c:\windows\explorer_edit_w7sbc.exe
2011-11-05 23:08 . 2011-02-25 05:30	2616320	----a-w-	c:\windows\explorer_backup_w7sbc.exe
2011-11-05 22:58 . 2011-11-05 22:59	--------	d-----w-	c:\program files\RocketDock
2011-11-05 22:58 . 2011-11-05 22:58	--------	d-----w-	c:\program files\IconChanger
2011-11-05 22:57 . 2011-11-07 06:00	--------	d-----w-	c:\program files\Rainmeter
2011-11-05 17:34 . 2010-06-07 13:59	57904	----a-w-	c:\windows\system32\wbload.dll
2011-11-05 17:33 . 2008-04-26 14:14	42672	----a-w-	c:\windows\system32\wbsys.dll
2011-11-05 17:33 . 2011-11-05 17:33	--------	d-----w-	c:\program files\Stardock
2011-11-05 17:18 . 2011-11-05 17:18	--------	d-----w-	c:\users\xxx\AppData\Roaming\Auslogics
2011-11-05 17:18 . 2011-11-05 17:18	--------	d-----w-	c:\program files\Auslogics
2011-11-05 16:55 . 2011-11-05 16:55	--------	d-----w-	c:\program files\Setup Files
2011-11-05 14:27 . 2011-11-06 09:01	--------	d-----w-	c:\program files\Dr. Hardware 2011
2011-11-05 13:46 . 2011-11-05 13:52	--------	d-----w-	c:\program files\TweakMe!
2011-11-05 13:35 . 2011-11-05 13:35	--------	d-----w-	c:\users\xxx\AppData\Local\Frameworkx.com
2011-11-05 13:20 . 2011-11-05 13:20	--------	d-----w-	c:\users\xxx\AppData\Local\NeoSmart_Technologies
2011-11-05 13:17 . 2011-11-05 13:17	--------	d-----w-	c:\program files\NeoSmart Technologies
2011-11-05 12:43 . 2011-11-05 12:38	91096	----a-w-	c:\windows\system32\drivers\avfwim.sys
2011-11-05 12:43 . 2011-11-05 12:38	111160	----a-w-	c:\windows\system32\drivers\avfwot.sys
2011-11-05 05:01 . 2011-11-05 05:01	--------	d-----w-	c:\users\xxx\AppData\Roaming\Xilisoft
2011-11-05 00:32 . 2011-08-05 14:59	307200	----a-w-	c:\windows\system32\TubeFinder.exe
2011-11-05 00:32 . 2009-06-19 18:51	119568	----a-w-	c:\windows\system32\VB6FR.DLL
2011-11-05 00:32 . 2009-06-19 18:51	101888	----a-w-	c:\windows\system32\VB6STKIT.DLL
2011-11-05 00:32 . 2009-06-19 18:51	9728	----a-w-	c:\windows\system32\PCCLPFR.DLL
2011-11-05 00:32 . 2009-06-19 18:51	84512	----a-w-	c:\windows\system32\PICCLP32.OCX
2011-11-05 00:32 . 2009-06-19 18:51	364544	----a-w-	c:\windows\system32\PropertyGrid.ocx
2011-11-05 00:32 . 2009-06-19 18:51	141312	----a-w-	c:\windows\system32\MSCMCFR.DLL
2011-11-05 00:32 . 2011-11-05 02:22	--------	d-----w-	c:\users\xxx\AppData\Roaming\FreeFLVConverter
2011-11-05 00:32 . 2011-11-05 00:33	--------	d-----w-	c:\program files\Free FLV Converter
2011-11-05 00:32 . 2009-06-19 18:51	32768	----a-w-	c:\windows\system32\CMDLGFR.DLL
2011-11-05 00:32 . 2009-06-19 18:51	24576	----a-w-	c:\windows\system32\ControlSubX.ocx
2011-11-03 16:55 . 2011-11-03 16:55	--------	d-----w-	c:\program files\Microsoft CAPICOM 2.1.0.2
2011-11-03 15:22 . 2011-11-05 14:52	--------	d-----w-	c:\users\xxx\AppData\Roaming\BitComet
2011-11-03 15:22 . 2011-11-03 15:22	--------	d-----w-	c:\program files\BitComet
2011-11-03 09:34 . 2011-11-03 09:34	--------	d-----w-	c:\program files\Microsoft Silverlight
2011-11-02 16:46 . 2011-11-02 16:46	--------	d-----w-	c:\users\xxx\AppData\Local\Installer5804
2011-11-02 16:40 . 2011-11-02 16:40	--------	d-----w-	c:\users\xxx\AppData\Local\Installer5848
2011-11-01 08:05 . 2011-11-01 08:05	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2011-11-01 08:05 . 2011-11-01 08:05	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-11-01 08:05 . 2011-11-01 08:05	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-11-01 08:05 . 2011-11-01 08:05	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-11-01 08:05 . 2011-11-01 08:05	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-11-01 08:05 . 2011-11-01 08:05	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-11-01 08:05 . 2011-11-01 08:05	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-11-01 08:05 . 2011-11-01 08:05	--------	d-----w-	c:\program files\QuickTime
2011-11-01 08:02 . 2011-11-01 08:02	--------	d-----w-	c:\program files\iPod
2011-10-31 08:36 . 2011-10-31 08:36	9925160	----a-w-	c:\program files\Common Files\lpuninstall.exe
2011-10-31 08:36 . 2011-10-31 08:36	--------	d-----w-	c:\program files\LastPass
2011-10-28 06:18 . 2011-10-28 06:18	--------	d-----w-	c:\users\xxx\AppData\Local\MicroVision Applications
2011-10-28 06:17 . 2011-10-28 06:17	--------	d-----w-	c:\program files\Common Files\SureThing Shared
2011-10-28 06:17 . 2011-10-28 06:17	--------	d-----w-	c:\program files\SureThing
2011-10-28 06:17 . 2011-10-28 06:17	--------	d-----w-	c:\windows\MVUNINST
2011-10-28 06:17 . 2002-01-05 01:37	344064	----a-w-	c:\windows\system32\msvcr70.dll
2011-10-28 06:17 . 1996-08-24 10:11	289552	----a-w-	c:\windows\system32\temp.001
2011-10-28 06:17 . 1993-10-14 16:51	28672	----a-w-	c:\windows\system32\temp.000
2011-10-25 13:42 . 2011-10-03 03:06	476904	----a-w-	c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-24 13:29 . 2011-10-24 13:29	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29	69632	----a-w-	c:\windows\system32\QuickTime.qts
2011-10-22 22:53 . 2011-10-22 22:54	--------	dc-h--w-	c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2011-10-22 22:49 . 2011-10-22 22:49	--------	dc-h--w-	c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2011-10-18 10:35 . 2011-10-18 10:35	--------	d-----w-	c:\users\xxx\AppData\Roaming\Avira
2011-10-18 10:35 . 2011-10-11 13:00	74640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-10-18 10:35 . 2011-10-11 13:00	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-10-18 10:35 . 2011-10-11 13:00	134344	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-10-18 10:34 . 2011-11-05 12:43	--------	d-----w-	c:\programdata\Avira
2011-10-18 10:34 . 2011-10-18 10:34	--------	d-----w-	c:\program files\Avira
2011-10-16 17:55 . 2011-10-16 17:55	18139008	----a-w-	c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2011-10-14 00:01 . 2010-11-20 12:17	941568	----a-w-	c:\windows\system32\mblctr.exe
2011-10-14 00:00 . 2010-11-20 12:21	750080	----a-w-	c:\windows\system32\sdcpl.dll
2011-10-13 23:59 . 2009-07-14 01:16	379904	----a-w-	c:\windows\system32\pnpui.dll
2011-10-13 23:59 . 2010-11-20 12:20	2494464	----a-w-	c:\windows\system32\netshell.dll
2011-10-13 23:59 . 2009-07-14 01:06	9053696	----a-w-	c:\windows\system32\mmres.dll
2011-10-13 23:59 . 2009-07-14 01:06	705536	----a-w-	c:\windows\system32\imagesp1.dll
2011-10-13 23:59 . 2009-07-14 01:15	56320	----a-w-	c:\windows\system32\hotplug.dll
2011-10-13 23:59 . 2010-11-20 12:18	744448	----a-w-	c:\windows\system32\ActionCenter.dll
2011-10-13 22:59 . 2011-10-13 23:01	--------	d-----w-	c:\program files\plexydesk
2011-10-13 22:51 . 2011-10-13 22:51	--------	d-----w-	c:\users\xxx\AppData\Local\Bump Technologies, Inc
2011-10-13 20:51 . 2011-11-03 09:58	--------	d-----w-	c:\users\xxx\AppData\Local\MediaMonkey
2011-10-13 20:51 . 2011-11-03 09:58	--------	d-----w-	c:\program files\MediaMonkey
2011-10-13 20:37 . 2011-10-13 20:37	--------	d-----w-	C:\$WINDOWS.~BT
2011-10-13 20:13 . 2011-07-29 11:54	19840	----a-w-	c:\windows\system32\EuEpmGdi.dll
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-23 12:09 . 2011-08-09 04:43	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 03:06 . 2011-06-20 16:19	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-09-25 22:24 . 2011-09-25 22:24	0	---ha-w-	c:\users\xxx\AppData\Roaming\.51BEE852859F7D89.sys
2011-09-25 22:12 . 2011-09-25 22:12	49152	----a-r-	c:\users\xxx\AppData\Roaming\Microsoft\Installer\{2D314071-26CD-47EA-A01E-82FADDE951C5}\LiquidInstrument.exe_2D31407126CD47EAA01E82FADDE951C5.exe
2011-08-30 22:05 . 2011-08-30 22:05	83816	----a-w-	c:\windows\system32\dns-sd.exe
2011-08-30 22:05 . 2011-08-30 22:05	73064	----a-w-	c:\windows\system32\dnssd.dll
2011-08-30 22:05 . 2011-08-30 22:05	50536	----a-w-	c:\windows\system32\jdns_sd.dll
2011-08-30 22:05 . 2011-08-30 22:05	178536	----a-w-	c:\windows\system32\dnssdX.dll
2011-11-09 20:22 . 2011-08-09 03:18	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\xxx\AppData\Roaming\BID ----
.
2011-11-10 10:51 . 2011-11-10 10:53	4422	----a-w-	c:\users\xxx\AppData\Roaming\BID\Log\BID.LOG
2011-11-10 10:50 . 2011-11-10 11:36	29786	----a-w-	c:\users\xxx\AppData\Roaming\BID\bim.ini
.
---- Directory of c:\windows\W7SBC ----
.
2011-11-05 23:08 . 2011-11-05 23:08	35046	----a-w-	c:\windows\W7SBC\cur.bmp
2011-11-05 23:08 . 2011-11-05 23:08	65	----a-w-	c:\windows\W7SBC\res.ini
2011-11-05 23:08 . 2011-11-05 23:08	160	----a-w-	c:\windows\W7SBC\res.log
2011-11-05 23:08 . 2011-11-05 23:08	238	----a-w-	c:\windows\W7SBC\restore.bat
2011-11-05 23:08 . 2011-11-05 23:08	218	----a-w-	c:\windows\W7SBC\change.bat
2011-11-05 23:08 . 2011-11-05 23:08	755	----a-w-	c:\windows\W7SBC\scr
2011-11-05 23:08 . 2011-11-05 23:08	822272	----a-w-	c:\windows\W7SBC\res.exe
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-11-11_19.48.47   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-20 15:27 . 2011-11-11 21:19	52158              c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-11-11 21:19	43594              c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-20 14:16 . 2011-11-11 21:19	15512              c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3208466087-60621075-3746657911-1002_UserData.bin
- 2011-06-20 13:48 . 2011-11-11 19:28	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-20 13:48 . 2011-11-11 21:15	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-20 13:48 . 2011-11-11 19:28	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-20 13:48 . 2011-11-11 21:15	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2011-11-11 21:15	16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2011-11-11 19:28	16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-20 14:09 . 2011-11-11 21:17	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-20 14:09 . 2011-11-11 17:12	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2011-11-11 21:19	81216              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-06-20 14:09 . 2011-11-11 21:17	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-20 14:09 . 2011-11-11 17:12	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-20 14:09 . 2011-11-11 17:12	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-20 14:09 . 2011-11-11 21:17	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-20 14:15 . 2011-11-11 22:04	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-20 14:15 . 2011-11-11 19:03	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-20 14:15 . 2011-11-11 19:03	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-20 14:15 . 2011-11-11 22:04	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-11 21:15 . 2011-11-11 21:15	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-11 17:10 . 2011-11-11 17:10	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-11 21:15 . 2011-11-11 21:15	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-11 17:10 . 2011-11-11 17:10	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:47 . 2011-11-11 21:09	835280              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2011-11-11 03:38	835280              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:34 . 2011-11-11 21:18	5981801              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:34 . 2011-11-09 16:50	5981801              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-11-10 12:48 . 2011-11-11 21:09	1052544              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-11-10 12:48 . 2011-11-11 03:38	1052544              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-11-09 16:43 . 2011-11-11 21:09	7230372              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3208466087-60621075-3746657911-1002-8192.dat
+ 2011-07-28 03:10 . 2011-11-11 21:09	8649220              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3208466087-60621075-3746657911-1002-12288.dat
- 2011-07-28 03:10 . 2011-11-09 15:03	8649220              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3208466087-60621075-3746657911-1002-12288.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pidgin"="c:\program files\Pidgin\pidgin.exe" [2011-08-20 48618]
"ncid.Net"="c:\program files\ncid.Net\ncid.Net.exe" [2011-11-03 984064]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-09-29 106496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-10-02 643592]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-11-05 258512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2008-09-29 11:14	106496	----a-w-	c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"LexwareInfoService"=c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 136176]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 136176]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [x]
R3 MSSQL$JTLWAWI;SQL Server (JTLWAWI);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SCL01132;SCL011 Contactless Reader;c:\windows\system32\DRIVERS\SCL01132.sys [2010-05-07 61824]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2011-11-05 111160]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2011-11-05 616400]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-11-05 342480]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-11-05 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-11-05 463824]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2011-11-05 91096]
S3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
S3 MADFUCONECTIV;Service for M-Audio Conectiv DFU;c:\windows\system32\DRIVERS\MAudioConectiv_DFU.sys [2009-10-02 42248]
S3 MAUSBCONECTIV;Service for M-Audio Conectiv;c:\windows\system32\DRIVERS\MAudioConectiv.sys [2009-10-02 158344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 13:15]
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 13:15]
.
.
------- Zusätzlicher Suchlauf -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Alles mit BitComet herunterladen - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: BID Link Explorer: Öffne aktuelle Seite - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: BID: Link in Queue einreihen - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: BID: Seite in &Queue einreihen - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: BID: Öffne aktuelle Seite - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm
IE: BID: Öffne diesen &Link - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Mit BitComet herunter&laden - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\nxh9q5dv.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3208466087-60621075-3746657911-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{721F34D6-177E-0B5A-100D-6F2E2FB2D6A9}*]
"hagdjmlmbgfojoff"=hex:6a,61,61,63,69,67,69,6a,6e,65,6d,64,63,6b,6d,68,6f,64,
   6f,65,00,d4
"iamcdoknakfgojhdhg"=hex:6a,61,61,63,6e,61,6a,6a,67,6f,66,67,6e,62,6f,6f,61,6d,
   6c,6d,00,00
.
[HKEY_USERS\S-1-5-21-3208466087-60621075-3746657911-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A225EC91-5397-517E-C9B1-973E71617067}*]
"iaecmhkjhjfchkkjhp"=hex:6b,61,69,64,6e,69,6d,67,6a,61,62,65,6e,67,6d,68,66,63,
   6b,61,66,65,00,00
"hakbgomlhamfaklm"=hex:6b,61,69,64,6e,69,6d,67,6a,61,62,65,6e,67,6d,68,66,63,
   6b,61,66,65,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic\{1246792F-C12E-81AE-FE96-35D2FC917677}*_]
"fr"="078D534A595D51"
"lr"="078D4C40445D51"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-11-11  23:31:53
ComboFix-quarantined-files.txt  2011-11-11 22:31
ComboFix2.txt  2011-11-11 19:54
.
Vor Suchlauf: 14 Verzeichnis(se), 13.989.175.296 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 13.909.458.944 Bytes frei
.
- - End Of File - - 006F126DF472882EE38027C88E150C85
         
--- --- ---

Alt 12.11.2011, 12:01   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I - Standard

Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I
.com, alternate, antivir, avira, bho, bonjour, c:\windows\system32\rundll32.exe, defender, document, downloader, excel.exe, explorer, firefox, firewall, format, helper, home, internet, internet langsam, langs, logfile, monitor, msvcrt, nvlddmkm.sys, registry, rundll, senden, server, svchost, svchost.exe, tcp, udp, version=1.0, webcheck, win32/small.gen!i, windows, winlogon.exe



Ähnliche Themen: Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I


  1. Probleme im Internet nach der Entfernung eines Trojaners
    Diskussionsforum - 09.08.2015 (16)
  2. Internet Geschwindigkeit halbiert!
    Plagegeister aller Art und deren Bekämpfung - 05.09.2014 (3)
  3. Windows 7 nach Trojaner Entfernung durch AntiVir Internet unerträglich langsam !
    Log-Analyse und Auswertung - 05.05.2014 (12)
  4. Maleware gefunden (PC Optimizer u. Speed Up). Erbitte Hilfe für Entfernung.
    Log-Analyse und Auswertung - 12.02.2014 (13)
  5. Trojaner nach erfolgreicher Bekämpfung wieder da! | Win32/Small.CA und Zwangs-Neustarts
    Plagegeister aller Art und deren Bekämpfung - 13.05.2013 (11)
  6. Trojan:Win32/Fakesysdef, Win32/FakeRean und TrojanDownloader:Win32/Karagany.G
    Log-Analyse und Auswertung - 05.01.2012 (2)
  7. nach BKA / jashla.exe entfernung kein internet mehr
    Plagegeister aller Art und deren Bekämpfung - 15.08.2011 (2)
  8. Nach Win32/Cryptor Entfernung bei Malwarebytes Scan mehrere weitere Funde
    Log-Analyse und Auswertung - 18.12.2009 (1)
  9. Internet nach Entfernung eines Trojaner defekt!!
    Log-Analyse und Auswertung - 23.08.2009 (3)
  10. Nach Trojaner entfernung kein Internet über Browser
    Alles rund um Windows - 09.04.2009 (14)
  11. Nach XP-AntiSpyWare entfernung kein Internet mehr
    Plagegeister aller Art und deren Bekämpfung - 01.11.2008 (1)
  12. Win32.TrojanDownloader.Small und kein Ausweg?
    Log-Analyse und Auswertung - 03.04.2008 (3)
  13. Hilfe bei der Entfernung von win32 trojanclicker.small.jf trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.03.2007 (10)
  14. Hilfe bei Such nach "Win32/TrojanDownloader.Swizzor Trojaner" benötigt
    Log-Analyse und Auswertung - 27.02.2006 (2)
  15. TrojanDownloader.Small.AQT/TrojanClicker.VB.ID
    Log-Analyse und Auswertung - 30.01.2006 (6)
  16. trojandownloader...small.ct
    Plagegeister aller Art und deren Bekämpfung - 07.01.2004 (4)
  17. TrojanDownloader.W32.Small.m
    Archiv - 22.01.2003 (8)

Zum Thema Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I - Hallo, ich bin Marcel und habe einen Trojaner. Dieser hat sich gestern im Laufe des Vormittags bemerkbar gemacht da meine Firewall ständig andere Programme blocken wollte. Einmal war es ebay.exe - Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I...
Archiv
Du betrachtest: Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.