WIN XP SP3: TR/Spy.Banker.Gen2 , TR/Offend.6943020, JS/Agent.ala.1 und andere

viktorhugo · 04.12.2011, 18:18

Hallo liebe Forumler,

wie schon oben beschrieben, habe ich mir einige Trojaner eingefangen. Nachdem hier im Forum schon verschiedene Lösungen, angefangen vom Neuaufsetzen bis hin zum erfolgreichen reparieren gefunden wurden, will ich meine Logs posten und hoffe auf eure Hilfe.

Der Rechner:
Win XP SP3
Avira Free Antivirus

Los ging alles vor einem Monat mit einem Trojaner der sich ins Java einschleicht. Damals waren auch die Mozilla Addons befallen. Mit Malwarebytes, dem löschen von Registries, Avira Scans und der Neuinstallation von JAVA in der neuesten Version, dachte ich das Problem gelöst zu haben. Leider hängt der TR/Spy.Banker.Gen2 ziemlich hartnäckig drinn.

Die Malwarebyte Logs habe ich leider nicht mehr, weil ich die Software damals wieder deinstalliert habe. Ich ging ja davon aus das ich das Problem los wäre.

Weil die Logs wohl zu groß sind, habe ich die im Anhang eingefügt.

Kann man das System noch retten?

p.s. Ich mache auf dem Notebook kein Onlinebanking aber nutze Ebay und Paypal.

cosinus · 04.12.2011, 20:12

Zitat:

Die Malwarebyte Logs habe ich leider nicht mehr,

Schau bitte nach ob die Logs noch in diesem Ordner sind

Code:

ATTFilter

Windows2000/XP:
C:\Dokumente und Einstellungen\<USERNAME>\Anwendungendaten\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Windows Vista/7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

viktorhugo · 04.12.2011, 20:24

Hi Arne,

vielen Dank für deine schnelle Hilfe!

Leider ist da nichts mehr. Ich habe aber gerade bemerkt, dass ich damals mit Spybot S&D gesucht habe. Die Updates und .dll-Dateien liegen noch im Programmordner sonst jedoch nichts. In den Anwendungsdaten ist nichts hinterlegt.

Grüße, Vik

cosinus · 04.12.2011, 20:27

Weiß du noch noch in etwa was Malwarebytes gefunden hat?

viktorhugo · 04.12.2011, 20:33

Das war nicht übermäßig viel und kam mir eigentlich nicht wirklich dramatisch vor. Der Spybot hatte bei den Funden haupsächlich ungefährliche Einstuffungen vorgenommen.
Mein Eindruck war eher, das der JS/Agent.ala.1 und der TR/Spy.Farko.z das Problem waren.
Die wurden allerdings schon vom Avira ausgemerzt.

Würde es dir weiterhelfen wenn ich Malwarebytes nochmal drüber laufen lasse?

cosinus · 04.12.2011, 20:39

Ja mach ruhig nochmal einen neuen Vollscan mit Malwarebytes. Ans Update vorher denken.

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

viktorhugo · 05.12.2011, 00:13

Hi Arne,

nun habe ich die Logs von Malwarebytes und ESET. Der Malwarebyte-Log sieht für mich als Laien ja schon irgendwie fies aus.

Gute Nacht :-)

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8310

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

04.12.2011 21:49:47
mbam-log-2011-12-04 (21-49-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 288213
Laufzeit: 49 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 186

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Passwords) -> No action taken.
HKEY_CLASSES_ROOT\linkrdr.AIEbho.1 (Trojan.Passwords) -> No action taken.
HKEY_CLASSES_ROOT\linkrdr.AIEbho (Trojan.Passwords) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Passwords) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Passwords) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\prh (Trojan.Banker) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\tst (Trojan.Banker) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\appconf32.exe,) Good: (userinit.exe) -> No action taken.

Infizierte Verzeichnisse:
c:\WINDOWS\system32\xmldm (Stolen.Data) -> No action taken.

Infizierte Dateien:
c:\WINDOWS\system32\acroiehelpe055.dll (Trojan.Passwords) -> No action taken.
c:\dokumente und einstellungen\administrator\anwendungsdaten\Sun\Java\deployment\cache\6.0\29\1c5e939d-19fde554 (Trojan.SpyEyes) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP1\A0000018.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP1\A0000007.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP1\A0000008.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP1\A0000009.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP1\A0000017.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP1\A0000019.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP1\A0000020.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP1\A0001018.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP1\A0001019.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP1\A0001020.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP1\A0001021.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP1\A0001022.exe (Malware.Gen) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0001048.exe (Malware.Gen) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0001050.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0001051.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0001052.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0001053.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0002049.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0002050.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0002051.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0002052.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0002061.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0002065.exe (Malware.Gen) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0002079.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0002080.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0002081.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0002082.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0002083.exe (Malware.Gen) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP3\A0002137.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP3\A0002138.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP3\A0002139.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP3\A0002152.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP3\A0003148.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP3\A0003149.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP3\A0003150.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP3\A0003151.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP3\A0003156.exe (Malware.Gen) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP3\A0002140.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0003179.exe (Malware.Gen) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0003181.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0003182.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0003183.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0003184.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0003192.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0003194.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0003195.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004192.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004193.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004194.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004195.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004204.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004214.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004215.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004216.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004217.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004222.exe (Malware.Gen) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004224.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004249.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004250.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004251.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004252.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004257.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0003193.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005381.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005399.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005537.exe (Malware.Gen) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005555.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004265.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004266.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004267.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004268.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004300.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004301.dll (Trojan.Keylogger) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004306.exe (Malware.Gen) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004309.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004310.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004280.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004281.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004282.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004283.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004288.exe (Malware.Gen) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004298.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004299.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005298.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005299.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005300.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005301.dll (Trojan.Keylogger) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005322.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005323.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005324.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005325.dll (Trojan.Keylogger) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005330.exe (Malware.Gen) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005344.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005372.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005373.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005374.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005375.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005378.exe (Malware.Gen) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005380.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005382.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005383.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005384.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005385.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005386.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005387.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005388.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005389.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005398.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005400.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005401.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005406.exe (Malware.Gen) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005417.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005455.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005456.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005458.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005459.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005460.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005475.exe (Malware.Gen) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005490.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005491.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005492.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005493.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005494.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005517.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005529.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005530.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005531.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005532.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005533.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005539.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005540.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005541.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005542.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005543.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005556.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005557.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005558.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005559.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005568.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005577.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005578.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005579.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005580.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005581.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005593.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005594.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005595.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005596.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005597.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005603.exe (Malware.Gen) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP5\A0005605.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP5\A0005619.exe (Malware.Gen) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP5\A0005620.dll (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP5\A0005669.exe (Malware.Gen) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP5\A0005670.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP6\A0006720.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}(2)\RP313\A0076343.exe (Malware.Gen) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}(2)\RP317\A0076724.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}(2)\RP317\A0076722.exe (Malware.Gen) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}(2)\RP317\A0076725.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}(2)\RP317\A0076726.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}(2)\RP317\A0076783.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}(2)\RP317\A0076784.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}(2)\RP317\A0076785.dll (Trojan.Passwords) -> No action taken.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}(2)\RP317\A0076786.dll (Trojan.Passwords) -> No action taken.
c:\WINDOWS\system32\5044\components\acroff0445.dll (Trojan.Passwords) -> No action taken.
c:\WINDOWS\system32\5044\components\acroff0446.dll (Trojan.Passwords) -> No action taken.
c:\WINDOWS\system32\5044\components\acroff0447.dll (Trojan.Passwords) -> No action taken.
c:\WINDOWS\system32\5044\components\acroff0448.dll (Trojan.Passwords) -> No action taken.
c:\WINDOWS\system32\5047\components\acroff0475.dll (Trojan.Passwords) -> No action taken.
c:\WINDOWS\system32\5047\components\acroff0476.dll (Trojan.Passwords) -> No action taken.
c:\WINDOWS\system32\5047\components\acroff0477.dll (Trojan.Passwords) -> No action taken.
c:\WINDOWS\system32\5047\components\acroff0478.dll (Trojan.Passwords) -> No action taken.
c:\WINDOWS\system32\5049\components\acroff0498.dll (Trojan.Keylogger) -> No action taken.
c:\WINDOWS\system32\5050\components\acroff0506.dll (Trojan.Passwords) -> No action taken.
c:\WINDOWS\system32\5050\components\acroff0507.dll (Trojan.Passwords) -> No action taken.
c:\WINDOWS\system32\5050\components\acroff0508.dll (Trojan.Passwords) -> No action taken.
c:\WINDOWS\system32\5051\components\acroff0510.dll (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\5051\components\acroff0515.dll (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\5051\components\acroff0516.dll (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\5051\components\acroff0517.dll (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\5051\components\acroff0518.dll (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\srvblck2.tmp (Malware.Trace) -> No action taken.
c:\WINDOWS\system32\acroiehelpe.txt (Malware.Trace) -> No action taken.

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a71ab840ff9b1946b432878243814efe
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-04 11:02:12
# local_time=2011-12-05 12:02:12 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777191 100 0 4109202 4109202 0 0
# compatibility_mode=8192 67108863 100 0 3761 3761 0 0
# scanned=102197
# found=3
# cleaned=0
# scan_time=6900
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\29\1c5e939d-19fde554	a variant of Win32/Injector.LFM trojan (unable to clean)	00000000000000000000000000000000	I
C:\WINDOWS\system32\AcroIEHelpe055.dll	a variant of Win32/Spy.Banker.WYC trojan (unable to clean)	00000000000000000000000000000000	I
${Memory}	probably a variant of Win32/Spy.Banker.WBU trojan	00000000000000000000000000000000	I

cosinus · 05.12.2011, 09:41

Zitat:

-> No action taken.

Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

viktorhugo · 06.12.2011, 10:43

Hi Arne,

hat jetzt leider ein wenig gedauert....

Hier die Logs nach Entfernung durch Malwarebytes. ESET habe ich nochmal scannen lassen.

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8318

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

05.12.2011 23:32:01
mbam-log-2011-12-05 (23-32-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 288649
Laufzeit: 1 Stunde(n), 3 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 186

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Passwords) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\linkrdr.AIEbho.1 (Trojan.Passwords) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\linkrdr.AIEbho (Trojan.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Passwords) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\prh (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\tst (Trojan.Banker) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\appconf32.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\WINDOWS\system32\xmldm (Stolen.Data) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\WINDOWS\system32\acroiehelpe055.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\administrator\anwendungsdaten\Sun\Java\deployment\cache\6.0\29\1c5e939d-19fde554 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP1\A0000018.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP1\A0000007.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP1\A0000008.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP1\A0000009.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP1\A0000017.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP1\A0000019.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP1\A0000020.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP1\A0001018.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP1\A0001019.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP1\A0001020.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP1\A0001021.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP1\A0001022.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0001048.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0001050.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0001051.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0001052.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0001053.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0002049.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0002050.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0002051.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0002052.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0002061.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0002065.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0002079.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0002080.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0002081.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0002082.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP2\A0002083.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP3\A0002137.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP3\A0002138.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP3\A0002139.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP3\A0002152.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP3\A0003148.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP3\A0003149.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP3\A0003150.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP3\A0003151.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP3\A0003156.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP3\A0002140.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0003179.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0003181.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0003182.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0003183.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0003184.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0003192.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0003194.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0003195.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004192.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004193.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004194.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004195.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004204.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004214.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004215.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004216.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004217.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004222.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004224.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004249.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004250.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004251.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004252.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004257.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0003193.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005381.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005399.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005537.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005555.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004265.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004266.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004267.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004268.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004300.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004301.dll (Trojan.Keylogger) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004306.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004309.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004310.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004280.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004281.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004282.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004283.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004288.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004298.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0004299.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005298.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005299.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005300.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005301.dll (Trojan.Keylogger) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005322.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005323.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005324.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005325.dll (Trojan.Keylogger) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005330.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005344.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005372.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005373.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005374.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005375.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005378.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005380.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005382.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005383.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005384.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005385.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005386.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005387.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005388.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005389.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005398.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005400.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005401.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005406.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005417.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005455.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005456.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005458.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005459.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005460.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005475.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005490.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005491.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005492.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005493.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005494.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005517.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005529.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005530.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005531.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005532.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005533.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005539.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005540.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005541.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005542.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005543.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005556.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005557.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005558.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005559.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005568.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005577.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005578.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005579.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005580.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005581.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005593.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005594.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005595.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005596.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005597.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP4\A0005603.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP5\A0005605.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP5\A0005619.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP5\A0005620.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP5\A0005669.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP5\A0005670.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}\RP6\A0006720.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}(2)\RP313\A0076343.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}(2)\RP317\A0076724.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}(2)\RP317\A0076722.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}(2)\RP317\A0076725.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}(2)\RP317\A0076726.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}(2)\RP317\A0076783.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}(2)\RP317\A0076784.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}(2)\RP317\A0076785.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ae54fb55-12f5-4a4f-86ad-200206642d9e}(2)\RP317\A0076786.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\5044\components\acroff0445.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\5044\components\acroff0446.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\5044\components\acroff0447.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\5044\components\acroff0448.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\5047\components\acroff0475.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\5047\components\acroff0476.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\5047\components\acroff0477.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\5047\components\acroff0478.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\5049\components\acroff0498.dll (Trojan.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\5050\components\acroff0506.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\5050\components\acroff0507.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\5050\components\acroff0508.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\5051\components\acroff0510.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\5051\components\acroff0515.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\5051\components\acroff0516.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\5051\components\acroff0517.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\5051\components\acroff0518.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\srvblck2.tmp (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\acroiehelpe.txt (Malware.Trace) -> Quarantined and deleted successfully.

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a71ab840ff9b1946b432878243814efe
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-04 11:02:12
# local_time=2011-12-05 12:02:12 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777191 100 0 4109202 4109202 0 0
# compatibility_mode=8192 67108863 100 0 3761 3761 0 0
# scanned=102197
# found=3
# cleaned=0
# scan_time=6900
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\29\1c5e939d-19fde554	a variant of Win32/Injector.LFM trojan (unable to clean)	00000000000000000000000000000000	I
C:\WINDOWS\system32\AcroIEHelpe055.dll	a variant of Win32/Spy.Banker.WYC trojan (unable to clean)	00000000000000000000000000000000	I
${Memory}	probably a variant of Win32/Spy.Banker.WBU trojan	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a71ab840ff9b1946b432878243814efe
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-06 09:38:20
# local_time=2011-12-06 10:38:20 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777191 100 0 4233724 4233724 0 0
# compatibility_mode=8192 67108863 100 0 128283 128283 0 0
# scanned=102761
# found=1
# cleaned=0
# scan_time=6948
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\29\6f2d6d5d-710ab8ca	a variant of Java/Exploit.CVE-2011-3544.A trojan (unable to clean)	00000000000000000000000000000000	I

cosinus · 06.12.2011, 11:37

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

viktorhugo · 07.12.2011, 10:34

So, OTL ist drüber.

Hier der Log:

Code:

ATTFilter

OTL logfile created on: 07.12.2011 09:59:45 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 78,38% Memory free
4,94 Gb Paging File | 4,26 Gb Available in Paging File | 86,22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,89 Gb Total Space | 18,05 Gb Free Space | 32,29% Space Free | Partition Type: NTFS
 
Computer Name: XP-9C79C6DC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
PRC - C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
PRC - c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Gemeinsame Dateien\PACE\Services\LicenseServices\LDSvc.exe (PACE Anti-Piracy, Inc.)
PRC - C:\Programme\Avid\Mbox Mini\AudioDevMon.exe (Avid)
PRC - C:\Programme\M-Audio\MIDISPORT\AudioDevMon.exe (M-Audio)
PRC - C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
PRC - C:\Programme\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)
PRC - C:\Programme\Avid\Mbox Pro\AudioDevMon.exe (Avid)
PRC - C:\Programme\Avid\Mbox\AudioDevMon.exe (Avid)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Advantech eAutomation\Serial Device Server Configuration Utility\RDRV2X.EXE ()
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\TpKmpSvc.exe ()
PRC - C:\Programme\PrintKey2000\Printkey2000.exe (Fred's Software)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\478d57d96f3d8d5fc15c7ac635a4a6a1\PresentationFramework.Classic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\ThinkPad\Utilities\DE-DE\PWMUIAux.resources.dll ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWRMGRRO.DLL ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\AcWrpc.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\Res\GR\GUIHlprRes.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\Res\GR\IconRes.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\Res\GR\SvcHlprRes.dll ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll ()
MOD - C:\Programme\Advantech eAutomation\Serial Device Server Configuration Utility\RDRV2X.EXE ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\WINDOWS\system32\TpKmpSvc.exe ()
MOD - C:\Programme\Microsoft ActiveSync\rapiproxystub.dll ()
MOD - C:\WINDOWS\system32\redmonnt.dll ()
MOD - C:\WINDOWS\system32\BrMuSNMP.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) --  File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (DozeSvc) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (PwmEWSvc) -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe ()
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (SUService) -- c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (PaceLicenseDServices) -- C:\Programme\Gemeinsame Dateien\PACE\Services\LicenseServices\LDSvc.exe (PACE Anti-Piracy, Inc.)
SRV - (MboxMiniAudioDevMon) -- C:\Programme\Avid\Mbox Mini\AudioDevMon.exe (Avid)
SRV - (MIDISPORTAudioDevMon) -- C:\Programme\M-Audio\MIDISPORT\AudioDevMon.exe (M-Audio)
SRV - (TGCM_ImportWiFiSvc) -- C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (DigiRefresh) -- C:\Programme\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)
SRV - (digiSPTIService) -- C:\Programme\Digidesign\Pro Tools\digiSPTIService.exe (Avid Technology, Inc.)
SRV - (MboxProAudioDevMon) -- C:\Programme\Avid\Mbox Pro\AudioDevMon.exe (Avid)
SRV - (MboxAudioDevMon) -- C:\Programme\Avid\Mbox\AudioDevMon.exe (Avid)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (RDRV2X) -- C:\Programme\Advantech eAutomation\Serial Device Server Configuration Utility\RDRV2X.EXE ()
SRV - (TVT Scheduler) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (Haspnt) -- C:\WINDOWS\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems)
DRV - (DozeHDD) -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys (Lenovo.)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS (Lenovo Group Limited)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (Shockprf) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (TPkd) -- C:\WINDOWS\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (MBOXMINI) -- C:\WINDOWS\system32\drivers\AvidMboxMini.sys (Avid)
DRV - (MADFUMIDISPORT2010) -- C:\WINDOWS\system32\drivers\MAudioMIDISPORT_DFU.sys (M-Audio)
DRV - (MAUSBMIDISPORT) -- C:\WINDOWS\system32\drivers\MAudioMIDISPORT.sys (M-Audio)
DRV - (lenovo.smi) -- C:\WINDOWS\system32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (DigiNet) -- C:\WINDOWS\system32\drivers\diginet.sys (Avid Technology, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (tidnet) -- C:\WINDOWS\system32\drivers\tidnet.sys (Telefónica I+D)
DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (AESPV2X) -- C:\WINDOWS\system32\drivers\AESPV2X.sys (Advantech Co., Ltd.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (Smapint) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS (Microsoft Corporation)
DRV - (TDSMAPI) -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS ()
DRV - (Asapi) -- C:\WINDOWS\System32\drivers\asapi.sys (VOB Computersysteme GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Discogs"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5053 [2011.12.04 19:24:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.19 10:41:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.11.10 09:47:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.07.21 23:34:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5053 [2011.12.04 19:24:30 | 000,000,000 | ---D | M]
 
[2010.06.19 21:48:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2011.05.07 12:56:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\open8x8i.default\extensions
[2010.07.15 10:10:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\open8x8i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.29 10:36:17 | 000,005,998 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\open8x8i.default\searchplugins\discogs.xml
[2011.11.18 12:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.18 12:36:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2010.10.11 12:20:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.12.04 19:24:30 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\5053
[2011.11.10 09:47:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.14 09:43:40 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.14 09:43:39 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.14 09:43:39 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.14 09:43:39 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.14 09:43:39 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.14 09:43:39 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.02.28 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Programme\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LPMailChecker] C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [Spybot-S&D Cleaning] "C:\Programme\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean File not found
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Printkey2000.lnk = C:\Programme\PrintKey2000\Printkey2000.exe (Fred's Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1276983697328 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1311288240359 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F7DF1B0-2298-4F48-88E0-1566A5F00926}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.19 19:43:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3a9341fd-87ac-11e0-880c-0019d2b3cbec}\Shell - "" = AutoRun
O33 - MountPoints2\{3a9341fd-87ac-11e0-880c-0019d2b3cbec}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3a9341fd-87ac-11e0-880c-0019d2b3cbec}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9447bbaa-86aa-11e0-8804-0019d2b3cbec}\Shell - "" = AutoRun
O33 - MountPoints2\{9447bbaa-86aa-11e0-8804-0019d2b3cbec}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9447bbaa-86aa-11e0-8804-0019d2b3cbec}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9447bbae-86aa-11e0-8804-0019d2b3cbec}\Shell - "" = AutoRun
O33 - MountPoints2\{9447bbae-86aa-11e0-8804-0019d2b3cbec}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9447bbae-86aa-11e0-8804-0019d2b3cbec}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {67A3ED95-0858-234E-DB7E-BF7AE8AA0F8F} - Themes Setup
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: MIDI7 - C:\WINDOWS\System32\Diomidi.DLL (Avid Technology, Inc.)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave1 - fireface_mme.dll File not found
Drivers32: wave8 - C:\WINDOWS\System32\Digi32.dll (Digidesign, A Division of Avid Technology, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.04 22:04:30 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.12.04 22:04:22 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Administrator\Desktop\esetsmartinstaller_enu.exe
[2011.12.04 20:58:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2011.12.04 20:57:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.12.04 20:57:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.12.04 20:57:46 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.12.04 20:57:45 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.12.04 20:41:42 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps
[2011.12.04 19:24:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5053
[2011.12.04 14:45:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.12.04 14:26:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Advantech Serial Device Server
[2011.12.01 13:16:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5052
[2011.11.28 19:56:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5051
[2011.11.28 13:34:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\seescreen.de
[2011.11.26 11:13:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5050
[2011.11.26 10:49:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs
[2011.11.24 10:19:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5049
[2011.11.23 10:41:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5048
[2011.11.22 15:31:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5047
[2011.11.21 19:37:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5045
[2011.11.20 16:31:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5044
[2011.11.20 13:59:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\kultfabrik_flyer
[2011.11.19 10:43:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DDMSettings
[2011.11.18 20:58:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5043
[2011.11.17 21:17:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2011.11.17 11:41:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5042
[2011.11.17 09:32:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2011.11.17 09:31:51 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy 2
[2011.11.16 14:12:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\seescreen
[2011.11.16 13:58:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\seescreen
[2011.11.16 10:59:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5041
[2011.11.15 19:42:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5040
[2011.11.15 18:45:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\*.tmp files -> C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.07 09:54:53 | 000,025,181 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2011.12.07 09:54:37 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2011.12.07 09:54:07 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.07 09:53:56 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2011.12.07 09:53:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.07 09:53:51 | 3219,574,784 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.04 22:04:24 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Administrator\Desktop\esetsmartinstaller_enu.exe
[2011.12.04 20:53:22 | 000,044,544 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.04 20:41:37 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2011.12.04 18:17:24 | 000,029,797 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Logfiles.zip
[2011.12.04 15:03:42 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\b95127zg.exe
[2011.12.04 14:45:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.12.04 14:39:12 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2011.12.04 14:35:34 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe
[2011.12.04 14:14:51 | 000,000,629 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\info@fbevent.de.iaf
[2011.12.04 14:14:46 | 000,000,635 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\fabian@fbevent.de.iaf
[2011.12.04 13:40:27 | 001,000,516 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Wohnungsbewerbung_Anlagen.pdf
[2011.12.03 21:41:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.11.28 13:32:00 | 002,126,932 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\seescreen - oct 11.pdf
[2011.11.17 10:12:50 | 000,000,127 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011.11.16 12:59:13 | 000,064,290 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\scn_logo.jpg
[2011.11.15 18:47:05 | 000,000,539 | ---- | M] () -- C:\WINDOWS\install.rdf
[2011.11.10 09:57:41 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.11.09 01:11:33 | 000,015,513 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\mhtml mid  (1).pdf
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.04 18:17:24 | 000,029,797 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Logfiles.zip
[2011.12.04 15:03:41 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\b95127zg.exe
[2011.12.04 14:39:12 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2011.12.04 14:35:33 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe
[2011.12.04 14:14:51 | 000,000,629 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\info@fbevent.de.iaf
[2011.12.04 14:14:46 | 000,000,635 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\fabian@fbevent.de.iaf
[2011.12.04 13:40:20 | 001,000,516 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Wohnungsbewerbung_Anlagen.pdf
[2011.12.02 21:56:35 | 3219,574,784 | -HS- | C] () -- C:\hiberfil.sys
[2011.11.28 13:31:50 | 002,126,932 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\seescreen - oct 11.pdf
[2011.11.17 10:09:11 | 000,000,127 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011.11.16 12:59:10 | 000,064,290 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\scn_logo.jpg
[2011.11.15 18:47:05 | 000,000,539 | ---- | C] () -- C:\WINDOWS\install.rdf
[2011.11.09 01:11:33 | 000,015,513 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\mhtml mid  (1).pdf
[2011.08.04 17:13:55 | 000,000,031 | ---- | C] () -- C:\WINDOWS\DeskCalc.INI
[2011.07.21 23:24:26 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.06.16 10:01:32 | 000,000,287 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\VersionChecker_14.xml
[2011.06.16 09:40:38 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2011.06.08 09:35:50 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc
[2011.05.13 09:04:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll
[2011.05.13 09:03:16 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll
[2011.05.13 09:01:22 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll
[2011.05.13 09:01:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll
[2011.04.19 12:11:35 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\IWUninstall.exe
[2011.01.04 12:53:35 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011.01.03 18:34:22 | 000,008,581 | ---- | C] () -- C:\WINDOWS\System32\drivers\MAudioMIDISport4x4AnnivFirmware.bin
[2011.01.03 18:34:22 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\MAudioMIDISport2x2AnnivFirmware.bin
[2011.01.03 18:34:22 | 000,005,931 | ---- | C] () -- C:\WINDOWS\System32\drivers\MAudioMIDISport4x4Firmware.bin
[2011.01.03 18:34:22 | 000,004,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\MAudioMIDISport8x8_121Firmware.bin
[2011.01.03 18:34:22 | 000,004,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\MAudioMIDISport8x8_110Firmware.bin
[2011.01.03 18:34:22 | 000,004,073 | ---- | C] () -- C:\WINDOWS\System32\drivers\MAudioMIDISport2x2Firmware.bin
[2011.01.03 18:34:22 | 000,003,469 | ---- | C] () -- C:\WINDOWS\System32\drivers\MAudioMIDISport1x1Firmware.bin
[2011.01.03 18:34:22 | 000,002,078 | ---- | C] () -- C:\WINDOWS\System32\drivers\MAudioCypressBootstrapper.bin
[2010.12.31 00:34:26 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2010.11.03 18:40:58 | 000,021,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\iLokDrvr.sys
[2010.10.21 14:49:12 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2010.09.18 02:57:19 | 000,044,544 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.02 17:56:56 | 000,000,062 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2010.09.02 12:57:51 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2010.09.02 12:57:51 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2010.08.18 10:35:57 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2010.08.18 10:34:55 | 000,000,466 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2010.08.18 10:34:55 | 000,000,234 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010.08.18 10:34:55 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010.08.18 10:34:55 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010.08.18 10:34:55 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2010.08.18 10:34:22 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010.08.18 10:34:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2010.08.06 00:09:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.07.24 13:35:25 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.06.30 01:36:26 | 001,792,952 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.06.26 13:04:11 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010.06.26 13:02:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2010.06.26 12:59:49 | 000,196,608 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010.06.19 22:25:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010.06.19 22:19:31 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2010.06.19 22:18:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2010.06.19 22:16:41 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010.06.19 22:16:40 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010.06.19 22:16:39 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010.06.19 21:48:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.06.19 20:25:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.06.19 20:24:20 | 000,346,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.19 19:46:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.06.19 19:40:10 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.05.28 13:20:08 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\K8062D.dll
[2010.05.28 13:20:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DMX4ALL.dll
[2008.12.09 16:23:13 | 000,052,416 | RHS- | C] () -- C:\WINDOWS\System32\appconf32.exe
[2007.06.19 13:13:40 | 000,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2007.01.29 10:36:32 | 000,025,181 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2006.02.28 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.02.28 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.02.28 13:00:00 | 000,506,692 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006.02.28 13:00:00 | 000,484,144 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.02.28 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.02.28 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006.02.28 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.02.28 13:00:00 | 000,097,682 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006.02.28 13:00:00 | 000,081,832 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.02.28 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.02.28 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006.02.28 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.02.28 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.02.28 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.02.28 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006.02.28 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005.06.03 21:22:38 | 000,020,320 | ---- | C] () -- C:\WINDOWS\System32\DongleArtNet3.sys
[2005.06.03 21:22:38 | 000,020,308 | ---- | C] () -- C:\WINDOWS\System32\DongleArtNet2.sys
[2005.06.03 21:22:38 | 000,020,172 | ---- | C] () -- C:\WINDOWS\System32\DongleArtNet1.sys
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.05.16 00:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002.05.04 14:19:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\avisynthEx.dll
[2002.04.21 19:30:14 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002.04.19 15:23:26 | 000,106,137 | ---- | C] () -- C:\WINDOWS\System32\libpostproc.dll
[2002.04.19 14:51:04 | 000,211,760 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2002.04.01 23:16:30 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002.04.01 23:16:14 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002.04.01 23:15:40 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002.02.21 17:41:20 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001.06.22 12:06:02 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\MPEG2DEC.dll
 
========== LOP Check ==========
 
[2010.08.30 08:28:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Avaya
[2011.11.19 10:43:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DDMSettings
[2011.05.01 17:26:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Digidesign
[2011.07.30 09:00:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox
[2011.02.23 23:20:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\EurekaLog
[2010.11.11 22:13:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ImgBurn
[2010.06.19 22:25:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lenovo
[2010.09.20 23:36:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lexware
[2011.06.16 10:01:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nemetschek
[2010.07.09 12:00:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org
[2011.05.09 15:38:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Opera
[2011.05.01 16:55:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PACE Anti-Piracy
[2011.09.21 12:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PCDr
[2011.09.21 18:29:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PwrMgr
[2011.05.25 09:42:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Telefónica
[2011.05.23 22:16:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Tomy Soft
[2011.05.01 16:58:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Trillium Lane
[2011.05.23 22:12:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\XnView
[2010.06.26 13:01:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AssemblyPreparseUtility
[2011.05.01 17:05:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avid
[2011.10.12 10:18:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2011.02.23 17:39:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Digidesign
[2011.02.23 17:23:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DigiDriver
[2010.09.02 12:57:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF
[2010.06.26 13:00:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Harman Professional
[2010.06.19 22:15:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2011.11.10 10:03:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2011.02.23 18:40:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PACE
[2011.05.01 16:55:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PACE Anti-Piracy
[2011.09.21 12:42:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr
[2011.04.19 12:27:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2011.12.07 09:54:37 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.10.18 14:37:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe
[2011.02.23 17:03:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Apple Computer
[2010.06.19 22:25:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ATI
[2010.08.30 08:28:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Avaya
[2011.10.18 08:41:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Avira
[2010.08.24 10:35:59 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Brother
[2011.11.19 10:43:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DDMSettings
[2011.05.01 17:26:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Digidesign
[2010.09.18 01:50:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DivX
[2011.07.30 09:00:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox
[2011.05.10 14:42:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\dvdcss
[2011.02.23 23:20:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\EurekaLog
[2010.06.19 20:27:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Identities
[2010.11.11 22:13:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ImgBurn
[2010.06.26 14:21:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InstallShield
[2010.06.19 21:35:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Intel
[2010.06.19 22:25:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lenovo
[2010.09.20 23:36:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lexware
[2010.06.26 11:21:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia
[2011.12.04 20:58:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2011.10.25 14:32:36 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
[2010.06.19 21:48:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
[2011.06.16 10:01:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nemetschek
[2010.07.09 12:00:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org
[2011.05.09 15:38:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Opera
[2011.05.01 16:55:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PACE Anti-Piracy
[2011.09.21 12:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PCDr
[2011.09.21 18:29:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PwrMgr
[2010.10.11 12:19:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun
[2011.05.25 09:42:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Telefónica
[2011.05.23 22:16:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Tomy Soft
[2011.05.01 16:58:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Trillium Lane
[2011.08.01 20:36:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\U3
[2011.11.04 14:59:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
[2011.05.23 22:12:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\XnView
 
< %APPDATA%\*.exe /s >
[2011.05.25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe
[2011.05.25 21:07:18 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Uninstall.exe
[2011.01.09 00:01:02 | 000,007,078 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{2C3BAC97-8CEA-4B77-90DD-89AB66C5847A}\_2cd672ae.exe
[2011.01.09 00:01:02 | 000,007,078 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{2C3BAC97-8CEA-4B77-90DD-89AB66C5847A}\_4ae13d6c.exe
[2011.02.23 17:22:56 | 000,029,926 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{2F227ACA-204C-4529-BA33-D095C42C72DB}\ARPPRODUCTICON.exe
[2006.12.07 09:45:12 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\U3\temp\cleanup.exe
[2006.12.07 09:45:12 | 003,096,576 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
[2001.05.24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
 
 
< MD5 for: AGP440.SYS  >
[2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.06.26 13:37:56 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010.06.26 13:37:56 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.06.26 13:37:56 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.06.26 13:37:56 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006.02.28 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2006.02.28 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2006.02.28 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2006.02.28 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2006.02.28 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2006.02.28 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006.02.28 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.02.28 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2006.02.28 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2010.06.19 21:23:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010.06.19 21:23:30 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010.06.19 21:23:30 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 988 bytes -> C:\Programme\Gemeinsame Dateien\System:WKXJOg1gwhFDL4JnhJHQ
@Alternate Data Stream - 1146 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:eqjJAqxjgWy0n2BWb15fs
@Alternate Data Stream - 1126 bytes -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\5UTTXYXffppEI:6Q8VBppZPF5AHZPPFri7R
@Alternate Data Stream - 1117 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:bh6n13qf5bDph5xrjJYR4
@Alternate Data Stream - 1104 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:XUTOj2WeKBMtV1GnA2Scj5e
@Alternate Data Stream - 1094 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:7t1vzmHXh5CnBNoBLxEVUZ1p
@Alternate Data Stream - 1080 bytes -> C:\Programme\Gemeinsame Dateien\System:dVu8RIxzeMVP5xflQfwj
@Alternate Data Stream - 1048 bytes -> C:\Dokumente und Einstellungen\Administrator\Cookies:L53FBLTbT0t81OYsJv
@Alternate Data Stream - 1040 bytes -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\P43dGmbjFg7:GermElTEXsaEeT1Vjfv378T8g8
@Alternate Data Stream - 1032 bytes -> C:\Programme\Gemeinsame Dateien\Microsoft Shared:W5CKdAjT7Gtj3Nrlr8AsjW
@Alternate Data Stream - 1006 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:j3eZSK04DaBsOi875oMNdAkuiswT

< End of report >

cosinus · 07.12.2011, 12:36

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.19 19:43:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3a9341fd-87ac-11e0-880c-0019d2b3cbec}\Shell - "" = AutoRun
O33 - MountPoints2\{3a9341fd-87ac-11e0-880c-0019d2b3cbec}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3a9341fd-87ac-11e0-880c-0019d2b3cbec}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9447bbaa-86aa-11e0-8804-0019d2b3cbec}\Shell - "" = AutoRun
O33 - MountPoints2\{9447bbaa-86aa-11e0-8804-0019d2b3cbec}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9447bbaa-86aa-11e0-8804-0019d2b3cbec}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9447bbae-86aa-11e0-8804-0019d2b3cbec}\Shell - "" = AutoRun
O33 - MountPoints2\{9447bbae-86aa-11e0-8804-0019d2b3cbec}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9447bbae-86aa-11e0-8804-0019d2b3cbec}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
@Alternate Data Stream - 988 bytes -> C:\Programme\Gemeinsame Dateien\System:WKXJOg1gwhFDL4JnhJHQ
@Alternate Data Stream - 1146 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:eqjJAqxjgWy0n2BWb15fs
@Alternate Data Stream - 1126 bytes -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\5UTTXYXffppEI:6Q8VBppZPF5AHZPPFri7R
@Alternate Data Stream - 1117 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:bh6n13qf5bDph5xrjJYR4
@Alternate Data Stream - 1104 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:XUTOj2WeKBMtV1GnA2Scj5e
@Alternate Data Stream - 1094 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:7t1vzmHXh5CnBNoBLxEVUZ1p
@Alternate Data Stream - 1080 bytes -> C:\Programme\Gemeinsame Dateien\System:dVu8RIxzeMVP5xflQfwj
@Alternate Data Stream - 1048 bytes -> C:\Dokumente und Einstellungen\Administrator\Cookies:L53FBLTbT0t81OYsJv
@Alternate Data Stream - 1040 bytes -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\P43dGmbjFg7:GermElTEXsaEeT1Vjfv378T8g8
@Alternate Data Stream - 1032 bytes -> C:\Programme\Gemeinsame Dateien\Microsoft Shared:W5CKdAjT7Gtj3Nrlr8AsjW
@Alternate Data Stream - 1006 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:j3eZSK04DaBsOi875oMNdAkuiswT
:Files
C:\WINDOWS\System32\50*
C:\WINDOWS\System32\UA
C:\WINDOWS\System32\kock
C:\WINDOWS\tasks\PMTask.job
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

viktorhugo · 07.12.2011, 13:43

Erledigt! Hier der Log:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a9341fd-87ac-11e0-880c-0019d2b3cbec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a9341fd-87ac-11e0-880c-0019d2b3cbec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a9341fd-87ac-11e0-880c-0019d2b3cbec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a9341fd-87ac-11e0-880c-0019d2b3cbec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a9341fd-87ac-11e0-880c-0019d2b3cbec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a9341fd-87ac-11e0-880c-0019d2b3cbec}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9447bbaa-86aa-11e0-8804-0019d2b3cbec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9447bbaa-86aa-11e0-8804-0019d2b3cbec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9447bbaa-86aa-11e0-8804-0019d2b3cbec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9447bbaa-86aa-11e0-8804-0019d2b3cbec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9447bbaa-86aa-11e0-8804-0019d2b3cbec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9447bbaa-86aa-11e0-8804-0019d2b3cbec}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9447bbae-86aa-11e0-8804-0019d2b3cbec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9447bbae-86aa-11e0-8804-0019d2b3cbec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9447bbae-86aa-11e0-8804-0019d2b3cbec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9447bbae-86aa-11e0-8804-0019d2b3cbec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9447bbae-86aa-11e0-8804-0019d2b3cbec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9447bbae-86aa-11e0-8804-0019d2b3cbec}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\LaunchU3.exe -a not found.
ADS C:\Programme\Gemeinsame Dateien\System:WKXJOg1gwhFDL4JnhJHQ deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:eqjJAqxjgWy0n2BWb15fs deleted successfully.
ADS C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\5UTTXYXffppEI:6Q8VBppZPF5AHZPPFri7R deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:bh6n13qf5bDph5xrjJYR4 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:XUTOj2WeKBMtV1GnA2Scj5e deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:7t1vzmHXh5CnBNoBLxEVUZ1p deleted successfully.
ADS C:\Programme\Gemeinsame Dateien\System:dVu8RIxzeMVP5xflQfwj deleted successfully.
ADS C:\Dokumente und Einstellungen\Administrator\Cookies:L53FBLTbT0t81OYsJv deleted successfully.
ADS C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\P43dGmbjFg7:GermElTEXsaEeT1Vjfv378T8g8 deleted successfully.
ADS C:\Programme\Gemeinsame Dateien\Microsoft Shared:W5CKdAjT7Gtj3Nrlr8AsjW deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:j3eZSK04DaBsOi875oMNdAkuiswT deleted successfully.
========== FILES ==========
C:\WINDOWS\System32\5040\components folder moved successfully.
C:\WINDOWS\System32\5040 folder moved successfully.
C:\WINDOWS\System32\5041\components folder moved successfully.
C:\WINDOWS\System32\5041 folder moved successfully.
C:\WINDOWS\System32\5042\components folder moved successfully.
C:\WINDOWS\System32\5042 folder moved successfully.
C:\WINDOWS\System32\5043\components folder moved successfully.
C:\WINDOWS\System32\5043 folder moved successfully.
C:\WINDOWS\System32\5044\components folder moved successfully.
C:\WINDOWS\System32\5044 folder moved successfully.
C:\WINDOWS\System32\5045\components folder moved successfully.
C:\WINDOWS\System32\5045 folder moved successfully.
C:\WINDOWS\System32\5047\components folder moved successfully.
C:\WINDOWS\System32\5047 folder moved successfully.
C:\WINDOWS\System32\5048\components folder moved successfully.
C:\WINDOWS\System32\5048 folder moved successfully.
C:\WINDOWS\System32\5049\components folder moved successfully.
C:\WINDOWS\System32\5049 folder moved successfully.
C:\WINDOWS\System32\5050\components folder moved successfully.
C:\WINDOWS\System32\5050 folder moved successfully.
C:\WINDOWS\System32\5051\components folder moved successfully.
C:\WINDOWS\System32\5051 folder moved successfully.
C:\WINDOWS\System32\5052\components folder moved successfully.
C:\WINDOWS\System32\5052 folder moved successfully.
C:\WINDOWS\System32\5053\components folder moved successfully.
C:\WINDOWS\System32\5053 folder moved successfully.
File\Folder C:\WINDOWS\System32\UA not found.
C:\WINDOWS\System32\kock folder moved successfully.
C:\WINDOWS\tasks\PMTask.job moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 87294699 bytes
->Temporary Internet Files folder emptied: 133187567 bytes
->Java cache emptied: 544410 bytes
->FireFox cache emptied: 94580764 bytes
->Flash cache emptied: 112077 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Gast
->Temp folder emptied: 197959 bytes
->Temporary Internet Files folder emptied: 241429 bytes
->Java cache emptied: 0 bytes
 
User: Gastuser
->Temp folder emptied: 203390 bytes
->Temporary Internet Files folder emptied: 63431 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 36301107 bytes
->Flash cache emptied: 586 bytes
 
User: LocalService
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 92781852 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2148906 bytes
%systemroot%\System32 .tmp files removed: 3771294 bytes
%systemroot%\System32\dllcache .tmp files removed: 141056 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1873909 bytes
RecycleBin emptied: 939637423 bytes
 
Total Files Cleaned = 1.329,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12072011_133101

Files\Folders moved on Reboot...
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\WCESLog.log moved successfully.
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_808.dat moved successfully.

Registry entries deleted on Reboot...

Was ist mit den gefixten Dateien? Soll ich die auf dem Rechner lassen, bis ich weiß ob alles funktioniert?

Untergebene Grüße,
Vik

cosinus · 07.12.2011, 14:05

Bitte nun (im normalen Modus!) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

viktorhugo · 07.12.2011, 14:44

Normaler Modus bezieht sich auf Windows (d.h. nicht abgesichert)? Wenn ja, dann OK. Virenscanner waren aus.

Code:

ATTFilter

14:40:17.0718 6004	TDSS rootkit removing tool 2.6.22.0 Dec  7 2011 13:21:06
14:40:18.0109 6004	============================================================
14:40:18.0109 6004	Current date / time: 2011/12/07 14:40:18.0109
14:40:18.0109 6004	SystemInfo:
14:40:18.0109 6004	
14:40:18.0109 6004	OS Version: 5.1.2600 ServicePack: 3.0
14:40:18.0109 6004	Product type: Workstation
14:40:18.0109 6004	ComputerName: XP-9C79C6DC
14:40:18.0109 6004	UserName: Administrator
14:40:18.0109 6004	Windows directory: C:\WINDOWS
14:40:18.0109 6004	System windows directory: C:\WINDOWS
14:40:18.0109 6004	Processor architecture: Intel x86
14:40:18.0109 6004	Number of processors: 2
14:40:18.0109 6004	Page size: 0x1000
14:40:18.0109 6004	Boot type: Normal boot
14:40:18.0109 6004	============================================================
14:40:19.0703 6004	Initialize success
14:40:43.0265 5124	============================================================
14:40:43.0265 5124	Scan started
14:40:43.0265 5124	Mode: Manual; SigCheck; TDLFS; 
14:40:43.0265 5124	============================================================
14:40:44.0265 5124	Abiosdsk - ok
14:40:44.0281 5124	abp480n5 - ok
14:40:44.0328 5124	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:40:45.0890 5124	ACPI - ok
14:40:45.0984 5124	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:40:46.0109 5124	ACPIEC - ok
14:40:46.0171 5124	ADIHdAudAddService (beee84a79710f705864685b05f1bb172) C:\WINDOWS\system32\drivers\ADIHdAud.sys
14:40:46.0218 5124	ADIHdAudAddService - ok
14:40:46.0234 5124	adpu160m - ok
14:40:46.0250 5124	AEAudioService  (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
14:40:46.0281 5124	AEAudioService - ok
14:40:46.0296 5124	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:40:46.0406 5124	aec - ok
14:40:46.0453 5124	AESPV2X         (0fbf77fa0f3b79c00de0c2dd13efc812) C:\WINDOWS\system32\DRIVERS\AESPV2X.sys
14:40:46.0468 5124	AESPV2X ( UnsignedFile.Multi.Generic ) - warning
14:40:46.0468 5124	AESPV2X - detected UnsignedFile.Multi.Generic (1)
14:40:46.0515 5124	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:40:46.0562 5124	AFD - ok
14:40:46.0625 5124	Aha154x - ok
14:40:46.0640 5124	aic78u2 - ok
14:40:46.0656 5124	aic78xx - ok
14:40:46.0671 5124	AliIde - ok
14:40:46.0687 5124	amsint - ok
14:40:46.0718 5124	ANC             (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
14:40:46.0734 5124	ANC ( UnsignedFile.Multi.Generic ) - warning
14:40:46.0734 5124	ANC - detected UnsignedFile.Multi.Generic (1)
14:40:46.0796 5124	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:40:46.0890 5124	Arp1394 - ok
14:40:46.0937 5124	Asapi           (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\drivers\Asapi.sys
14:40:46.0953 5124	Asapi ( UnsignedFile.Multi.Generic ) - warning
14:40:46.0953 5124	Asapi - detected UnsignedFile.Multi.Generic (1)
14:40:46.0953 5124	asc - ok
14:40:46.0968 5124	asc3350p - ok
14:40:46.0984 5124	asc3550 - ok
14:40:47.0015 5124	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:40:47.0187 5124	AsyncMac - ok
14:40:47.0218 5124	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:40:47.0312 5124	atapi - ok
14:40:47.0312 5124	Atdisk - ok
14:40:47.0500 5124	ati2mtag        (5a13723fb8bfdd2090defb2d0cb98a27) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:40:47.0703 5124	ati2mtag - ok
14:40:47.0812 5124	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:40:47.0906 5124	Atmarpc - ok
14:40:47.0953 5124	atmeltpm        (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
14:40:47.0984 5124	atmeltpm - ok
14:40:48.0015 5124	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:40:48.0125 5124	audstub - ok
14:40:48.0156 5124	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
14:40:48.0218 5124	avgntflt - ok
14:40:48.0250 5124	avipbb          (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys
14:40:48.0265 5124	avipbb - ok
14:40:48.0281 5124	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
14:40:48.0296 5124	avkmgr - ok
14:40:48.0390 5124	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:40:48.0484 5124	Beep - ok
14:40:48.0593 5124	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:40:48.0703 5124	cbidf2k - ok
14:40:48.0703 5124	cd20xrnt - ok
14:40:48.0734 5124	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:40:48.0828 5124	Cdaudio - ok
14:40:48.0875 5124	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:40:48.0968 5124	Cdfs - ok
14:40:48.0984 5124	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:40:49.0093 5124	Cdrom - ok
14:40:49.0093 5124	Changer - ok
14:40:49.0125 5124	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:40:49.0218 5124	CmBatt - ok
14:40:49.0218 5124	CmdIde - ok
14:40:49.0234 5124	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:40:49.0328 5124	Compbatt - ok
14:40:49.0343 5124	Cpqarray - ok
14:40:49.0359 5124	dac2w2k - ok
14:40:49.0375 5124	dac960nt - ok
14:40:49.0421 5124	DigiNet         (e156fd887e1f37c2db7a313cfa6755ae) C:\WINDOWS\system32\DRIVERS\diginet.sys
14:40:49.0421 5124	DigiNet - ok
14:40:49.0437 5124	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:40:49.0546 5124	Disk - ok
14:40:49.0593 5124	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
14:40:49.0750 5124	dmboot - ok
14:40:49.0875 5124	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
14:40:50.0046 5124	dmio - ok
14:40:50.0109 5124	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:40:50.0234 5124	dmload - ok
14:40:50.0265 5124	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:40:50.0375 5124	DMusic - ok
14:40:50.0421 5124	DozeHDD         (6d279bb0de1d8e34f454e1b353f4d738) C:\WINDOWS\system32\DRIVERS\DozeHDD.sys
14:40:50.0421 5124	DozeHDD - ok
14:40:50.0437 5124	dpti2o - ok
14:40:50.0484 5124	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:40:50.0578 5124	drmkaud - ok
14:40:50.0625 5124	e1express       (b1e9161ba28d5b826e49a1d0ded7fcc4) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
14:40:50.0640 5124	e1express - ok
14:40:50.0687 5124	ewusbnet        (4fd02e31eac2cbc81eb08a1ce81e73a2) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
14:40:50.0734 5124	ewusbnet - ok
14:40:50.0828 5124	ew_hwusbdev     (e98a64c7f106740a38fb2b78197816f8) C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
14:40:50.0875 5124	ew_hwusbdev - ok
14:40:50.0921 5124	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:40:51.0093 5124	Fastfat - ok
14:40:51.0109 5124	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
14:40:51.0218 5124	Fdc - ok
14:40:51.0250 5124	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
14:40:51.0359 5124	Fips - ok
14:40:51.0375 5124	fireface - ok
14:40:51.0390 5124	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:40:51.0484 5124	Flpydisk - ok
14:40:51.0500 5124	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:40:51.0593 5124	FltMgr - ok
14:40:51.0640 5124	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:40:51.0734 5124	Fs_Rec - ok
14:40:51.0750 5124	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:40:51.0843 5124	Ftdisk - ok
14:40:51.0875 5124	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:40:51.0968 5124	Gpc - ok
14:40:52.0031 5124	Hardlock        (d95554949082fd29a04d351b58396718) C:\WINDOWS\system32\drivers\hardlock.sys
14:40:52.0125 5124	Hardlock - ok
14:40:52.0218 5124	Haspnt          (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
14:40:52.0234 5124	Haspnt ( UnsignedFile.Multi.Generic ) - warning
14:40:52.0234 5124	Haspnt - detected UnsignedFile.Multi.Generic (1)
14:40:52.0281 5124	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:40:52.0390 5124	HDAudBus - ok
14:40:52.0421 5124	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:40:52.0531 5124	HidUsb - ok
14:40:52.0546 5124	hpn - ok
14:40:52.0593 5124	HSFHWAZL        (702a7e1b3c9263efbd6aede3b6919761) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
14:40:52.0593 5124	HSFHWAZL - ok
14:40:52.0656 5124	HSF_DPV         (8d02cb68d53aa36189faf86fed438884) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
14:40:52.0687 5124	HSF_DPV - ok
14:40:52.0843 5124	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:40:52.0875 5124	HTTP - ok
14:40:52.0921 5124	huawei_enumerator (22a4b14530194fc57c1c849fb5afee17) C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
14:40:53.0140 5124	huawei_enumerator - ok
14:40:53.0171 5124	hwdatacard      (3e3bfe85b9fe3720bf4c108f57c945fb) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
14:40:53.0234 5124	hwdatacard - ok
14:40:53.0234 5124	i2omgmt - ok
14:40:53.0250 5124	i2omp - ok
14:40:53.0281 5124	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:40:53.0390 5124	i8042prt - ok
14:40:53.0500 5124	IBMPMDRV        (fa3d0a6da7bb7968efe5c5bc267f0e55) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
14:40:53.0500 5124	IBMPMDRV - ok
14:40:53.0546 5124	IBMTPCHK        (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
14:40:53.0562 5124	IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
14:40:53.0562 5124	IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
14:40:53.0609 5124	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:40:53.0718 5124	Imapi - ok
14:40:53.0734 5124	ini910u - ok
14:40:53.0750 5124	IntelIde - ok
14:40:53.0796 5124	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:40:53.0921 5124	intelppm - ok
14:40:53.0937 5124	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:40:54.0015 5124	Ip6Fw - ok
14:40:54.0062 5124	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:40:54.0171 5124	IpFilterDriver - ok
14:40:54.0187 5124	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:40:54.0296 5124	IpInIp - ok
14:40:54.0328 5124	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:40:54.0453 5124	IpNat - ok
14:40:54.0546 5124	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:40:54.0656 5124	IPSec - ok
14:40:54.0687 5124	irda            (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
14:40:54.0781 5124	irda - ok
14:40:54.0796 5124	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:40:54.0890 5124	IRENUM - ok
14:40:54.0937 5124	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:40:55.0031 5124	isapnp - ok
14:40:55.0062 5124	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:40:55.0156 5124	Kbdclass - ok
14:40:55.0203 5124	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:40:55.0296 5124	kmixer - ok
14:40:55.0312 5124	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:40:55.0453 5124	KSecDD - ok
14:40:55.0546 5124	lbrtfdc - ok
14:40:55.0593 5124	lenovo.smi      (9aac267a225f3caebb9e633f7eb16e4b) C:\WINDOWS\system32\DRIVERS\smiif32.sys
14:40:55.0593 5124	lenovo.smi - ok
14:40:55.0656 5124	MADFUMIDISPORT2010 (af5b04bf94f3980cb067338562ceeda6) C:\WINDOWS\system32\DRIVERS\MAudioMIDISPORT_DFU.sys
14:40:55.0671 5124	MADFUMIDISPORT2010 - ok
14:40:55.0703 5124	MAUSBMIDISPORT  (ea664e3ac4e285c831362971b3f6505f) C:\WINDOWS\system32\DRIVERS\MAudioMIDISPORT.sys
14:40:55.0718 5124	MAUSBMIDISPORT - ok
14:40:55.0734 5124	MBAMSwissArmy - ok
14:40:55.0781 5124	MBOXMINI        (6b1ab654a6638b7d9c9fd611af10dfd4) C:\WINDOWS\system32\DRIVERS\AvidMboxMini.sys
14:40:55.0796 5124	MBOXMINI - ok
14:40:55.0859 5124	mdmxsdk         (a027de1e6c11bd2daf61f6f276b2299f) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:40:55.0875 5124	mdmxsdk - ok
14:40:55.0890 5124	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:40:56.0000 5124	mnmdd - ok
14:40:56.0109 5124	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
14:40:56.0218 5124	Modem - ok
14:40:56.0250 5124	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:40:56.0359 5124	Mouclass - ok
14:40:56.0437 5124	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:40:56.0531 5124	mouhid - ok
14:40:56.0562 5124	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:40:56.0656 5124	MountMgr - ok
14:40:56.0671 5124	mraid35x - ok
14:40:56.0687 5124	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:40:56.0781 5124	MRxDAV - ok
14:40:56.0843 5124	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:40:56.0921 5124	MRxSmb - ok
14:40:57.0015 5124	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:40:57.0125 5124	Msfs - ok
14:40:57.0156 5124	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:40:57.0265 5124	MSKSSRV - ok
14:40:57.0296 5124	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:40:57.0421 5124	MSPCLOCK - ok
14:40:57.0421 5124	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:40:57.0531 5124	MSPQM - ok
14:40:57.0562 5124	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:40:57.0656 5124	mssmbios - ok
14:40:57.0703 5124	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:40:57.0734 5124	Mup - ok
14:40:57.0765 5124	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:40:57.0859 5124	NDIS - ok
14:40:57.0890 5124	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:40:57.0937 5124	NdisTapi - ok
14:40:58.0046 5124	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:40:58.0156 5124	Ndisuio - ok
14:40:58.0187 5124	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:40:58.0312 5124	NdisWan - ok
14:40:58.0343 5124	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:40:58.0421 5124	NDProxy - ok
14:40:58.0453 5124	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:40:58.0546 5124	NetBIOS - ok
14:40:58.0578 5124	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:40:58.0703 5124	NetBT - ok
14:40:58.0984 5124	NETw5x32        (3bc15801f7b9dd2d16897a38a962ce56) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
14:40:59.0515 5124	NETw5x32 - ok
14:40:59.0640 5124	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:40:59.0828 5124	NIC1394 - ok
14:40:59.0875 5124	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:40:59.0968 5124	Npfs - ok
14:41:00.0000 5124	NSCIRDA         (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
14:41:00.0093 5124	NSCIRDA - ok
14:41:00.0125 5124	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:41:00.0296 5124	Ntfs - ok
14:41:00.0328 5124	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:41:00.0468 5124	Null - ok
14:41:00.0500 5124	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:41:00.0609 5124	NwlnkFlt - ok
14:41:00.0687 5124	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:41:00.0781 5124	NwlnkFwd - ok
14:41:00.0796 5124	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:41:00.0921 5124	ohci1394 - ok
14:41:00.0968 5124	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
14:41:01.0062 5124	Parport - ok
14:41:01.0078 5124	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:41:01.0187 5124	PartMgr - ok
14:41:01.0218 5124	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
14:41:01.0343 5124	ParVdm - ok
14:41:01.0375 5124	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
14:41:01.0468 5124	PCI - ok
14:41:01.0484 5124	PCIDump - ok
14:41:01.0515 5124	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:41:01.0609 5124	PCIIde - ok
14:41:01.0625 5124	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:41:01.0750 5124	Pcmcia - ok
14:41:01.0765 5124	PDCOMP - ok
14:41:01.0765 5124	PDFRAME - ok
14:41:01.0781 5124	PDRELI - ok
14:41:01.0796 5124	PDRFRAME - ok
14:41:01.0812 5124	perc2 - ok
14:41:01.0812 5124	perc2hib - ok
14:41:01.0859 5124	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:41:01.0937 5124	PptpMiniport - ok
14:41:01.0984 5124	PROCDD          (1d80309fed4babf8ea9e7b84a394348b) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
14:41:02.0000 5124	PROCDD - ok
14:41:02.0046 5124	psadd           (651d3abc1d82d61b6cfb40cb947b3db3) C:\WINDOWS\system32\DRIVERS\psadd.sys
14:41:02.0078 5124	psadd - ok
14:41:02.0171 5124	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:41:02.0265 5124	PSched - ok
14:41:02.0312 5124	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:41:02.0500 5124	Ptilink - ok
14:41:02.0593 5124	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:41:02.0609 5124	PxHelp20 - ok
14:41:02.0609 5124	ql1080 - ok
14:41:02.0625 5124	Ql10wnt - ok
14:41:02.0640 5124	ql12160 - ok
14:41:02.0656 5124	ql1240 - ok
14:41:02.0656 5124	ql1280 - ok
14:41:02.0671 5124	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:41:02.0765 5124	RasAcd - ok
14:41:02.0796 5124	Rasirda         (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
14:41:02.0859 5124	Rasirda - ok
14:41:02.0906 5124	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:41:03.0000 5124	Rasl2tp - ok
14:41:03.0015 5124	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:41:03.0093 5124	RasPppoe - ok
14:41:03.0109 5124	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:41:03.0218 5124	Raspti - ok
14:41:03.0234 5124	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:41:03.0328 5124	Rdbss - ok
14:41:03.0343 5124	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:41:03.0453 5124	RDPCDD - ok
14:41:03.0468 5124	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:41:03.0562 5124	rdpdr - ok
14:41:03.0609 5124	RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:41:03.0640 5124	RDPWD - ok
14:41:03.0718 5124	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:41:03.0812 5124	redbook - ok
14:41:03.0859 5124	s24trans        (e7958e8acda7ca20127ef5f2235f25cc) C:\WINDOWS\system32\DRIVERS\s24trans.sys
14:41:03.0890 5124	s24trans - ok
14:41:03.0937 5124	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:41:04.0062 5124	Secdrv - ok
14:41:04.0109 5124	Ser2pl          (e42f03d1081c4f60d3db6c38235b1456) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
14:41:04.0125 5124	Ser2pl ( UnsignedFile.Multi.Generic ) - warning
14:41:04.0125 5124	Ser2pl - detected UnsignedFile.Multi.Generic (1)
14:41:04.0171 5124	Serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:41:04.0312 5124	Serenum - ok
14:41:04.0343 5124	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
14:41:04.0593 5124	Serial - ok
14:41:04.0609 5124	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:41:04.0828 5124	Sfloppy - ok
14:41:04.0890 5124	Shockprf        (1624530d05155f4e5a4736531523bff5) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
14:41:04.0906 5124	Shockprf - ok
14:41:04.0906 5124	Simbad - ok
14:41:04.0953 5124	Smapint         (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
14:41:04.0953 5124	Smapint ( UnsignedFile.Multi.Generic ) - warning
14:41:04.0953 5124	Smapint - detected UnsignedFile.Multi.Generic (1)
14:41:05.0046 5124	Sparrow - ok
14:41:05.0078 5124	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:41:05.0187 5124	splitter - ok
14:41:05.0203 5124	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
14:41:05.0312 5124	sr - ok
14:41:05.0375 5124	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:41:05.0468 5124	Srv - ok
14:41:05.0531 5124	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
14:41:05.0531 5124	ssmdrv - ok
14:41:05.0578 5124	StillCam        (a2dbcc4c8860449df1ab758ea28b4de0) C:\WINDOWS\system32\DRIVERS\serscan.sys
14:41:05.0718 5124	StillCam - ok
14:41:05.0734 5124	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:41:05.0859 5124	swenum - ok
14:41:05.0875 5124	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:41:06.0062 5124	swmidi - ok
14:41:06.0078 5124	symc810 - ok
14:41:06.0078 5124	symc8xx - ok
14:41:06.0093 5124	sym_hi - ok
14:41:06.0109 5124	sym_u3 - ok
14:41:06.0171 5124	SynTP           (d7dc30b8b41e7a913c3fccc0631e72ec) C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:41:06.0187 5124	SynTP - ok
14:41:06.0281 5124	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:41:06.0375 5124	sysaudio - ok
14:41:06.0421 5124	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:41:06.0500 5124	Tcpip - ok
14:41:06.0546 5124	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:41:06.0656 5124	TDPIPE - ok
14:41:06.0671 5124	TDSMAPI         (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
14:41:06.0703 5124	TDSMAPI ( UnsignedFile.Multi.Generic ) - warning
14:41:06.0703 5124	TDSMAPI - detected UnsignedFile.Multi.Generic (1)
14:41:06.0843 5124	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:41:07.0625 5124	TDTCP - ok
14:41:07.0718 5124	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:41:07.0890 5124	TermDD - ok
14:41:07.0984 5124	tidnet          (e27982d1c30ae1dd7eb8eb5caf8d20c6) C:\WINDOWS\system32\DRIVERS\tidnet.sys
14:41:08.0000 5124	tidnet - ok
14:41:08.0000 5124	TosIde - ok
14:41:08.0046 5124	TPDIGIMN        (d2378fbbd668d9fe9b6b5e3139d506d3) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
14:41:08.0046 5124	TPDIGIMN - ok
14:41:08.0109 5124	TPHKDRV         (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
14:41:08.0171 5124	TPHKDRV - ok
14:41:08.0203 5124	TPkd            (a685ea497fb6a6f4ffee705caf185096) C:\WINDOWS\system32\drivers\TPkd.sys
14:41:08.0203 5124	TPkd - ok
14:41:08.0250 5124	TPPWRIF         (c037817e2498d9db736e4ba355b1f4e7) C:\WINDOWS\system32\drivers\Tppwrif.sys
14:41:08.0250 5124	TPPWRIF - ok
14:41:08.0296 5124	TSMAPIP         (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
14:41:08.0312 5124	TSMAPIP ( UnsignedFile.Multi.Generic ) - warning
14:41:08.0312 5124	TSMAPIP - detected UnsignedFile.Multi.Generic (1)
14:41:08.0343 5124	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:41:08.0468 5124	Udfs - ok
14:41:08.0546 5124	ultra - ok
14:41:08.0593 5124	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:41:08.0734 5124	Update - ok
14:41:08.0765 5124	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
14:41:08.0859 5124	usbaudio - ok
14:41:08.0906 5124	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:41:09.0000 5124	usbccgp - ok
14:41:09.0031 5124	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:41:09.0125 5124	usbehci - ok
14:41:09.0171 5124	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:41:09.0250 5124	usbhub - ok
14:41:09.0296 5124	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:41:09.0390 5124	usbscan - ok
14:41:09.0453 5124	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:41:09.0546 5124	USBSTOR - ok
14:41:09.0625 5124	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:41:09.0734 5124	usbuhci - ok
14:41:09.0765 5124	usb_rndisx      (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
14:41:09.0875 5124	usb_rndisx - ok
14:41:09.0906 5124	VClone          (1cdaa48cb2f7744b8d25650e050766a5) C:\WINDOWS\system32\DRIVERS\VClone.sys
14:41:09.0921 5124	VClone ( UnsignedFile.Multi.Generic ) - warning
14:41:09.0937 5124	VClone - detected UnsignedFile.Multi.Generic (1)
14:41:09.0953 5124	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:41:10.0031 5124	VgaSave - ok
14:41:10.0046 5124	ViaIde - ok
14:41:10.0078 5124	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
14:41:10.0171 5124	VolSnap - ok
14:41:10.0218 5124	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:41:10.0312 5124	Wanarp - ok
14:41:10.0437 5124	Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
14:41:10.0453 5124	Wdf01000 - ok
14:41:10.0640 5124	WDICA - ok
14:41:10.0687 5124	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:41:10.0796 5124	wdmaud - ok
14:41:10.0875 5124	winachsf        (115946a53b62a6b171fd0ed197c71d52) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:41:10.0921 5124	winachsf - ok
14:41:11.0078 5124	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:41:11.0125 5124	WudfPf - ok
14:41:11.0156 5124	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:41:11.0171 5124	WudfRd - ok
14:41:11.0234 5124	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
14:41:11.0515 5124	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:41:11.0515 5124	\Device\Harddisk0\DR0 - detected TDSS File System (1)
14:41:11.0515 5124	Boot (0x1200)   (6bf9bb5487f89f308f67ff01f4ecac71) \Device\Harddisk0\DR0\Partition0
14:41:11.0515 5124	\Device\Harddisk0\DR0\Partition0 - ok
14:41:11.0515 5124	============================================================
14:41:11.0515 5124	Scan finished
14:41:11.0515 5124	============================================================
14:41:11.0625 0944	Detected object count: 11
14:41:11.0625 0944	Actual detected object count: 11
14:41:37.0828 0944	AESPV2X ( UnsignedFile.Multi.Generic ) - skipped by user
14:41:37.0828 0944	AESPV2X ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:41:37.0828 0944	ANC ( UnsignedFile.Multi.Generic ) - skipped by user
14:41:37.0828 0944	ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:41:37.0828 0944	Asapi ( UnsignedFile.Multi.Generic ) - skipped by user
14:41:37.0828 0944	Asapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:41:37.0828 0944	Haspnt ( UnsignedFile.Multi.Generic ) - skipped by user
14:41:37.0828 0944	Haspnt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:41:37.0828 0944	IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user
14:41:37.0828 0944	IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:41:37.0828 0944	Ser2pl ( UnsignedFile.Multi.Generic ) - skipped by user
14:41:37.0828 0944	Ser2pl ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:41:37.0828 0944	Smapint ( UnsignedFile.Multi.Generic ) - skipped by user
14:41:37.0828 0944	Smapint ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:41:37.0828 0944	TDSMAPI ( UnsignedFile.Multi.Generic ) - skipped by user
14:41:37.0828 0944	TDSMAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:41:37.0843 0944	TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user
14:41:37.0843 0944	TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:41:37.0843 0944	VClone ( UnsignedFile.Multi.Generic ) - skipped by user
14:41:37.0843 0944	VClone ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:41:37.0843 0944	\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:41:37.0843 0944	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

04.12.2011, 20:27	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	WIN XP SP3: TR/Spy.Banker.Gen2 , TR/Offend.6943020, JS/Agent.ala.1 und andere Weiß du noch noch in etwa was Malwarebytes gefunden hat? __________________ Logfiles bitte immer in CODE-Tags posten

WIN XP SP3: TR/Spy.Banker.Gen2 , TR/Offend.6943020, JS/Agent.ala.1 und andere

Log-Analyse und Auswertung: WIN XP SP3: TR/Spy.Banker.Gen2 , TR/Offend.6943020, JS/Agent.ala.1 und andere