Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bundespolizei Trojaner (https://www.trojaner-board.de/110988-bundespolizei-trojaner.html)

MaxiMax 08.03.2012 11:51
Ok! Da war ich wohl etwas vorschnell...wird gemacht, sobald ich heut wieder zuhause bin.
Gruß, Max

MaxiMax 08.03.2012 19:24
Also, hier das Logfile.

Code:
19:20:44.0150 1920        TDSS rootkit removing tool 2.7.19.0 Mar  5 2012 11:23:39
19:20:44.0251 1920        ============================================================
19:20:44.0251 1920        Current date / time: 2012/03/08 19:20:44.0251
19:20:44.0251 1920        SystemInfo:
19:20:44.0251 1920       
19:20:44.0251 1920        OS Version: 6.1.7601 ServicePack: 1.0
19:20:44.0251 1920        Product type: Workstation
19:20:44.0251 1920        ComputerName: MEANMACHINE
19:20:44.0251 1920        UserName: DerMax
19:20:44.0251 1920        Windows directory: C:\Windows
19:20:44.0251 1920        System windows directory: C:\Windows
19:20:44.0251 1920        Processor architecture: Intel x86
19:20:44.0251 1920        Number of processors: 2
19:20:44.0251 1920        Page size: 0x1000
19:20:44.0251 1920        Boot type: Normal boot
19:20:44.0251 1920        ============================================================
19:20:45.0923 1920        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
19:20:45.0957 1920        \Device\Harddisk0\DR0:
19:20:45.0957 1920        MBR used
19:20:45.0957 1920        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11EEF471
19:20:45.0959 1920        Initialize success
19:20:45.0959 1920        ============================================================
19:20:52.0709 5452        ============================================================
19:20:52.0709 5452        Scan started
19:20:52.0709 5452        Mode: Manual; SigCheck; TDLFS;
19:20:52.0709 5452        ============================================================
19:20:53.0138 5452        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
19:20:53.0200 5452        1394ohci - ok
19:20:53.0252 5452        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
19:20:53.0282 5452        ACPI - ok
19:20:53.0402 5452        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
19:20:53.0447 5452        AcpiPmi - ok
19:20:53.0585 5452        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:20:53.0613 5452        adp94xx - ok
19:20:53.0688 5452        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:20:53.0713 5452        adpahci - ok
19:20:53.0793 5452        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:20:53.0831 5452        adpu320 - ok
19:20:53.0917 5452        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
19:20:53.0951 5452        AFD - ok
19:20:54.0014 5452        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
19:20:54.0046 5452        agp440 - ok
19:20:54.0123 5452        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:20:54.0153 5452        aic78xx - ok
19:20:54.0258 5452        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
19:20:54.0277 5452        aliide - ok
19:20:54.0329 5452        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
19:20:54.0382 5452        amdagp - ok
19:20:54.0410 5452        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
19:20:54.0430 5452        amdide - ok
19:20:54.0524 5452        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:20:54.0559 5452        AmdK8 - ok
19:20:54.0625 5452        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:20:54.0658 5452        AmdPPM - ok
19:20:54.0758 5452        amdsata        (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
19:20:54.0791 5452        amdsata - ok
19:20:54.0920 5452        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:20:54.0974 5452        amdsbs - ok
19:20:55.0037 5452        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
19:20:55.0061 5452        amdxata - ok
19:20:55.0103 5452        ApfiltrService  (baaa6516aec2622b8fba6165ff5d68c2) C:\Windows\system32\DRIVERS\Apfiltr.sys
19:20:55.0144 5452        ApfiltrService - ok
19:20:55.0249 5452        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
19:20:55.0298 5452        AppID - ok
19:20:55.0439 5452        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:20:55.0472 5452        arc - ok
19:20:55.0522 5452        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:20:55.0556 5452        arcsas - ok
19:20:55.0641 5452        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:20:55.0701 5452        AsyncMac - ok
19:20:55.0762 5452        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
19:20:55.0782 5452        atapi - ok
19:20:55.0904 5452        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:20:55.0962 5452        b06bdrv - ok
19:20:56.0019 5452        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:20:56.0081 5452        b57nd60x - ok
19:20:56.0172 5452        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:20:56.0208 5452        Beep - ok
19:20:56.0400 5452        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:20:56.0437 5452        blbdrive - ok
19:20:56.0523 5452        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
19:20:56.0562 5452        bowser - ok
19:20:56.0628 5452        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:20:56.0670 5452        BrFiltLo - ok
19:20:56.0746 5452        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:20:56.0786 5452        BrFiltUp - ok
19:20:56.0855 5452        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:20:56.0896 5452        Brserid - ok
19:20:56.0968 5452        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:20:57.0008 5452        BrSerWdm - ok
19:20:57.0053 5452        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:20:57.0079 5452        BrUsbMdm - ok
19:20:57.0101 5452        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:20:57.0126 5452        BrUsbSer - ok
19:20:57.0245 5452        BthEnum        (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
19:20:57.0298 5452        BthEnum - ok
19:20:57.0400 5452        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:20:57.0441 5452        BTHMODEM - ok
19:20:57.0506 5452        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
19:20:57.0533 5452        BthPan - ok
19:20:57.0646 5452        BTHPORT        (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
19:20:57.0677 5452        BTHPORT - ok
19:20:57.0810 5452        BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
19:20:57.0849 5452        BTHUSB - ok
19:20:57.0955 5452        btusbflt        (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
19:20:58.0005 5452        btusbflt - ok
19:20:58.0132 5452        btwaudio        (f8b4f60768328faa2ffe2727f66809f8) C:\Windows\system32\drivers\btwaudio.sys
19:20:58.0168 5452        btwaudio - ok
19:20:58.0234 5452        btwavdt        (fa7446dd38de84d4988d1f2ebb854589) C:\Windows\system32\DRIVERS\btwavdt.sys
19:20:58.0267 5452        btwavdt - ok
19:20:58.0359 5452        btwl2cap        (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
19:20:58.0381 5452        btwl2cap - ok
19:20:58.0507 5452        btwrchid        (d5862fbc1cbc0404614fd9d85c8d880e) C:\Windows\system32\DRIVERS\btwrchid.sys
19:20:58.0525 5452        btwrchid - ok
19:20:58.0623 5452        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:20:58.0676 5452        cdfs - ok
19:20:58.0750 5452        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
19:20:58.0776 5452        cdrom - ok
19:20:58.0866 5452        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:20:58.0900 5452        circlass - ok
19:20:58.0954 5452        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:20:58.0989 5452        CLFS - ok
19:20:59.0102 5452        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:20:59.0149 5452        CmBatt - ok
19:20:59.0210 5452        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
19:20:59.0231 5452        cmdide - ok
19:20:59.0336 5452        CNG            (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
19:20:59.0373 5452        CNG - ok
19:20:59.0501 5452        CnxtHdAudService (e7f65666aea26f7585e5947a2f5d5218) C:\Windows\system32\drivers\CHDRTN32.sys
19:20:59.0536 5452        CnxtHdAudService - ok
19:20:59.0603 5452        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:20:59.0624 5452        Compbatt - ok
19:20:59.0716 5452        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
19:20:59.0750 5452        CompositeBus - ok
19:20:59.0858 5452        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:20:59.0879 5452        crcdisk - ok
19:20:59.0988 5452        CSC            (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
19:21:00.0019 5452        CSC - ok
19:21:00.0123 5452        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
19:21:00.0178 5452        DfsC - ok
19:21:00.0261 5452        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:21:00.0306 5452        discache - ok
19:21:00.0429 5452        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:21:00.0464 5452        Disk - ok
19:21:00.0620 5452        DozeHDD        (6d279bb0de1d8e34f454e1b353f4d738) C:\Windows\system32\DRIVERS\DozeHDD.sys
19:21:00.0642 5452        DozeHDD - ok
19:21:00.0757 5452        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:21:00.0779 5452        drmkaud - ok
19:21:00.0908 5452        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
19:21:00.0945 5452        DXGKrnl - ok
19:21:01.0149 5452        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:21:01.0228 5452        ebdrv - ok
19:21:01.0380 5452        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:21:01.0411 5452        elxstor - ok
19:21:01.0479 5452        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
19:21:01.0502 5452        ErrDev - ok
19:21:01.0591 5452        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:21:01.0635 5452        exfat - ok
19:21:01.0690 5452        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:21:01.0730 5452        fastfat - ok
19:21:01.0830 5452        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:21:01.0871 5452        fdc - ok
19:21:01.0924 5452        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:21:01.0973 5452        FileInfo - ok
19:21:02.0061 5452        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:21:02.0107 5452        Filetrace - ok
19:21:02.0152 5452        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:21:02.0179 5452        flpydisk - ok
19:21:02.0263 5452        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:21:02.0293 5452        FltMgr - ok
19:21:02.0361 5452        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:21:02.0392 5452        FsDepends - ok
19:21:02.0468 5452        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
19:21:02.0491 5452        Fs_Rec - ok
19:21:02.0578 5452        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
19:21:02.0616 5452        fvevol - ok
19:21:02.0701 5452        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:21:02.0733 5452        gagp30kx - ok
19:21:02.0922 5452        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:21:02.0950 5452        hcw85cir - ok
19:21:03.0030 5452        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
19:21:03.0061 5452        HdAudAddService - ok
19:21:03.0160 5452        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
19:21:03.0186 5452        HDAudBus - ok
19:21:03.0282 5452        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:21:03.0347 5452        HidBatt - ok
19:21:03.0467 5452        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:21:03.0499 5452        HidBth - ok
19:21:03.0537 5452        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:21:03.0570 5452        HidIr - ok
19:21:03.0663 5452        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
19:21:03.0693 5452        HidUsb - ok
19:21:03.0813 5452        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
19:21:03.0845 5452        HpSAMD - ok
19:21:03.0992 5452        HSF_DPV        (7aca9dbad8be6831c29676986c56da82) C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:21:04.0033 5452        HSF_DPV - ok
19:21:04.0172 5452        HSXHWAZL        (16d32741f8e4725e76455b64edcc9cf1) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
19:21:04.0203 5452        HSXHWAZL - ok
19:21:04.0286 5452        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
19:21:04.0339 5452        HTTP - ok
19:21:04.0423 5452        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
19:21:04.0451 5452        hwpolicy - ok
19:21:04.0532 5452        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
19:21:04.0606 5452        i8042prt - ok
19:21:04.0713 5452        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
19:21:04.0750 5452        iaStorV - ok
19:21:04.0854 5452        IBMPMDRV        (bf648877413f6160e480814a24942b65) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
19:21:04.0878 5452        IBMPMDRV - ok
19:21:05.0075 5452        igfx            (1f50623259df354776df04c56504a2d7) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:21:05.0172 5452        igfx - ok
19:21:05.0291 5452        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:21:05.0320 5452        iirsp - ok
19:21:05.0389 5452        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
19:21:05.0411 5452        intelide - ok
19:21:05.0499 5452        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:21:05.0538 5452        intelppm - ok
19:21:05.0587 5452        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:21:05.0651 5452        IpFilterDriver - ok
19:21:05.0747 5452        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
19:21:05.0791 5452        IPMIDRV - ok
19:21:05.0893 5452        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:21:05.0934 5452        IPNAT - ok
19:21:05.0990 5452        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:21:06.0017 5452        IRENUM - ok
19:21:06.0093 5452        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
19:21:06.0123 5452        isapnp - ok
19:21:06.0188 5452        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
19:21:06.0215 5452        iScsiPrt - ok
19:21:06.0255 5452        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
19:21:06.0286 5452        kbdclass - ok
19:21:06.0383 5452        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
19:21:06.0414 5452        kbdhid - ok
19:21:06.0530 5452        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
19:21:06.0565 5452        KSecDD - ok
19:21:06.0607 5452        KSecPkg        (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
19:21:06.0657 5452        KSecPkg - ok
19:21:06.0798 5452        lenovo.smi      (9aac267a225f3caebb9e633f7eb16e4b) C:\Windows\system32\DRIVERS\smiif32.sys
19:21:06.0817 5452        lenovo.smi - ok
19:21:06.0908 5452        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:21:06.0956 5452        lltdio - ok
19:21:07.0063 5452        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:21:07.0100 5452        LSI_FC - ok
19:21:07.0212 5452        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:21:07.0248 5452        LSI_SAS - ok
19:21:07.0363 5452        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:21:07.0392 5452        LSI_SAS2 - ok
19:21:07.0500 5452        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:21:07.0539 5452        LSI_SCSI - ok
19:21:07.0652 5452        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:21:07.0708 5452        luafv - ok
19:21:07.0817 5452        mdmxsdk        (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:21:07.0839 5452        mdmxsdk - ok
19:21:07.0887 5452        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:21:07.0912 5452        megasas - ok
19:21:08.0015 5452        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:21:08.0042 5452        MegaSR - ok
19:21:08.0148 5452        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:21:08.0191 5452        Modem - ok
19:21:08.0291 5452        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:21:08.0321 5452        monitor - ok
19:21:08.0390 5452        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
19:21:08.0421 5452        mouclass - ok
19:21:08.0532 5452        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:21:08.0562 5452        mouhid - ok
19:21:08.0670 5452        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
19:21:08.0711 5452        mountmgr - ok
19:21:08.0802 5452        MpFilter        (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
19:21:08.0838 5452        MpFilter - ok
19:21:08.0919 5452        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
19:21:09.0006 5452        mpio - ok
19:21:09.0160 5452        MpKslcbc0b04b  (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D16D336-C2BD-4DD8-A3C7-45F383D425E6}\MpKslcbc0b04b.sys
19:21:09.0188 5452        MpKslcbc0b04b - ok
19:21:09.0332 5452        MpNWMon        (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
19:21:09.0360 5452        MpNWMon - ok
19:21:09.0460 5452        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:21:09.0511 5452        mpsdrv - ok
19:21:09.0628 5452        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
19:21:09.0660 5452        MRxDAV - ok
19:21:09.0736 5452        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:21:09.0765 5452        mrxsmb - ok
19:21:09.0820 5452        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:21:09.0850 5452        mrxsmb10 - ok
19:21:09.0953 5452        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:21:10.0000 5452        mrxsmb20 - ok
19:21:10.0063 5452        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
19:21:10.0085 5452        msahci - ok
19:21:10.0199 5452        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
19:21:10.0228 5452        msdsm - ok
19:21:10.0346 5452        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:21:10.0386 5452        Msfs - ok
19:21:10.0485 5452        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:21:10.0520 5452        mshidkmdf - ok
19:21:10.0640 5452        MSHUSBVideo    (29e0ec2a9dc4c7913657a51dfff97856) C:\Windows\system32\Drivers\nx6000.sys
19:21:10.0665 5452        MSHUSBVideo - ok
19:21:10.0778 5452        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
19:21:10.0797 5452        msisadrv - ok
19:21:10.0915 5452        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:21:10.0951 5452        MSKSSRV - ok
19:21:11.0089 5452        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:21:11.0124 5452        MSPCLOCK - ok
19:21:11.0243 5452        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:21:11.0279 5452        MSPQM - ok
19:21:11.0384 5452        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:21:11.0438 5452        MsRPC - ok
19:21:11.0533 5452        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
19:21:11.0561 5452        mssmbios - ok
19:21:11.0630 5452        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:21:11.0664 5452        MSTEE - ok
19:21:11.0692 5452        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:21:11.0716 5452        MTConfig - ok
19:21:11.0775 5452        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:21:11.0808 5452        Mup - ok
19:21:11.0885 5452        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:21:11.0917 5452        NativeWifiP - ok
19:21:12.0038 5452        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
19:21:12.0083 5452        NDIS - ok
19:21:12.0203 5452        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:21:12.0245 5452        NdisCap - ok
19:21:12.0365 5452        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:21:12.0410 5452        NdisTapi - ok
19:21:12.0538 5452        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
19:21:12.0584 5452        Ndisuio - ok
19:21:12.0698 5452        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
19:21:12.0736 5452        NdisWan - ok
19:21:12.0853 5452        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
19:21:12.0900 5452        NDProxy - ok
19:21:12.0977 5452        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:21:13.0023 5452        NetBIOS - ok
19:21:13.0117 5452        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
19:21:13.0185 5452        NetBT - ok
19:21:13.0415 5452        netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
19:21:13.0507 5452        netw5v32 - ok
19:21:13.0633 5452        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:21:13.0661 5452        nfrd960 - ok
19:21:13.0766 5452        NisDrv          (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:21:13.0801 5452        NisDrv - ok
19:21:13.0937 5452        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:21:13.0981 5452        Npfs - ok
19:21:14.0088 5452        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:21:14.0126 5452        nsiproxy - ok
19:21:14.0268 5452        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
19:21:14.0424 5452        Ntfs - ok
19:21:14.0543 5452        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:21:14.0577 5452        Null - ok
19:21:14.0686 5452        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
19:21:14.0729 5452        nvraid - ok
19:21:14.0836 5452        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
19:21:14.0880 5452        nvstor - ok
19:21:14.0978 5452        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
19:21:15.0006 5452        nv_agp - ok
19:21:15.0064 5452        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
19:21:15.0098 5452        ohci1394 - ok
19:21:15.0200 5452        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:21:15.0245 5452        Parport - ok
19:21:15.0360 5452        partmgr        (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
19:21:15.0394 5452        partmgr - ok
19:21:15.0492 5452        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:21:15.0515 5452        Parvdm - ok
19:21:15.0624 5452        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
19:21:15.0650 5452        pci - ok
19:21:15.0741 5452        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
19:21:15.0759 5452        pciide - ok
19:21:15.0821 5452        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:21:15.0848 5452        pcmcia - ok
19:21:15.0869 5452        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:21:15.0899 5452        pcw - ok
19:21:15.0989 5452        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:21:16.0037 5452        PEAUTH - ok
19:21:16.0237 5452        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:21:16.0293 5452        PptpMiniport - ok
19:21:16.0401 5452        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:21:16.0433 5452        Processor - ok
19:21:16.0544 5452        psadd          (72de205cd4006dc45b1401859c506679) C:\Windows\system32\DRIVERS\psadd.sys
19:21:16.0568 5452        psadd - ok
19:21:16.0636 5452        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:21:16.0692 5452        Psched - ok
19:21:16.0840 5452        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:21:16.0885 5452        ql2300 - ok
19:21:16.0998 5452        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:21:17.0041 5452        ql40xx - ok
19:21:17.0156 5452        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:21:17.0190 5452        QWAVEdrv - ok
19:21:17.0292 5452        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:21:17.0335 5452        RasAcd - ok
19:21:17.0440 5452        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:21:17.0488 5452        RasAgileVpn - ok
19:21:17.0566 5452        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:21:17.0622 5452        Rasl2tp - ok
19:21:17.0715 5452        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:21:17.0754 5452        RasPppoe - ok
19:21:17.0881 5452        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:21:17.0934 5452        RasSstp - ok
19:21:18.0049 5452        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
19:21:18.0094 5452        rdbss - ok
19:21:18.0149 5452        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:21:18.0177 5452        rdpbus - ok
19:21:18.0222 5452        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:21:18.0254 5452        RDPCDD - ok
19:21:18.0333 5452        RDPDR          (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
19:21:18.0366 5452        RDPDR - ok
19:21:18.0429 5452        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:21:18.0462 5452        RDPENCDD - ok
19:21:18.0535 5452        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:21:18.0568 5452        RDPREFMP - ok
19:21:18.0675 5452        RDPWD          (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
19:21:18.0740 5452        RDPWD - ok
19:21:18.0830 5452        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
19:21:18.0888 5452        rdyboost - ok
19:21:18.0974 5452        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
19:21:19.0003 5452        RFCOMM - ok
19:21:19.0082 5452        rimmptsk        (d65ac8797f0286ed269500747d6290a4) C:\Windows\system32\DRIVERS\rimmptsk.sys
19:21:19.0114 5452        rimmptsk - ok
19:21:19.0197 5452        rimsptsk        (49ec82b44eb93374ed9988da7e0e0151) C:\Windows\system32\DRIVERS\rimsptsk.sys
19:21:19.0228 5452        rimsptsk - ok
19:21:19.0279 5452        rismxdp        (3f400c3ccd0818858602ddb37b5de719) C:\Windows\system32\DRIVERS\rixdptsk.sys
19:21:19.0309 5452        rismxdp - ok
19:21:19.0416 5452        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:21:19.0469 5452        rspndr - ok
19:21:19.0571 5452        s1018bus        (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\Windows\system32\DRIVERS\s1018bus.sys
19:21:19.0611 5452        s1018bus - ok
19:21:19.0716 5452        s1018mdfl      (38f5ea219593f19b6b3a1b9c169e3b61) C:\Windows\system32\DRIVERS\s1018mdfl.sys
19:21:19.0736 5452        s1018mdfl - ok
19:21:19.0851 5452        s1018mdm        (666af6b64fc7df92d3ca4819ea91631d) C:\Windows\system32\DRIVERS\s1018mdm.sys
19:21:19.0896 5452        s1018mdm - ok
19:21:20.0009 5452        s1018mgmt      (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\Windows\system32\DRIVERS\s1018mgmt.sys
19:21:20.0086 5452        s1018mgmt ( UnsignedFile.Multi.Generic ) - warning
19:21:20.0087 5452        s1018mgmt - detected UnsignedFile.Multi.Generic (1)
19:21:20.0193 5452        s1018nd5        (3622d9ff2253dcbe885b10736609a4ca) C:\Windows\system32\DRIVERS\s1018nd5.sys
19:21:20.0214 5452        s1018nd5 - ok
19:21:20.0288 5452        s1018obex      (49431efda842b474531c29ffae9f5d09) C:\Windows\system32\DRIVERS\s1018obex.sys
19:21:20.0331 5452        s1018obex - ok
19:21:20.0414 5452        s1018unic      (ac6b514cb4474f4c867d7cdc9cd54f05) C:\Windows\system32\DRIVERS\s1018unic.sys
19:21:20.0458 5452        s1018unic - ok
19:21:20.0564 5452        s3cap          (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
19:21:20.0586 5452        s3cap - ok
19:21:20.0699 5452        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
19:21:20.0741 5452        sbp2port - ok
19:21:20.0900 5452        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
19:21:20.0939 5452        scfilter - ok
19:21:21.0005 5452        sdbus          (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
19:21:21.0034 5452        sdbus - ok
19:21:21.0129 5452        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:21:21.0169 5452        secdrv - ok
19:21:21.0283 5452        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:21:21.0309 5452        Serenum - ok
19:21:21.0415 5452        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:21:21.0473 5452        Serial - ok
19:21:21.0581 5452        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:21:21.0606 5452        sermouse - ok
19:21:21.0670 5452        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
19:21:21.0693 5452        sffdisk - ok
19:21:21.0717 5452        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
19:21:21.0741 5452        sffp_mmc - ok
19:21:21.0821 5452        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
19:21:21.0847 5452        sffp_sd - ok
19:21:21.0907 5452        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:21:21.0931 5452        sfloppy - ok
19:21:21.0979 5452        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
19:21:22.0010 5452        sisagp - ok
19:21:22.0121 5452        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:21:22.0151 5452        SiSRaid2 - ok
19:21:22.0255 5452        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:21:22.0288 5452        SiSRaid4 - ok
19:21:22.0408 5452        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:21:22.0464 5452        Smb - ok
19:21:22.0545 5452        smihlp          (3c4a61ccb2cf32ed6e09f559b4adb6cf) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
19:21:22.0568 5452        smihlp - ok
19:21:22.0697 5452        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:21:22.0719 5452        spldr - ok
19:21:22.0872 5452        sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
19:21:23.0565 5452        sptd - ok
19:21:23.0720 5452        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
19:21:23.0754 5452        srv - ok
19:21:23.0880 5452        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
19:21:23.0909 5452        srv2 - ok
19:21:23.0979 5452        SrvHsfHDA      (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:21:24.0011 5452        SrvHsfHDA - ok
19:21:24.0123 5452        SrvHsfV92      (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
19:21:24.0164 5452        SrvHsfV92 - ok
19:21:24.0302 5452        SrvHsfWinac    (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
19:21:24.0340 5452        SrvHsfWinac - ok
19:21:24.0440 5452        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
19:21:24.0469 5452        srvnet - ok
19:21:24.0546 5452        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:21:24.0568 5452        stexstor - ok
19:21:24.0657 5452        storflt        (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
19:21:24.0687 5452        storflt - ok
19:21:24.0794 5452        storvsc        (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
19:21:24.0819 5452        storvsc - ok
19:21:24.0904 5452        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
19:21:24.0924 5452        swenum - ok
19:21:25.0048 5452        Tcpip          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
19:21:25.0100 5452        Tcpip - ok
19:21:25.0259 5452        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
19:21:25.0309 5452        TCPIP6 - ok
19:21:25.0442 5452        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
19:21:25.0485 5452        tcpipreg - ok
19:21:25.0584 5452        TcUsb          (72b9e77565da5fa564581976e000d29b) C:\Windows\system32\Drivers\tcusb.sys
19:21:25.0614 5452        TcUsb - ok
19:21:25.0726 5452        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
19:21:25.0763 5452        TDPIPE - ok
19:21:25.0808 5452        TDTCP          (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
19:21:25.0860 5452        TDTCP - ok
19:21:25.0954 5452        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
19:21:26.0011 5452        tdx - ok
19:21:26.0115 5452        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
19:21:26.0151 5452        TermDD - ok
19:21:26.0310 5452        TPM            (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
19:21:26.0339 5452        TPM - ok
19:21:26.0465 5452        TPPWRIF        (c16ec6a5390904d3971179553852025b) C:\Windows\system32\drivers\Tppwr32v.sys
19:21:26.0483 5452        TPPWRIF - ok
19:21:26.0602 5452        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:21:26.0642 5452        tssecsrv - ok
19:21:26.0760 5452        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
19:21:26.0795 5452        TsUsbFlt - ok
19:21:26.0920 5452        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
19:21:26.0959 5452        tunnel - ok
19:21:27.0017 5452        TVTI2C          (cac5d5979850c9ad41a88033013bc806) C:\Windows\system32\DRIVERS\Tvti2c.sys
19:21:27.0042 5452        TVTI2C - ok
19:21:27.0074 5452        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:21:27.0109 5452        uagp35 - ok
19:21:27.0206 5452        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
19:21:27.0245 5452        udfs - ok
19:21:27.0332 5452        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
19:21:27.0366 5452        uliagpkx - ok
19:21:27.0396 5452        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
19:21:27.0429 5452        umbus - ok
19:21:27.0494 5452        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:21:27.0516 5452        UmPass - ok
19:21:27.0585 5452        usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
19:21:27.0629 5452        usbaudio - ok
19:21:27.0685 5452        usbbus          (5353218b3265e3b8190335059f697a11) C:\Windows\system32\DRIVERS\lgusbbus.sys
19:21:27.0706 5452        usbbus - ok
19:21:27.0774 5452        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
19:21:27.0814 5452        usbccgp - ok
19:21:27.0881 5452        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
19:21:27.0906 5452        usbcir - ok
19:21:27.0961 5452        UsbDiag        (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\Windows\system32\DRIVERS\lgusbdiag.sys
19:21:27.0983 5452        UsbDiag - ok
19:21:28.0057 5452        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
19:21:28.0090 5452        usbehci - ok
19:21:28.0144 5452        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
19:21:28.0175 5452        usbhub - ok
19:21:28.0275 5452        USBModem        (083031a78822eccbd7510bccd3e20d4c) C:\Windows\system32\DRIVERS\lgusbmodem.sys
19:21:28.0300 5452        USBModem - ok
19:21:28.0364 5452        usbohci        (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
19:21:28.0390 5452        usbohci - ok
19:21:28.0412 5452        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:21:28.0441 5452        usbprint - ok
19:21:28.0562 5452        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
19:21:28.0597 5452        usbscan - ok
19:21:28.0699 5452        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:21:28.0742 5452        USBSTOR - ok
19:21:28.0838 5452        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
19:21:28.0865 5452        usbuhci - ok
19:21:28.0940 5452        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
19:21:28.0972 5452        usbvideo - ok
19:21:29.0056 5452        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
19:21:29.0081 5452        vdrvroot - ok
19:21:29.0152 5452        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:21:29.0180 5452        vga - ok
19:21:29.0207 5452        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:21:29.0247 5452        VgaSave - ok
19:21:29.0319 5452        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
19:21:29.0346 5452        vhdmp - ok
19:21:29.0462 5452        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
19:21:29.0494 5452        viaagp - ok
19:21:29.0561 5452        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:21:29.0594 5452        ViaC7 - ok
19:21:29.0666 5452        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
19:21:29.0725 5452        viaide - ok
19:21:29.0803 5452        vmbus          (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
19:21:29.0849 5452        vmbus - ok
19:21:29.0938 5452        VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
19:21:29.0962 5452        VMBusHID - ok
19:21:30.0050 5452        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
19:21:30.0082 5452        volmgr - ok
19:21:30.0151 5452        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:21:30.0178 5452        volmgrx - ok
19:21:30.0220 5452        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
19:21:30.0248 5452        volsnap - ok
19:21:30.0344 5452        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:21:30.0390 5452        vsmraid - ok
19:21:30.0439 5452        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
19:21:30.0468 5452        vwifibus - ok
19:21:30.0505 5452        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:21:30.0531 5452        WacomPen - ok
19:21:30.0643 5452        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:21:30.0696 5452        WANARP - ok
19:21:30.0700 5452        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:21:30.0755 5452        Wanarpv6 - ok
19:21:30.0885 5452        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:21:30.0906 5452        Wd - ok
19:21:30.0959 5452        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:21:30.0991 5452        Wdf01000 - ok
19:21:31.0091 5452        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:21:31.0127 5452        WfpLwf - ok
19:21:31.0161 5452        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:21:31.0183 5452        WIMMount - ok
19:21:31.0225 5452        winachsf        (65445280effba80c73de3c8578b70974) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:21:31.0260 5452        winachsf - ok
19:21:31.0404 5452        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys
19:21:31.0454 5452        WinUsb - ok
19:21:31.0581 5452        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
19:21:31.0606 5452        WmiAcpi - ok
19:21:31.0765 5452        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:21:31.0803 5452        ws2ifsl - ok
19:21:31.0884 5452        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
19:21:31.0941 5452        WudfPf - ok
19:21:32.0045 5452        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:21:32.0084 5452        WUDFRd - ok
19:21:32.0197 5452        XAudio          (7e46367b80600d04dd83f41ef1c860df) C:\Windows\system32\DRIVERS\xaudio.sys
19:21:32.0217 5452        XAudio - ok
19:21:32.0335 5452        MBR (0x1B8)    (e77f725e68ee1df1d03146569de28e1d) \Device\Harddisk0\DR0
19:21:32.0450 5452        \Device\Harddisk0\DR0 - ok
19:21:32.0454 5452        Boot (0x1200)  (37db130c8f2d66142b39400eb0767ea8) \Device\Harddisk0\DR0\Partition0
19:21:32.0455 5452        \Device\Harddisk0\DR0\Partition0 - ok
19:21:32.0456 5452        ============================================================
19:21:32.0456 5452        Scan finished
19:21:32.0456 5452        ============================================================
19:21:32.0466 4740        Detected object count: 1
19:21:32.0466 4740        Actual detected object count: 1
19:21:39.0611 4740        s1018mgmt ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:39.0611 4740        s1018mgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
Gruß, Max

cosinus 08.03.2012 20:10
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

MaxiMax 09.03.2012 08:28
Guten Morgen,

hier das Combofix Log.

Code:
ComboFix 12-03-08.04 - DerMax 09.03.2012  1:44.1.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.2038.1177 [GMT 1:00]
ausgeführt von:: c:\users\DerMax\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\DerMax\AppData\Local\lame_enc.dll
c:\users\DerMax\AppData\Local\no23xwrapper.dll
c:\users\DerMax\AppData\Local\ogg.dll
c:\users\DerMax\AppData\Local\vorbis.dll
c:\users\DerMax\AppData\Local\vorbisenc.dll
c:\users\DerMax\AppData\Local\vorbisfile.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-09 bis 2012-03-09  ))))))))))))))))))))))))))))))
.
.
2012-03-09 00:36 . 2012-02-08 06:03        6552120        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8DB8D718-2CB5-426E-A453-0A4C90841843}\mpengine.dll
2012-03-08 18:08 . 2012-03-08 18:08        --------        d-----w-        c:\program files\PriceGong
2012-03-07 20:24 . 2010-09-07 13:09        13680        ----a-w-        c:\windows\system32\drivers\smiif32.sys
2012-03-07 20:23 . 2012-03-07 20:23        --------        d-----w-        c:\program files\Common Files\SPBA
2012-03-07 15:40 . 2012-03-07 15:40        --------        d-----w-        C:\_OTL
2012-03-07 07:26 . 2012-03-07 07:26        --------        d-----w-        c:\program files\ESET
2012-03-06 22:20 . 2012-03-06 22:20        --------        d-----w-        c:\windows\Sun
2012-03-05 12:52 . 2012-03-05 12:52        --------        d-----w-        c:\users\DerMax\AppData\Roaming\Malwarebytes
2012-03-05 12:52 . 2012-03-05 12:52        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-03-05 12:52 . 2012-03-05 12:52        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-05 12:52 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-04 23:38 . 2012-03-04 23:39        --------        d-----w-        c:\users\DerMax\AppData\Roaming\kodak
2012-02-15 07:39 . 2011-12-30 05:27        478720        ----a-w-        c:\windows\system32\timedate.cpl
2012-02-15 07:39 . 2011-12-16 07:52        690688        ----a-w-        c:\windows\system32\msvcrt.dll
2012-02-15 07:39 . 2012-01-04 08:58        442880        ----a-w-        c:\windows\system32\ntshrui.dll
2012-02-15 07:39 . 2012-01-14 03:35        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-02-10 12:07 . 2012-02-10 12:07        713784        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{642CADAF-A371-49C3-B939-A6ABDB1A11A1}\gapaengine.dll
2012-02-09 18:15 . 2007-08-21 12:32        98304        ----a-w-        c:\windows\system32\redmonnt.dll
2012-02-09 17:28 . 1998-09-14 15:41        285216        ----a-w-        c:\windows\system32\drivers\Onsio.sys
2012-02-09 17:28 . 1998-08-01 19:00        60928        ----a-w-        c:\windows\system32\drivers\Smplscsi.sys
2012-02-09 17:28 . 1997-02-14 20:10        7680        ----a-w-        c:\windows\system32\drivers\Onsreged.sys
2012-02-09 17:28 . 2012-02-09 17:28        --------        d-----w-        C:\Kpcms
2012-02-09 17:28 . 2012-02-09 17:29        --------        d-----w-        c:\program files\ScanWizard 5
2012-02-09 17:28 . 2000-01-04 05:39        212992        ----a-w-        c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-05 21:20 . 2012-03-05 21:20        89570        ----a-w-        c:\windows\system32\hkcmd.zip
2012-02-21 19:01 . 2011-05-22 11:40        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-08 06:03 . 2009-11-22 00:18        6552120        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2009-11-20 23:46        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-01-23 02:06 . 2011-06-26 13:00        527424        ------w-        c:\windows\PWMBTHLV.EXE
2012-01-23 02:06 . 2011-06-26 12:59        834624        ------w-        c:\windows\system32\PWMCP32V.cpl
2012-01-23 02:06 . 2011-06-26 12:59        25968        ------w-        c:\windows\system32\drivers\DOZEHDD.SYS
2012-01-23 02:06 . 2011-06-26 12:59        13424        ------w-        c:\windows\system32\drivers\TPPWR32V.SYS
2012-02-19 13:03 . 2011-03-23 17:43        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2012-01-23 1322048]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-12-02 176128]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 55624]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-8-5 804128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2011-07-14 15:48        100680        ----a-w-        c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk
backup=c:\windows\pss\Scanner Finder.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07        843712        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51        37296        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2009-12-02 23:19        176128        ----a-w-        c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22        59240        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57        369200        ----a-w-        c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45        1164584        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-08-07 01:15        141848        ----a-w-        c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LENOVO.TPFNF6R]
2009-08-20 17:38        62752        ----a-w-        c:\program files\Lenovo\HOTKEY\tpfnf6r.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2009-07-24 23:05        118640        ----a-w-        c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-08-07 01:15        150552        ----a-w-        c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2011-07-14 14:46        55624        ----a-w-        c:\program files\ThinkVantage Fingerprint Software\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWMTRV]
2012-01-23 02:06        1322048        ----a-w-        c:\progra~2\ThinkPad\UTILIT~1\PWMTR32V.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17        1174016        ----a-w-        c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06        254696        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
2011-07-12 17:03        69568        ----a-w-        c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2011-08-05 10:29        159456        ----a-w-        c:\program files\Zune\ZuneLauncher.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 136176]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2012-01-23 292200]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2009-07-24 30560]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2012-01-23 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2012-01-23 175168]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1343400]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 268512]
R4 ApRunSvc;Alps Application Launcher Service;c:\program files\Apoint2K\ApRunSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-07 691696]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2012-01-23 25968]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 127336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-30 11976]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 131432]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-08-18 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-08-18 29472]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 17:46]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 17:46]
.
2012-02-21 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2012-03-09 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\DerMax\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\DerMax\AppData\Roaming\Mozilla\Firefox\Profiles\foct8zfa.default\
FF - prefs.js: browser.startup.homepage - chrome://superstart/content/index.html
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-HotKeysCmds - c:\windows\system32\hkcmd.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2325422704-4038905648-3740114079-1000\Software\SecuROM\License information*]
"datasecu"=hex:1d,25,3b,fc,50,3b,69,fa,45,b4,db,74,45,ca,8f,ad,f3,f8,95,68,3b,
  4a,02,2d,a5,18,2a,06,7b,80,91,67,9c,6a,79,9e,f7,45,89,0e,bb,bf,9a,65,13,71,\
"rkeysecu"=hex:a5,b5,4e,17,2f,f7,20,15,19,d7,f0,9b,e5,97,83,a8
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(568)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'Explorer.exe'(3884)
c:\program files\PC-Doctor\PcdToolbar584923.dll
c:\program files\ThinkPad\Utilities\PWMTR32V.DLL
c:\progra~2\ThinkPad\UTILIT~1\GR\PWMRT32V.DLL
c:\progra~2\ThinkPad\UTILIT~1\PWMIF32V.DLL
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\WUDFHost.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~2\LENOVO\VIRTSCRL\virtscrl.exe
c:\windows\system32\taskhost.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-09  08:22:44 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-09 07:22
.
Vor Suchlauf: 17 Verzeichnis(se), 63.405.760.512 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 62.671.544.320 Bytes frei
.
- - End Of File - - 078D2527C8609BD52BB3994B1748857D

cosinus 09.03.2012 09:49
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Folder::
c:\program files\PriceGong
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

MaxiMax 09.03.2012 10:44
Bitteschön, das Combofix Log

Code:
ComboFix 12-03-08.04 - DerMax 09.03.2012  10:09:44.2.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.2038.1281 [GMT 1:00]
ausgeführt von:: c:\users\DerMax\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\DerMax\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\PriceGong
c:\program files\PriceGong\2.6.3\PriceGong.crx
c:\program files\PriceGong\2.6.3\PriceGongIE.dll
c:\program files\PriceGong\uninst.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-09 bis 2012-03-09  ))))))))))))))))))))))))))))))
.
.
2012-03-09 09:24 . 2012-03-09 09:24        --------        d-----w-        c:\users\DerMax\AppData\Local\temp
2012-03-09 09:24 . 2012-03-09 09:24        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-03-09 07:25 . 2012-02-08 06:03        6552120        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D5D452A-77F7-49B8-B954-36D572972C80}\mpengine.dll
2012-03-07 20:24 . 2010-09-07 13:09        13680        ----a-w-        c:\windows\system32\drivers\smiif32.sys
2012-03-07 20:23 . 2012-03-07 20:23        --------        d-----w-        c:\program files\Common Files\SPBA
2012-03-07 15:40 . 2012-03-07 15:40        --------        d-----w-        C:\_OTL
2012-03-07 07:26 . 2012-03-07 07:26        --------        d-----w-        c:\program files\ESET
2012-03-06 22:20 . 2012-03-06 22:20        --------        d-----w-        c:\windows\Sun
2012-03-05 12:52 . 2012-03-05 12:52        --------        d-----w-        c:\users\DerMax\AppData\Roaming\Malwarebytes
2012-03-05 12:52 . 2012-03-05 12:52        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-03-05 12:52 . 2012-03-05 12:52        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-05 12:52 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-04 23:38 . 2012-03-04 23:39        --------        d-----w-        c:\users\DerMax\AppData\Roaming\kodak
2012-02-15 07:39 . 2011-12-30 05:27        478720        ----a-w-        c:\windows\system32\timedate.cpl
2012-02-15 07:39 . 2011-12-16 07:52        690688        ----a-w-        c:\windows\system32\msvcrt.dll
2012-02-15 07:39 . 2012-01-04 08:58        442880        ----a-w-        c:\windows\system32\ntshrui.dll
2012-02-15 07:39 . 2012-01-14 03:35        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-02-10 12:07 . 2012-02-10 12:07        713784        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{642CADAF-A371-49C3-B939-A6ABDB1A11A1}\gapaengine.dll
2012-02-09 18:15 . 2007-08-21 12:32        98304        ----a-w-        c:\windows\system32\redmonnt.dll
2012-02-09 17:28 . 1998-09-14 15:41        285216        ----a-w-        c:\windows\system32\drivers\Onsio.sys
2012-02-09 17:28 . 1998-08-01 19:00        60928        ----a-w-        c:\windows\system32\drivers\Smplscsi.sys
2012-02-09 17:28 . 1997-02-14 20:10        7680        ----a-w-        c:\windows\system32\drivers\Onsreged.sys
2012-02-09 17:28 . 2012-02-09 17:28        --------        d-----w-        C:\Kpcms
2012-02-09 17:28 . 2012-02-09 17:29        --------        d-----w-        c:\program files\ScanWizard 5
2012-02-09 17:28 . 2000-01-04 05:39        212992        ----a-w-        c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-05 21:20 . 2012-03-05 21:20        89570        ----a-w-        c:\windows\system32\hkcmd.zip
2012-02-21 19:01 . 2011-05-22 11:40        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-08 06:03 . 2009-11-22 00:18        6552120        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2009-11-20 23:46        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-01-23 02:06 . 2011-06-26 13:00        527424        ------w-        c:\windows\PWMBTHLV.EXE
2012-01-23 02:06 . 2011-06-26 12:59        834624        ------w-        c:\windows\system32\PWMCP32V.cpl
2012-01-23 02:06 . 2011-06-26 12:59        25968        ------w-        c:\windows\system32\drivers\DOZEHDD.SYS
2012-01-23 02:06 . 2011-06-26 12:59        13424        ------w-        c:\windows\system32\drivers\TPPWR32V.SYS
2012-02-19 13:03 . 2011-03-23 17:43        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2012-01-23 1322048]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-12-02 176128]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 55624]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-8-5 804128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2011-07-14 15:48        100680        ----a-w-        c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk
backup=c:\windows\pss\Scanner Finder.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07        843712        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51        37296        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2009-12-02 23:19        176128        ----a-w-        c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22        59240        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57        369200        ----a-w-        c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45        1164584        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-08-07 01:15        141848        ----a-w-        c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LENOVO.TPFNF6R]
2009-08-20 17:38        62752        ----a-w-        c:\program files\Lenovo\HOTKEY\tpfnf6r.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2009-07-24 23:05        118640        ----a-w-        c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-08-07 01:15        150552        ----a-w-        c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2011-07-14 14:46        55624        ----a-w-        c:\program files\ThinkVantage Fingerprint Software\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWMTRV]
2012-01-23 02:06        1322048        ----a-w-        c:\progra~2\ThinkPad\UTILIT~1\PWMTR32V.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17        1174016        ----a-w-        c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06        254696        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
2011-07-12 17:03        69568        ----a-w-        c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2011-08-05 10:29        159456        ----a-w-        c:\program files\Zune\ZuneLauncher.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 136176]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 136176]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2009-07-24 30560]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2012-01-23 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2012-01-23 175168]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1343400]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 268512]
R4 ApRunSvc;Alps Application Launcher Service;c:\program files\Apoint2K\ApRunSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-07 691696]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2012-01-23 25968]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 127336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-30 11976]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 131432]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-08-18 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-08-18 29472]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2012-01-23 292200]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 17:46]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 17:46]
.
2012-02-21 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2012-03-09 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\DerMax\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\DerMax\AppData\Roaming\Mozilla\Firefox\Profiles\foct8zfa.default\
FF - prefs.js: browser.startup.homepage - chrome://superstart/content/index.html
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-PriceGong - c:\program files\PriceGong\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2325422704-4038905648-3740114079-1000\Software\SecuROM\License information*]
"datasecu"=hex:1d,25,3b,fc,50,3b,69,fa,45,b4,db,74,45,ca,8f,ad,f3,f8,95,68,3b,
  4a,02,2d,a5,18,2a,06,7b,80,91,67,9c,6a,79,9e,f7,45,89,0e,bb,bf,9a,65,13,71,\
"rkeysecu"=hex:a5,b5,4e,17,2f,f7,20,15,19,d7,f0,9b,e5,97,83,a8
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(568)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
Zeit der Fertigstellung: 2012-03-09  10:25:46
ComboFix-quarantined-files.txt  2012-03-09 09:25
ComboFix2.txt  2012-03-09 07:22
.
Vor Suchlauf: 21 Verzeichnis(se), 62.728.560.640 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 62.672.936.960 Bytes frei
.
- - End Of File - - 2AE03A6A83E28C62447BE5D2CB5C5BF2

cosinus 09.03.2012 11:30
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

MaxiMax 09.03.2012 14:02
Also, hier schonmal die Logs von Gmer und Osam. Das aswMBR ist irgendwann hängengeblieben. Ich werde das heute Abend nochmal laufen lassen und dir dann das Log schicken. Muss jetzt los.

Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-09 12:43:15
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 HITACHI_HTS542516K9SA00 rev.BBCZC3HP
Running: t3pf7xqy.exe; Driver: C:\Users\DerMax\AppData\Local\Temp\fwlcipow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKey + 13D1                                                                                      82C5D369 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82C96D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\System32\rundll32.exe[3352] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]              [7562FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3352] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                [7562FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]              [7562FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3352] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]            [7562FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]              [7562FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3924] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                [7562FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]              [7562FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3924] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]            [7562FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3924] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]              [7562FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000057                                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe1ee809c                                       
Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe1ee809c@6c0e0d3d04e0                            0x31 0x06 0x1E 0x95 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe1ee809c@f8db7fcdec04                            0xCD 0x0E 0x3F 0x28 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                0xD4 0xC3 0x97 0x02 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x80 0x00 0x43 0xC0 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0x14 0x7B 0x0D 0xE8 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x7D 0x65 0xF3 0xCF ...
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe1ee809c (not active ControlSet)                   
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe1ee809c@6c0e0d3d04e0                                0x31 0x06 0x1E 0x95 ...
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe1ee809c@f8db7fcdec04                                0xCD 0x0E 0x3F 0x28 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                    0xD4 0xC3 0x97 0x02 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x80 0x00 0x43 0xC0 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0x14 0x7B 0x0D 0xE8 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x7D 0x65 0xF3 0xCF ...

---- EOF - GMER 1.0.15 ----

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:51:14 on 09.03.2012

OS: Windows 7  Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 10.0.2

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"PCDoctorBackgroundMonitorTask.job" - "PC-Doctor, Inc." - C:\Program Files\PC-Doctor\uaclauncher.exe
"SystemToolsDailyTest.job" - "PC-Doctor, Inc." - C:\Program Files\PC-Doctor\uaclauncher.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"PWMCP32V.cpl" - "Lenovo Group Limited" - C:\Windows\system32\PWMCP32V.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\Users\DerMax\AppData\Local\Temp\catchme.sys  (File not found)
"DozeHDD" (DozeHDD) - "Lenovo." - C:\Windows\System32\DRIVERS\DozeHDD.sys
"fwlcipow" (fwlcipow) - ? - C:\Users\DerMax\AppData\Local\Temp\fwlcipow.sys  (Hidden registry entry, rootkit activity | File not found)
"Sony Ericsson Device 1018 driver (WDM)" (s1018bus) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1018bus.sys
"Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)" (s1018nd5) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1018nd5.sys
"Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)" (s1018unic) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1018unic.sys
"Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)" (s1018mgmt) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1018mgmt.sys
"Sony Ericsson Device 1018 USB WMC Modem Driver" (s1018mdm) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1018mdm.sys
"Sony Ericsson Device 1018 USB WMC Modem Filter" (s1018mdfl) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1018mdfl.sys
"Sony Ericsson Device 1018 USB WMC OBEX Interface" (s1018obex) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1018obex.sys
"TC USB Kernel Driver" (TcUsb) - "UPEK Inc." - C:\Windows\System32\Drivers\tcusb.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - ? - C:\Windows\system32\wuaucpl.cpl  (File not found)
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - c:\PROGRA~2\MICROS~4\shellext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\ThinkPad\Bluetooth Software\btncopy.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.69 Context Menu Shell Extension" - ? -  (File not found | COM-object registry key not found)
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.69 Context Menu Shell Extension" - ? -  (File not found | COM-object registry key not found)
{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.69 DragDrop Shell Extension" - ? -  (File not found | COM-object registry key not found)
{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.69 Property Sheet Shell Extension" - ? -  (File not found | COM-object registry key not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -  (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Notification packages" - "Authentec Inc." - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"MSC" - "Microsoft Corporation" - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"PSQLLauncher" - "Authentec Inc." - "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
"PWMTRV" - "Lenovo Group Limited" - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
"Anzeige am Bildschirm" (TPHKSVC) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
"Cisco EnergyWise Enabler" (PwmEWSvc) - "Lenovo Group Limited" - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Lenovo Auto Scroll" (Lenovo.VIRTSCRLSVC) - "Lenovo Group Limited" - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
"Lenovo Doze Mode Service" (DozeSvc) - "Lenovo." - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
"Lenovo Hotkey Client Loader" (TPHKLOAD) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
"Lenovo Microphone Mute" (LENOVO.MICMUTE) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
"MSCamSvc" (MSCamSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft LifeCam\MSCamS32.exe
"Power Manager DBC Service" (Power Manager DBC Service) - "Lenovo" - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
"Zune Network Sharing Service" (ZuneNetworkSvc) - "Microsoft Corporation" - c:\Program Files\Zune\ZuneNss.exe
"Zune Windows Mobile Connectivity Service" (WMZuneComm) - "Microsoft Corporation" - c:\Program Files\Zune\WMZuneComm.exe
"Zune Wireless Configuration Service" (ZuneWlanCfgSvc) - "Microsoft Corporation" - c:\Program Files\Zune\ZuneWlanCfgSvc.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"psfus" - "Authentec Inc." - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Bestens, Max

cosinus 09.03.2012 14:05
Starte aswMBR neu, stell unten links auf (none) und klick dann nochmal auf Scan

MaxiMax 09.03.2012 23:52
So, dieses mal hats geklappt. Hier das Log.

Code:
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-09 21:43:47
-----------------------------
21:43:47.220    OS Version: Windows 6.1.7601 Service Pack 1
21:43:47.220    Number of processors: 2 586 0x1706
21:43:47.220    ComputerName: MEANMACHINE  UserName: DerMax
21:43:48.093    Initialize success
21:43:51.806    AVAST engine defs: 12030801
21:43:57.812    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
21:43:57.828    Disk 0 Vendor: HITACHI_HTS542516K9SA00 BBCZC3HP Size: 152627MB BusType: 11
21:43:57.999    Disk 0 MBR read successfully
21:43:58.015    Disk 0 MBR scan
21:43:58.015    Disk 0 unknown MBR code
21:43:58.077    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      146910 MB offset 63
21:43:58.140    Disk 0 Partition 2 00    12  Compaq diag MSDOS5.0    5714 MB offset 300872880
21:43:58.264    Disk 0 scanning sectors +312575760
21:43:58.639    Disk 0 scanning C:\Windows\system32\drivers
21:45:39.805    Service scanning
21:45:51.380    Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
21:46:09.695    Modules scanning
21:48:36.428    Disk 0 trace - called modules:
21:48:37.006    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
21:48:37.006    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a81260]
21:48:37.006    3 CLASSPNP.SYS[8907259e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x859a2030]
21:48:37.021    Scan finished successfully
23:47:54.205    Disk 0 MBR has been saved successfully to "C:\Users\DerMax\Desktop\MBR.dat"
23:47:54.205    The log file has been saved successfully to "C:\Users\DerMax\Desktop\aswMBR.txt"

cosinus 10.03.2012 16:31
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

MaxiMax 10.03.2012 22:55
Hallo Arne,
hat geklappt, ohne Dateiverluste. Hier das Log.

Code:
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-09 21:43:47
-----------------------------
21:43:47.220    OS Version: Windows 6.1.7601 Service Pack 1
21:43:47.220    Number of processors: 2 586 0x1706
21:43:47.220    ComputerName: MEANMACHINE  UserName: DerMax
21:43:48.093    Initialize success
21:43:51.806    AVAST engine defs: 12030801
21:43:57.812    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
21:43:57.828    Disk 0 Vendor: HITACHI_HTS542516K9SA00 BBCZC3HP Size: 152627MB BusType: 11
21:43:57.999    Disk 0 MBR read successfully
21:43:58.015    Disk 0 MBR scan
21:43:58.015    Disk 0 unknown MBR code
21:43:58.077    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      146910 MB offset 63
21:43:58.140    Disk 0 Partition 2 00    12  Compaq diag MSDOS5.0    5714 MB offset 300872880
21:43:58.264    Disk 0 scanning sectors +312575760
21:43:58.639    Disk 0 scanning C:\Windows\system32\drivers
21:45:39.805    Service scanning
21:45:51.380    Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
21:46:09.695    Modules scanning
21:48:36.428    Disk 0 trace - called modules:
21:48:37.006    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
21:48:37.006    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a81260]
21:48:37.006    3 CLASSPNP.SYS[8907259e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x859a2030]
21:48:37.021    Scan finished successfully
23:47:54.205    Disk 0 MBR has been saved successfully to "C:\Users\DerMax\Desktop\MBR.dat"
23:47:54.205    The log file has been saved successfully to "C:\Users\DerMax\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-10 22:50:16
-----------------------------
22:50:16.141    OS Version: Windows 6.1.7601 Service Pack 1
22:50:16.141    Number of processors: 2 586 0x1706
22:50:16.141    ComputerName: MEANMACHINE  UserName: DerMax
22:50:42.770    Initialize success
22:50:49.650    AVAST engine defs: 12031002
22:51:04.594    The log file has been saved successfully to "C:\Users\DerMax\Desktop\aswMBR.txt"

cosinus 12.03.2012 14:59
Das ist was schiefgegangen. Mach das Log mit aswMBR bitte nochmal neu

MaxiMax 12.03.2012 16:43
Hallo Arne,
was meinst du denn genau mit Log neu machen? Nochmal scannen? Vielleicht hab ich dich da einfach falsch verstanden?!
Gruß, Max

cosinus 12.03.2012 16:46
Ja mit aswMBR ein neues Log machen!

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:06 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58