Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bundespolizei Trojaner (https://www.trojaner-board.de/110988-bundespolizei-trojaner.html)

MaxiMax 06.03.2012 02:23
Bundespolizei Trojaner
 
Hallo,
ich hab mir diesen Bundespolizei-Trojaner eingefangen. Ich kann jetzt nur noch den Abgesicherten Modus benutzen, normales Windows geht gar nicht mehr, nur dieser Bundespolizei-Bildschirm. Ich hab als erstes mal gegoogelt und viele verwirrende Anleitungen zum Entfernen gefunden. Ich muss sagen, dass ich mich nicht großartig auskenne wenn es über normalbürgerliche PC-Nutzung hinausgeht. Ich hab mir daraufhin einige Virenscanner heruntergeladen (Spybot,Malwarebytes und was von Avira, was man von CD booten muss) die alle was gefunden haben, aber nicht den Bundespolizei-Trojaner. Leider hab ich davon keine Logs.
Ich hab noch versucht den Trojaner über Autostart zu deaktivieren, aber hat nichts gebracht. In der Registry hab ich in den Ordnern, die auf diversen Seiten angegeben werden, keine "verdächtigen" exe-Dateien gefunden. Mein Bruder, der der größte IT-Checker ist, den ich kenne, hat mich dann an euch verwießen. Ich hoffe ihr könnt mir helfen. Ich hab die Anleitung hoffentlich richtig verstanden und die Logs erstellt, die ihr braucht, wenn nicht, dann bitte Bescheid geben. Also hier die DDS, die anderen sind angehängt.

Code:
.DDS Logfile:

       
Code:

       
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_29
Run by DerMax at 23:55:37 on 2012-03-05
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2038.1639 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindows: Load=c:\users\dermax\locals~1\temp\mstezl.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Ciuvo: {8da04d15-6ab2-4e6f-95eb-e53b59f84001} - c:\program files\ciuvo\internet explorer\ciuvo.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\dermax\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{26044DFF-C790-4EE2-B7D8-708BE61C21B0} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{26044DFF-C790-4EE2-B7D8-708BE61C21B0}\47F6D6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{26044DFF-C790-4EE2-B7D8-708BE61C21B0}\84F4453505F445D2C424 : DhcpNameServer = 192.168.0.1 217.23.50.18
TCP: Interfaces\{26044DFF-C790-4EE2-B7D8-708BE61C21B0}\C424 : DhcpNameServer = 192.168.0.2
TCP: Interfaces\{26044DFF-C790-4EE2-B7D8-708BE61C21B0}\E4544534F4E4E4543445D283237383 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{43333426-84C7-43BE-A9EA-192DFAE1FC12} : DhcpNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
LSA: Notification Packages = scecli psqlpwd c:\program files\thinkvantage fingerprint software\psqlpwd.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dermax\appdata\roaming\mozilla\firefox\profiles\foct8zfa.default\
FF - prefs.js: browser.startup.homepage - chrome://superstart/content/index.html
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2011-6-26 25968]
R3 b57nd60x;Broadcom NetXtreme-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-19 165648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-13 136176]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-12-6 45424]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-1-5 1153368]
S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-12-6 62320]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2011-6-26 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-6-26 29472]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2012-3-3 292200]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-13 136176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-19 43392]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-7-25 30560]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2011-6-26 89152]
S3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2011-6-26 175168]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-11-30 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-11-30 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-11-30 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-11-30 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-11-30 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-11-30 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-11-30 109864]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-29 52224]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-7-2 38336]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-20 1343400]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]
S4 ApRunSvc;Alps Application Launcher Service;c:\program files\apoint2k\aprunsvc.exe --> c:\program files\apoint2k\ApRunSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-03-05 22:52:11        56200        ----a-w-        c:\programdata\microsoft\microsoft antimalware\definition updates\{9e517992-005c-4d50-9252-0c1e5d807735}\offreg.dll
2012-03-05 21:45:28        --------        d-----w-        c:\windows\pss
2012-03-05 12:52:51        --------        d-----w-        c:\users\dermax\appdata\roaming\Malwarebytes
2012-03-05 12:52:43        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-05 12:52:43        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-05 12:52:43        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-03-05 09:59:20        6552120        ----a-w-        c:\programdata\microsoft\microsoft antimalware\definition updates\{9e517992-005c-4d50-9252-0c1e5d807735}\mpengine.dll
2012-03-04 23:38:15        --------        d-----w-        c:\users\dermax\appdata\roaming\kodak
2012-02-26 14:47:40        --------        d-----w-        c:\users\dermax\appdata\local\{611118D6-AF1A-4D6B-8803-C6943733C627}
2012-02-26 14:47:36        --------        d-----w-        c:\users\dermax\appdata\local\{1627D735-51B9-4DC9-9E71-8211906634F0}
2012-02-15 07:39:47        478720        ----a-w-        c:\windows\system32\timedate.cpl
2012-02-15 07:39:43        690688        ----a-w-        c:\windows\system32\msvcrt.dll
2012-02-15 07:39:39        442880        ----a-w-        c:\windows\system32\ntshrui.dll
2012-02-15 07:39:37        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-02-14 12:22:09        --------        d-----w-        c:\users\dermax\appdata\local\{97D2F013-8FC9-40A8-9F22-AC60DDB0AD7F}
2012-02-14 12:22:05        --------        d-----w-        c:\users\dermax\appdata\local\{DE9AEA4E-7B00-414C-81D2-8E0C3CD98A0F}
2012-02-13 14:20:45        --------        d-----w-        c:\users\dermax\appdata\local\{C71B96EE-3C9E-404B-B6C7-8E1CA59C2629}
2012-02-13 14:20:41        --------        d-----w-        c:\users\dermax\appdata\local\{3ABA200C-5C25-47D7-A92D-0DAB3C8BCAC9}
2012-02-10 12:07:47        713784        ------w-        c:\programdata\microsoft\microsoft antimalware\definition updates\{642cadaf-a371-49c3-b939-a6abdb1a11a1}\gapaengine.dll
2012-02-09 18:15:19        98304        ----a-w-        c:\windows\system32\redmonnt.dll
2012-02-09 18:15:11        --------        d-----w-        c:\program files\FoxTabPDFConverter
2012-02-09 17:28:44        7680        ----a-w-        c:\windows\system32\drivers\Onsreged.sys
2012-02-09 17:28:44        60928        ----a-w-        c:\windows\system32\drivers\Smplscsi.sys
2012-02-09 17:28:44        285216        ----a-w-        c:\windows\system32\drivers\Onsio.sys
2012-02-09 17:28:40        --------        d-----w-        C:\Kpcms
2012-02-09 17:28:35        --------        d-----w-        c:\program files\ScanWizard 5
2012-02-09 17:28:06        212992        ----a-w-        c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
.
==================== Find3M  ====================
.
2012-02-21 19:01:39        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44:05        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-01-23 02:06:00        834624        ------w-        c:\windows\system32\PWMCP32V.cpl
2012-01-23 02:06:00        527424        ------w-        c:\windows\PWMBTHLV.EXE
2012-01-23 02:06:00        25968        ------w-        c:\windows\system32\drivers\DOZEHDD.SYS
2012-01-23 02:06:00        13424        ------w-        c:\windows\system32\drivers\TPPWR32V.SYS
2011-12-14 03:04:54        1798656        ----a-w-        c:\windows\system32\jscript9.dll
2011-12-14 02:57:18        1127424        ----a-w-        c:\windows\system32\wininet.dll
2011-12-14 02:56:58        1427456        ----a-w-        c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
.
============= FINISH: 23:57:10,98 ===============

--- --- ---
Also, wie gesagt, ich hoffe, ich habe das richtig gemacht und ihr könnt mit meinen Angaben was anfangen. Schonmal ein fettes Dankeschön im Voraus, ich freu mich auf eure Antwort.

Bestens, MaxiMax

cosinus 07.03.2012 00:46
Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?




Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten

MaxiMax 07.03.2012 01:13
Ja, das geht.

cosinus 07.03.2012 01:14
na wenn der Modus geht wirst du erstmal MBAM/ESET probieren können:

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

MaxiMax 07.03.2012 11:38
Hallo Arne,

danke für die schnelle Antwort. Hier sind die Logs, die du wolltest.

Erstmal Malwarebytes in chronologischer Ordnung:

Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.05.04

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
DerMax :: MEANMACHINE [Administrator]

05.03.2012 13:53:44
mbam-log-2012-03-05 (13-53-44).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 218580
Laufzeit: 21 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\DerMax\Downloads\PDFConverterSetup.exe.vir (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.05.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
DerMax :: MEANMACHINE [Administrator]

05.03.2012 14:23:43
mbam-log-2012-03-05 (14-23-43).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 355252
Laufzeit: 1 Stunde(n), 44 Minute(n),

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Program Files\FoxTabPDFConverter\Uninstall\Uninstall.exe.vir (Adware.Agent) -> Keine Aktion durchgeführt.
C:\Users\DerMax\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4A56LZN\Testbundle23w_1254[1].exe.vir (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.06.09

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
DerMax :: MEANMACHINE [Administrator]

07.03.2012 01:30:22
mbam-log-2012-03-07 (01-30-22).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 353704
Laufzeit: 59 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files\FoxTabPDFConverter\Uninstall\Uninstall.exe.vir (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Und hier das ESET Log:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=dfb7a92dd4862e4ba9a187e980ae0813
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-07 10:03:50
# local_time=2012-03-07 11:03:50 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 27014884 82736660 0 0
# compatibility_mode=8192 67108863 100 0 3909 3909 0 0
# scanned=230422
# found=9
# cleaned=0
# scan_time=9161
C:\Users\DerMax\AppData\Local\Temp\Inc.class        a variant of Java/Exploit.CVE-2011-3544.AW trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\DerMax\AppData\Local\Temp\is2063840535\MyBabylonTB.exe        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\bc181f-749db7b1        a variant of Java/Exploit.CVE-2011-3544.AV trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4f0f87ae-4880735c        a variant of Java/Exploit.CVE-2011-3544.AW trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\7503363e-621a1165        a variant of Java/Exploit.CVE-2011-3544.AW trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\48aeb7bf-5557c2fb        a variant of Java/Exploit.CVE-2011-3544.AV trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\DerMax\Documents\Alles Mögliche\DriverRobot_Setup.exe        Win32/Adware.DriverRobot application (unable to clean)        00000000000000000000000000000000        I
D:\MEANMACHINE\Backup Set 2011-07-13 184816\Backup Files 2011-07-13 184816\Backup files 1.zip        Win32/Adware.DriverRobot application (unable to clean)        00000000000000000000000000000000        I
D:\MEANMACHINE\Backup Set 2011-07-13 184816\Backup Files 2011-07-13 184816\Backup files 9.zip        multiple threats (unable to clean)        00000000000000000000000000000000        I
Bestens, Max

cosinus 07.03.2012 12:25
Funktioniert der nromale Modus wieder?

MaxiMax 07.03.2012 13:02
Nope! Alles wie gehabt :(

cosinus 07.03.2012 14:36
Mach ein neues OTL-Log im abgesicherten Modus. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

MaxiMax 07.03.2012 15:38
Hier bitteschön...

Code:
OTL logfile created on: 07.03.2012 15:19:22 - Run 1
OTL by OldTimer - Version 3.2.35.1    Folder = C:\Users\DerMax\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 80,80% Memory free
3,98 Gb Paging File | 3,63 Gb Available in Paging File | 91,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,47 Gb Total Space | 45,06 Gb Free Space | 31,41% Space Free | Partition Type: NTFS
 
Computer Name: MEANMACHINE | User Name: DerMax | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.07 15:17:01 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\DerMax\Desktop\OTL.exe
PRC - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.23 03:06:00 | 000,054,784 | ---- | M] () -- C:\PROGRA~2\ThinkPad\UTILIT~1\GR\PWMRT32V.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (ApRunSvc)
SRV - [2012.01.23 03:06:00 | 000,292,200 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2012.01.23 03:06:00 | 000,175,168 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc)
SRV - [2012.01.23 03:06:00 | 000,089,152 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2011.08.05 11:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 11:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 11:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.04.01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.08.05 15:47:52 | 000,628,000 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.04.20 11:00:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.07.25 00:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009.07.15 19:18:00 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009.07.04 03:47:08 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe -- (LENOVO.MICMUTE)
SRV - [2008.07.07 09:42:02 | 000,809,296 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.01.23 03:06:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2012.01.23 03:06:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2011.04.27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.08.18 09:53:42 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009.12.07 11:51:21 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.11.24 10:43:30 | 000,154,672 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009.11.21 01:49:03 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009.09.15 13:30:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009.09.15 12:36:18 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009.09.07 18:00:28 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009.07.25 00:05:24 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009.07.14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.02 19:16:22 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2009.06.22 07:55:22 | 000,486,400 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRTN32.sys -- (CnxtHdAudService)
DRV - [2009.03.25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009.03.25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009.03.25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009.03.25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009.03.25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009.03.25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009.03.25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009.03.13 12:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp2) SMI Helper Driver (smihlp2)
DRV - [2007.04.10 01:59:34 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005.06.25 02:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005.05.26 19:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005.05.26 19:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2325422704-4038905648-3740114079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2325422704-4038905648-3740114079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2325422704-4038905648-3740114079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D4 02 F3 AA E1 C8 CC 01  [binary data]
IE - HKU\S-1-5-21-2325422704-4038905648-3740114079-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2325422704-4038905648-3740114079-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2325422704-4038905648-3740114079-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://superstart/content/index.html"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1
FF - prefs.js..extensions.enabledItems: smartfind@smartfind.org:0.2.2
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.10.14 20:59:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.10.14 20:59:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.10.14 20:59:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009.10.14 03:40:55 | 000,000,000 | ---D | M]
 
[2010.04.24 11:29:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DerMax\AppData\Roaming\mozilla\Extensions
[2010.04.24 11:29:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DerMax\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.02.27 09:04:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions
[2011.08.25 10:59:03 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.31 12:06:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.12.17 05:59:57 | 000,000,000 | ---D | M] (Smart Find) -- C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\smartfind@smartfind.org
[2012.02.27 09:04:25 | 000,000,000 | ---D | M] (Super Start) -- C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\superstart@enjoyfreeware.org
[2011.04.30 14:31:23 | 000,000,000 | ---D | M] (vShare) -- C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\vshare@toolbar
[2009.11.21 04:25:48 | 000,001,939 | ---- | M] () -- C:\Users\DerMax\AppData\Roaming\Mozilla\Firefox\Profiles\foct8zfa.default\searchplugins\encyclopedia-search.xml
[2009.11.21 04:25:40 | 000,001,996 | ---- | M] () -- C:\Users\DerMax\AppData\Roaming\Mozilla\Firefox\Profiles\foct8zfa.default\searchplugins\suche-in-wikipedia.xml
[2012.01.01 10:30:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\DERMAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOCT8ZFA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\DERMAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOCT8ZFA.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
() (No name found) -- C:\USERS\DERMAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOCT8ZFA.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI
[2012.02.19 14:03:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.15 22:12:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.15 22:12:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.15 22:12:45 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.15 22:12:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.15 22:12:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.15 22:12:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
F3 - HKU\S-1-5-21-2325422704-4038905648-3740114079-1000 WinNT: Load - (C:\Users\DerMax\LOCALS~1\Temp\msutcy.cmd) - C:\Users\DerMax\LOCALS~1\Temp\msutcy.cmd (The GTK developer community)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\DerMax\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26044DFF-C790-4EE2-B7D8-708BE61C21B0}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43333426-84C7-43BE-A9EA-192DFAE1FC12}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a7ee55a3-9bee-11df-84b1-001fe1ee809c}\Shell - "" = AutoRun
O33 - MountPoints2\{a7ee55a3-9bee-11df-84b1-001fe1ee809c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{f3bd94f0-bbdf-11df-a46e-001e37cb5de1}\Shell - "" = AutoRun
O33 - MountPoints2\{f3bd94f0-bbdf-11df-a46e-001e37cb5de1}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk - C:\PROGRA~2\SCANWI~1\SCANNE~1.EXE - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Programme\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found
MsConfig - StartUpReg: LENOVO.TPFNF6R - hkey= - key= - C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe (Lenovo Group Limited)
MsConfig - StartUpReg: LifeCam - hkey= - key= - C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
MsConfig - StartUpReg: MSC - hkey= - key= - c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
MsConfig - StartUpReg: Persistence - hkey= - key= -  File not found
MsConfig - StartUpReg: PSQLLauncher - hkey= - key= - C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
MsConfig - StartUpReg: PWMTRV - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TPHOTKEY - hkey= - key= - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe ()
MsConfig - StartUpReg: Zune Launcher - hkey= - key= - c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
MsConfig - State: "startup" - 1
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.mp4e - C:\Windows\System32\MPEG4Evfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.07 15:16:57 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\DerMax\Desktop\OTL.exe
[2012.03.07 08:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.07 08:25:44 | 002,322,184 | ---- | C] (ESET) -- C:\Users\DerMax\Desktop\esetsmartinstaller_enu.exe
[2012.03.06 23:20:51 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.03.05 23:54:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\DerMax\Desktop\dds.com
[2012.03.05 22:45:28 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.03.05 13:52:51 | 000,000,000 | ---D | C] -- C:\Users\DerMax\AppData\Roaming\Malwarebytes
[2012.03.05 13:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.05 13:52:43 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.05 13:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.05 13:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.05 00:38:15 | 000,000,000 | ---D | C] -- C:\Users\DerMax\AppData\Roaming\kodak
[2012.03.05 00:38:10 | 000,000,000 | ---D | C] -- C:\Users\DerMax\Local Settings
[2012.03.02 22:10:42 | 000,000,000 | ---D | C] -- C:\Users\DerMax\Documents\Superstart Icons
[2012.03.01 09:07:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2012.02.26 15:47:40 | 000,000,000 | ---D | C] -- C:\Users\DerMax\AppData\Local\{611118D6-AF1A-4D6B-8803-C6943733C627}
[2012.02.26 15:47:36 | 000,000,000 | ---D | C] -- C:\Users\DerMax\AppData\Local\{1627D735-51B9-4DC9-9E71-8211906634F0}
[2012.02.14 13:22:09 | 000,000,000 | ---D | C] -- C:\Users\DerMax\AppData\Local\{97D2F013-8FC9-40A8-9F22-AC60DDB0AD7F}
[2012.02.14 13:22:05 | 000,000,000 | ---D | C] -- C:\Users\DerMax\AppData\Local\{DE9AEA4E-7B00-414C-81D2-8E0C3CD98A0F}
[2012.02.13 15:20:45 | 000,000,000 | ---D | C] -- C:\Users\DerMax\AppData\Local\{C71B96EE-3C9E-404B-B6C7-8E1CA59C2629}
[2012.02.13 15:20:41 | 000,000,000 | ---D | C] -- C:\Users\DerMax\AppData\Local\{3ABA200C-5C25-47D7-A92D-0DAB3C8BCAC9}
[2012.02.09 19:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\FoxTabPDFConverter
[2012.02.09 18:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanWizard 5 für Windows
[2012.02.09 18:28:44 | 000,060,928 | ---- | C] (OnSpec Electronic, Inc.) -- C:\Windows\System32\drivers\Smplscsi.sys
[2012.02.09 18:28:40 | 000,000,000 | ---D | C] -- C:\Kpcms
[2012.02.09 18:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\ScanWizard 5
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.07 15:17:01 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\DerMax\Desktop\OTL.exe
[2012.03.07 13:04:05 | 000,656,028 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.07 13:04:05 | 000,617,910 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.07 13:04:05 | 000,130,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.07 13:04:05 | 000,107,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.07 12:59:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.07 12:59:26 | 1602,981,888 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.07 12:57:39 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.07 08:25:47 | 002,322,184 | ---- | M] (ESET) -- C:\Users\DerMax\Desktop\esetsmartinstaller_enu.exe
[2012.03.06 21:01:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.03.06 20:53:46 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.06 20:53:46 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.06 01:21:01 | 000,003,714 | ---- | M] () -- C:\Users\DerMax\Desktop\Desktop.zip
[2012.03.06 00:11:33 | 000,302,592 | ---- | M] () -- C:\Users\DerMax\Desktop\uddrhd2l.exe
[2012.03.05 23:54:25 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\DerMax\Desktop\dds.com
[2012.03.05 23:53:38 | 000,000,020 | ---- | M] () -- C:\Users\DerMax\defogger_reenable
[2012.03.05 23:52:10 | 000,050,477 | ---- | M] () -- C:\Users\DerMax\Desktop\Defogger.exe
[2012.03.05 23:33:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.05 22:20:23 | 000,089,570 | ---- | M] () -- C:\Windows\System32\hkcmd.zip
[2012.03.05 13:52:44 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.05 13:51:30 | 000,002,039 | ---- | M] () -- C:\Users\DerMax\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.03.05 13:51:30 | 000,001,968 | ---- | M] () -- C:\Users\DerMax\Desktop\Avira DE-Cleaner.lnk
[2012.03.05 13:40:25 | 000,291,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.21 20:00:32 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.02.09 18:29:14 | 000,001,902 | ---- | M] () -- C:\Users\Public\Desktop\ScanWizard 5.lnk
[2012.02.09 18:29:14 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\Scanner Configuration.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.06 01:18:29 | 000,003,714 | ---- | C] () -- C:\Users\DerMax\Desktop\Desktop.zip
[2012.03.06 00:11:21 | 000,302,592 | ---- | C] () -- C:\Users\DerMax\Desktop\uddrhd2l.exe
[2012.03.05 23:53:18 | 000,000,020 | ---- | C] () -- C:\Users\DerMax\defogger_reenable
[2012.03.05 23:52:09 | 000,050,477 | ---- | C] () -- C:\Users\DerMax\Desktop\Defogger.exe
[2012.03.05 22:20:23 | 000,089,570 | ---- | C] () -- C:\Windows\System32\hkcmd.zip
[2012.03.05 13:52:44 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.05 11:44:36 | 000,002,039 | ---- | C] () -- C:\Users\DerMax\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.03.05 11:44:36 | 000,001,968 | ---- | C] () -- C:\Users\DerMax\Desktop\Avira DE-Cleaner.lnk
[2012.02.09 19:15:19 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2012.02.09 18:29:14 | 000,001,902 | ---- | C] () -- C:\Users\Public\Desktop\ScanWizard 5.lnk
[2012.02.09 18:29:14 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\Scanner Configuration.lnk
[2012.02.09 18:28:44 | 000,285,216 | ---- | C] () -- C:\Windows\System32\drivers\Onsio.sys
[2012.02.09 18:28:44 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\Onsreged.sys
[2011.08.03 15:03:48 | 000,017,408 | ---- | C] () -- C:\Users\DerMax\AppData\Local\WebpageIcons.db
[2011.06.02 19:59:57 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.04.29 15:55:23 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.02.26 09:49:01 | 000,005,632 | ---- | C] () -- C:\Users\DerMax\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.05 00:03:29 | 000,001,491 | ---- | C] () -- C:\Users\DerMax\AppData\Local\RecConfig.xml
[2010.06.22 19:57:26 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.05.07 22:19:21 | 000,007,600 | ---- | C] () -- C:\Users\DerMax\AppData\Local\Resmon.ResmonCfg
 
========== LOP Check ==========
 
[2011.02.08 18:50:12 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Amazon
[2011.12.31 11:50:01 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\AudioTuner
[2009.12.07 11:49:55 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\DAEMON Tools Lite
[2011.08.25 10:59:15 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\DVDVideoSoft
[2011.08.25 10:59:03 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.23 00:28:47 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Lenovo
[2009.11.22 04:02:00 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\OpenOffice.org
[2011.06.26 14:13:49 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\PCDr
[2011.06.27 10:21:16 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\PwrMgr
[2010.11.30 16:29:31 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Sony
[2010.11.30 16:26:40 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Sony Setup
[2010.04.24 11:29:46 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Thunderbird
[2011.08.15 16:42:57 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\TIPP10
[2011.10.24 20:21:39 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\uTorrent
[2011.10.21 10:15:56 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Windows Live Writer
[2012.02.21 20:00:32 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.03.05 23:05:53 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.06 21:01:00 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.11.22 01:40:58 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Adobe
[2011.02.08 18:50:12 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Amazon
[2011.11.10 08:40:00 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Apple Computer
[2010.11.23 00:17:30 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Arcsoft
[2011.12.31 11:50:01 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\AudioTuner
[2009.12.07 11:49:55 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\DAEMON Tools Lite
[2010.09.09 22:53:23 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\DivX
[2010.06.09 19:27:33 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\dvdcss
[2011.08.25 10:59:15 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\DVDVideoSoft
[2011.08.25 10:59:03 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.11.21 01:35:08 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Identities
[2012.03.05 00:39:08 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\kodak
[2010.11.23 00:28:47 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Lenovo
[2009.11.21 02:49:50 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Macromedia
[2012.03.05 13:52:51 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Malwarebytes
[2009.07.14 09:56:56 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Media Center Programs
[2011.07.13 10:04:42 | 000,000,000 | --SD | M] -- C:\Users\DerMax\AppData\Roaming\Microsoft
[2009.11.21 02:26:22 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Mozilla
[2009.11.22 04:02:00 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\OpenOffice.org
[2011.06.26 14:13:49 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\PCDr
[2011.06.27 10:21:16 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\PwrMgr
[2011.06.02 19:54:33 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Real
[2009.12.07 12:19:25 | 000,000,000 | RH-D | M] -- C:\Users\DerMax\AppData\Roaming\SecuROM
[2011.05.08 14:39:25 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Skype
[2011.05.08 13:16:00 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\skypePM
[2010.11.30 16:29:31 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Sony
[2010.11.30 16:26:40 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Sony Setup
[2009.11.21 23:53:39 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Talkback
[2010.04.24 11:29:46 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Thunderbird
[2011.08.15 16:42:57 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\TIPP10
[2011.10.24 20:21:39 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\uTorrent
[2011.12.05 14:25:32 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\vlc
[2010.05.03 10:54:48 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Winamp
[2011.10.21 10:15:56 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Windows Live Writer
[2009.12.07 11:45:00 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.12.04 18:59:28 | 000,003,262 | R--- | M] () -- C:\Users\DerMax\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\controlPanelIcon.exe
[2010.12.04 18:59:28 | 000,010,134 | R--- | M] () -- C:\Users\DerMax\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\SystemFolder_msiexec.exe
[2012.03.03 00:06:59 | 000,010,134 | R--- | M] () -- C:\Users\DerMax\AppData\Roaming\Microsoft\Installer\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}\ARPPRODUCTICON.exe
[2011.09.07 12:47:42 | 000,617,472 | ---- | M] () -- C:\Users\DerMax\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\351E.tmp_\oracle-pdfimport.oxt\xpdfimport.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.03.14 21:20:18 | 000,033,280 | ---- | M] (UPEK Inc.) MD5=683FB3F8B7B40317BE7362CF86BFA998 -- C:\Programme\ThinkVantage Fingerprint Software\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2008.09.12 13:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\Program Files\ThinkPadShizzle\Lenovo\System Update\session\7zim53ww\IaStor.sys
[2008.07.22 15:33:02 | 000,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\Program Files\ThinkPadShizzle\Lenovo\System Update\session\7zim06ww\IaStor.sys
[2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\ThinkPadShizzle\Lenovo\System Update\session\7tim04ww\iastor.sys
[2007.02.12 05:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\drivers\other\iastor.sys
[2007.02.12 05:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\I386\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.04.18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Files - Unicode (All) ==========
[2010.07.28 22:20:31 | 000,000,000 | ---D | C](C:\Windows\System32\P!Jay-?Wer hat die Hits da??) -- C:\Windows\System32\P!Jay-Wer hat die Hits da
[2010.07.27 17:50:44 | 000,000,000 | ---D | M](C:\Windows\System32\P!Jay-?Wer hat die Hits da??) -- C:\Windows\System32\P!Jay-Wer hat die Hits da

< End of report >

MaxiMax 07.03.2012 15:39
Hier bitteschön...

Code:
OTL logfile created on: 07.03.2012 15:19:22 - Run 1
OTL by OldTimer - Version 3.2.35.1    Folder = C:\Users\DerMax\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 80,80% Memory free
3,98 Gb Paging File | 3,63 Gb Available in Paging File | 91,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,47 Gb Total Space | 45,06 Gb Free Space | 31,41% Space Free | Partition Type: NTFS
 
Computer Name: MEANMACHINE | User Name: DerMax | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.07 15:17:01 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\DerMax\Desktop\OTL.exe
PRC - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.23 03:06:00 | 000,054,784 | ---- | M] () -- C:\PROGRA~2\ThinkPad\UTILIT~1\GR\PWMRT32V.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (ApRunSvc)
SRV - [2012.01.23 03:06:00 | 000,292,200 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2012.01.23 03:06:00 | 000,175,168 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc)
SRV - [2012.01.23 03:06:00 | 000,089,152 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2011.08.05 11:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 11:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 11:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.04.01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.08.05 15:47:52 | 000,628,000 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.04.20 11:00:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.07.25 00:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009.07.15 19:18:00 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009.07.04 03:47:08 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe -- (LENOVO.MICMUTE)
SRV - [2008.07.07 09:42:02 | 000,809,296 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.01.23 03:06:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2012.01.23 03:06:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2011.04.27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.08.18 09:53:42 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009.12.07 11:51:21 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.11.24 10:43:30 | 000,154,672 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009.11.21 01:49:03 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009.09.15 13:30:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009.09.15 12:36:18 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009.09.07 18:00:28 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009.07.25 00:05:24 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009.07.14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.02 19:16:22 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2009.06.22 07:55:22 | 000,486,400 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRTN32.sys -- (CnxtHdAudService)
DRV - [2009.03.25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009.03.25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009.03.25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009.03.25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009.03.25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009.03.25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009.03.25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009.03.13 12:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp2) SMI Helper Driver (smihlp2)
DRV - [2007.04.10 01:59:34 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005.06.25 02:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005.05.26 19:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005.05.26 19:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2325422704-4038905648-3740114079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2325422704-4038905648-3740114079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2325422704-4038905648-3740114079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D4 02 F3 AA E1 C8 CC 01  [binary data]
IE - HKU\S-1-5-21-2325422704-4038905648-3740114079-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2325422704-4038905648-3740114079-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2325422704-4038905648-3740114079-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://superstart/content/index.html"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1
FF - prefs.js..extensions.enabledItems: smartfind@smartfind.org:0.2.2
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.10.14 20:59:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.10.14 20:59:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.10.14 20:59:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009.10.14 03:40:55 | 000,000,000 | ---D | M]
 
[2010.04.24 11:29:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DerMax\AppData\Roaming\mozilla\Extensions
[2010.04.24 11:29:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DerMax\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.02.27 09:04:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions
[2011.08.25 10:59:03 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.31 12:06:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.12.17 05:59:57 | 000,000,000 | ---D | M] (Smart Find) -- C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\smartfind@smartfind.org
[2012.02.27 09:04:25 | 000,000,000 | ---D | M] (Super Start) -- C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\superstart@enjoyfreeware.org
[2011.04.30 14:31:23 | 000,000,000 | ---D | M] (vShare) -- C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\vshare@toolbar
[2009.11.21 04:25:48 | 000,001,939 | ---- | M] () -- C:\Users\DerMax\AppData\Roaming\Mozilla\Firefox\Profiles\foct8zfa.default\searchplugins\encyclopedia-search.xml
[2009.11.21 04:25:40 | 000,001,996 | ---- | M] () -- C:\Users\DerMax\AppData\Roaming\Mozilla\Firefox\Profiles\foct8zfa.default\searchplugins\suche-in-wikipedia.xml
[2012.01.01 10:30:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\DERMAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOCT8ZFA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\DERMAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOCT8ZFA.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
() (No name found) -- C:\USERS\DERMAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOCT8ZFA.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI
[2012.02.19 14:03:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.15 22:12:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.15 22:12:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.15 22:12:45 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.15 22:12:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.15 22:12:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.15 22:12:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
F3 - HKU\S-1-5-21-2325422704-4038905648-3740114079-1000 WinNT: Load - (C:\Users\DerMax\LOCALS~1\Temp\msutcy.cmd) - C:\Users\DerMax\LOCALS~1\Temp\msutcy.cmd (The GTK developer community)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\DerMax\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26044DFF-C790-4EE2-B7D8-708BE61C21B0}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43333426-84C7-43BE-A9EA-192DFAE1FC12}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a7ee55a3-9bee-11df-84b1-001fe1ee809c}\Shell - "" = AutoRun
O33 - MountPoints2\{a7ee55a3-9bee-11df-84b1-001fe1ee809c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{f3bd94f0-bbdf-11df-a46e-001e37cb5de1}\Shell - "" = AutoRun
O33 - MountPoints2\{f3bd94f0-bbdf-11df-a46e-001e37cb5de1}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk - C:\PROGRA~2\SCANWI~1\SCANNE~1.EXE - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Programme\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found
MsConfig - StartUpReg: LENOVO.TPFNF6R - hkey= - key= - C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe (Lenovo Group Limited)
MsConfig - StartUpReg: LifeCam - hkey= - key= - C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
MsConfig - StartUpReg: MSC - hkey= - key= - c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
MsConfig - StartUpReg: Persistence - hkey= - key= -  File not found
MsConfig - StartUpReg: PSQLLauncher - hkey= - key= - C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
MsConfig - StartUpReg: PWMTRV - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TPHOTKEY - hkey= - key= - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe ()
MsConfig - StartUpReg: Zune Launcher - hkey= - key= - c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
MsConfig - State: "startup" - 1
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.mp4e - C:\Windows\System32\MPEG4Evfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.07 15:16:57 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\DerMax\Desktop\OTL.exe
[2012.03.07 08:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.07 08:25:44 | 002,322,184 | ---- | C] (ESET) -- C:\Users\DerMax\Desktop\esetsmartinstaller_enu.exe
[2012.03.06 23:20:51 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.03.05 23:54:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\DerMax\Desktop\dds.com
[2012.03.05 22:45:28 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.03.05 13:52:51 | 000,000,000 | ---D | C] -- C:\Users\DerMax\AppData\Roaming\Malwarebytes
[2012.03.05 13:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.05 13:52:43 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.05 13:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.05 13:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.05 00:38:15 | 000,000,000 | ---D | C] -- C:\Users\DerMax\AppData\Roaming\kodak
[2012.03.05 00:38:10 | 000,000,000 | ---D | C] -- C:\Users\DerMax\Local Settings
[2012.03.02 22:10:42 | 000,000,000 | ---D | C] -- C:\Users\DerMax\Documents\Superstart Icons
[2012.03.01 09:07:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2012.02.26 15:47:40 | 000,000,000 | ---D | C] -- C:\Users\DerMax\AppData\Local\{611118D6-AF1A-4D6B-8803-C6943733C627}
[2012.02.26 15:47:36 | 000,000,000 | ---D | C] -- C:\Users\DerMax\AppData\Local\{1627D735-51B9-4DC9-9E71-8211906634F0}
[2012.02.14 13:22:09 | 000,000,000 | ---D | C] -- C:\Users\DerMax\AppData\Local\{97D2F013-8FC9-40A8-9F22-AC60DDB0AD7F}
[2012.02.14 13:22:05 | 000,000,000 | ---D | C] -- C:\Users\DerMax\AppData\Local\{DE9AEA4E-7B00-414C-81D2-8E0C3CD98A0F}
[2012.02.13 15:20:45 | 000,000,000 | ---D | C] -- C:\Users\DerMax\AppData\Local\{C71B96EE-3C9E-404B-B6C7-8E1CA59C2629}
[2012.02.13 15:20:41 | 000,000,000 | ---D | C] -- C:\Users\DerMax\AppData\Local\{3ABA200C-5C25-47D7-A92D-0DAB3C8BCAC9}
[2012.02.09 19:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\FoxTabPDFConverter
[2012.02.09 18:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanWizard 5 für Windows
[2012.02.09 18:28:44 | 000,060,928 | ---- | C] (OnSpec Electronic, Inc.) -- C:\Windows\System32\drivers\Smplscsi.sys
[2012.02.09 18:28:40 | 000,000,000 | ---D | C] -- C:\Kpcms
[2012.02.09 18:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\ScanWizard 5
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.07 15:17:01 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\DerMax\Desktop\OTL.exe
[2012.03.07 13:04:05 | 000,656,028 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.07 13:04:05 | 000,617,910 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.07 13:04:05 | 000,130,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.07 13:04:05 | 000,107,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.07 12:59:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.07 12:59:26 | 1602,981,888 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.07 12:57:39 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.07 08:25:47 | 002,322,184 | ---- | M] (ESET) -- C:\Users\DerMax\Desktop\esetsmartinstaller_enu.exe
[2012.03.06 21:01:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.03.06 20:53:46 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.06 20:53:46 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.06 01:21:01 | 000,003,714 | ---- | M] () -- C:\Users\DerMax\Desktop\Desktop.zip
[2012.03.06 00:11:33 | 000,302,592 | ---- | M] () -- C:\Users\DerMax\Desktop\uddrhd2l.exe
[2012.03.05 23:54:25 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\DerMax\Desktop\dds.com
[2012.03.05 23:53:38 | 000,000,020 | ---- | M] () -- C:\Users\DerMax\defogger_reenable
[2012.03.05 23:52:10 | 000,050,477 | ---- | M] () -- C:\Users\DerMax\Desktop\Defogger.exe
[2012.03.05 23:33:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.05 22:20:23 | 000,089,570 | ---- | M] () -- C:\Windows\System32\hkcmd.zip
[2012.03.05 13:52:44 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.05 13:51:30 | 000,002,039 | ---- | M] () -- C:\Users\DerMax\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.03.05 13:51:30 | 000,001,968 | ---- | M] () -- C:\Users\DerMax\Desktop\Avira DE-Cleaner.lnk
[2012.03.05 13:40:25 | 000,291,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.21 20:00:32 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.02.09 18:29:14 | 000,001,902 | ---- | M] () -- C:\Users\Public\Desktop\ScanWizard 5.lnk
[2012.02.09 18:29:14 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\Scanner Configuration.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.06 01:18:29 | 000,003,714 | ---- | C] () -- C:\Users\DerMax\Desktop\Desktop.zip
[2012.03.06 00:11:21 | 000,302,592 | ---- | C] () -- C:\Users\DerMax\Desktop\uddrhd2l.exe
[2012.03.05 23:53:18 | 000,000,020 | ---- | C] () -- C:\Users\DerMax\defogger_reenable
[2012.03.05 23:52:09 | 000,050,477 | ---- | C] () -- C:\Users\DerMax\Desktop\Defogger.exe
[2012.03.05 22:20:23 | 000,089,570 | ---- | C] () -- C:\Windows\System32\hkcmd.zip
[2012.03.05 13:52:44 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.05 11:44:36 | 000,002,039 | ---- | C] () -- C:\Users\DerMax\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.03.05 11:44:36 | 000,001,968 | ---- | C] () -- C:\Users\DerMax\Desktop\Avira DE-Cleaner.lnk
[2012.02.09 19:15:19 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2012.02.09 18:29:14 | 000,001,902 | ---- | C] () -- C:\Users\Public\Desktop\ScanWizard 5.lnk
[2012.02.09 18:29:14 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\Scanner Configuration.lnk
[2012.02.09 18:28:44 | 000,285,216 | ---- | C] () -- C:\Windows\System32\drivers\Onsio.sys
[2012.02.09 18:28:44 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\Onsreged.sys
[2011.08.03 15:03:48 | 000,017,408 | ---- | C] () -- C:\Users\DerMax\AppData\Local\WebpageIcons.db
[2011.06.02 19:59:57 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.04.29 15:55:23 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.02.26 09:49:01 | 000,005,632 | ---- | C] () -- C:\Users\DerMax\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.05 00:03:29 | 000,001,491 | ---- | C] () -- C:\Users\DerMax\AppData\Local\RecConfig.xml
[2010.06.22 19:57:26 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.05.07 22:19:21 | 000,007,600 | ---- | C] () -- C:\Users\DerMax\AppData\Local\Resmon.ResmonCfg
 
========== LOP Check ==========
 
[2011.02.08 18:50:12 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Amazon
[2011.12.31 11:50:01 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\AudioTuner
[2009.12.07 11:49:55 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\DAEMON Tools Lite
[2011.08.25 10:59:15 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\DVDVideoSoft
[2011.08.25 10:59:03 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.23 00:28:47 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Lenovo
[2009.11.22 04:02:00 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\OpenOffice.org
[2011.06.26 14:13:49 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\PCDr
[2011.06.27 10:21:16 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\PwrMgr
[2010.11.30 16:29:31 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Sony
[2010.11.30 16:26:40 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Sony Setup
[2010.04.24 11:29:46 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Thunderbird
[2011.08.15 16:42:57 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\TIPP10
[2011.10.24 20:21:39 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\uTorrent
[2011.10.21 10:15:56 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Windows Live Writer
[2012.02.21 20:00:32 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.03.05 23:05:53 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.06 21:01:00 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.11.22 01:40:58 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Adobe
[2011.02.08 18:50:12 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Amazon
[2011.11.10 08:40:00 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Apple Computer
[2010.11.23 00:17:30 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Arcsoft
[2011.12.31 11:50:01 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\AudioTuner
[2009.12.07 11:49:55 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\DAEMON Tools Lite
[2010.09.09 22:53:23 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\DivX
[2010.06.09 19:27:33 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\dvdcss
[2011.08.25 10:59:15 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\DVDVideoSoft
[2011.08.25 10:59:03 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.11.21 01:35:08 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Identities
[2012.03.05 00:39:08 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\kodak
[2010.11.23 00:28:47 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Lenovo
[2009.11.21 02:49:50 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Macromedia
[2012.03.05 13:52:51 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Malwarebytes
[2009.07.14 09:56:56 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Media Center Programs
[2011.07.13 10:04:42 | 000,000,000 | --SD | M] -- C:\Users\DerMax\AppData\Roaming\Microsoft
[2009.11.21 02:26:22 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Mozilla
[2009.11.22 04:02:00 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\OpenOffice.org
[2011.06.26 14:13:49 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\PCDr
[2011.06.27 10:21:16 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\PwrMgr
[2011.06.02 19:54:33 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Real
[2009.12.07 12:19:25 | 000,000,000 | RH-D | M] -- C:\Users\DerMax\AppData\Roaming\SecuROM
[2011.05.08 14:39:25 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Skype
[2011.05.08 13:16:00 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\skypePM
[2010.11.30 16:29:31 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Sony
[2010.11.30 16:26:40 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Sony Setup
[2009.11.21 23:53:39 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Talkback
[2010.04.24 11:29:46 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Thunderbird
[2011.08.15 16:42:57 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\TIPP10
[2011.10.24 20:21:39 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\uTorrent
[2011.12.05 14:25:32 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\vlc
[2010.05.03 10:54:48 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Winamp
[2011.10.21 10:15:56 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\Windows Live Writer
[2009.12.07 11:45:00 | 000,000,000 | ---D | M] -- C:\Users\DerMax\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.12.04 18:59:28 | 000,003,262 | R--- | M] () -- C:\Users\DerMax\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\controlPanelIcon.exe
[2010.12.04 18:59:28 | 000,010,134 | R--- | M] () -- C:\Users\DerMax\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\SystemFolder_msiexec.exe
[2012.03.03 00:06:59 | 000,010,134 | R--- | M] () -- C:\Users\DerMax\AppData\Roaming\Microsoft\Installer\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}\ARPPRODUCTICON.exe
[2011.09.07 12:47:42 | 000,617,472 | ---- | M] () -- C:\Users\DerMax\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\351E.tmp_\oracle-pdfimport.oxt\xpdfimport.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.03.14 21:20:18 | 000,033,280 | ---- | M] (UPEK Inc.) MD5=683FB3F8B7B40317BE7362CF86BFA998 -- C:\Programme\ThinkVantage Fingerprint Software\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2008.09.12 13:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\Program Files\ThinkPadShizzle\Lenovo\System Update\session\7zim53ww\IaStor.sys
[2008.07.22 15:33:02 | 000,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\Program Files\ThinkPadShizzle\Lenovo\System Update\session\7zim06ww\IaStor.sys
[2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\ThinkPadShizzle\Lenovo\System Update\session\7tim04ww\iastor.sys
[2007.02.12 05:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\drivers\other\iastor.sys
[2007.02.12 05:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\I386\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.04.18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Files - Unicode (All) ==========
[2010.07.28 22:20:31 | 000,000,000 | ---D | C](C:\Windows\System32\P!Jay-?Wer hat die Hits da??) -- C:\Windows\System32\P!Jay-Wer hat die Hits da
[2010.07.27 17:50:44 | 000,000,000 | ---D | M](C:\Windows\System32\P!Jay-?Wer hat die Hits da??) -- C:\Windows\System32\P!Jay-Wer hat die Hits da

< End of report >
Bestens, Max

cosinus 07.03.2012 15:58
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2325422704-4038905648-3740114079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2325422704-4038905648-3740114079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2325422704-4038905648-3740114079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D4 02 F3 AA E1 C8 CC 01  [binary data]
IE - HKU\S-1-5-21-2325422704-4038905648-3740114079-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2325422704-4038905648-3740114079-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
[2009.12.17 05:59:57 | 000,000,000 | ---D | M] (Smart Find) -- C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\smartfind@smartfind.org
[2012.02.27 09:04:25 | 000,000,000 | ---D | M] (Super Start) -- C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\superstart@enjoyfreeware.org
[2011.04.30 14:31:23 | 000,000,000 | ---D | M] (vShare) -- C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\vshare@toolbar
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
F3 - HKU\S-1-5-21-2325422704-4038905648-3740114079-1000 WinNT: Load - (C:\Users\DerMax\LOCALS~1\Temp\msutcy.cmd) - C:\Users\DerMax\LOCALS~1\Temp\msutcy.cmd (The GTK developer community)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a7ee55a3-9bee-11df-84b1-001fe1ee809c}\Shell - "" = AutoRun
O33 - MountPoints2\{a7ee55a3-9bee-11df-84b1-001fe1ee809c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{f3bd94f0-bbdf-11df-a46e-001e37cb5de1}\Shell - "" = AutoRun
O33 - MountPoints2\{f3bd94f0-bbdf-11df-a46e-001e37cb5de1}\Shell\AutoRun\command - "" = F:\Startme.exe
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
[2012.02.26 15:47:40 | 000,000,000 | ---D | C] -- C:\Users\DerMax\AppData\Local\{611118D6-AF1A-4D6B-8803-C6943733C627}
[2012.02.26 15:47:36 | 000,000,000 | ---D | C] -- C:\Users\DerMax\AppData\Local\{1627D735-51B9-4DC9-9E71-8211906634F0}
[2012.02.14 13:22:09 | 000,000,000 | ---D | C] -- C:\Users\DerMax\AppData\Local\{97D2F013-8FC9-40A8-9F22-AC60DDB0AD7F}
[2012.02.14 13:22:05 | 000,000,000 | ---D | C] -- C:\Users\DerMax\AppData\Local\{DE9AEA4E-7B00-414C-81D2-8E0C3CD98A0F}
[2012.02.13 15:20:45 | 000,000,000 | ---D | C] -- C:\Users\DerMax\AppData\Local\{C71B96EE-3C9E-404B-B6C7-8E1CA59C2629}
[2012.02.13 15:20:41 | 000,000,000 | ---D | C] -- C:\Users\DerMax\AppData\Local\{3ABA200C-5C25-47D7-A92D-0DAB3C8BCAC9}
:Files
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

MaxiMax 07.03.2012 17:41
Lieber Arne,
ich bin dir unglaublich Dankbar, das war großes Kino!!! Fast so was wie Soziale Arbeit im IT-Zeitalter ;)
Windows läuft wieder...aber bin ich denn jetzt auch wieder richtig safe? (wenn man das so sagen kann...)
Oder hast Du vielleicht noch einen Tipp, wie ich mich besser schützen kann?

Was hast du denn (in einfachen Worten) jetzt gemacht? Ich hab gesehen, dass z.B. das ein oder andere Firefox Add-on nicht mehr da ist. Kann ich die einfach wieder installieren, oder sind die potenziell gefährdet?

Hier noch das Logfile
Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-2325422704-4038905648-3740114079-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-2325422704-4038905648-3740114079-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-2325422704-4038905648-3740114079-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-2325422704-4038905648-3740114079-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2325422704-4038905648-3740114079-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Prefs.js: vshare@toolbar:1.0.0 removed from extensions.enabledItems
C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\smartfind@smartfind.org\defaults\preferences folder moved successfully.
C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\smartfind@smartfind.org\defaults folder moved successfully.
C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\smartfind@smartfind.org\chrome folder moved successfully.
C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\smartfind@smartfind.org folder moved successfully.
C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\superstart@enjoyfreeware.org\themes\silver folder moved successfully.
C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\superstart@enjoyfreeware.org\themes\green folder moved successfully.
C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\superstart@enjoyfreeware.org\themes\default folder moved successfully.
C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\superstart@enjoyfreeware.org\themes\blue folder moved successfully.
C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\superstart@enjoyfreeware.org\themes\black folder moved successfully.
C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\superstart@enjoyfreeware.org\themes folder moved successfully.
C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\superstart@enjoyfreeware.org\modules folder moved successfully.
C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\superstart@enjoyfreeware.org\defaults\preferences folder moved successfully.
C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\superstart@enjoyfreeware.org\defaults folder moved successfully.
C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\superstart@enjoyfreeware.org\components folder moved successfully.
C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\superstart@enjoyfreeware.org\chrome folder moved successfully.
C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\superstart@enjoyfreeware.org folder moved successfully.
C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\vshare@toolbar\modules folder moved successfully.
C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\vshare@toolbar\locale\en-US folder moved successfully.
C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\vshare@toolbar\locale folder moved successfully.
C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\vshare@toolbar\components folder moved successfully.
C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\vshare@toolbar\chrome folder moved successfully.
C:\Users\DerMax\AppData\Roaming\mozilla\Firefox\Profiles\foct8zfa.default\extensions\vshare@toolbar folder moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
C:\Users\DerMax\LOCALS~1\Temp\msutcy.cmd moved successfully.
Registry value HKEY_USERS\S-1-5-21-2325422704-4038905648-3740114079-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\DerMax\LOCALS~1\Temp\msutcy.cmd deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCAD deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7ee55a3-9bee-11df-84b1-001fe1ee809c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7ee55a3-9bee-11df-84b1-001fe1ee809c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7ee55a3-9bee-11df-84b1-001fe1ee809c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7ee55a3-9bee-11df-84b1-001fe1ee809c}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3bd94f0-bbdf-11df-a46e-001e37cb5de1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3bd94f0-bbdf-11df-a46e-001e37cb5de1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3bd94f0-bbdf-11df-a46e-001e37cb5de1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3bd94f0-bbdf-11df-a46e-001e37cb5de1}\ not found.
File F:\Startme.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SpybotSD TeaTimer\ deleted successfully.
C:\Users\DerMax\AppData\Local\{611118D6-AF1A-4D6B-8803-C6943733C627} folder moved successfully.
C:\Users\DerMax\AppData\Local\{1627D735-51B9-4DC9-9E71-8211906634F0} folder moved successfully.
C:\Users\DerMax\AppData\Local\{97D2F013-8FC9-40A8-9F22-AC60DDB0AD7F} folder moved successfully.
C:\Users\DerMax\AppData\Local\{DE9AEA4E-7B00-414C-81D2-8E0C3CD98A0F} folder moved successfully.
C:\Users\DerMax\AppData\Local\{C71B96EE-3C9E-404B-B6C7-8E1CA59C2629} folder moved successfully.
C:\Users\DerMax\AppData\Local\{3ABA200C-5C25-47D7-A92D-0DAB3C8BCAC9} folder moved successfully.
========== FILES ==========
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\DerMax\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: DerMax
->Temp folder emptied: 7497912254 bytes
->Temporary Internet Files folder emptied: 947365728 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 56152501 bytes
->Flash cache emptied: 163362 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 273851949 bytes
RecycleBin emptied: 515194540 bytes
 
Total Files Cleaned = 8.860,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.35.1 log created on 03072012_164014

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 07.03.2012 22:27
Der normale Modus geht wieder? :)
Wenn ja, mach erstmal zur Kontrolle einen Vollscan mit aktuellem Malwarebytes

MaxiMax 08.03.2012 11:37
Hab ich gemacht, hat nichts gefunden...also nochmal vielen Lieben Dank für die Mühen und die kompetente Hilfe!
:dankeschoen:

cosinus 08.03.2012 11:42
Wir sind noch nicht fertig!

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

MaxiMax 08.03.2012 11:51
Ok! Da war ich wohl etwas vorschnell...wird gemacht, sobald ich heut wieder zuhause bin.
Gruß, Max

MaxiMax 08.03.2012 19:24
Also, hier das Logfile.

Code:
19:20:44.0150 1920        TDSS rootkit removing tool 2.7.19.0 Mar  5 2012 11:23:39
19:20:44.0251 1920        ============================================================
19:20:44.0251 1920        Current date / time: 2012/03/08 19:20:44.0251
19:20:44.0251 1920        SystemInfo:
19:20:44.0251 1920       
19:20:44.0251 1920        OS Version: 6.1.7601 ServicePack: 1.0
19:20:44.0251 1920        Product type: Workstation
19:20:44.0251 1920        ComputerName: MEANMACHINE
19:20:44.0251 1920        UserName: DerMax
19:20:44.0251 1920        Windows directory: C:\Windows
19:20:44.0251 1920        System windows directory: C:\Windows
19:20:44.0251 1920        Processor architecture: Intel x86
19:20:44.0251 1920        Number of processors: 2
19:20:44.0251 1920        Page size: 0x1000
19:20:44.0251 1920        Boot type: Normal boot
19:20:44.0251 1920        ============================================================
19:20:45.0923 1920        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
19:20:45.0957 1920        \Device\Harddisk0\DR0:
19:20:45.0957 1920        MBR used
19:20:45.0957 1920        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11EEF471
19:20:45.0959 1920        Initialize success
19:20:45.0959 1920        ============================================================
19:20:52.0709 5452        ============================================================
19:20:52.0709 5452        Scan started
19:20:52.0709 5452        Mode: Manual; SigCheck; TDLFS;
19:20:52.0709 5452        ============================================================
19:20:53.0138 5452        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
19:20:53.0200 5452        1394ohci - ok
19:20:53.0252 5452        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
19:20:53.0282 5452        ACPI - ok
19:20:53.0402 5452        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
19:20:53.0447 5452        AcpiPmi - ok
19:20:53.0585 5452        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:20:53.0613 5452        adp94xx - ok
19:20:53.0688 5452        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:20:53.0713 5452        adpahci - ok
19:20:53.0793 5452        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:20:53.0831 5452        adpu320 - ok
19:20:53.0917 5452        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
19:20:53.0951 5452        AFD - ok
19:20:54.0014 5452        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
19:20:54.0046 5452        agp440 - ok
19:20:54.0123 5452        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:20:54.0153 5452        aic78xx - ok
19:20:54.0258 5452        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
19:20:54.0277 5452        aliide - ok
19:20:54.0329 5452        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
19:20:54.0382 5452        amdagp - ok
19:20:54.0410 5452        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
19:20:54.0430 5452        amdide - ok
19:20:54.0524 5452        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:20:54.0559 5452        AmdK8 - ok
19:20:54.0625 5452        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:20:54.0658 5452        AmdPPM - ok
19:20:54.0758 5452        amdsata        (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
19:20:54.0791 5452        amdsata - ok
19:20:54.0920 5452        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:20:54.0974 5452        amdsbs - ok
19:20:55.0037 5452        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
19:20:55.0061 5452        amdxata - ok
19:20:55.0103 5452        ApfiltrService  (baaa6516aec2622b8fba6165ff5d68c2) C:\Windows\system32\DRIVERS\Apfiltr.sys
19:20:55.0144 5452        ApfiltrService - ok
19:20:55.0249 5452        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
19:20:55.0298 5452        AppID - ok
19:20:55.0439 5452        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:20:55.0472 5452        arc - ok
19:20:55.0522 5452        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:20:55.0556 5452        arcsas - ok
19:20:55.0641 5452        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:20:55.0701 5452        AsyncMac - ok
19:20:55.0762 5452        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
19:20:55.0782 5452        atapi - ok
19:20:55.0904 5452        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:20:55.0962 5452        b06bdrv - ok
19:20:56.0019 5452        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:20:56.0081 5452        b57nd60x - ok
19:20:56.0172 5452        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:20:56.0208 5452        Beep - ok
19:20:56.0400 5452        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:20:56.0437 5452        blbdrive - ok
19:20:56.0523 5452        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
19:20:56.0562 5452        bowser - ok
19:20:56.0628 5452        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:20:56.0670 5452        BrFiltLo - ok
19:20:56.0746 5452        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:20:56.0786 5452        BrFiltUp - ok
19:20:56.0855 5452        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:20:56.0896 5452        Brserid - ok
19:20:56.0968 5452        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:20:57.0008 5452        BrSerWdm - ok
19:20:57.0053 5452        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:20:57.0079 5452        BrUsbMdm - ok
19:20:57.0101 5452        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:20:57.0126 5452        BrUsbSer - ok
19:20:57.0245 5452        BthEnum        (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
19:20:57.0298 5452        BthEnum - ok
19:20:57.0400 5452        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:20:57.0441 5452        BTHMODEM - ok
19:20:57.0506 5452        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
19:20:57.0533 5452        BthPan - ok
19:20:57.0646 5452        BTHPORT        (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
19:20:57.0677 5452        BTHPORT - ok
19:20:57.0810 5452        BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
19:20:57.0849 5452        BTHUSB - ok
19:20:57.0955 5452        btusbflt        (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
19:20:58.0005 5452        btusbflt - ok
19:20:58.0132 5452        btwaudio        (f8b4f60768328faa2ffe2727f66809f8) C:\Windows\system32\drivers\btwaudio.sys
19:20:58.0168 5452        btwaudio - ok
19:20:58.0234 5452        btwavdt        (fa7446dd38de84d4988d1f2ebb854589) C:\Windows\system32\DRIVERS\btwavdt.sys
19:20:58.0267 5452        btwavdt - ok
19:20:58.0359 5452        btwl2cap        (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
19:20:58.0381 5452        btwl2cap - ok
19:20:58.0507 5452        btwrchid        (d5862fbc1cbc0404614fd9d85c8d880e) C:\Windows\system32\DRIVERS\btwrchid.sys
19:20:58.0525 5452        btwrchid - ok
19:20:58.0623 5452        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:20:58.0676 5452        cdfs - ok
19:20:58.0750 5452        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
19:20:58.0776 5452        cdrom - ok
19:20:58.0866 5452        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:20:58.0900 5452        circlass - ok
19:20:58.0954 5452        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:20:58.0989 5452        CLFS - ok
19:20:59.0102 5452        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:20:59.0149 5452        CmBatt - ok
19:20:59.0210 5452        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
19:20:59.0231 5452        cmdide - ok
19:20:59.0336 5452        CNG            (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
19:20:59.0373 5452        CNG - ok
19:20:59.0501 5452        CnxtHdAudService (e7f65666aea26f7585e5947a2f5d5218) C:\Windows\system32\drivers\CHDRTN32.sys
19:20:59.0536 5452        CnxtHdAudService - ok
19:20:59.0603 5452        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:20:59.0624 5452        Compbatt - ok
19:20:59.0716 5452        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
19:20:59.0750 5452        CompositeBus - ok
19:20:59.0858 5452        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:20:59.0879 5452        crcdisk - ok
19:20:59.0988 5452        CSC            (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
19:21:00.0019 5452        CSC - ok
19:21:00.0123 5452        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
19:21:00.0178 5452        DfsC - ok
19:21:00.0261 5452        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:21:00.0306 5452        discache - ok
19:21:00.0429 5452        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:21:00.0464 5452        Disk - ok
19:21:00.0620 5452        DozeHDD        (6d279bb0de1d8e34f454e1b353f4d738) C:\Windows\system32\DRIVERS\DozeHDD.sys
19:21:00.0642 5452        DozeHDD - ok
19:21:00.0757 5452        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:21:00.0779 5452        drmkaud - ok
19:21:00.0908 5452        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
19:21:00.0945 5452        DXGKrnl - ok
19:21:01.0149 5452        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:21:01.0228 5452        ebdrv - ok
19:21:01.0380 5452        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:21:01.0411 5452        elxstor - ok
19:21:01.0479 5452        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
19:21:01.0502 5452        ErrDev - ok
19:21:01.0591 5452        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:21:01.0635 5452        exfat - ok
19:21:01.0690 5452        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:21:01.0730 5452        fastfat - ok
19:21:01.0830 5452        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:21:01.0871 5452        fdc - ok
19:21:01.0924 5452        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:21:01.0973 5452        FileInfo - ok
19:21:02.0061 5452        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:21:02.0107 5452        Filetrace - ok
19:21:02.0152 5452        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:21:02.0179 5452        flpydisk - ok
19:21:02.0263 5452        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:21:02.0293 5452        FltMgr - ok
19:21:02.0361 5452        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:21:02.0392 5452        FsDepends - ok
19:21:02.0468 5452        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
19:21:02.0491 5452        Fs_Rec - ok
19:21:02.0578 5452        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
19:21:02.0616 5452        fvevol - ok
19:21:02.0701 5452        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:21:02.0733 5452        gagp30kx - ok
19:21:02.0922 5452        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:21:02.0950 5452        hcw85cir - ok
19:21:03.0030 5452        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
19:21:03.0061 5452        HdAudAddService - ok
19:21:03.0160 5452        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
19:21:03.0186 5452        HDAudBus - ok
19:21:03.0282 5452        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:21:03.0347 5452        HidBatt - ok
19:21:03.0467 5452        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:21:03.0499 5452        HidBth - ok
19:21:03.0537 5452        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:21:03.0570 5452        HidIr - ok
19:21:03.0663 5452        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
19:21:03.0693 5452        HidUsb - ok
19:21:03.0813 5452        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
19:21:03.0845 5452        HpSAMD - ok
19:21:03.0992 5452        HSF_DPV        (7aca9dbad8be6831c29676986c56da82) C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:21:04.0033 5452        HSF_DPV - ok
19:21:04.0172 5452        HSXHWAZL        (16d32741f8e4725e76455b64edcc9cf1) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
19:21:04.0203 5452        HSXHWAZL - ok
19:21:04.0286 5452        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
19:21:04.0339 5452        HTTP - ok
19:21:04.0423 5452        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
19:21:04.0451 5452        hwpolicy - ok
19:21:04.0532 5452        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
19:21:04.0606 5452        i8042prt - ok
19:21:04.0713 5452        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
19:21:04.0750 5452        iaStorV - ok
19:21:04.0854 5452        IBMPMDRV        (bf648877413f6160e480814a24942b65) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
19:21:04.0878 5452        IBMPMDRV - ok
19:21:05.0075 5452        igfx            (1f50623259df354776df04c56504a2d7) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:21:05.0172 5452        igfx - ok
19:21:05.0291 5452        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:21:05.0320 5452        iirsp - ok
19:21:05.0389 5452        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
19:21:05.0411 5452        intelide - ok
19:21:05.0499 5452        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:21:05.0538 5452        intelppm - ok
19:21:05.0587 5452        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:21:05.0651 5452        IpFilterDriver - ok
19:21:05.0747 5452        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
19:21:05.0791 5452        IPMIDRV - ok
19:21:05.0893 5452        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:21:05.0934 5452        IPNAT - ok
19:21:05.0990 5452        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:21:06.0017 5452        IRENUM - ok
19:21:06.0093 5452        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
19:21:06.0123 5452        isapnp - ok
19:21:06.0188 5452        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
19:21:06.0215 5452        iScsiPrt - ok
19:21:06.0255 5452        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
19:21:06.0286 5452        kbdclass - ok
19:21:06.0383 5452        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
19:21:06.0414 5452        kbdhid - ok
19:21:06.0530 5452        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
19:21:06.0565 5452        KSecDD - ok
19:21:06.0607 5452        KSecPkg        (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
19:21:06.0657 5452        KSecPkg - ok
19:21:06.0798 5452        lenovo.smi      (9aac267a225f3caebb9e633f7eb16e4b) C:\Windows\system32\DRIVERS\smiif32.sys
19:21:06.0817 5452        lenovo.smi - ok
19:21:06.0908 5452        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:21:06.0956 5452        lltdio - ok
19:21:07.0063 5452        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:21:07.0100 5452        LSI_FC - ok
19:21:07.0212 5452        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:21:07.0248 5452        LSI_SAS - ok
19:21:07.0363 5452        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:21:07.0392 5452        LSI_SAS2 - ok
19:21:07.0500 5452        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:21:07.0539 5452        LSI_SCSI - ok
19:21:07.0652 5452        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:21:07.0708 5452        luafv - ok
19:21:07.0817 5452        mdmxsdk        (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:21:07.0839 5452        mdmxsdk - ok
19:21:07.0887 5452        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:21:07.0912 5452        megasas - ok
19:21:08.0015 5452        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:21:08.0042 5452        MegaSR - ok
19:21:08.0148 5452        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:21:08.0191 5452        Modem - ok
19:21:08.0291 5452        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:21:08.0321 5452        monitor - ok
19:21:08.0390 5452        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
19:21:08.0421 5452        mouclass - ok
19:21:08.0532 5452        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:21:08.0562 5452        mouhid - ok
19:21:08.0670 5452        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
19:21:08.0711 5452        mountmgr - ok
19:21:08.0802 5452        MpFilter        (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
19:21:08.0838 5452        MpFilter - ok
19:21:08.0919 5452        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
19:21:09.0006 5452        mpio - ok
19:21:09.0160 5452        MpKslcbc0b04b  (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D16D336-C2BD-4DD8-A3C7-45F383D425E6}\MpKslcbc0b04b.sys
19:21:09.0188 5452        MpKslcbc0b04b - ok
19:21:09.0332 5452        MpNWMon        (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
19:21:09.0360 5452        MpNWMon - ok
19:21:09.0460 5452        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:21:09.0511 5452        mpsdrv - ok
19:21:09.0628 5452        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
19:21:09.0660 5452        MRxDAV - ok
19:21:09.0736 5452        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:21:09.0765 5452        mrxsmb - ok
19:21:09.0820 5452        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:21:09.0850 5452        mrxsmb10 - ok
19:21:09.0953 5452        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:21:10.0000 5452        mrxsmb20 - ok
19:21:10.0063 5452        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
19:21:10.0085 5452        msahci - ok
19:21:10.0199 5452        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
19:21:10.0228 5452        msdsm - ok
19:21:10.0346 5452        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:21:10.0386 5452        Msfs - ok
19:21:10.0485 5452        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:21:10.0520 5452        mshidkmdf - ok
19:21:10.0640 5452        MSHUSBVideo    (29e0ec2a9dc4c7913657a51dfff97856) C:\Windows\system32\Drivers\nx6000.sys
19:21:10.0665 5452        MSHUSBVideo - ok
19:21:10.0778 5452        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
19:21:10.0797 5452        msisadrv - ok
19:21:10.0915 5452        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:21:10.0951 5452        MSKSSRV - ok
19:21:11.0089 5452        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:21:11.0124 5452        MSPCLOCK - ok
19:21:11.0243 5452        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:21:11.0279 5452        MSPQM - ok
19:21:11.0384 5452        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:21:11.0438 5452        MsRPC - ok
19:21:11.0533 5452        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
19:21:11.0561 5452        mssmbios - ok
19:21:11.0630 5452        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:21:11.0664 5452        MSTEE - ok
19:21:11.0692 5452        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:21:11.0716 5452        MTConfig - ok
19:21:11.0775 5452        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:21:11.0808 5452        Mup - ok
19:21:11.0885 5452        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:21:11.0917 5452        NativeWifiP - ok
19:21:12.0038 5452        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
19:21:12.0083 5452        NDIS - ok
19:21:12.0203 5452        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:21:12.0245 5452        NdisCap - ok
19:21:12.0365 5452        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:21:12.0410 5452        NdisTapi - ok
19:21:12.0538 5452        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
19:21:12.0584 5452        Ndisuio - ok
19:21:12.0698 5452        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
19:21:12.0736 5452        NdisWan - ok
19:21:12.0853 5452        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
19:21:12.0900 5452        NDProxy - ok
19:21:12.0977 5452        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:21:13.0023 5452        NetBIOS - ok
19:21:13.0117 5452        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
19:21:13.0185 5452        NetBT - ok
19:21:13.0415 5452        netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
19:21:13.0507 5452        netw5v32 - ok
19:21:13.0633 5452        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:21:13.0661 5452        nfrd960 - ok
19:21:13.0766 5452        NisDrv          (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:21:13.0801 5452        NisDrv - ok
19:21:13.0937 5452        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:21:13.0981 5452        Npfs - ok
19:21:14.0088 5452        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:21:14.0126 5452        nsiproxy - ok
19:21:14.0268 5452        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
19:21:14.0424 5452        Ntfs - ok
19:21:14.0543 5452        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:21:14.0577 5452        Null - ok
19:21:14.0686 5452        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
19:21:14.0729 5452        nvraid - ok
19:21:14.0836 5452        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
19:21:14.0880 5452        nvstor - ok
19:21:14.0978 5452        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
19:21:15.0006 5452        nv_agp - ok
19:21:15.0064 5452        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
19:21:15.0098 5452        ohci1394 - ok
19:21:15.0200 5452        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:21:15.0245 5452        Parport - ok
19:21:15.0360 5452        partmgr        (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
19:21:15.0394 5452        partmgr - ok
19:21:15.0492 5452        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:21:15.0515 5452        Parvdm - ok
19:21:15.0624 5452        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
19:21:15.0650 5452        pci - ok
19:21:15.0741 5452        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
19:21:15.0759 5452        pciide - ok
19:21:15.0821 5452        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:21:15.0848 5452        pcmcia - ok
19:21:15.0869 5452        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:21:15.0899 5452        pcw - ok
19:21:15.0989 5452        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:21:16.0037 5452        PEAUTH - ok
19:21:16.0237 5452        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:21:16.0293 5452        PptpMiniport - ok
19:21:16.0401 5452        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:21:16.0433 5452        Processor - ok
19:21:16.0544 5452        psadd          (72de205cd4006dc45b1401859c506679) C:\Windows\system32\DRIVERS\psadd.sys
19:21:16.0568 5452        psadd - ok
19:21:16.0636 5452        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:21:16.0692 5452        Psched - ok
19:21:16.0840 5452        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:21:16.0885 5452        ql2300 - ok
19:21:16.0998 5452        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:21:17.0041 5452        ql40xx - ok
19:21:17.0156 5452        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:21:17.0190 5452        QWAVEdrv - ok
19:21:17.0292 5452        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:21:17.0335 5452        RasAcd - ok
19:21:17.0440 5452        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:21:17.0488 5452        RasAgileVpn - ok
19:21:17.0566 5452        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:21:17.0622 5452        Rasl2tp - ok
19:21:17.0715 5452        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:21:17.0754 5452        RasPppoe - ok
19:21:17.0881 5452        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:21:17.0934 5452        RasSstp - ok
19:21:18.0049 5452        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
19:21:18.0094 5452        rdbss - ok
19:21:18.0149 5452        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:21:18.0177 5452        rdpbus - ok
19:21:18.0222 5452        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:21:18.0254 5452        RDPCDD - ok
19:21:18.0333 5452        RDPDR          (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
19:21:18.0366 5452        RDPDR - ok
19:21:18.0429 5452        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:21:18.0462 5452        RDPENCDD - ok
19:21:18.0535 5452        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:21:18.0568 5452        RDPREFMP - ok
19:21:18.0675 5452        RDPWD          (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
19:21:18.0740 5452        RDPWD - ok
19:21:18.0830 5452        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
19:21:18.0888 5452        rdyboost - ok
19:21:18.0974 5452        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
19:21:19.0003 5452        RFCOMM - ok
19:21:19.0082 5452        rimmptsk        (d65ac8797f0286ed269500747d6290a4) C:\Windows\system32\DRIVERS\rimmptsk.sys
19:21:19.0114 5452        rimmptsk - ok
19:21:19.0197 5452        rimsptsk        (49ec82b44eb93374ed9988da7e0e0151) C:\Windows\system32\DRIVERS\rimsptsk.sys
19:21:19.0228 5452        rimsptsk - ok
19:21:19.0279 5452        rismxdp        (3f400c3ccd0818858602ddb37b5de719) C:\Windows\system32\DRIVERS\rixdptsk.sys
19:21:19.0309 5452        rismxdp - ok
19:21:19.0416 5452        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:21:19.0469 5452        rspndr - ok
19:21:19.0571 5452        s1018bus        (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\Windows\system32\DRIVERS\s1018bus.sys
19:21:19.0611 5452        s1018bus - ok
19:21:19.0716 5452        s1018mdfl      (38f5ea219593f19b6b3a1b9c169e3b61) C:\Windows\system32\DRIVERS\s1018mdfl.sys
19:21:19.0736 5452        s1018mdfl - ok
19:21:19.0851 5452        s1018mdm        (666af6b64fc7df92d3ca4819ea91631d) C:\Windows\system32\DRIVERS\s1018mdm.sys
19:21:19.0896 5452        s1018mdm - ok
19:21:20.0009 5452        s1018mgmt      (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\Windows\system32\DRIVERS\s1018mgmt.sys
19:21:20.0086 5452        s1018mgmt ( UnsignedFile.Multi.Generic ) - warning
19:21:20.0087 5452        s1018mgmt - detected UnsignedFile.Multi.Generic (1)
19:21:20.0193 5452        s1018nd5        (3622d9ff2253dcbe885b10736609a4ca) C:\Windows\system32\DRIVERS\s1018nd5.sys
19:21:20.0214 5452        s1018nd5 - ok
19:21:20.0288 5452        s1018obex      (49431efda842b474531c29ffae9f5d09) C:\Windows\system32\DRIVERS\s1018obex.sys
19:21:20.0331 5452        s1018obex - ok
19:21:20.0414 5452        s1018unic      (ac6b514cb4474f4c867d7cdc9cd54f05) C:\Windows\system32\DRIVERS\s1018unic.sys
19:21:20.0458 5452        s1018unic - ok
19:21:20.0564 5452        s3cap          (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
19:21:20.0586 5452        s3cap - ok
19:21:20.0699 5452        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
19:21:20.0741 5452        sbp2port - ok
19:21:20.0900 5452        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
19:21:20.0939 5452        scfilter - ok
19:21:21.0005 5452        sdbus          (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
19:21:21.0034 5452        sdbus - ok
19:21:21.0129 5452        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:21:21.0169 5452        secdrv - ok
19:21:21.0283 5452        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:21:21.0309 5452        Serenum - ok
19:21:21.0415 5452        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:21:21.0473 5452        Serial - ok
19:21:21.0581 5452        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:21:21.0606 5452        sermouse - ok
19:21:21.0670 5452        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
19:21:21.0693 5452        sffdisk - ok
19:21:21.0717 5452        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
19:21:21.0741 5452        sffp_mmc - ok
19:21:21.0821 5452        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
19:21:21.0847 5452        sffp_sd - ok
19:21:21.0907 5452        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:21:21.0931 5452        sfloppy - ok
19:21:21.0979 5452        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
19:21:22.0010 5452        sisagp - ok
19:21:22.0121 5452        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:21:22.0151 5452        SiSRaid2 - ok
19:21:22.0255 5452        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:21:22.0288 5452        SiSRaid4 - ok
19:21:22.0408 5452        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:21:22.0464 5452        Smb - ok
19:21:22.0545 5452        smihlp          (3c4a61ccb2cf32ed6e09f559b4adb6cf) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
19:21:22.0568 5452        smihlp - ok
19:21:22.0697 5452        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:21:22.0719 5452        spldr - ok
19:21:22.0872 5452        sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
19:21:23.0565 5452        sptd - ok
19:21:23.0720 5452        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
19:21:23.0754 5452        srv - ok
19:21:23.0880 5452        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
19:21:23.0909 5452        srv2 - ok
19:21:23.0979 5452        SrvHsfHDA      (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:21:24.0011 5452        SrvHsfHDA - ok
19:21:24.0123 5452        SrvHsfV92      (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
19:21:24.0164 5452        SrvHsfV92 - ok
19:21:24.0302 5452        SrvHsfWinac    (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
19:21:24.0340 5452        SrvHsfWinac - ok
19:21:24.0440 5452        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
19:21:24.0469 5452        srvnet - ok
19:21:24.0546 5452        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:21:24.0568 5452        stexstor - ok
19:21:24.0657 5452        storflt        (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
19:21:24.0687 5452        storflt - ok
19:21:24.0794 5452        storvsc        (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
19:21:24.0819 5452        storvsc - ok
19:21:24.0904 5452        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
19:21:24.0924 5452        swenum - ok
19:21:25.0048 5452        Tcpip          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
19:21:25.0100 5452        Tcpip - ok
19:21:25.0259 5452        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
19:21:25.0309 5452        TCPIP6 - ok
19:21:25.0442 5452        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
19:21:25.0485 5452        tcpipreg - ok
19:21:25.0584 5452        TcUsb          (72b9e77565da5fa564581976e000d29b) C:\Windows\system32\Drivers\tcusb.sys
19:21:25.0614 5452        TcUsb - ok
19:21:25.0726 5452        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
19:21:25.0763 5452        TDPIPE - ok
19:21:25.0808 5452        TDTCP          (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
19:21:25.0860 5452        TDTCP - ok
19:21:25.0954 5452        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
19:21:26.0011 5452        tdx - ok
19:21:26.0115 5452        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
19:21:26.0151 5452        TermDD - ok
19:21:26.0310 5452        TPM            (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
19:21:26.0339 5452        TPM - ok
19:21:26.0465 5452        TPPWRIF        (c16ec6a5390904d3971179553852025b) C:\Windows\system32\drivers\Tppwr32v.sys
19:21:26.0483 5452        TPPWRIF - ok
19:21:26.0602 5452        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:21:26.0642 5452        tssecsrv - ok
19:21:26.0760 5452        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
19:21:26.0795 5452        TsUsbFlt - ok
19:21:26.0920 5452        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
19:21:26.0959 5452        tunnel - ok
19:21:27.0017 5452        TVTI2C          (cac5d5979850c9ad41a88033013bc806) C:\Windows\system32\DRIVERS\Tvti2c.sys
19:21:27.0042 5452        TVTI2C - ok
19:21:27.0074 5452        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:21:27.0109 5452        uagp35 - ok
19:21:27.0206 5452        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
19:21:27.0245 5452        udfs - ok
19:21:27.0332 5452        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
19:21:27.0366 5452        uliagpkx - ok
19:21:27.0396 5452        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
19:21:27.0429 5452        umbus - ok
19:21:27.0494 5452        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:21:27.0516 5452        UmPass - ok
19:21:27.0585 5452        usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
19:21:27.0629 5452        usbaudio - ok
19:21:27.0685 5452        usbbus          (5353218b3265e3b8190335059f697a11) C:\Windows\system32\DRIVERS\lgusbbus.sys
19:21:27.0706 5452        usbbus - ok
19:21:27.0774 5452        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
19:21:27.0814 5452        usbccgp - ok
19:21:27.0881 5452        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
19:21:27.0906 5452        usbcir - ok
19:21:27.0961 5452        UsbDiag        (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\Windows\system32\DRIVERS\lgusbdiag.sys
19:21:27.0983 5452        UsbDiag - ok
19:21:28.0057 5452        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
19:21:28.0090 5452        usbehci - ok
19:21:28.0144 5452        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
19:21:28.0175 5452        usbhub - ok
19:21:28.0275 5452        USBModem        (083031a78822eccbd7510bccd3e20d4c) C:\Windows\system32\DRIVERS\lgusbmodem.sys
19:21:28.0300 5452        USBModem - ok
19:21:28.0364 5452        usbohci        (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
19:21:28.0390 5452        usbohci - ok
19:21:28.0412 5452        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:21:28.0441 5452        usbprint - ok
19:21:28.0562 5452        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
19:21:28.0597 5452        usbscan - ok
19:21:28.0699 5452        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:21:28.0742 5452        USBSTOR - ok
19:21:28.0838 5452        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
19:21:28.0865 5452        usbuhci - ok
19:21:28.0940 5452        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
19:21:28.0972 5452        usbvideo - ok
19:21:29.0056 5452        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
19:21:29.0081 5452        vdrvroot - ok
19:21:29.0152 5452        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:21:29.0180 5452        vga - ok
19:21:29.0207 5452        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:21:29.0247 5452        VgaSave - ok
19:21:29.0319 5452        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
19:21:29.0346 5452        vhdmp - ok
19:21:29.0462 5452        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
19:21:29.0494 5452        viaagp - ok
19:21:29.0561 5452        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:21:29.0594 5452        ViaC7 - ok
19:21:29.0666 5452        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
19:21:29.0725 5452        viaide - ok
19:21:29.0803 5452        vmbus          (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
19:21:29.0849 5452        vmbus - ok
19:21:29.0938 5452        VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
19:21:29.0962 5452        VMBusHID - ok
19:21:30.0050 5452        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
19:21:30.0082 5452        volmgr - ok
19:21:30.0151 5452        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:21:30.0178 5452        volmgrx - ok
19:21:30.0220 5452        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
19:21:30.0248 5452        volsnap - ok
19:21:30.0344 5452        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:21:30.0390 5452        vsmraid - ok
19:21:30.0439 5452        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
19:21:30.0468 5452        vwifibus - ok
19:21:30.0505 5452        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:21:30.0531 5452        WacomPen - ok
19:21:30.0643 5452        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:21:30.0696 5452        WANARP - ok
19:21:30.0700 5452        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:21:30.0755 5452        Wanarpv6 - ok
19:21:30.0885 5452        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:21:30.0906 5452        Wd - ok
19:21:30.0959 5452        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:21:30.0991 5452        Wdf01000 - ok
19:21:31.0091 5452        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:21:31.0127 5452        WfpLwf - ok
19:21:31.0161 5452        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:21:31.0183 5452        WIMMount - ok
19:21:31.0225 5452        winachsf        (65445280effba80c73de3c8578b70974) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:21:31.0260 5452        winachsf - ok
19:21:31.0404 5452        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys
19:21:31.0454 5452        WinUsb - ok
19:21:31.0581 5452        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
19:21:31.0606 5452        WmiAcpi - ok
19:21:31.0765 5452        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:21:31.0803 5452        ws2ifsl - ok
19:21:31.0884 5452        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
19:21:31.0941 5452        WudfPf - ok
19:21:32.0045 5452        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:21:32.0084 5452        WUDFRd - ok
19:21:32.0197 5452        XAudio          (7e46367b80600d04dd83f41ef1c860df) C:\Windows\system32\DRIVERS\xaudio.sys
19:21:32.0217 5452        XAudio - ok
19:21:32.0335 5452        MBR (0x1B8)    (e77f725e68ee1df1d03146569de28e1d) \Device\Harddisk0\DR0
19:21:32.0450 5452        \Device\Harddisk0\DR0 - ok
19:21:32.0454 5452        Boot (0x1200)  (37db130c8f2d66142b39400eb0767ea8) \Device\Harddisk0\DR0\Partition0
19:21:32.0455 5452        \Device\Harddisk0\DR0\Partition0 - ok
19:21:32.0456 5452        ============================================================
19:21:32.0456 5452        Scan finished
19:21:32.0456 5452        ============================================================
19:21:32.0466 4740        Detected object count: 1
19:21:32.0466 4740        Actual detected object count: 1
19:21:39.0611 4740        s1018mgmt ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:39.0611 4740        s1018mgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
Gruß, Max

cosinus 08.03.2012 20:10
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

MaxiMax 09.03.2012 08:28
Guten Morgen,

hier das Combofix Log.

Code:
ComboFix 12-03-08.04 - DerMax 09.03.2012  1:44.1.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.2038.1177 [GMT 1:00]
ausgeführt von:: c:\users\DerMax\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\DerMax\AppData\Local\lame_enc.dll
c:\users\DerMax\AppData\Local\no23xwrapper.dll
c:\users\DerMax\AppData\Local\ogg.dll
c:\users\DerMax\AppData\Local\vorbis.dll
c:\users\DerMax\AppData\Local\vorbisenc.dll
c:\users\DerMax\AppData\Local\vorbisfile.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-09 bis 2012-03-09  ))))))))))))))))))))))))))))))
.
.
2012-03-09 00:36 . 2012-02-08 06:03        6552120        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8DB8D718-2CB5-426E-A453-0A4C90841843}\mpengine.dll
2012-03-08 18:08 . 2012-03-08 18:08        --------        d-----w-        c:\program files\PriceGong
2012-03-07 20:24 . 2010-09-07 13:09        13680        ----a-w-        c:\windows\system32\drivers\smiif32.sys
2012-03-07 20:23 . 2012-03-07 20:23        --------        d-----w-        c:\program files\Common Files\SPBA
2012-03-07 15:40 . 2012-03-07 15:40        --------        d-----w-        C:\_OTL
2012-03-07 07:26 . 2012-03-07 07:26        --------        d-----w-        c:\program files\ESET
2012-03-06 22:20 . 2012-03-06 22:20        --------        d-----w-        c:\windows\Sun
2012-03-05 12:52 . 2012-03-05 12:52        --------        d-----w-        c:\users\DerMax\AppData\Roaming\Malwarebytes
2012-03-05 12:52 . 2012-03-05 12:52        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-03-05 12:52 . 2012-03-05 12:52        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-05 12:52 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-04 23:38 . 2012-03-04 23:39        --------        d-----w-        c:\users\DerMax\AppData\Roaming\kodak
2012-02-15 07:39 . 2011-12-30 05:27        478720        ----a-w-        c:\windows\system32\timedate.cpl
2012-02-15 07:39 . 2011-12-16 07:52        690688        ----a-w-        c:\windows\system32\msvcrt.dll
2012-02-15 07:39 . 2012-01-04 08:58        442880        ----a-w-        c:\windows\system32\ntshrui.dll
2012-02-15 07:39 . 2012-01-14 03:35        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-02-10 12:07 . 2012-02-10 12:07        713784        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{642CADAF-A371-49C3-B939-A6ABDB1A11A1}\gapaengine.dll
2012-02-09 18:15 . 2007-08-21 12:32        98304        ----a-w-        c:\windows\system32\redmonnt.dll
2012-02-09 17:28 . 1998-09-14 15:41        285216        ----a-w-        c:\windows\system32\drivers\Onsio.sys
2012-02-09 17:28 . 1998-08-01 19:00        60928        ----a-w-        c:\windows\system32\drivers\Smplscsi.sys
2012-02-09 17:28 . 1997-02-14 20:10        7680        ----a-w-        c:\windows\system32\drivers\Onsreged.sys
2012-02-09 17:28 . 2012-02-09 17:28        --------        d-----w-        C:\Kpcms
2012-02-09 17:28 . 2012-02-09 17:29        --------        d-----w-        c:\program files\ScanWizard 5
2012-02-09 17:28 . 2000-01-04 05:39        212992        ----a-w-        c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-05 21:20 . 2012-03-05 21:20        89570        ----a-w-        c:\windows\system32\hkcmd.zip
2012-02-21 19:01 . 2011-05-22 11:40        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-08 06:03 . 2009-11-22 00:18        6552120        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2009-11-20 23:46        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-01-23 02:06 . 2011-06-26 13:00        527424        ------w-        c:\windows\PWMBTHLV.EXE
2012-01-23 02:06 . 2011-06-26 12:59        834624        ------w-        c:\windows\system32\PWMCP32V.cpl
2012-01-23 02:06 . 2011-06-26 12:59        25968        ------w-        c:\windows\system32\drivers\DOZEHDD.SYS
2012-01-23 02:06 . 2011-06-26 12:59        13424        ------w-        c:\windows\system32\drivers\TPPWR32V.SYS
2012-02-19 13:03 . 2011-03-23 17:43        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2012-01-23 1322048]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-12-02 176128]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 55624]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-8-5 804128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2011-07-14 15:48        100680        ----a-w-        c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk
backup=c:\windows\pss\Scanner Finder.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07        843712        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51        37296        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2009-12-02 23:19        176128        ----a-w-        c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22        59240        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57        369200        ----a-w-        c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45        1164584        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-08-07 01:15        141848        ----a-w-        c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LENOVO.TPFNF6R]
2009-08-20 17:38        62752        ----a-w-        c:\program files\Lenovo\HOTKEY\tpfnf6r.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2009-07-24 23:05        118640        ----a-w-        c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-08-07 01:15        150552        ----a-w-        c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2011-07-14 14:46        55624        ----a-w-        c:\program files\ThinkVantage Fingerprint Software\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWMTRV]
2012-01-23 02:06        1322048        ----a-w-        c:\progra~2\ThinkPad\UTILIT~1\PWMTR32V.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17        1174016        ----a-w-        c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06        254696        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
2011-07-12 17:03        69568        ----a-w-        c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2011-08-05 10:29        159456        ----a-w-        c:\program files\Zune\ZuneLauncher.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 136176]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2012-01-23 292200]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2009-07-24 30560]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2012-01-23 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2012-01-23 175168]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1343400]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 268512]
R4 ApRunSvc;Alps Application Launcher Service;c:\program files\Apoint2K\ApRunSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-07 691696]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2012-01-23 25968]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 127336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-30 11976]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 131432]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-08-18 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-08-18 29472]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 17:46]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 17:46]
.
2012-02-21 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2012-03-09 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\DerMax\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\DerMax\AppData\Roaming\Mozilla\Firefox\Profiles\foct8zfa.default\
FF - prefs.js: browser.startup.homepage - chrome://superstart/content/index.html
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-HotKeysCmds - c:\windows\system32\hkcmd.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2325422704-4038905648-3740114079-1000\Software\SecuROM\License information*]
"datasecu"=hex:1d,25,3b,fc,50,3b,69,fa,45,b4,db,74,45,ca,8f,ad,f3,f8,95,68,3b,
  4a,02,2d,a5,18,2a,06,7b,80,91,67,9c,6a,79,9e,f7,45,89,0e,bb,bf,9a,65,13,71,\
"rkeysecu"=hex:a5,b5,4e,17,2f,f7,20,15,19,d7,f0,9b,e5,97,83,a8
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(568)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'Explorer.exe'(3884)
c:\program files\PC-Doctor\PcdToolbar584923.dll
c:\program files\ThinkPad\Utilities\PWMTR32V.DLL
c:\progra~2\ThinkPad\UTILIT~1\GR\PWMRT32V.DLL
c:\progra~2\ThinkPad\UTILIT~1\PWMIF32V.DLL
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\WUDFHost.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~2\LENOVO\VIRTSCRL\virtscrl.exe
c:\windows\system32\taskhost.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-09  08:22:44 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-09 07:22
.
Vor Suchlauf: 17 Verzeichnis(se), 63.405.760.512 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 62.671.544.320 Bytes frei
.
- - End Of File - - 078D2527C8609BD52BB3994B1748857D

cosinus 09.03.2012 09:49
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Folder::
c:\program files\PriceGong
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

MaxiMax 09.03.2012 10:44
Bitteschön, das Combofix Log

Code:
ComboFix 12-03-08.04 - DerMax 09.03.2012  10:09:44.2.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.2038.1281 [GMT 1:00]
ausgeführt von:: c:\users\DerMax\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\DerMax\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\PriceGong
c:\program files\PriceGong\2.6.3\PriceGong.crx
c:\program files\PriceGong\2.6.3\PriceGongIE.dll
c:\program files\PriceGong\uninst.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-09 bis 2012-03-09  ))))))))))))))))))))))))))))))
.
.
2012-03-09 09:24 . 2012-03-09 09:24        --------        d-----w-        c:\users\DerMax\AppData\Local\temp
2012-03-09 09:24 . 2012-03-09 09:24        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-03-09 07:25 . 2012-02-08 06:03        6552120        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D5D452A-77F7-49B8-B954-36D572972C80}\mpengine.dll
2012-03-07 20:24 . 2010-09-07 13:09        13680        ----a-w-        c:\windows\system32\drivers\smiif32.sys
2012-03-07 20:23 . 2012-03-07 20:23        --------        d-----w-        c:\program files\Common Files\SPBA
2012-03-07 15:40 . 2012-03-07 15:40        --------        d-----w-        C:\_OTL
2012-03-07 07:26 . 2012-03-07 07:26        --------        d-----w-        c:\program files\ESET
2012-03-06 22:20 . 2012-03-06 22:20        --------        d-----w-        c:\windows\Sun
2012-03-05 12:52 . 2012-03-05 12:52        --------        d-----w-        c:\users\DerMax\AppData\Roaming\Malwarebytes
2012-03-05 12:52 . 2012-03-05 12:52        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-03-05 12:52 . 2012-03-05 12:52        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-05 12:52 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-04 23:38 . 2012-03-04 23:39        --------        d-----w-        c:\users\DerMax\AppData\Roaming\kodak
2012-02-15 07:39 . 2011-12-30 05:27        478720        ----a-w-        c:\windows\system32\timedate.cpl
2012-02-15 07:39 . 2011-12-16 07:52        690688        ----a-w-        c:\windows\system32\msvcrt.dll
2012-02-15 07:39 . 2012-01-04 08:58        442880        ----a-w-        c:\windows\system32\ntshrui.dll
2012-02-15 07:39 . 2012-01-14 03:35        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-02-10 12:07 . 2012-02-10 12:07        713784        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{642CADAF-A371-49C3-B939-A6ABDB1A11A1}\gapaengine.dll
2012-02-09 18:15 . 2007-08-21 12:32        98304        ----a-w-        c:\windows\system32\redmonnt.dll
2012-02-09 17:28 . 1998-09-14 15:41        285216        ----a-w-        c:\windows\system32\drivers\Onsio.sys
2012-02-09 17:28 . 1998-08-01 19:00        60928        ----a-w-        c:\windows\system32\drivers\Smplscsi.sys
2012-02-09 17:28 . 1997-02-14 20:10        7680        ----a-w-        c:\windows\system32\drivers\Onsreged.sys
2012-02-09 17:28 . 2012-02-09 17:28        --------        d-----w-        C:\Kpcms
2012-02-09 17:28 . 2012-02-09 17:29        --------        d-----w-        c:\program files\ScanWizard 5
2012-02-09 17:28 . 2000-01-04 05:39        212992        ----a-w-        c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-05 21:20 . 2012-03-05 21:20        89570        ----a-w-        c:\windows\system32\hkcmd.zip
2012-02-21 19:01 . 2011-05-22 11:40        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-08 06:03 . 2009-11-22 00:18        6552120        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2009-11-20 23:46        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-01-23 02:06 . 2011-06-26 13:00        527424        ------w-        c:\windows\PWMBTHLV.EXE
2012-01-23 02:06 . 2011-06-26 12:59        834624        ------w-        c:\windows\system32\PWMCP32V.cpl
2012-01-23 02:06 . 2011-06-26 12:59        25968        ------w-        c:\windows\system32\drivers\DOZEHDD.SYS
2012-01-23 02:06 . 2011-06-26 12:59        13424        ------w-        c:\windows\system32\drivers\TPPWR32V.SYS
2012-02-19 13:03 . 2011-03-23 17:43        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2012-01-23 1322048]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-12-02 176128]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 55624]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-8-5 804128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2011-07-14 15:48        100680        ----a-w-        c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk
backup=c:\windows\pss\Scanner Finder.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07        843712        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51        37296        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2009-12-02 23:19        176128        ----a-w-        c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22        59240        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57        369200        ----a-w-        c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45        1164584        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-08-07 01:15        141848        ----a-w-        c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LENOVO.TPFNF6R]
2009-08-20 17:38        62752        ----a-w-        c:\program files\Lenovo\HOTKEY\tpfnf6r.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2009-07-24 23:05        118640        ----a-w-        c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-08-07 01:15        150552        ----a-w-        c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2011-07-14 14:46        55624        ----a-w-        c:\program files\ThinkVantage Fingerprint Software\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWMTRV]
2012-01-23 02:06        1322048        ----a-w-        c:\progra~2\ThinkPad\UTILIT~1\PWMTR32V.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17        1174016        ----a-w-        c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06        254696        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
2011-07-12 17:03        69568        ----a-w-        c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2011-08-05 10:29        159456        ----a-w-        c:\program files\Zune\ZuneLauncher.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 136176]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 136176]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2009-07-24 30560]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2012-01-23 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2012-01-23 175168]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1343400]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 268512]
R4 ApRunSvc;Alps Application Launcher Service;c:\program files\Apoint2K\ApRunSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-07 691696]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2012-01-23 25968]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 127336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-30 11976]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 131432]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-08-18 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-08-18 29472]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2012-01-23 292200]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 17:46]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 17:46]
.
2012-02-21 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2012-03-09 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\DerMax\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\DerMax\AppData\Roaming\Mozilla\Firefox\Profiles\foct8zfa.default\
FF - prefs.js: browser.startup.homepage - chrome://superstart/content/index.html
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-PriceGong - c:\program files\PriceGong\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2325422704-4038905648-3740114079-1000\Software\SecuROM\License information*]
"datasecu"=hex:1d,25,3b,fc,50,3b,69,fa,45,b4,db,74,45,ca,8f,ad,f3,f8,95,68,3b,
  4a,02,2d,a5,18,2a,06,7b,80,91,67,9c,6a,79,9e,f7,45,89,0e,bb,bf,9a,65,13,71,\
"rkeysecu"=hex:a5,b5,4e,17,2f,f7,20,15,19,d7,f0,9b,e5,97,83,a8
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(568)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
Zeit der Fertigstellung: 2012-03-09  10:25:46
ComboFix-quarantined-files.txt  2012-03-09 09:25
ComboFix2.txt  2012-03-09 07:22
.
Vor Suchlauf: 21 Verzeichnis(se), 62.728.560.640 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 62.672.936.960 Bytes frei
.
- - End Of File - - 2AE03A6A83E28C62447BE5D2CB5C5BF2

cosinus 09.03.2012 11:30
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

MaxiMax 09.03.2012 14:02
Also, hier schonmal die Logs von Gmer und Osam. Das aswMBR ist irgendwann hängengeblieben. Ich werde das heute Abend nochmal laufen lassen und dir dann das Log schicken. Muss jetzt los.

Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-09 12:43:15
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 HITACHI_HTS542516K9SA00 rev.BBCZC3HP
Running: t3pf7xqy.exe; Driver: C:\Users\DerMax\AppData\Local\Temp\fwlcipow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKey + 13D1                                                                                      82C5D369 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82C96D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\System32\rundll32.exe[3352] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]              [7562FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3352] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                [7562FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]              [7562FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3352] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]            [7562FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]              [7562FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3924] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                [7562FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]              [7562FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3924] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]            [7562FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3924] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]              [7562FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000057                                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe1ee809c                                       
Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe1ee809c@6c0e0d3d04e0                            0x31 0x06 0x1E 0x95 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe1ee809c@f8db7fcdec04                            0xCD 0x0E 0x3F 0x28 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                0xD4 0xC3 0x97 0x02 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x80 0x00 0x43 0xC0 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0x14 0x7B 0x0D 0xE8 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x7D 0x65 0xF3 0xCF ...
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe1ee809c (not active ControlSet)                   
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe1ee809c@6c0e0d3d04e0                                0x31 0x06 0x1E 0x95 ...
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe1ee809c@f8db7fcdec04                                0xCD 0x0E 0x3F 0x28 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                    0xD4 0xC3 0x97 0x02 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x80 0x00 0x43 0xC0 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0x14 0x7B 0x0D 0xE8 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x7D 0x65 0xF3 0xCF ...

---- EOF - GMER 1.0.15 ----

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:51:14 on 09.03.2012

OS: Windows 7  Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 10.0.2

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"PCDoctorBackgroundMonitorTask.job" - "PC-Doctor, Inc." - C:\Program Files\PC-Doctor\uaclauncher.exe
"SystemToolsDailyTest.job" - "PC-Doctor, Inc." - C:\Program Files\PC-Doctor\uaclauncher.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"PWMCP32V.cpl" - "Lenovo Group Limited" - C:\Windows\system32\PWMCP32V.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\Users\DerMax\AppData\Local\Temp\catchme.sys  (File not found)
"DozeHDD" (DozeHDD) - "Lenovo." - C:\Windows\System32\DRIVERS\DozeHDD.sys
"fwlcipow" (fwlcipow) - ? - C:\Users\DerMax\AppData\Local\Temp\fwlcipow.sys  (Hidden registry entry, rootkit activity | File not found)
"Sony Ericsson Device 1018 driver (WDM)" (s1018bus) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1018bus.sys
"Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)" (s1018nd5) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1018nd5.sys
"Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)" (s1018unic) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1018unic.sys
"Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)" (s1018mgmt) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1018mgmt.sys
"Sony Ericsson Device 1018 USB WMC Modem Driver" (s1018mdm) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1018mdm.sys
"Sony Ericsson Device 1018 USB WMC Modem Filter" (s1018mdfl) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1018mdfl.sys
"Sony Ericsson Device 1018 USB WMC OBEX Interface" (s1018obex) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1018obex.sys
"TC USB Kernel Driver" (TcUsb) - "UPEK Inc." - C:\Windows\System32\Drivers\tcusb.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - ? - C:\Windows\system32\wuaucpl.cpl  (File not found)
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - c:\PROGRA~2\MICROS~4\shellext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\ThinkPad\Bluetooth Software\btncopy.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.69 Context Menu Shell Extension" - ? -  (File not found | COM-object registry key not found)
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.69 Context Menu Shell Extension" - ? -  (File not found | COM-object registry key not found)
{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.69 DragDrop Shell Extension" - ? -  (File not found | COM-object registry key not found)
{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.69 Property Sheet Shell Extension" - ? -  (File not found | COM-object registry key not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -  (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Notification packages" - "Authentec Inc." - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"MSC" - "Microsoft Corporation" - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"PSQLLauncher" - "Authentec Inc." - "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
"PWMTRV" - "Lenovo Group Limited" - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
"Anzeige am Bildschirm" (TPHKSVC) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
"Cisco EnergyWise Enabler" (PwmEWSvc) - "Lenovo Group Limited" - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Lenovo Auto Scroll" (Lenovo.VIRTSCRLSVC) - "Lenovo Group Limited" - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
"Lenovo Doze Mode Service" (DozeSvc) - "Lenovo." - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
"Lenovo Hotkey Client Loader" (TPHKLOAD) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
"Lenovo Microphone Mute" (LENOVO.MICMUTE) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
"MSCamSvc" (MSCamSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft LifeCam\MSCamS32.exe
"Power Manager DBC Service" (Power Manager DBC Service) - "Lenovo" - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
"Zune Network Sharing Service" (ZuneNetworkSvc) - "Microsoft Corporation" - c:\Program Files\Zune\ZuneNss.exe
"Zune Windows Mobile Connectivity Service" (WMZuneComm) - "Microsoft Corporation" - c:\Program Files\Zune\WMZuneComm.exe
"Zune Wireless Configuration Service" (ZuneWlanCfgSvc) - "Microsoft Corporation" - c:\Program Files\Zune\ZuneWlanCfgSvc.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"psfus" - "Authentec Inc." - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Bestens, Max

cosinus 09.03.2012 14:05
Starte aswMBR neu, stell unten links auf (none) und klick dann nochmal auf Scan

MaxiMax 09.03.2012 23:52
So, dieses mal hats geklappt. Hier das Log.

Code:
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-09 21:43:47
-----------------------------
21:43:47.220    OS Version: Windows 6.1.7601 Service Pack 1
21:43:47.220    Number of processors: 2 586 0x1706
21:43:47.220    ComputerName: MEANMACHINE  UserName: DerMax
21:43:48.093    Initialize success
21:43:51.806    AVAST engine defs: 12030801
21:43:57.812    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
21:43:57.828    Disk 0 Vendor: HITACHI_HTS542516K9SA00 BBCZC3HP Size: 152627MB BusType: 11
21:43:57.999    Disk 0 MBR read successfully
21:43:58.015    Disk 0 MBR scan
21:43:58.015    Disk 0 unknown MBR code
21:43:58.077    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      146910 MB offset 63
21:43:58.140    Disk 0 Partition 2 00    12  Compaq diag MSDOS5.0    5714 MB offset 300872880
21:43:58.264    Disk 0 scanning sectors +312575760
21:43:58.639    Disk 0 scanning C:\Windows\system32\drivers
21:45:39.805    Service scanning
21:45:51.380    Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
21:46:09.695    Modules scanning
21:48:36.428    Disk 0 trace - called modules:
21:48:37.006    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
21:48:37.006    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a81260]
21:48:37.006    3 CLASSPNP.SYS[8907259e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x859a2030]
21:48:37.021    Scan finished successfully
23:47:54.205    Disk 0 MBR has been saved successfully to "C:\Users\DerMax\Desktop\MBR.dat"
23:47:54.205    The log file has been saved successfully to "C:\Users\DerMax\Desktop\aswMBR.txt"

cosinus 10.03.2012 16:31
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

MaxiMax 10.03.2012 22:55
Hallo Arne,
hat geklappt, ohne Dateiverluste. Hier das Log.

Code:
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-09 21:43:47
-----------------------------
21:43:47.220    OS Version: Windows 6.1.7601 Service Pack 1
21:43:47.220    Number of processors: 2 586 0x1706
21:43:47.220    ComputerName: MEANMACHINE  UserName: DerMax
21:43:48.093    Initialize success
21:43:51.806    AVAST engine defs: 12030801
21:43:57.812    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
21:43:57.828    Disk 0 Vendor: HITACHI_HTS542516K9SA00 BBCZC3HP Size: 152627MB BusType: 11
21:43:57.999    Disk 0 MBR read successfully
21:43:58.015    Disk 0 MBR scan
21:43:58.015    Disk 0 unknown MBR code
21:43:58.077    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      146910 MB offset 63
21:43:58.140    Disk 0 Partition 2 00    12  Compaq diag MSDOS5.0    5714 MB offset 300872880
21:43:58.264    Disk 0 scanning sectors +312575760
21:43:58.639    Disk 0 scanning C:\Windows\system32\drivers
21:45:39.805    Service scanning
21:45:51.380    Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
21:46:09.695    Modules scanning
21:48:36.428    Disk 0 trace - called modules:
21:48:37.006    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
21:48:37.006    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a81260]
21:48:37.006    3 CLASSPNP.SYS[8907259e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x859a2030]
21:48:37.021    Scan finished successfully
23:47:54.205    Disk 0 MBR has been saved successfully to "C:\Users\DerMax\Desktop\MBR.dat"
23:47:54.205    The log file has been saved successfully to "C:\Users\DerMax\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-10 22:50:16
-----------------------------
22:50:16.141    OS Version: Windows 6.1.7601 Service Pack 1
22:50:16.141    Number of processors: 2 586 0x1706
22:50:16.141    ComputerName: MEANMACHINE  UserName: DerMax
22:50:42.770    Initialize success
22:50:49.650    AVAST engine defs: 12031002
22:51:04.594    The log file has been saved successfully to "C:\Users\DerMax\Desktop\aswMBR.txt"

cosinus 12.03.2012 14:59
Das ist was schiefgegangen. Mach das Log mit aswMBR bitte nochmal neu

MaxiMax 12.03.2012 16:43
Hallo Arne,
was meinst du denn genau mit Log neu machen? Nochmal scannen? Vielleicht hab ich dich da einfach falsch verstanden?!
Gruß, Max

cosinus 12.03.2012 16:46
Ja mit aswMBR ein neues Log machen!

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

MaxiMax 12.03.2012 20:34
Alles klar, hier das Log

Code:
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-09 21:43:47
-----------------------------
21:43:47.220    OS Version: Windows 6.1.7601 Service Pack 1
21:43:47.220    Number of processors: 2 586 0x1706
21:43:47.220    ComputerName: MEANMACHINE  UserName: DerMax
21:43:48.093    Initialize success
21:43:51.806    AVAST engine defs: 12030801
21:43:57.812    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
21:43:57.828    Disk 0 Vendor: HITACHI_HTS542516K9SA00 BBCZC3HP Size: 152627MB BusType: 11
21:43:57.999    Disk 0 MBR read successfully
21:43:58.015    Disk 0 MBR scan
21:43:58.015    Disk 0 unknown MBR code
21:43:58.077    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      146910 MB offset 63
21:43:58.140    Disk 0 Partition 2 00    12  Compaq diag MSDOS5.0    5714 MB offset 300872880
21:43:58.264    Disk 0 scanning sectors +312575760
21:43:58.639    Disk 0 scanning C:\Windows\system32\drivers
21:45:39.805    Service scanning
21:45:51.380    Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
21:46:09.695    Modules scanning
21:48:36.428    Disk 0 trace - called modules:
21:48:37.006    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
21:48:37.006    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a81260]
21:48:37.006    3 CLASSPNP.SYS[8907259e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x859a2030]
21:48:37.021    Scan finished successfully
23:47:54.205    Disk 0 MBR has been saved successfully to "C:\Users\DerMax\Desktop\MBR.dat"
23:47:54.205    The log file has been saved successfully to "C:\Users\DerMax\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-10 22:50:16
-----------------------------
22:50:16.141    OS Version: Windows 6.1.7601 Service Pack 1
22:50:16.141    Number of processors: 2 586 0x1706
22:50:16.141    ComputerName: MEANMACHINE  UserName: DerMax
22:50:42.770    Initialize success
22:50:49.650    AVAST engine defs: 12031002
22:51:04.594    The log file has been saved successfully to "C:\Users\DerMax\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-12 19:46:07
-----------------------------
19:46:07.216    OS Version: Windows 6.1.7601 Service Pack 1
19:46:07.216    Number of processors: 2 586 0x1706
19:46:07.216    ComputerName: MEANMACHINE  UserName: DerMax
19:46:08.979    Initialize success
19:49:59.388    AVAST engine defs: 12031200
20:07:49.176    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
20:07:49.191    Disk 0 Vendor: HITACHI_HTS542516K9SA00 BBCZC3HP Size: 152627MB BusType: 11
20:07:49.207    Disk 0 MBR read successfully
20:07:49.207    Disk 0 MBR scan
20:07:49.207    Disk 0 Windows 7 default MBR code
20:07:49.207    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      146910 MB offset 63
20:07:49.238    Disk 0 Partition 2 00    12  Compaq diag MSDOS5.0    5714 MB offset 300872880
20:07:49.254    Disk 0 scanning sectors +312575760
20:07:49.301    Disk 0 scanning C:\Windows\system32\drivers
20:08:00.439    Service scanning
20:08:12.155    Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
20:08:31.109    Modules scanning
20:08:44.228    Disk 0 trace - called modules:
20:08:44.759    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
20:08:44.759    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a852f0]
20:08:44.774    3 CLASSPNP.SYS[88bd359e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x859a2908]
20:08:44.774    Scan finished successfully
20:09:20.530    Disk 0 MBR has been saved successfully to "C:\Users\DerMax\Desktop\MBR.dat"
20:09:20.545    The log file has been saved successfully to "C:\Users\DerMax\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-12 20:12:40
-----------------------------
20:12:40.562    OS Version: Windows 6.1.7601 Service Pack 1
20:12:40.562    Number of processors: 2 586 0x1706
20:12:40.577    ComputerName: MEANMACHINE  UserName: DerMax
20:12:41.139    Initialize success
20:12:44.867    AVAST engine defs: 12031200
20:12:52.948    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
20:12:52.948    Disk 0 Vendor: HITACHI_HTS542516K9SA00 BBCZC3HP Size: 152627MB BusType: 11
20:12:52.979    Disk 0 MBR read successfully
20:12:52.979    Disk 0 MBR scan
20:12:52.979    Disk 0 Windows 7 default MBR code
20:12:52.979    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      146910 MB offset 63
20:12:53.011    Disk 0 Partition 2 00    12  Compaq diag MSDOS5.0    5714 MB offset 300872880
20:12:53.026    Disk 0 scanning sectors +312575760
20:12:53.042    Disk 0 scanning C:\Windows\system32\drivers
20:13:04.695    Service scanning
20:13:16.130    Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
20:13:34.678    Modules scanning
20:13:47.501    Disk 0 trace - called modules:
20:13:48.047    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
20:13:48.063    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a852f0]
20:13:48.063    3 CLASSPNP.SYS[88bd359e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x859a2908]
20:13:48.656    AVAST engine scan C:\Windows
20:13:51.074    AVAST engine scan C:\Windows\system32
20:16:41.067    AVAST engine scan C:\Windows\system32\drivers
20:16:54.998    AVAST engine scan C:\Users\DerMax
20:22:50.679    AVAST engine scan C:\ProgramData
20:24:06.620    Scan finished successfully
20:28:33.302    Disk 0 MBR has been saved successfully to "C:\Users\DerMax\Desktop\MBR.dat"
20:28:33.333    The log file has been saved successfully to "C:\Users\DerMax\Desktop\aswMBR.txt"

cosinus 12.03.2012 20:40
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

MaxiMax 12.03.2012 23:31
Ok, ist erledigt. Hier die Logs.

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/12/2012 at 11:25 PM

Application Version : 5.0.1146

Core Rules Database Version : 8326
Trace Rules Database Version: 6138

Scan type      : Complete Scan
Total Scan Time : 01:21:30

Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 700
Memory threats detected  : 0
Registry items scanned    : 34821
Registry threats detected : 0
File items scanned        : 161735
File threats detected    : 124

Adware.Tracking Cookie
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@2o7[1].txt [ /2o7 ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@ad.ad-srv[2].txt [ /ad.ad-srv ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@ad.zanox[2].txt [ /ad.zanox ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@ad3.adfarm1.adition[2].txt [ /ad3.adfarm1.adition ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@adbrite[1].txt [ /adbrite ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@adbrite[2].txt [ /adbrite ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@adfarm1.adition[1].txt [ /adfarm1.adition ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@adply.plymedia[1].txt [ /adply.plymedia ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@ads.pointroll[1].txt [ /ads.pointroll ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@adserver.adtechus[1].txt [ /adserver.adtechus ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@adultfriendfinder[1].txt [ /adultfriendfinder ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@advertising[2].txt [ /advertising ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@adxpose[1].txt [ /adxpose ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@at.atwola[2].txt [ /at.atwola ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@atdmt[1].txt [ /atdmt ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@atwola[1].txt [ /atwola ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@content.yieldmanager[1].txt [ /content.yieldmanager ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@content.yieldmanager[2].txt [ /content.yieldmanager ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@counterpath[1].txt [ /counterpath ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@dc.tremormedia[1].txt [ /dc.tremormedia ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@doubleclick[2].txt [ /doubleclick ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@imrworldwide[2].txt [ /imrworldwide ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@imrworldwide[3].txt [ /imrworldwide ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@invitemedia[2].txt [ /invitemedia ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@media6degrees[2].txt [ /media6degrees ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@pointroll[2].txt [ /pointroll ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@questionmarket[1].txt [ /questionmarket ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@serving-sys[2].txt [ /serving-sys ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@specificclick[1].txt [ /specificclick ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@t.pointroll[1].txt [ /t.pointroll ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@tacoda[2].txt [ /tacoda ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@tracking.quisma[1].txt [ /tracking.quisma ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@traffictrack[1].txt [ /traffictrack ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@unitymedia[2].txt [ /unitymedia ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@webmasterplan[2].txt [ /webmasterplan ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@www.etracker[1].txt [ /www.etracker ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@www.shemalesexhd[2].txt [ /www.shemalesexhd ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@xlite.counterpath[1].txt [ /xlite.counterpath ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\dermax@zanox[1].txt [ /zanox ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\ENIPNMU5.txt [ /doubleclick.net ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\R6OW9LSG.txt [ /atdmt.combing.com ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\38JB6SHD.txt [ /atdmt.com ]
        C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Cookies\XK8A139A.txt [ /xlite.counterpath.com ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\29MYUQAA.txt [ Cookie:dermax@clkads.com/adServe/banners ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\UW73ER6Q.txt [ Cookie:dermax@fastclick.net/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\BNAF4YJO.txt [ Cookie:dermax@ad2.adfarm1.adition.com/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\ULRV9XT1.txt [ Cookie:dermax@msnportal.112.2o7.net/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\02NTX8O3.txt [ Cookie:dermax@zanox.com/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\LFVBMTVU.txt [ Cookie:dermax@amazon-adsystem.com/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\PNCMZU7X.txt [ Cookie:dermax@c.atdmt.com/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\IKFBZA9U.txt [ Cookie:dermax@doubleclick.net/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\KWQ7VSHF.txt [ Cookie:dermax@microsoftinternetexplorer.112.2o7.net/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\RKUW8RGQ.txt [ Cookie:dermax@fl01.ct2.comclick.com/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\XZACORO4.txt [ Cookie:dermax@specificclick.net/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\A90KOHI4.txt [ Cookie:dermax@advertising.com/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\JLM628GN.txt [ Cookie:dermax@mediaplex.com/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\7UU2XA1T.txt [ Cookie:dermax@ad3.adfarm1.adition.com/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZUWSRLLU.txt [ Cookie:dermax@ad.zanox.com/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\JD3SIPSE.txt [ Cookie:dermax@adviva.net/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\F6A5DGHQ.txt [ Cookie:dermax@microsoftwindows.112.2o7.net/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\1T3ZAUOP.txt [ Cookie:dermax@eas.apm.emediate.eu/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\2Q55PCMJ.txt [ Cookie:dermax@adtech.de/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\0548JU7H.txt [ Cookie:dermax@serving-sys.com/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\3FMXIQ57.txt [ Cookie:dermax@mswmw7mobilemainprod.122.2o7.net/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\HG92ONS5.txt [ Cookie:dermax@adx.chip.de/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\SGUWDL5V.txt [ Cookie:dermax@traffictrack.de/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\JZWT79D6.txt [ Cookie:dermax@adfarm1.adition.com/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\3AVUY8MS.txt [ Cookie:dermax@questionmarket.com/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\I6NZ8RIX.txt [ Cookie:dermax@imrworldwide.com/cgi-bin ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z20UL3WV.txt [ Cookie:dermax@tracking.dc-storm.com/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\KNUY610E.txt [ Cookie:dermax@tradedoubler.com/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\N92IRP7U.txt [ Cookie:dermax@h.atdmt.com/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\0SZYNL54.txt [ Cookie:dermax@interclick.com/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\GQ1SA9UY.txt [ Cookie:dermax@media6degrees.com/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\3PH3WMM8.txt [ Cookie:dermax@invitemedia.com/ ]
        C:\USERS\DERMAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\6BHYYDJ0.txt [ Cookie:dermax@ad.yieldmanager.com/ ]
        C:\USERS\DERMAX\Cookies\dermax@zanox[1].txt [ Cookie:dermax@zanox.com/ ]
        C:\USERS\DERMAX\Cookies\dermax@tracking.quisma[1].txt [ Cookie:dermax@tracking.quisma.com/ ]
        C:\USERS\DERMAX\Cookies\ENIPNMU5.txt [ Cookie:dermax@doubleclick.net/ ]
        C:\USERS\DERMAX\Cookies\dermax@adultfriendfinder[1].txt [ Cookie:dermax@adultfriendfinder.com/ ]
        C:\USERS\DERMAX\Cookies\dermax@specificclick[1].txt [ Cookie:dermax@specificclick.net/ ]
        C:\USERS\DERMAX\Cookies\29MYUQAA.txt [ Cookie:dermax@clkads.com/adServe/banners ]
        C:\USERS\DERMAX\Cookies\dermax@ad3.adfarm1.adition[2].txt [ Cookie:dermax@ad3.adfarm1.adition.com/ ]
        C:\USERS\DERMAX\Cookies\dermax@ad.zanox[2].txt [ Cookie:dermax@ad.zanox.com/ ]
        C:\USERS\DERMAX\Cookies\dermax@serving-sys[2].txt [ Cookie:dermax@serving-sys.com/ ]
        C:\USERS\DERMAX\Cookies\dermax@traffictrack[1].txt [ Cookie:dermax@traffictrack.de/ ]
        C:\USERS\DERMAX\Cookies\dermax@adfarm1.adition[1].txt [ Cookie:dermax@adfarm1.adition.com/ ]
        C:\USERS\DERMAX\Cookies\dermax@imrworldwide[3].txt [ Cookie:dermax@imrworldwide.com/cgi-bin ]
        C:\USERS\DERMAX\Cookies\dermax@unitymedia[2].txt [ Cookie:dermax@unitymedia.de/ ]
        C:\USERS\DERMAX\Cookies\dermax@www.etracker[1].txt [ Cookie:dermax@www.etracker.de/ ]
        C:\USERS\DERMAX\Cookies\dermax@content.yieldmanager[1].txt [ Cookie:dermax@content.yieldmanager.com/ ]
        C:\USERS\DERMAX\Cookies\XK8A139A.txt [ Cookie:dermax@xlite.counterpath.com/ ]
        C:\USERS\DERMAX\Cookies\dermax@adxpose[1].txt [ Cookie:dermax@adxpose.com/ ]
        C:\USERS\DERMAX\Cookies\dermax@media6degrees[2].txt [ Cookie:dermax@media6degrees.com/ ]
        C:\USERS\DERMAX\Cookies\dermax@invitemedia[2].txt [ Cookie:dermax@invitemedia.com/ ]
        cdn1.eyewonder.com [ C:\DOKUMENTE UND EINSTELLUNGEN\MAX\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7CMSB8D8 ]
        files.streamsex.com [ C:\DOKUMENTE UND EINSTELLUNGEN\MAX\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7CMSB8D8 ]
        free.porn.sc [ C:\DOKUMENTE UND EINSTELLUNGEN\MAX\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7CMSB8D8 ]
        googleads.g.doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\MAX\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7CMSB8D8 ]
        m1.2mdn.net [ C:\DOKUMENTE UND EINSTELLUNGEN\MAX\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7CMSB8D8 ]
        media.socialvibe.com [ C:\DOKUMENTE UND EINSTELLUNGEN\MAX\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7CMSB8D8 ]
        media1.break.com [ C:\DOKUMENTE UND EINSTELLUNGEN\MAX\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7CMSB8D8 ]
        mediadb.kicker.de [ C:\DOKUMENTE UND EINSTELLUNGEN\MAX\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7CMSB8D8 ]
        memecounter.com [ C:\DOKUMENTE UND EINSTELLUNGEN\MAX\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7CMSB8D8 ]
        naiadsystems.com [ C:\DOKUMENTE UND EINSTELLUNGEN\MAX\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7CMSB8D8 ]
        oddcast.com [ C:\DOKUMENTE UND EINSTELLUNGEN\MAX\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7CMSB8D8 ]
        pornoprinzen.com [ C:\DOKUMENTE UND EINSTELLUNGEN\MAX\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7CMSB8D8 ]
        static.youporn.com [ C:\DOKUMENTE UND EINSTELLUNGEN\MAX\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7CMSB8D8 ]
        vfsexb.gmx.net [ C:\DOKUMENTE UND EINSTELLUNGEN\MAX\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7CMSB8D8 ]
        video.pornorama.com [ C:\DOKUMENTE UND EINSTELLUNGEN\MAX\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7CMSB8D8 ]
        www.maxporn.com [ C:\DOKUMENTE UND EINSTELLUNGEN\MAX\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7CMSB8D8 ]
        www.pornhub.com [ C:\DOKUMENTE UND EINSTELLUNGEN\MAX\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7CMSB8D8 ]
        www.pornrabbit.com [ C:\DOKUMENTE UND EINSTELLUNGEN\MAX\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7CMSB8D8 ]
        wwwstatic.megaporn.com [ C:\DOKUMENTE UND EINSTELLUNGEN\MAX\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7CMSB8D8 ]
        .adtech.de [ C:\USERS\DERMAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOCT8ZFA.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\DERMAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOCT8ZFA.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\DERMAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOCT8ZFA.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\DERMAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOCT8ZFA.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\DERMAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOCT8ZFA.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\DERMAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOCT8ZFA.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\DERMAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOCT8ZFA.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\DERMAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOCT8ZFA.DEFAULT\COOKIES.SQLITE ]

PUP.SoftonicDownloader
        C:\USERS\DERMAX\DOWNLOADS\SOFTONICDOWNLOADER_FUER_KASPERSKY-TDSSKILLER.EXE
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.12.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
DerMax :: MEANMACHINE [Administrator]

12.03.2012 20:49:29
mbam-log-2012-03-12 (20-49-29).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 293558
Laufzeit: 52 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 13.03.2012 16:49
Wieso hast du den TDSS-Killer von Softonic geladen :balla:
In meiner Anleitung war doch extra der Downloadlink angegeben...lass bitte in Zukunft die Finger von Softonic, Software lädt man sich von der Originalherstellerseite oder notfalls von chip.de

Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

MaxiMax 13.03.2012 22:04
Hi Arne,
hab das gerade versucht nachzuvollziehen. Ich glaube ich hab den Link irgendwie nicht gesehen...man musste da etwas weiter scrollen...und habs dann einfach gegogelt , war wohl etwas unüberlegt. Ich werds mir merken.
Also ich kann soweit nichts feststellen, läuft alles wie gehabt. Heißt das die Kiste is wieder gesund?
Gruß, Max

cosinus 14.03.2012 15:08
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

MaxiMax 14.03.2012 23:46
Hallo Arne,
erstmal vielen lieben Dank für deine Zeit und deine Hilfe. Ich hab das versucht so zu machen, wie du es geschrieben hast. Bei den ganzen Programmen (otl, tdsskiller, gmer) war ich mir nicht sicher, wie ich die deinstalliere. Kann ich da einfach die exe löschen? In der Systemsteuerung werden die nicht angezeigt. Oder wie deinstallier ich die?
Beste Grüße, Max

cosinus 15.03.2012 04:24
Ja die einfach löschen :)

MaxiMax 15.03.2012 08:36
:daumenhoc :dankeschoen: :applaus:

Also nochmal vielen Dank, das war großes Kino, hätte ich alleine nie hinbekommen. Ich hoffe ich muss mich so schnell hier nicht mehr melden ;)

Bestens, Max


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:58 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58