Trojaner-Board - GEMA Trojaner

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - GEMA Trojaner - Bitte um Hilfe (https://www.trojaner-board.de/110422-gema-trojaner-bitte-um-hilfe.html)

GEMA Trojaner - Bitte um Hilfe

Hallo @ all,
mich hat es leider auch erwischt. Wäre schön wenn mir jemand helfen könnte. Die OTL habe ich als Zip angehängt, da die TXT leider zu groß war.
Gruß Tom

hallo,

auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code:

:OTL

O4 - HKLM..\Run: [gema] C:\WINDOWS\system32\gema.exe (Promise Technology, Inc.)

O4 - HKLM..\Run: [gema.] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe (Promise Technology, Inc.)

O4 - HKU\Administrator_ON_C..\Run: [gema] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe (Promise Technology, Inc.)

O4 - HKU\TS_ON_C..\Run: [gema] C:\Dokumente und Einstellungen\TS\Anwendungsdaten\gema\gema.exe (Promise Technology, Inc.)

O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe (Promise Technology, Inc.)

O20 - HKU\Administrator_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe (Promise Technology, Inc.)

O20 - HKU\TS_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\TS\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\TS\Anwendungsdaten\gema\gema.exe (Promise Technology, Inc.)

:Files

C:\WINDOWS\system32\gema.exe

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema

:Commands

[purity]

[EMPTYFLASH] 

[emptytemp]

[Reboot]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

danke für den upload.
klappt der start wieder vernünftig oder gibts da probleme?

Hallo,
vielen Dank für die schnelle und kompetente Hilfe! Der Rechner bootet wieder wie er soll. Die beiden Dateien habe ich wie beschrieben hochgeladen, das ging ohne Probleme. Habe das nur in 2 Arbeitsgängen gemacht weil ich die TXT beim ersten Mal vergessen hatte.

Hier nun der Inhalt der OTL.TXT:

Code:

OTL logfile created on: 2/25/2012 12:55:48 PM - Run 

OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,022.00 Mb Total Physical Memory | 800.00 Mb Available Physical Memory | 78.00% Memory free

906.00 Mb Paging File | 827.00 Mb Available in Paging File | 91.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 78.13 Gb Total Space | 4.45 Gb Free Space | 5.70% Space Free | Partition Type: NTFS

Drive D: | 963.72 Mb Total Space | 963.63 Mb Free Space | 99.99% Space Free | Partition Type: FAT

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto] --  -- (CPUCooLServer)

SRV - [2011/10/11 08:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/10/11 08:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/07/26 14:01:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/06/30 03:56:22 | 001,118,288 | ---- | M] (NCP Engineering GmbH) [Auto] -- C:\Programme\LANCOM\Advanced VPN Client\ncprwsnt.exe -- (ncprwsnt)

SRV - [2010/05/21 04:44:26 | 000,133,712 | ---- | M] (NCP engineering GmbH) [Auto] -- C:\Programme\LANCOM\Advanced VPN Client\ncpclcfg.exe -- (ncpclcfg)

SRV - [2010/05/07 05:08:38 | 000,093,184 | ---- | M] () [Auto] -- C:\Programme\LANCOM\Advanced VPN Client\NCPSEC.EXE -- (NcpSec)

SRV - [2010/03/18 04:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009/12/07 19:29:44 | 000,055,016 | ---- | M] (Xobni Corporation) [Auto] -- C:\Programme\Xobni\XobniService.exe -- (XobniService)

SRV - [2008/07/11 00:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) [Auto] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)

SRV - [2008/07/10 18:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)

SRV - [2006/04/24 10:36:52 | 000,348,848 | ---- | M] (RSA Security Inc) [Auto] -- C:\Programme\RSA Security\RSA Authenticator Utility\RsaP11Svc.exe -- (RsaP11Svc)

SRV - [2006/02/09 04:17:28 | 000,031,744 | ---- | M] (SRS Labs, Inc.) [Auto] -- C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe -- (SRS_PostInstaller)

SRV - [2006/01/08 00:30:16 | 000,032,768 | ---- | M] (Softex Inc.) [Auto] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)

SRV - [2005/10/12 05:30:24 | 000,086,140 | ---- | M] (Intel Corporation) [Auto] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)

SRV - [2003/07/28 05:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2003/06/19 16:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand] --  -- (VcommMgr)

DRV - File not found [Kernel | On_Demand] --  -- (VComm)

DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)

DRV - File not found [Kernel | System] --  -- (PCIDump)

DRV - File not found [Kernel | On_Demand] --  -- (lgodd_filter)

DRV - File not found [Kernel | System] --  -- (lbrtfdc)

DRV - File not found [Kernel | System] --  -- (i2omgmt)

DRV - File not found [Kernel | System] --  -- (Changer)

DRV - File not found [Kernel | Boot] --  -- (BTHidMgr)

DRV - File not found [Kernel | On_Demand] --  -- (BTHidEnum)

DRV - File not found [Kernel | On_Demand] --  -- (Btcsrusb)

DRV - File not found [Kernel | On_Demand] --  -- (BT)

DRV - File not found [Kernel | On_Demand] --  -- (BlueletSCOAudio)

DRV - File not found [Kernel | On_Demand] --  -- (BlueletAudio)

DRV - [2012/02/15 06:32:37 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/10/11 09:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011/10/11 09:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010/11/11 14:19:24 | 000,021,080 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\drivers\ntiopnp.sys -- (ntiopnp)

DRV - [2010/11/04 08:10:26 | 000,244,736 | ---- | M] (LANCOM Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rcapi.sys -- (LcsCapiDrv)

DRV - [2010/11/04 08:10:26 | 000,025,600 | ---- | M] (LANCOM Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lcswan.sys -- (LCSWAN) LANCOM NDISWAN (Ver. 8.00.0003)

DRV - [2010/08/10 08:49:36 | 000,011,392 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\drivers\ntiomin.sys -- (ntiomin)

DRV - [2010/07/27 12:50:48 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)

DRV - [2010/07/02 06:19:14 | 000,081,392 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ncpvaxp.sys -- (ncpvaxp)

DRV - [2010/07/02 06:19:14 | 000,081,392 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ncpvaxp.sys -- (NcpFiltMP)

DRV - [2010/07/02 06:19:14 | 000,081,392 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ncpvaxp.sys -- (NcpFilt)

DRV - [2010/06/17 09:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/12/08 14:19:12 | 000,114,432 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)

DRV - [2009/12/07 13:53:12 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2009/10/12 09:21:54 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)

DRV - [2009/07/13 08:46:38 | 000,037,280 | ---- | M] (Realtek) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)

DRV - [2009/07/06 10:37:00 | 000,032,800 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)

DRV - [2009/07/06 10:36:58 | 000,091,168 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)

DRV - [2008/07/11 00:05:00 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)

DRV - [2008/07/11 00:05:00 | 000,037,088 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)

DRV - [2008/04/13 13:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)

DRV - [2007/06/04 05:58:08 | 000,054,016 | ---- | M] (Keyspan) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nhcimono.sys -- (NHCIMONO)

DRV - [2007/05/01 20:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)

DRV - [2007/01/15 14:16:42 | 000,381,952 | R--- | M] (LANCOM Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vmdmd.sys -- (LcsCapiMdm)

DRV - [2006/11/10 08:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)

DRV - [2006/09/27 22:47:48 | 000,283,776 | ---- | M] (AfaTech                  ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA)

DRV - [2006/09/06 18:04:12 | 004,377,600 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/06/29 15:13:08 | 001,160,320 | R--- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006/05/03 14:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2006/02/16 10:26:52 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)

DRV - [2006/02/13 04:15:36 | 000,075,648 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGR1310_51.sys -- (AGR1310_51)

DRV - [2006/02/09 04:17:36 | 000,020,608 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WOWFilter.sys -- (wowfilter)

DRV - [2006/01/08 00:12:42 | 000,117,906 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500)

DRV - [2005/12/14 14:30:22 | 000,007,552 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgsnd_filter.sys -- (lgsnd_filter)

DRV - [2005/08/31 16:15:42 | 000,015,616 | R--- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LGDMEBTN.sys -- (LGDMEBTN)

DRV - [2005/07/20 02:26:34 | 000,015,232 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System] -- C:\WINDOWS\system32\drivers\Ndisipo.sys -- (Ndisipo)

DRV - [2005/01/07 10:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\TS_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\TS_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/02/23 17:44:04 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/11/03 07:44:45 | 000,000,000 | ---D | M]

 

[2011/11/12 04:55:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012/02/23 17:44:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2011/02/02 15:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll

[2012/02/14 00:38:11 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012/02/14 00:38:11 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012/02/14 00:38:11 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012/02/14 00:38:11 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012/02/14 00:38:11 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012/02/14 00:38:11 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011/08/15 08:56:32 | 000,001,244 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: 192.168.1.26        wks01                *Nebenstelle 30+

O1 - Hosts: 192.168.1.14        wks02                *Nebenstelle 10

O1 - Hosts: 192.168.1.12        wks03                *Nebenstelle 20

O1 - Hosts: 192.168.1.5        wks04                *Nebenstelle 20+

O1 - Hosts: 192.168.1.34        wks05                *Nebenstelle 40

O1 - Hosts: 192.168.1.13        wks06                *Remote Rechner

O1 - Hosts: 192.168.1.100        asscon-pdc        *Server Aschaffenburg

O1 - Hosts: 192.168.17.38        Berlin05        *Server

O1 - Hosts: 192.168.17.86        Berlin02        *Nebenstelle 70

O1 - Hosts: 192.168.17.45        Berlin01        *Nebenstelle 70

O1 - Hosts: 192.168.27.217        Mark                *Mark Guineastr.

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\TS_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [batterymiser] C:\Program Files\LG Software\Battery Miser\batterymiser.exe (LG Electronics Inc.)

O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [gema] C:\WINDOWS\system32\gema.exe (Promise Technology, Inc.)

O4 - HKLM..\Run: [gema.] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe (Promise Technology, Inc.)

O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [IPO3] C:\Program Files\LG Software\IP Operator 2005\IP Operator.exe ()

O4 - HKLM..\Run: [IR_SERVER]  File not found

O4 - HKLM..\Run: [KeybdUtility] C:\Programme\LG Software\On Screen Display\HotKey.exe (LG Electronics)

O4 - HKLM..\Run: [LG Direct Media Button Service] C:\WINDOWS\System32\LGDMEBTN.exe (LG Electronics Inc.)

O4 - HKLM..\Run: [LG Intelligent Update] C:\Programme\lg_swupdate\autoupdate.exe (BIT LEADER)

O4 - HKLM..\Run: [NcpBudgetGui] C:\Programme\LANCOM\Advanced VPN Client\NcpBudgetGui.exe (NCP engineering GmbH)

O4 - HKLM..\Run: [NcpMonitor] C:\Programme\LANCOM\Advanced VPN Client\ncpmon.exe (NCP engineering GmbH)

O4 - HKLM..\Run: [NcpPopup] C:\Programme\LANCOM\Advanced VPN Client\ncppopup.exe (NCP engineering GmbH)

O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe ()

O4 - HKLM..\Run: [OSSelectorReinstall] C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe ()

O4 - HKLM..\Run: [SunJavaUpdateSched]  File not found

O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)

O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()

O4 - HKU\Administrator_ON_C..\Run: [gema] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe (Promise Technology, Inc.)

O4 - HKU\TS_ON_C..\Run: [gema] C:\Dokumente und Einstellungen\TS\Anwendungsdaten\gema\gema.exe (Promise Technology, Inc.)

O4 - HKU\TS_ON_C..\Run: [LANCAPI] C:\Programme\LANCOM\LANCAPI\rcapi.exe (LANCOM Systems GmbH, Würselen (Germany))

O4 - HKU\TS_ON_C..\Run: [SRSTrayApp] C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe (SRS Labs, Inc.)

O4 - HKU\TS_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Keyspan USB Server Task.lnk = C:\Programme\Keyspan\USB Server\nhciTask.exe (Keyspan)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TMMonitor.lnk = C:\Programme\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\TS\Startmenü\Programme\Autostart\Octopus CTI.lnk = C:\Programme\Deutsche_Telekom\Octopus_CTI\aocphone.exe (Alcatel)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\TS_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB (Hewlett-Packard Printer Diagnostics)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1280169200015 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} hxxp://192.168.17.61/xplugLite.cab (Gif89 Lite Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.25.2.129 145.253.2.75

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = notebook

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe (Promise Technology, Inc.)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\gema.exe) - C:\WINDOWS\system32\gema.exe (Promise Technology, Inc.)

O20 - HKLM Winlogon: UserInit - (C:\Programme\RSA Security\RSA Authenticator Utility\NTNotify.exe) - C:\Programme\RSA Security\RSA Authenticator Utility\NTNotify.exe (RSA Security Inc)

O20 - HKU\Administrator_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe (Promise Technology, Inc.)

O20 - HKU\Administrator_ON_C Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKU\TS_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\TS\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\TS\Anwendungsdaten\gema\gema.exe (Promise Technology, Inc.)

O20 - HKU\TS_ON_C Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\3gProp: DllName - C:\Programme\RSA Security\RSA Authenticator Utility\3gProp.dll - C:\Programme\RSA Security\RSA Authenticator Utility\3gProp.dll (RSA Security Inc)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\NotifyP11Svc: DllName - C:\Programme\RSA Security\RSA Authenticator Utility\NotifyP11Svc.dll - C:\Programme\RSA Security\RSA Authenticator Utility\NotifyP11Svc.dll (RSA Security Inc)

O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()

O20 - Winlogon\Notify\SOMCredMgr: DllName - C:\Programme\RSA Security\RSA Authenticator Utility\CredMgr.dll - C:\Programme\RSA Security\RSA Authenticator Utility\credmgr.dll (RSA Security Inc)

O28 - HKLM ShellExecuteHooks: {26F5978F-6493-4ee3-B114-C0C3ACCF9D4D} - C:\WINDOWS\system32\bmpsap.dll ()

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/07/26 10:45:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {86907340-0875-402D-19D2-C2F9E9651B60} - Microsoft .NET Framework 1.0 Hotfix (KB979904)

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework

ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3

ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

NetSvcs: 6to4 -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012/02/25 04:46:55 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\IETldCache

[2012/02/25 04:46:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema

[2012/02/25 04:46:50 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft

[2012/02/25 04:46:50 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\SendTo

[2012/02/25 04:46:50 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten

[2012/02/25 04:46:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Zubehör

[2012/02/25 04:46:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü

[2012/02/25 04:46:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart

[2012/02/25 04:46:50 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\Cookies

[2012/02/25 04:46:50 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Vorlagen

[2012/02/25 04:46:50 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent

[2012/02/25 04:46:50 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung

[2012/02/25 04:46:50 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen

[2012/02/25 04:46:50 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Druckumgebung

[2012/02/25 04:46:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft

[2012/02/25 04:46:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia

[2012/02/25 04:46:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Favoriten

[2012/02/25 04:46:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop

[2012/02/23 16:41:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\TS\Anwendungsdaten\gema

[2012/02/23 16:41:56 | 000,331,776 | ---- | C] (Promise Technology, Inc.) -- C:\WINDOWS\System32\gema.exe

[2012/02/23 16:41:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema

[2012/02/15 00:55:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\TS\Eigene Dateien\Talea Ring

[2012/02/01 04:32:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\TS\Eigene Dateien\harman kardon

[2012/01/30 06:07:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\TS\Eigene Dateien\0

[2012/01/27 07:43:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Bützer

[2012/01/26 16:26:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype

[2010/10/06 06:34:33 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll

[2010/08/18 12:13:39 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012/08/18 10:28:36 | 000,115,110 | ---- | M] () -- C:\Dokumente und Einstellungen\TS\Eigene Dateien\IMG_0263.JPG

[2012/08/18 10:27:18 | 000,122,078 | ---- | M] () -- C:\Dokumente und Einstellungen\TS\Eigene Dateien\IMG_0260.JPG

[2012/02/25 07:05:13 | 000,251,712 | RHS- | M] () -- C:\ntldr

[2012/02/25 07:05:13 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com

[2012/02/25 07:05:13 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin

[2012/02/25 07:05:13 | 000,000,210 | -HS- | M] () -- C:\boot.ini

[2012/02/25 06:21:34 | 000,024,576 | RHS- | M] () -- C:\bootwiz.sys

[2012/02/25 06:20:01 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/02/25 06:10:08 | 000,502,390 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012/02/25 06:10:08 | 000,477,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/02/25 06:10:08 | 000,103,584 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012/02/25 06:10:08 | 000,086,526 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/02/25 06:05:56 | 000,000,202 | ---- | M] () -- C:\WINDOWS\System32\PSLOG

[2012/02/25 06:05:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/02/25 06:05:40 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/25 05:04:24 | 000,001,078 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/02/25 04:43:41 | 000,000,883 | ---- | M] () -- C:\WINDOWS\lgcenter.ini

[2012/02/23 16:41:40 | 000,331,776 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\gema.exe

[2012/02/23 09:46:19 | 000,001,758 | -H-- | M] () -- C:\Dokumente und Einstellungen\TS\Eigene Dateien\Default.rdp

[2012/02/16 03:14:44 | 000,000,772 | ---- | M] () -- C:\Dokumente und Einstellungen\TS\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook starten.lnk

[2012/02/15 21:45:36 | 000,258,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/02/15 21:11:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/02/15 21:10:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight

[2012/02/15 06:32:37 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2012/01/27 08:12:18 | 065,578,496 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Darlehensakte Bützer.pdf

[2012/01/27 08:11:15 | 000,006,711 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\A - Info.pdf

[2012/01/27 07:33:02 | 003,058,457 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Bonität - Steuerbescheid 2010.pdf

[2012/01/27 06:41:49 | 000,410,514 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\BHW - Auftrag zur Erstellung eines Gutachtens.pdf

[2012/01/27 06:25:17 | 002,948,494 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\BHW Unterlagen komplett.pdf

[2012/01/26 16:26:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012/02/25 06:05:40 | 1072,156,672 | -HS- | C] () -- C:\hiberfil.sys

[2012/02/25 04:46:50 | 000,001,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Remoteunterstützung.lnk

[2012/02/25 04:46:50 | 000,000,772 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Windows Media Player.lnk

[2012/02/15 19:40:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/02/15 19:40:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll

[2012/01/29 02:43:54 | 065,578,496 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Darlehensakte Bützer.pdf

[2012/01/27 08:18:08 | 002,948,494 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\BHW Unterlagen komplett.pdf

[2012/01/27 08:17:53 | 003,058,457 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Bonität - Steuerbescheid 2010.pdf

[2012/01/27 08:17:37 | 000,410,514 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\BHW - Auftrag zur Erstellung eines Gutachtens.pdf

[2012/01/27 08:17:30 | 000,006,711 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\A - Info.pdf

[2011/11/09 01:57:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/07/01 14:30:04 | 000,000,259 | ---- | C] () -- C:\WINDOWS\PSADMIN.INI

[2011/06/25 05:27:17 | 000,000,245 | ---- | C] () -- C:\WINDOWS\System32\AF15IRTBL.bin

[2011/06/06 13:25:15 | 000,000,101 | ---- | C] () -- C:\WINDOWS\PSXLPR.INI

[2011/06/06 13:25:12 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\Bot.dll

[2011/06/06 13:25:12 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CONFIG.INI

[2011/06/05 08:38:57 | 000,001,124 | ---- | C] () -- C:\WINDOWS\FBZADMIN.INI

[2011/05/19 11:14:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEXTINF.INI

[2011/04/27 08:37:52 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\TS\Anwendungsdaten\$_hpcst$.hpc

[2011/03/09 00:35:19 | 000,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\TS\advanced_ip_scanner_MAC.bin

[2011/02/14 10:29:56 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2011/01/22 02:25:05 | 000,104,448 | ---- | C] () -- C:\Dokumente und Einstellungen\TS\Anwendungsdaten\connec00.mdb

[2010/11/24 10:56:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/11/11 14:19:24 | 000,021,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntiopnp.sys

[2010/10/06 06:32:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL

[2010/10/06 06:30:22 | 000,028,672 | ---- | C] () -- C:\WINDOWS\hookdllX.dll

[2010/10/06 06:30:02 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll

[2010/09/30 13:49:27 | 000,040,960 | ---- | C] () -- C:\Dokumente und Einstellungen\TS\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/18 12:13:38 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL

[2010/08/18 12:13:38 | 000,153,761 | ---- | C] () -- C:\WINDOWS\System32\u2frtf.dll

[2010/08/18 12:13:38 | 000,124,256 | ---- | C] () -- C:\WINDOWS\System32\u2dmapi.dll

[2010/08/18 12:13:38 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\u2fhtml.dll

[2010/08/18 12:13:38 | 000,097,489 | ---- | C] () -- C:\WINDOWS\System32\u2fcr.dll

[2010/08/18 12:13:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\u2fwordw.dll

[2010/08/18 12:13:38 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\u2fwks.dll

[2010/08/18 12:13:38 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\u2ftext.dll

[2010/08/18 12:13:38 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\u2fsepv.dll

[2010/08/18 12:13:38 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\u2frec.dll

[2010/08/18 12:13:38 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\u2fdif.dll

[2010/08/18 12:13:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\u2ddisk.dll

[2010/08/18 12:13:37 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\u2fxls.dll

[2010/08/10 08:49:36 | 000,011,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntiomin.sys

[2010/07/27 14:06:36 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2010/07/27 13:57:13 | 000,127,085 | ---- | C] () -- C:\WINDOWS\System32\RTKFMSOURCE.dll

[2010/07/26 14:37:41 | 000,000,235 | ---- | C] () -- C:\WINDOWS\TOBITADD.INI

[2010/07/26 14:37:01 | 000,114,688 | ---- | C] () -- C:\WINDOWS\DVGRF.DLL

[2010/07/26 14:37:01 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\IMGMSGMO.dll

[2010/07/26 14:36:22 | 000,000,023 | ---- | C] () -- C:\WINDOWS\AVFD.INI

[2010/07/26 14:36:13 | 004,877,312 | ---- | C] () -- C:\WINDOWS\TOBITCLT.DLL

[2010/07/26 14:35:35 | 000,000,771 | ---- | C] () -- C:\WINDOWS\Tobit.ini

[2010/07/26 13:46:59 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\nhciClassInstall.dll

[2010/07/26 13:26:50 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010/07/26 11:38:55 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2010/07/26 11:38:55 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2010/07/26 11:31:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/07/26 11:30:24 | 000,258,248 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/07/26 11:17:14 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\bmpsap.dll

[2010/07/26 11:17:14 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\lgsnd_filter.sys

[2010/07/26 11:17:05 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll

[2010/07/26 11:10:36 | 000,127,614 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2010/07/26 11:07:09 | 000,000,135 | ---- | C] () -- C:\Dokumente und Einstellungen\TS\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2010/07/26 11:04:04 | 000,012,123 | ---- | C] () -- C:\WINDOWS\lg_up.ini

[2010/07/26 10:54:49 | 000,000,883 | ---- | C] () -- C:\WINDOWS\lgcenter.ini

[2010/07/26 10:48:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/07/26 10:41:07 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/06/12 03:20:52 | 000,571,320 | ---- | C] () -- C:\WINDOWS\HPISExe.dat

[2008/01/14 11:47:06 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll

[2006/03/24 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2006/03/24 07:00:00 | 000,502,390 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2006/03/24 07:00:00 | 000,477,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2006/03/24 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2006/03/24 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2006/03/24 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2006/03/24 07:00:00 | 000,103,584 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2006/03/24 07:00:00 | 000,086,526 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2006/03/24 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2006/03/24 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2006/03/24 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2006/03/24 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2006/03/24 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2006/03/24 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2006/02/09 04:17:36 | 000,020,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWFilter.sys

[2006/02/08 09:57:38 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys

[2006/02/08 09:57:32 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys

[2003/12/19 20:16:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2003/12/19 20:16:52 | 000,004,502 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2003/02/20 10:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

 
 ========== LOP Check ==========

 

[2010/12/16 07:35:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Tobit

[2012/02/25 04:46:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema

[2011/04/06 16:50:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TS\Anwendungsdaten\Ashampoo

[2011/07/27 03:30:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TS\Anwendungsdaten\com.socialbox.socialbox

[2012/02/23 16:41:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TS\Anwendungsdaten\gema

[2010/07/26 13:47:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TS\Anwendungsdaten\Leadertech

[2011/02/24 08:45:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TS\Anwendungsdaten\MORGEN & MORGEN

[2010/07/27 11:34:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TS\Anwendungsdaten\Radmin

[2010/07/26 11:30:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TS\Anwendungsdaten\SRSCPL

[2012/02/24 18:04:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TS\Anwendungsdaten\T-Octopus CTI

[2012/01/12 07:56:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TS\Anwendungsdaten\TeamViewer

[2010/07/26 14:37:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TS\Anwendungsdaten\Tobit

[2010/08/24 09:50:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TS\Anwendungsdaten\Trillian

[2010/07/27 18:38:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis

[2011/04/06 16:50:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo

[2010/07/27 10:21:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth

[2012/02/23 16:41:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema

[2011/12/29 19:25:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IPM

[2011/04/27 06:48:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LANCOM

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*. >

[2012/02/25 07:05:13 | 000,000,000 | RHSD | M] -- C:\BOOTWIZ

[2012/02/15 21:24:16 | 000,000,000 | -HSD | M] -- C:\Config.Msi

[2012/02/25 04:46:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen

[2010/07/26 12:29:36 | 000,000,000 | ---D | M] -- C:\DRIVERS

[2010/07/27 13:04:51 | 000,000,000 | ---D | M] -- C:\ff9c6945256e7b87d4c9c36ac1a7d667

[2010/11/10 01:10:12 | 000,000,000 | -HSD | M] -- C:\found.000

[2011/12/21 15:10:43 | 000,000,000 | -HSD | M] -- C:\found.001

[2012/01/26 06:24:12 | 000,000,000 | -HSD | M] -- C:\found.002

[2011/02/24 07:56:54 | 000,000,000 | ---D | M] -- C:\kvw800

[2011/02/09 13:00:16 | 000,000,000 | ---D | M] -- C:\Lutronik

[2012/01/02 14:04:57 | 000,000,000 | ---D | M] -- C:\MEDUSA4_PERSONAL_V5_0

[2010/07/26 13:21:20 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2010/07/27 13:57:14 | 000,000,000 | ---D | M] -- C:\Program Files

[2011/12/22 04:51:56 | 000,000,000 | R--D | M] -- C:\Programme

[2011/07/01 10:57:52 | 000,000,000 | ---D | M] -- C:\PSADMIN

[2010/07/27 10:51:03 | 000,000,000 | -HSD | M] -- C:\RECYCLER

[2010/11/13 08:21:55 | 000,000,000 | ---D | M] -- C:\spoolerlogs

[2011/12/21 22:35:10 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2011/04/06 11:22:31 | 000,000,000 | ---D | M] -- C:\TeamViever

[2012/01/02 14:12:10 | 000,000,000 | ---D | M] -- C:\Temp

[2012/02/25 06:05:55 | 000,000,000 | ---D | M] -- C:\WINDOWS

 
 < %PROGRAMFILES%\*.exe >

 

Invalid Environment Variable: %LOCALAPPDATA%\*.exe

 
 < %systemroot%\*. /mp /s >

 

 
 < MD5 for: AGP440.SYS  >

[2006/03/24 07:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2010/07/26 12:50:13 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2010/07/26 12:50:13 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2006/03/24 07:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2010/07/26 12:50:13 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2010/07/26 12:50:13 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/03 15:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2006/03/24 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008/04/13 21:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/13 21:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

[2006/03/24 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: EXPLORER.EXE  >

[2006/03/24 07:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[2008/04/13 21:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe

[2008/04/13 21:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

 
 < MD5 for: IASTOR.SYS  >

[2005/10/11 22:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\DRIVERS\IMSM\IASTOR.SYS

[2005/10/12 05:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\Programme\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys

[2005/10/12 05:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys

[2005/10/11 22:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\iaStor.sys

[2005/10/12 05:08:52 | 000,508,416 | ---- | M] (Intel Corporation) MD5=7C2D98D430DD91570DB63E819B9BC7E0 -- C:\Programme\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

 
 < MD5 for: NETLOGON.DLL  >

[2008/04/13 21:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/13 21:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

[2006/03/24 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[2009/02/06 13:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[2009/02/06 13:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008/04/13 21:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/13 21:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

[2006/03/24 07:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2006/03/24 07:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

[2008/04/13 21:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008/04/13 21:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008/04/13 21:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/13 21:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2006/03/24 07:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2006/03/24 07:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008/04/13 21:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008/04/13 21:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2006/03/24 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2006/03/24 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2010/07/26 12:29:40 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2010/07/26 12:29:40 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2010/07/26 12:29:40 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2011/03/03 01:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll

[2011/12/18 08:43:24 | 011,082,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll

[2011/12/17 14:43:23 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll

[2008/04/13 21:22:18 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll

[2008/04/13 21:22:20 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll

[2011/01/21 09:44:10 | 008,503,296 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

Invalid Environment Variable: %USERPROFILE%\*.*

 

Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe

 

Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll

 

Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe

< End of report >

Muss ich sonst noch etwas tun?
Gruß Tom

hi,

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
Tool

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

So, auch das hat problemlos geklappt :)

log.txt:

Code:

ComboFix 12-02-25.01 - TS 25.02.2012  17:30:45.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1022.358 [GMT 1:00]

ausgeführt von:: c:\dokumente und einstellungen\TS\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: LANCOM Advanced VPN Client Firewall *Disabled* {33F684F9-95EF-4FC3-9196-012CF0A4D310}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\dokumente und einstellungen\TS\WINDOWS

c:\windows\IsUn0407.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-01-25 bis 2012-02-25  ))))))))))))))))))))))))))))))

.

.

2012-02-25 21:00 . 2011-07-13 02:55        2237440        ----a-r-        C:\OTLPE.exe

2012-02-25 15:17 . 2012-02-25 15:17        --------        d-----w-        c:\programme\7-Zip

2012-02-25 09:46 . 2012-02-25 20:53        --------        d-----w-        c:\dokumente und einstellungen\Administrator

2012-02-23 21:41 . 2012-02-25 20:56        --------        d-----w-        c:\dokumente und einstellungen\TS\Anwendungsdaten\gema

2012-02-16 00:40 . 2012-01-11 19:06        3072        -c----w-        c:\windows\system32\dllcache\iacenc.dll

2012-02-16 00:40 . 2012-01-11 19:06        3072        ------w-        c:\windows\system32\iacenc.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-25 15:13 . 2011-05-16 10:29        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-15 11:32 . 2011-11-03 12:54        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-01-12 17:20 . 2006-03-24 12:00        1860096        ----a-w-        c:\windows\system32\win32k.sys

2011-12-24 11:46 . 2011-03-09 05:35        144        ----a-w-        c:\dokumente und einstellungen\TS\advanced_ip_scanner_MAC.bin

2011-12-17 19:43 . 2006-03-24 12:00        916992        ----a-w-        c:\windows\system32\wininet.dll

2011-12-17 19:43 . 2006-03-24 12:00        43520        ----a-w-        c:\windows\system32\licmgr10.dll

2011-12-17 19:43 . 2006-03-24 12:00        1469440        ------w-        c:\windows\system32\inetcpl.cpl

2011-12-16 12:22 . 2006-03-24 12:00        385024        ----a-w-        c:\windows\system32\html.iec

2012-02-23 22:44 . 2011-05-13 14:32        134104        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SRSTrayApp"="c:\programme\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe" [2006-02-09 176128]

"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"LANCAPI"="c:\programme\LANCOM\LANCAPI\rcapi.exe" [2010-11-09 458752]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-24 110592]

"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]

"LG Intelligent Update"="c:\programme\lg_swupdate\autoupdate.exe" [2010-07-26 126976]

"ATICCC"="c:\programme\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-06-02 786521]

"batterymiser"="c:\program files\LG Software\Battery Miser\batterymiser.exe" [2006-09-29 327680]

"IAAnotif"="c:\programme\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]

"IPO3"="c:\program files\LG Software\IP Operator 2005\IP Operator.exe" [2006-07-18 1028096]

"LG Direct Media Button Service"="LGDMEBTN.exe" [2006-02-02 94208]

"KeybdUtility"="c:\programme\LG Software\On Screen Display\HotKey.exe" [2006-09-25 2711552]

"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe" [2005-01-07 61952]

"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 16262656]

"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]

"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 89541]

"IntelliPoint"="c:\programme\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]

"Acrobat Assistant 8.0"="c:\programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]

"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2006-01-08 1847296]

"OSSelectorReinstall"="c:\programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-03-09 2224104]

"ArcSoft Connection Service"="c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]

"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2011-03-12 421888]

"NcpBudgetGui"="c:\programme\LANCOM\Advanced VPN Client\NcpBudgetGui.exe" [2010-05-21 1026560]

"NcpPopup"="c:\programme\LANCOM\Advanced VPN Client\ncppopup.exe" [2010-05-21 1192016]

"NcpMonitor"="c:\programme\LANCOM\Advanced VPN Client\ncpmon.exe" [2010-09-16 6644304]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\dokumente und einstellungen\TS\Startmenü\Programme\Autostart\

Octopus CTI.lnk - c:\programme\Deutsche_Telekom\Octopus_CTI\aocphone.exe [2010-7-8 2917704]

.

c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\

Keyspan USB Server Task.lnk - c:\programme\Keyspan\USB Server\nhciTask.exe [2010-7-26 397312]

TMMonitor.lnk - c:\programme\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2010-7-27 258048]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= "c:\windows\system32\bmpsap.dll" [2006-09-29 114688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\3gProp]

2006-04-24 15:38        53936        ----a-w-        c:\programme\RSA Security\RSA Authenticator Utility\3gProp.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NotifyP11Svc]

2006-04-24 15:36        49840        ----a-w-        c:\programme\RSA Security\RSA Authenticator Utility\NotifyP11Svc.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]

2006-01-08 05:36        49152        ----a-w-        c:\program files\Softex\OmniPass\OPXPGina.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SOMCredMgr]

2006-04-24 15:41        33456        ----a-w-        c:\programme\RSA Security\RSA Authenticator Utility\credmgr.dll

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programme\\Deutsche_Telekom\\Octopus_CTI\\aocwiz.exe"=

"c:\\Programme\\Deutsche_Telekom\\Octopus_CTI\\uaproc.exe"=

"c:\\Programme\\Deutsche_Telekom\\Octopus_CTI\\abers.exe"=

"c:\\Programme\\Deutsche_Telekom\\Octopus_CTI\\appdiag\\appdiag.exe"=

"c:\\Programme\\Deutsche_Telekom\\Octopus_CTI\\aocphone.exe"=

"c:\\Programme\\Keyspan\\USB Server\\NHCIadmin.exe"=

"c:\\Programme\\LANCOM\\LANconfig\\lanconf.exe"=

"c:\\Programme\\LANCOM\\LANmonitor\\lanmon.exe"=

"c:\\Programme\\Gemeinsame Dateien\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=

"c:\\Programme\\Gemeinsame Dateien\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=

"c:\\Programme\\Trillian\\trillian.exe"=

"c:\\Programme\\VideoLAN\\VLC\\vlc.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"c:\\Programme\\TeamViewer\\Version6\\TeamViewer.exe"=

"c:\\Programme\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Programme\\LANCOM\\LANtracer\\LANtracer.exe"=

"c:\\Programme\\LANCOM\\SoftwareUpdate\\LCSU.exe"=

"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Programme\\LANCOM\\Advanced VPN Client\\NCPMON.exe"=

"c:\\Programme\\Print Server Utilities\\NPUtil.exe"=

"c:\\Programme\\Print Server Utilities\\PSAdmin.exe"=

"c:\\Programme\\Java\\jre6\\bin\\java.exe"=

"c:\\MEDUSA4_PERSONAL_V5_0\\medcolraster\\m2d\\run\\draft.exe"=

"c:\\Programme\\TeamViewer\\Version7\\TeamViewer.exe"=

"c:\\Programme\\TeamViewer\\Version7\\TeamViewer_Service.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3842:UDP"= 3842:UDP:Keyspan

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [03.11.2011 13:54 36000]

R1 ntiomin;ntiomin;c:\windows\system32\drivers\ntiomin.sys [10.08.2010 14:49 11392]

R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [03.11.2011 13:54 86224]

R2 LcsCapiMdm;LANCOM CAPI Faxmodem Port;c:\windows\system32\drivers\vmdmd.sys [14.02.2011 16:34 381952]

R2 ncpclcfg;NCP Client Configuration Support;c:\programme\LANCOM\Advanced VPN Client\ncpclcfg.exe [23.05.2011 05:57 133712]

R2 ncprwsnt;NCP Client VPN und Dialing Service;c:\programme\LANCOM\Advanced VPN Client\ncprwsnt.exe [23.05.2011 05:57 1118288]

R2 RsaP11Svc;RSA Authenticator Utility 1.0  P11 Service;c:\programme\RSA Security\RSA Authenticator Utility\RsaP11Svc.exe [24.04.2006 16:36 348848]

R2 SentinelKeysServer;Sentinel Keys Server;c:\programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [11.07.2008 00:02 328992]

R2 SRS_PostInstaller;SRS PostInstaller Service;c:\programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe [09.02.2006 10:17 31744]

R2 XobniService;XobniService;c:\programme\Xobni\XobniService.exe [08.12.2009 01:29 55016]

R3 AGR1310_51;Agere Systems ET-13xx PCI-E Ethernet Adapter XP Driver;c:\windows\system32\drivers\AGR1310_51.sys [26.07.2010 17:05 75648]

R3 LcsCapiDrv;LANCAPI Driver;c:\windows\system32\drivers\rcapi.sys [27.07.2010 20:53 244736]

R3 LCSWAN;LANCOM NDISWAN (Ver. 8.00.0003);c:\windows\system32\drivers\lcswan.sys [04.11.2010 14:10 25600]

R3 LGDMEBTN;LG Direct Media Button Device Driver;c:\windows\system32\drivers\LGDMEBTN.sys [26.07.2010 17:16 15616]

R3 NcpFiltMP;NcpFiltMP;c:\windows\system32\drivers\ncpvaxp.sys [23.05.2011 05:57 81392]

R3 NHCIMONO;NHCIMONO;c:\windows\system32\drivers\nhcimono.sys [26.07.2010 19:46 54016]

R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [09.02.2006 10:17 20608]

S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [17.08.2010 16:34 136176]

S2 NcpSec;NCP Client PKI Support;c:\programme\LANCOM\Advanced VPN Client\NCPSEC.EXE [23.05.2011 05:57 93184]

S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [09.12.2010 17:13 114432]

S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [17.08.2010 16:34 136176]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [09.12.2010 17:13 100736]

S3 lgodd_filter;lgodd_filter;c:\windows\system32\drivers\lgodd_filter.sys --> c:\windows\system32\drivers\lgodd_filter.sys [?]

S3 NcpFilt;Ncp Filter Service;c:\windows\system32\drivers\ncpvaxp.sys [23.05.2011 05:57 81392]

S3 ncpvaxp;NCP Secure Client Virtual Adapter Driver;c:\windows\system32\drivers\ncpvaxp.sys [23.05.2011 05:57 81392]

S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\drivers\RTL2832U_IRHID.sys [27.07.2010 19:57 37280]

S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [27.07.2010 19:57 91168]

S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\drivers\RTL2832UUSB.sys [27.07.2010 19:57 32800]

.

Inhalt des "geplante Tasks" Ordners

.

2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programme\Google\Update\GoogleUpdate.exe [2010-08-17 15:33]

.

2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programme\Google\Update\GoogleUpdate.exe [2010-08-17 15:33]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

uInternet Connection Wizard,ShellNext = iexplore

IE: An vorhandenes PDF anfügen - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Auswahl in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: In Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

TCP: DhcpNameServer = 194.25.2.129 145.253.2.75

DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} - hxxp://192.168.17.61/xplugLite.cab

FF - ProfilePath - c:\dokumente und einstellungen\TS\Anwendungsdaten\Mozilla\Firefox\Profiles\f6tf9iof.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

ShellIconOverlayIdentifiers-{98DD0781-8AD9-11D2-B0AA-00104B458FC2} - FileSign.dll

HKCU-Run-gema - c:\dokumente und einstellungen\TS\Anwendungsdaten\gema\gema.exe

HKLM-Run-IR_SERVER - c:\programme\Realtek\REALTEK DTV USB DEVICE\IR_SERVER.exe

HKLM-Run-SunJavaUpdateSched - c:\programme\Java\jre6\bin\jusched.exe

HKLM-Run-gema - c:\windows\system32\gema.exe

HKLM-Run-gema. - c:\dokumente und einstellungen\All Users\Anwendungsdaten\gema\gema.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-02-25 17:39

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net

Windows 5.1.2600 

.

CreateFile("\\.\PHYSICALDRIVE0"): Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

device: opened successfully

user: error reading MBR 

kernel: MBR read successfully

user != kernel MBR !!! 

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'winlogon.exe'(364)

c:\windows\system32\Ati2evxx.dll

c:\program files\Softex\OmniPass\opxpgina.dll

c:\programme\RSA Security\RSA Authenticator Utility\CredMgr.dll

c:\programme\RSA Security\RSA Authenticator Utility\3gProp.dll

c:\programme\RSA Security\RSA Authenticator Utility\NotifyP11Svc.dll

c:\programme\RSA Security\RSA Authenticator Utility\pkcs11.dll

c:\programme\RSA Security\RSA Authenticator Utility\authsvc.dll

c:\programme\RSA Security\RSA Authenticator Utility\pwdauthmech.dll

c:\programme\RSA Security\RSA Authenticator Utility\PwdAuthMechENU.dll

c:\programme\RSA Security\RSA Authenticator Utility\scauthmech.dll

c:\programme\RSA Security\RSA Authenticator Utility\ScAuthMechENU.dll

.

Zeit der Fertigstellung: 2012-02-25  17:42:28

ComboFix-quarantined-files.txt  2012-02-25 16:42

.

Vor Suchlauf: 5.972.189.184 Bytes frei

Nach Suchlauf: 6.166.224.896 Bytes frei

.

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe

[boot loader]

;timeout=30

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 0A8B61F38A4793B251581CE755D7E41F

download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

TDSSKiller LOG:

Code:

17:56:46.0718 5256        TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49

17:56:46.0890 5256        ============================================================

17:56:46.0890 5256        Current date / time: 2012/02/25 17:56:46.0890

17:56:46.0890 5256        SystemInfo:

17:56:46.0890 5256        

17:56:46.0890 5256        OS Version: 5.1.2600 ServicePack: 3.0

17:56:46.0890 5256        Product type: Workstation

17:56:46.0890 5256        ComputerName: NOTEBOOK

17:56:46.0890 5256        UserName: TS

17:56:46.0890 5256        Windows directory: C:\WINDOWS

17:56:46.0890 5256        System windows directory: C:\WINDOWS

17:56:46.0890 5256        Processor architecture: Intel x86

17:56:46.0890 5256        Number of processors: 2

17:56:46.0890 5256        Page size: 0x1000

17:56:46.0890 5256        Boot type: Normal boot

17:56:46.0890 5256        ============================================================

17:56:47.0531 5256        Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

17:56:47.0531 5256        Drive \Device\Harddisk1\DR3 - Size: 0xEBC20000 (3.68 Gb), SectorSize: 0x200, Cylinders: 0x3BE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x80, Type 'W'

17:56:47.0546 5256        \Device\Harddisk0\DR0:

17:56:47.0546 5256        MBR used

17:56:47.0546 5256        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C41AD8

17:56:47.0546 5256        \Device\Harddisk1\DR3:

17:56:47.0546 5256        MBR used

17:56:47.0546 5256        \Device\Harddisk1\DR3\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x75D000

17:56:47.0593 5256        Initialize success

17:56:47.0593 5256        ============================================================

17:57:12.0953 5964        ============================================================

17:57:12.0953 5964        Scan started

17:57:12.0953 5964        Mode: Manual; SigCheck; TDLFS; 

17:57:12.0953 5964        ============================================================

17:57:13.0625 5964        Abiosdsk - ok

17:57:13.0656 5964        abp480n5 - ok

17:57:13.0750 5964        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:57:14.0031 5964        ACPI - ok

17:57:14.0093 5964        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

17:57:14.0218 5964        ACPIEC - ok

17:57:14.0265 5964        adpu160m - ok

17:57:14.0312 5964        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

17:57:14.0421 5964        aec - ok

17:57:14.0500 5964        AF15BDA         (639a9c2dab390769be8fa23854435876) C:\WINDOWS\system32\Drivers\AF15BDA.sys

17:57:14.0546 5964        AF15BDA - ok

17:57:14.0640 5964        Afc             (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys

17:57:14.0671 5964        Afc - ok

17:57:14.0734 5964        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

17:57:14.0765 5964        AFD - ok

17:57:14.0906 5964        AgereSoftModem  (90456051c422e09bc36e6340dd891f0c) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

17:57:15.0062 5964        AgereSoftModem - ok

17:57:15.0140 5964        AGR1310_51      (6a94cc5ad6d6d5462bbdaea1034b86b8) C:\WINDOWS\system32\DRIVERS\AGR1310_51.sys

17:57:15.0203 5964        AGR1310_51 - ok

17:57:15.0250 5964        Aha154x - ok

17:57:15.0281 5964        aic78u2 - ok

17:57:15.0312 5964        aic78xx - ok

17:57:15.0390 5964        AliIde - ok

17:57:15.0421 5964        amsint - ok

17:57:15.0500 5964        Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

17:57:15.0609 5964        Arp1394 - ok

17:57:15.0640 5964        asc - ok

17:57:15.0671 5964        asc3350p - ok

17:57:15.0718 5964        asc3550 - ok

17:57:15.0781 5964        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:57:15.0921 5964        AsyncMac - ok

17:57:15.0968 5964        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:57:16.0078 5964        atapi - ok

17:57:16.0156 5964        Atdisk - ok

17:57:16.0281 5964        ati2mtag        (492bd2a5f65f218d4ede5764a3bb67e9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

17:57:16.0390 5964        ati2mtag - ok

17:57:16.0468 5964        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:57:16.0593 5964        Atmarpc - ok

17:57:16.0656 5964        ATSWPDRV        (4ae213e390888b090d38de37921ed53f) C:\WINDOWS\system32\Drivers\ATSwpDrv.sys

17:57:16.0703 5964        ATSWPDRV - ok

17:57:16.0843 5964        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:57:16.0953 5964        audstub - ok

17:57:17.0031 5964        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

17:57:17.0062 5964        avgntflt - ok

17:57:17.0125 5964        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys

17:57:17.0140 5964        avipbb - ok

17:57:17.0187 5964        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys

17:57:17.0203 5964        avkmgr - ok

17:57:17.0265 5964        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:57:17.0359 5964        Beep - ok

17:57:17.0437 5964        BlueletAudio - ok

17:57:17.0484 5964        BlueletSCOAudio - ok

17:57:17.0515 5964        BT - ok

17:57:17.0546 5964        Btcsrusb - ok

17:57:17.0609 5964        BthEnum         (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys

17:57:17.0718 5964        BthEnum - ok

17:57:17.0750 5964        BTHidEnum - ok

17:57:17.0796 5964        BTHidMgr - ok

17:57:17.0828 5964        BTHMODEM        (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys

17:57:17.0937 5964        BTHMODEM - ok

17:57:18.0031 5964        BthPan          (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys

17:57:18.0140 5964        BthPan - ok

17:57:18.0218 5964        BTHPORT         (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys

17:57:18.0250 5964        BTHPORT - ok

17:57:18.0328 5964        BTHUSB          (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys

17:57:18.0375 5964        BTHUSB - ok

17:57:18.0500 5964        catchme - ok

17:57:18.0609 5964        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:57:18.0750 5964        cbidf2k - ok

17:57:18.0828 5964        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

17:57:18.0953 5964        CCDECODE - ok

17:57:18.0984 5964        cd20xrnt - ok

17:57:19.0031 5964        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:57:19.0140 5964        Cdaudio - ok

17:57:19.0187 5964        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

17:57:19.0312 5964        Cdfs - ok

17:57:19.0359 5964        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:57:19.0468 5964        Cdrom - ok

17:57:19.0546 5964        Changer - ok

17:57:19.0578 5964        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

17:57:19.0703 5964        CmBatt - ok

17:57:19.0734 5964        CmdIde - ok

17:57:19.0781 5964        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

17:57:19.0906 5964        Compbatt - ok

17:57:19.0937 5964        Cpqarray - ok

17:57:19.0984 5964        dac2w2k - ok

17:57:20.0015 5964        dac960nt - ok

17:57:20.0046 5964        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

17:57:20.0171 5964        Disk - ok

17:57:20.0296 5964        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

17:57:20.0453 5964        dmboot - ok

17:57:20.0500 5964        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

17:57:20.0625 5964        dmio - ok

17:57:20.0656 5964        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:57:20.0765 5964        dmload - ok

17:57:20.0812 5964        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

17:57:20.0921 5964        DMusic - ok

17:57:20.0968 5964        dpti2o - ok

17:57:21.0046 5964        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

17:57:21.0156 5964        drmkaud - ok

17:57:21.0250 5964        ewusbnet        (9a8dfbcd14a37d3139aacd671a8444a6) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys

17:57:21.0281 5964        ewusbnet - ok

17:57:21.0359 5964        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

17:57:21.0484 5964        Fastfat - ok

17:57:21.0531 5964        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

17:57:21.0625 5964        Fdc - ok

17:57:21.0671 5964        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

17:57:21.0781 5964        Fips - ok

17:57:21.0859 5964        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

17:57:21.0968 5964        Flpydisk - ok

17:57:22.0015 5964        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

17:57:22.0140 5964        FltMgr - ok

17:57:22.0203 5964        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:57:22.0328 5964        Fs_Rec - ok

17:57:22.0375 5964        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:57:22.0468 5964        Ftdisk - ok

17:57:22.0515 5964        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:57:22.0640 5964        Gpc - ok

17:57:22.0765 5964        HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys

17:57:22.0812 5964        HdAudAddService - ok

17:57:22.0890 5964        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

17:57:22.0984 5964        HDAudBus - ok

17:57:23.0046 5964        HidBth          (a5aecf10be62459533a06ed7ebf5770b) C:\WINDOWS\system32\DRIVERS\hidbth.sys

17:57:23.0156 5964        HidBth - ok

17:57:23.0218 5964        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:57:23.0328 5964        HidUsb - ok

17:57:23.0375 5964        hpn - ok

17:57:23.0484 5964        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

17:57:23.0531 5964        HTTP - ok

17:57:23.0625 5964        hwdatacard      (93e5d34d95ff9011beed886e3627f442) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys

17:57:23.0656 5964        hwdatacard - ok

17:57:23.0718 5964        hwusbdev        (922065957563d851b5a68b95aadac6ad) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys

17:57:23.0765 5964        hwusbdev - ok

17:57:23.0796 5964        i2omgmt - ok

17:57:23.0828 5964        i2omp - ok

17:57:23.0953 5964        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

17:57:24.0093 5964        i8042prt - ok

17:57:24.0203 5964        iaStor          (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys

17:57:24.0281 5964        iaStor - ok

17:57:24.0328 5964        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:57:24.0437 5964        Imapi - ok

17:57:24.0468 5964        ini910u - ok

17:57:24.0687 5964        IntcAzAudAddService (fc3a99650afe0b39fe1d214304a7d0d3) C:\WINDOWS\system32\drivers\RtkHDAud.sys

17:57:24.0921 5964        IntcAzAudAddService - ok

17:57:24.0984 5964        IntelIde - ok

17:57:25.0187 5964        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

17:57:25.0296 5964        intelppm - ok

17:57:25.0343 5964        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

17:57:25.0468 5964        Ip6Fw - ok

17:57:25.0531 5964        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:57:25.0625 5964        IpFilterDriver - ok

17:57:25.0718 5964        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:57:25.0828 5964        IpInIp - ok

17:57:25.0890 5964        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:57:26.0000 5964        IpNat - ok

17:57:26.0062 5964        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:57:26.0171 5964        IPSec - ok

17:57:26.0234 5964        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:57:26.0296 5964        IRENUM - ok

17:57:26.0343 5964        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:57:26.0453 5964        isapnp - ok

17:57:26.0531 5964        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:57:26.0625 5964        Kbdclass - ok

17:57:26.0734 5964        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

17:57:26.0843 5964        kbdhid - ok

17:57:26.0906 5964        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

17:57:27.0015 5964        kmixer - ok

17:57:27.0093 5964        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

17:57:27.0140 5964        KSecDD - ok

17:57:27.0171 5964        lbrtfdc - ok

17:57:27.0265 5964        LcsCapiDrv      (33ca4952bd7679040add0f264c14704e) C:\WINDOWS\system32\Drivers\rcapi.sys

17:57:27.0265 5964        LcsCapiDrv ( UnsignedFile.Multi.Generic ) - warning

17:57:27.0265 5964        LcsCapiDrv - detected UnsignedFile.Multi.Generic (1)

17:57:27.0375 5964        LcsCapiMdm      (f63df2d9b5baea2ef41383d5fbf1fca7) C:\WINDOWS\system32\DRIVERS\vmdmd.sys

17:57:27.0375 5964        LcsCapiMdm ( UnsignedFile.Multi.Generic ) - warning

17:57:27.0375 5964        LcsCapiMdm - detected UnsignedFile.Multi.Generic (1)

17:57:27.0453 5964        LCSWAN          (a63323f3873ed9c137d1a9e1d2e8e72a) C:\WINDOWS\system32\DRIVERS\LCSWAN.sys

17:57:27.0468 5964        LCSWAN ( UnsignedFile.Multi.Generic ) - warning

17:57:27.0468 5964        LCSWAN - detected UnsignedFile.Multi.Generic (1)

17:57:27.0531 5964        LGDMEBTN        (bb6422f13cd893c630d33a197a40cb1a) C:\WINDOWS\system32\DRIVERS\LGDMEBTN.sys

17:57:27.0562 5964        LGDMEBTN - ok

17:57:27.0593 5964        lgodd_filter - ok

17:57:27.0671 5964        lgsnd_filter    (dbab4f8e598d32b285523432ad42fa06) C:\WINDOWS\system32\drivers\lgsnd_filter.sys

17:57:27.0687 5964        lgsnd_filter ( UnsignedFile.Multi.Generic ) - warning

17:57:27.0687 5964        lgsnd_filter - detected UnsignedFile.Multi.Generic (1)

17:57:27.0765 5964        MHNDRV          (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

17:57:27.0796 5964        MHNDRV ( UnsignedFile.Multi.Generic ) - warning

17:57:27.0796 5964        MHNDRV - detected UnsignedFile.Multi.Generic (1)

17:57:27.0890 5964        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:57:28.0000 5964        mnmdd - ok

17:57:28.0093 5964        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

17:57:28.0203 5964        Modem - ok

17:57:28.0234 5964        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:57:28.0343 5964        Mouclass - ok

17:57:28.0406 5964        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:57:28.0515 5964        mouhid - ok

17:57:28.0562 5964        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

17:57:28.0671 5964        MountMgr - ok

17:57:28.0734 5964        MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys

17:57:28.0843 5964        MPE - ok

17:57:28.0906 5964        mraid35x - ok

17:57:28.0953 5964        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:57:29.0078 5964        MRxDAV - ok

17:57:29.0171 5964        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:57:29.0234 5964        MRxSmb - ok

17:57:29.0265 5964        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

17:57:29.0375 5964        Msfs - ok

17:57:29.0437 5964        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:57:29.0546 5964        MSKSSRV - ok

17:57:29.0625 5964        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:57:29.0750 5964        MSPCLOCK - ok

17:57:29.0859 5964        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

17:57:29.0968 5964        MSPQM - ok

17:57:30.0015 5964        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:57:30.0109 5964        mssmbios - ok

17:57:30.0156 5964        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

17:57:30.0281 5964        MSTEE - ok

17:57:30.0359 5964        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

17:57:30.0390 5964        Mup - ok

17:57:30.0453 5964        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

17:57:30.0562 5964        NABTSFEC - ok

17:57:30.0656 5964        NcpFilt         (705a36c5be8e4d3eb42a4bbd63fa2986) C:\WINDOWS\system32\DRIVERS\ncpvaxp.sys

17:57:30.0656 5964        NcpFilt - ok

17:57:30.0671 5964        NcpFiltMP       (705a36c5be8e4d3eb42a4bbd63fa2986) C:\WINDOWS\system32\DRIVERS\ncpvaxp.sys

17:57:30.0671 5964        NcpFiltMP - ok

17:57:30.0687 5964        ncpvaxp         (705a36c5be8e4d3eb42a4bbd63fa2986) C:\WINDOWS\system32\DRIVERS\ncpvaxp.sys

17:57:30.0703 5964        ncpvaxp - ok

17:57:30.0781 5964        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

17:57:30.0890 5964        NDIS - ok

17:57:30.0953 5964        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

17:57:31.0062 5964        NdisIP - ok

17:57:31.0140 5964        Ndisipo         (e87c0cee30b5f6f4a2b80011941dc5bd) C:\WINDOWS\system32\DRIVERS\ndisipo.sys

17:57:31.0140 5964        Ndisipo ( UnsignedFile.Multi.Generic ) - warning

17:57:31.0140 5964        Ndisipo - detected UnsignedFile.Multi.Generic (1)

17:57:31.0234 5964        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:57:31.0265 5964        NdisTapi - ok

17:57:31.0328 5964        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:57:31.0437 5964        Ndisuio - ok

17:57:31.0484 5964        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:57:31.0609 5964        NdisWan - ok

17:57:31.0687 5964        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

17:57:31.0734 5964        NDProxy - ok

17:57:31.0796 5964        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:57:31.0906 5964        NetBIOS - ok

17:57:31.0984 5964        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

17:57:32.0078 5964        NetBT - ok

17:57:32.0234 5964        NETw3x32        (f886500c285af271fdd33bf8ba7b32ef) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys

17:57:32.0390 5964        NETw3x32 - ok

17:57:32.0453 5964        NHCIMONO        (cf94bd3114dfb4b5c2b6f046c6f6ae05) C:\WINDOWS\system32\DRIVERS\nhcimono.sys

17:57:32.0468 5964        NHCIMONO ( UnsignedFile.Multi.Generic ) - warning

17:57:32.0468 5964        NHCIMONO - detected UnsignedFile.Multi.Generic (1)

17:57:32.0546 5964        NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

17:57:32.0640 5964        NIC1394 - ok

17:57:32.0734 5964        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

17:57:32.0843 5964        Npfs - ok

17:57:32.0906 5964        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

17:57:33.0015 5964        Ntfs - ok

17:57:33.0109 5964        ntiomin         (8a2788ff5aa0fe75d7231417200406ff) C:\WINDOWS\system32\drivers\ntiomin.sys

17:57:33.0109 5964        ntiomin ( UnsignedFile.Multi.Generic ) - warning

17:57:33.0109 5964        ntiomin - detected UnsignedFile.Multi.Generic (1)

17:57:33.0140 5964        ntiopnp         (5850c28057ddea04390b88f8cc482504) C:\WINDOWS\system32\drivers\ntiopnp.sys

17:57:33.0156 5964        ntiopnp - ok

17:57:33.0234 5964        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:57:33.0343 5964        Null - ok

17:57:33.0437 5964        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:57:33.0546 5964        NwlnkFlt - ok

17:57:33.0578 5964        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:57:33.0671 5964        NwlnkFwd - ok

17:57:33.0750 5964        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

17:57:33.0859 5964        ohci1394 - ok

17:57:33.0921 5964        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys

17:57:34.0015 5964        Parport - ok

17:57:34.0046 5964        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

17:57:34.0156 5964        PartMgr - ok

17:57:34.0218 5964        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

17:57:34.0328 5964        ParVdm - ok

17:57:34.0406 5964        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

17:57:34.0515 5964        PCI - ok

17:57:34.0546 5964        PCIDump - ok

17:57:34.0593 5964        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:57:34.0687 5964        PCIIde - ok

17:57:34.0734 5964        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

17:57:34.0843 5964        Pcmcia - ok

17:57:34.0859 5964        PDCOMP - ok

17:57:34.0906 5964        PDFRAME - ok

17:57:34.0937 5964        PDRELI - ok

17:57:34.0968 5964        PDRFRAME - ok

17:57:35.0000 5964        perc2 - ok

17:57:35.0031 5964        perc2hib - ok

17:57:35.0109 5964        Point32         (2e3394c8ebf31a9b4f0a531eb5cc7bc7) C:\WINDOWS\system32\DRIVERS\point32.sys

17:57:35.0125 5964        Point32 - ok

17:57:35.0218 5964        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:57:35.0312 5964        PptpMiniport - ok

17:57:35.0375 5964        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

17:57:35.0500 5964        PSched - ok

17:57:35.0562 5964        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:57:35.0671 5964        Ptilink - ok

17:57:35.0750 5964        PxHelp20        (40f2031bd9148d3194353ea7dec97a07) C:\WINDOWS\system32\Drivers\PxHelp20.sys

17:57:35.0781 5964        PxHelp20 - ok

17:57:35.0859 5964        ql1080 - ok

17:57:35.0890 5964        Ql10wnt - ok

17:57:35.0921 5964        ql12160 - ok

17:57:35.0953 5964        ql1240 - ok

17:57:35.0984 5964        ql1280 - ok

17:57:36.0015 5964        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:57:36.0140 5964        RasAcd - ok

17:57:36.0218 5964        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:57:36.0328 5964        Rasl2tp - ok

17:57:36.0375 5964        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:57:36.0500 5964        RasPppoe - ok

17:57:36.0578 5964        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:57:36.0687 5964        Raspti - ok

17:57:36.0750 5964        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:57:36.0859 5964        Rdbss - ok

17:57:36.0906 5964        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:57:37.0015 5964        RDPCDD - ok

17:57:37.0062 5964        rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

17:57:37.0156 5964        rdpdr - ok

17:57:37.0218 5964        RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

17:57:37.0265 5964        RDPWD - ok

17:57:37.0390 5964        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:57:37.0500 5964        redbook - ok

17:57:37.0546 5964        RFCOMM          (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys

17:57:37.0640 5964        RFCOMM - ok

17:57:37.0718 5964        ROOTMODEM       (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

17:57:37.0828 5964        ROOTMODEM - ok

17:57:37.0906 5964        RTL2832UBDA     (500649d4eb9a972334428f93e4b82ae8) C:\WINDOWS\system32\drivers\RTL2832UBDA.sys

17:57:37.0921 5964        RTL2832UBDA - ok

17:57:37.0968 5964        RTL2832UUSB     (7f70002c79e8361c438adb905705b1ce) C:\WINDOWS\system32\Drivers\RTL2832UUSB.sys

17:57:37.0968 5964        RTL2832UUSB - ok

17:57:38.0015 5964        RTL2832U_IRHID  (adac790baa89ac1fee08deef67d18f5c) C:\WINDOWS\system32\DRIVERS\RTL2832U_IRHID.sys

17:57:38.0031 5964        RTL2832U_IRHID - ok

17:57:38.0140 5964        sdbus           (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

17:57:38.0250 5964        sdbus - ok

17:57:38.0390 5964        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:57:38.0468 5964        Secdrv - ok

17:57:38.0656 5964        Sentinel        (a2cc81c30bef6ac9f27055490eef6de3) C:\WINDOWS\System32\Drivers\SENTINEL.SYS

17:57:38.0656 5964        Sentinel - ok

17:57:38.0796 5964        serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

17:57:38.0953 5964        serenum - ok

17:57:39.0109 5964        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys

17:57:39.0250 5964        Serial - ok

17:57:39.0515 5964        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:57:39.0656 5964        Sfloppy - ok

17:57:39.0734 5964        Simbad - ok

17:57:39.0781 5964        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

17:57:39.0890 5964        SLIP - ok

17:57:39.0984 5964        snapman         (e78c98378a071ce4d48a7c514fa98fa1) C:\WINDOWS\system32\DRIVERS\snapman.sys

17:57:39.0984 5964        snapman - ok

17:57:40.0078 5964        SNTNLUSB        (9de6e60ce7fd82b4985de5d9c22265ad) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS

17:57:40.0093 5964        SNTNLUSB - ok

17:57:40.0125 5964        Sparrow - ok

17:57:40.0203 5964        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

17:57:40.0312 5964        splitter - ok

17:57:40.0359 5964        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

17:57:40.0421 5964        sr - ok

17:57:40.0500 5964        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

17:57:40.0562 5964        Srv - ok

17:57:40.0671 5964        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

17:57:40.0671 5964        ssmdrv - ok

17:57:40.0750 5964        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

17:57:40.0859 5964        streamip - ok

17:57:40.0906 5964        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:57:41.0015 5964        swenum - ok

17:57:41.0078 5964        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

17:57:41.0187 5964        swmidi - ok

17:57:41.0218 5964        symc810 - ok

17:57:41.0281 5964        symc8xx - ok

17:57:41.0312 5964        sym_hi - ok

17:57:41.0343 5964        sym_u3 - ok

17:57:41.0437 5964        SynTP           (290246d82fbdab124feb2fea035d7b1f) C:\WINDOWS\system32\DRIVERS\SynTP.sys

17:57:41.0484 5964        SynTP - ok

17:57:41.0562 5964        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

17:57:41.0656 5964        sysaudio - ok

17:57:41.0750 5964        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:57:41.0812 5964        Tcpip - ok

17:57:41.0890 5964        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:57:42.0015 5964        TDPIPE - ok

17:57:42.0062 5964        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

17:57:42.0171 5964        TDTCP - ok

17:57:42.0218 5964        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:57:42.0312 5964        TermDD - ok

17:57:42.0406 5964        tifm21          (78213f01ce781f93180bef5eb5b3ad81) C:\WINDOWS\system32\drivers\tifm21.sys

17:57:42.0437 5964        tifm21 - ok

17:57:42.0484 5964        TosIde - ok

17:57:42.0593 5964        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

17:57:42.0703 5964        Udfs - ok

17:57:42.0750 5964        ultra - ok

17:57:42.0812 5964        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

17:57:42.0953 5964        Update - ok

17:57:43.0031 5964        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:57:43.0140 5964        usbccgp - ok

17:57:43.0203 5964        USBCCID         (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys

17:57:43.0250 5964        USBCCID - ok

17:57:43.0343 5964        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:57:43.0453 5964        usbehci - ok

17:57:43.0531 5964        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:57:43.0640 5964        usbhub - ok

17:57:43.0687 5964        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

17:57:43.0796 5964        usbscan - ok

17:57:43.0890 5964        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:57:44.0000 5964        USBSTOR - ok

17:57:44.0031 5964        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:57:44.0140 5964        usbuhci - ok

17:57:44.0203 5964        usb_rndisx      (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

17:57:44.0312 5964        usb_rndisx - ok

17:57:44.0359 5964        VComm - ok

17:57:44.0406 5964        VcommMgr - ok

17:57:44.0468 5964        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

17:57:44.0562 5964        VgaSave - ok

17:57:44.0593 5964        ViaIde - ok

17:57:44.0640 5964        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

17:57:44.0750 5964        VolSnap - ok

17:57:44.0812 5964        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:57:44.0921 5964        Wanarp - ok

17:57:44.0984 5964        wceusbsh        (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

17:57:45.0031 5964        wceusbsh - ok

17:57:45.0078 5964        WDICA - ok

17:57:45.0140 5964        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

17:57:45.0250 5964        wdmaud - ok

17:57:45.0328 5964        WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

17:57:45.0437 5964        WmiAcpi - ok

17:57:45.0515 5964        wowfilter       (6d4fd01af03c8dc867505fc51d339b2b) C:\WINDOWS\system32\drivers\wowfilter.sys

17:57:45.0531 5964        wowfilter ( UnsignedFile.Multi.Generic ) - warning

17:57:45.0531 5964        wowfilter - detected UnsignedFile.Multi.Generic (1)

17:57:45.0593 5964        WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

17:57:45.0718 5964        WS2IFSL - ok

17:57:45.0750 5964        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

17:57:45.0859 5964        WSTCODEC - ok

17:57:45.0953 5964        MBR (0x1B8)     (e54d163a3135baee26d58c19cba62a64) \Device\Harddisk0\DR0

17:57:46.0187 5964        \Device\Harddisk0\DR0 - ok

17:57:46.0203 5964        MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3

17:57:46.0359 5964        \Device\Harddisk1\DR3 - ok

17:57:46.0359 5964        Boot (0x1200)   (a80721484caba43d33060b73e066892d) \Device\Harddisk0\DR0\Partition0

17:57:46.0359 5964        \Device\Harddisk0\DR0\Partition0 - ok

17:57:46.0375 5964        Boot (0x1200)   (c240219062b5d76e0dc4aa1a57b8e12e) \Device\Harddisk1\DR3\Partition0

17:57:46.0375 5964        \Device\Harddisk1\DR3\Partition0 - ok

17:57:46.0375 5964        ============================================================

17:57:46.0375 5964        Scan finished

17:57:46.0375 5964        ============================================================

17:57:46.0484 5412        Detected object count: 9

17:57:46.0484 5412        Actual detected object count: 9

17:58:33.0859 5412        LcsCapiDrv ( UnsignedFile.Multi.Generic ) - skipped by user

17:58:33.0859 5412        LcsCapiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:58:33.0859 5412        LcsCapiMdm ( UnsignedFile.Multi.Generic ) - skipped by user

17:58:33.0859 5412        LcsCapiMdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:58:33.0859 5412        LCSWAN ( UnsignedFile.Multi.Generic ) - skipped by user

17:58:33.0859 5412        LCSWAN ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:58:33.0859 5412        lgsnd_filter ( UnsignedFile.Multi.Generic ) - skipped by user

17:58:33.0859 5412        lgsnd_filter ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:58:33.0859 5412        MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user

17:58:33.0859 5412        MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:58:33.0859 5412        Ndisipo ( UnsignedFile.Multi.Generic ) - skipped by user

17:58:33.0859 5412        Ndisipo ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:58:33.0859 5412        NHCIMONO ( UnsignedFile.Multi.Generic ) - skipped by user

17:58:33.0859 5412        NHCIMONO ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:58:33.0875 5412        ntiomin ( UnsignedFile.Multi.Generic ) - skipped by user

17:58:33.0875 5412        ntiomin ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:58:33.0875 5412        wowfilter ( UnsignedFile.Multi.Generic ) - skipped by user

17:58:33.0875 5412        wowfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip

bitte mal mbrcheck laden:
http://ad13.geekstogo.com/MBRCheck.exe
doppelklicken,
wenn tool fertig gibts auf dem desktop ne mbrchck-datum.txt
deren inhalt posten

MBRCheck_02.25.12_18.28.07.txt:

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows XP Professional

Windows Information:                Service Pack 3 (build 2600)

Logical Drives Mask:                0x03c2bc0c
 

Kernel Drivers (total 161):

  0x804D7000 \WINDOWS\system32\ntoskrnl.exe

  0x80701000 \WINDOWS\system32\hal.dll

  0xF7B23000 \WINDOWS\system32\KDCOM.DLL

  0xF7A33000 \WINDOWS\system32\BOOTVID.dll

  0xF75D3000 ACPI.sys

  0xF7B25000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

  0xF75C2000 pci.sys

  0xF7623000 isapnp.sys

  0xF7633000 ohci1394.sys

  0xF7643000 \WINDOWS\system32\DRIVERS\1394BUS.SYS

  0xF7A37000 compbatt.sys

  0xF7A3B000 \WINDOWS\system32\DRIVERS\BATTC.SYS

  0xF7BEB000 pciide.sys

  0xF78A3000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

  0xF75A4000 pcmcia.sys

  0xF7653000 MountMgr.sys

  0xF7585000 ftdisk.sys

  0xF7B27000 dmload.sys

  0xF755F000 dmio.sys

  0xF78AB000 PartMgr.sys

  0xF7A3F000 ACPIEC.sys

  0xF7BEC000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS

  0xF7663000 VolSnap.sys

  0xF7547000 atapi.sys

  0xF7471000 iaStor.sys

  0xF7673000 disk.sys

  0xF7683000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

  0xF7451000 fltmgr.sys

  0xF743F000 sr.sys

  0xF78B3000 PxHelp20.sys

  0xF7428000 KSecDD.sys

  0xF739B000 Ntfs.sys

  0xF736E000 NDIS.sys

  0xF7353000 snapman.sys

  0xF7339000 Mup.sys

  0xF76B3000 \SystemRoot\system32\DRIVERS\nic1394.sys

  0xF7743000 \SystemRoot\system32\DRIVERS\intelppm.sys

  0xF6927000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

  0xF6923000 \SystemRoot\system32\DRIVERS\CmBatt.sys

  0xF691F000 \SystemRoot\system32\DRIVERS\LGDMEBTN.sys

  0xF54B4000 \SystemRoot\system32\DRIVERS\ati2mtag.sys

  0xF54A0000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

  0xF5478000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

  0xF5465000 \SystemRoot\system32\DRIVERS\AGR1310_51.sys

  0xF52C4000 \SystemRoot\system32\DRIVERS\NETw3x32.sys

  0xF79DB000 \SystemRoot\system32\DRIVERS\usbuhci.sys

  0xF52A0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0xF79E3000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0xF5254000 \SystemRoot\system32\drivers\tifm21.sys

  0xF5240000 \SystemRoot\system32\DRIVERS\sdbus.sys

  0xF7753000 \SystemRoot\system32\DRIVERS\serial.sys

  0xF691B000 \SystemRoot\system32\DRIVERS\serenum.sys

  0xF522C000 \SystemRoot\system32\DRIVERS\parport.sys

  0xF7763000 \SystemRoot\system32\DRIVERS\i8042prt.sys

  0xF79EB000 \SystemRoot\system32\DRIVERS\kbdclass.sys

  0xF51FC000 \SystemRoot\system32\DRIVERS\SynTP.sys

  0xF7B59000 \SystemRoot\system32\DRIVERS\USBD.SYS

  0xF79F3000 \SystemRoot\system32\DRIVERS\mouclass.sys

  0xF7773000 \SystemRoot\system32\DRIVERS\imapi.sys

  0xF79FB000 \SystemRoot\system32\drivers\Afc.sys

  0xF7783000 \SystemRoot\system32\DRIVERS\cdrom.sys

  0xF7793000 \SystemRoot\system32\DRIVERS\redbook.sys

  0xF51D9000 \SystemRoot\system32\DRIVERS\ks.sys

  0xF50A7000 \SystemRoot\System32\Drivers\rcapi.sys

  0xF5049000 \SystemRoot\system32\DRIVERS\vmdmd.sys

  0xF77A3000 \SystemRoot\system32\DRIVERS\LCSWAN.sys

  0xF7C31000 \SystemRoot\system32\DRIVERS\audstub.sys

  0xF7B5B000 \SystemRoot\System32\Drivers\RootMdm.sys

  0xF7A03000 \SystemRoot\System32\Drivers\Modem.SYS

  0xF77B3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0xF690B000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0xF5032000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0xF77C3000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0xF77D3000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0xF7A0B000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0xF5021000 \SystemRoot\system32\DRIVERS\psched.sys

  0xF77E3000 \SystemRoot\system32\DRIVERS\msgpc.sys

  0xF7A13000 \SystemRoot\system32\DRIVERS\ptilink.sys

  0xF7A1B000 \SystemRoot\system32\DRIVERS\raspti.sys

  0xF500E000 \SystemRoot\system32\DRIVERS\ncpvaxp.sys

  0xF5745000 \SystemRoot\system32\DRIVERS\nhcimono.sys

  0xF4FDE000 \SystemRoot\system32\DRIVERS\rdpdr.sys

  0xF5735000 \SystemRoot\system32\DRIVERS\termdd.sys

  0xF7B5D000 \SystemRoot\system32\DRIVERS\swenum.sys

  0xF4F80000 \SystemRoot\system32\DRIVERS\update.sys

  0xF7B13000 \SystemRoot\system32\DRIVERS\mssmbios.sys

  0xF5725000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0xEB828000 \SystemRoot\system32\drivers\RtkHDAud.sys

  0xEB804000 \SystemRoot\system32\drivers\portcls.sys

  0xF7703000 \SystemRoot\system32\drivers\drmk.sys

  0xF563B000 \SystemRoot\system32\drivers\wowfilter.sys

  0xF7713000 \SystemRoot\system32\drivers\wowxt_kern_i386.sys

  0xF78D3000 \SystemRoot\system32\drivers\tsxt_kern_i386.sys

  0xF7B6F000 \SystemRoot\system32\drivers\lgsnd_filter.sys

  0xEB6E8000 \SystemRoot\system32\DRIVERS\AGRSM.sys

  0xBA041000 \SystemRoot\system32\DRIVERS\usbhub.sys

  0xF7BC5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

  0xF7C6D000 \SystemRoot\System32\Drivers\Null.SYS

  0xF7BC7000 \SystemRoot\System32\Drivers\Beep.SYS

  0xBA334000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

  0xBA32C000 \SystemRoot\System32\drivers\vga.sys

  0xF7BC9000 \SystemRoot\System32\Drivers\mnmdd.SYS

  0xF7BCB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0xBA324000 \SystemRoot\System32\Drivers\Msfs.SYS

  0xB959E000 \SystemRoot\System32\Drivers\Npfs.SYS

  0xB563B000 \SystemRoot\system32\DRIVERS\rasacd.sys

  0xB4B72000 \SystemRoot\system32\DRIVERS\ipsec.sys

  0xB4B19000 \SystemRoot\system32\DRIVERS\tcpip.sys

  0xB4AE7000 \SystemRoot\system32\DRIVERS\netbt.sys

  0xB4AC1000 \SystemRoot\system32\DRIVERS\ipnat.sys

  0xBA011000 \SystemRoot\system32\DRIVERS\arp1394.sys

  0xB562F000 \SystemRoot\system32\DRIVERS\ndisipo.sys

  0xB4A77000 \SystemRoot\System32\drivers\afd.sys

  0xBA001000 \SystemRoot\system32\DRIVERS\netbios.sys

  0xB4DF1000 \SystemRoot\System32\Drivers\ntiomin.SYS

  0xB9596000 \SystemRoot\System32\Drivers\ntiopnp.SYS

  0xB958E000 \SystemRoot\system32\DRIVERS\ssmdrv.sys

  0xB4A4C000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0xB49DC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0xB5B75000 \SystemRoot\System32\Drivers\Fips.SYS

  0xB5B65000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0xB9586000 \SystemRoot\System32\Drivers\BTHUSB.sys

  0xB4999000 \SystemRoot\System32\Drivers\bthport.sys

  0xB497C000 \SystemRoot\System32\Drivers\ATSwpDrv.sys

  0xB5B45000 \SystemRoot\system32\DRIVERS\avkmgr.sys

  0xB4943000 \SystemRoot\system32\DRIVERS\avipbb.sys

  0xB4EB5000 \SystemRoot\system32\DRIVERS\rfcomm.sys

  0xB4E25000 \SystemRoot\system32\DRIVERS\BthEnum.sys

  0xB3B23000 \SystemRoot\system32\DRIVERS\bthpan.sys

  0xB4EA5000 \SystemRoot\system32\DRIVERS\bthmodem.sys

  0xB3C1F000 \SystemRoot\system32\DRIVERS\hidbth.sys

  0xF7813000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

  0xB1F8C000 \SystemRoot\system32\DRIVERS\mouhid.sys

  0xF796B000 \SystemRoot\system32\DRIVERS\point32.sys

  0xACF1D000 \SystemRoot\System32\Drivers\Fastfat.SYS

  0xACE47000 \SystemRoot\System32\Drivers\dump_iaStor.sys

  0xBF800000 \SystemRoot\System32\win32k.sys

  0xADAAE000 \SystemRoot\System32\drivers\Dxapi.sys

  0xAD654000 \SystemRoot\System32\watchdog.sys

  0xBF000000 \SystemRoot\System32\drivers\dxg.sys

  0xB3B45000 \SystemRoot\System32\drivers\dxgthk.sys

  0xBF012000 \SystemRoot\System32\ati2dvag.dll

  0xBF055000 \SystemRoot\System32\ati2cqag.dll

  0xBF09A000 \SystemRoot\System32\atikvmag.dll

  0xBF0D0000 \SystemRoot\System32\ati3duag.dll

  0xBF362000 \SystemRoot\System32\ativvaxx.dll

  0xBF4BA000 \SystemRoot\System32\ATMFD.DLL

  0xAAE2E000 \SystemRoot\system32\DRIVERS\avgntflt.sys

  0xB4BA5000 \SystemRoot\system32\DRIVERS\ndisuio.sys

  0xAADD9000 \SystemRoot\system32\DRIVERS\mrxdav.sys

  0xF7BA3000 \SystemRoot\System32\Drivers\ParVdm.SYS

  0xAAD74000 \SystemRoot\System32\Drivers\SENTINEL.SYS

  0xAACA4000 \SystemRoot\system32\DRIVERS\srv.sys

  0xAA38A000 \SystemRoot\system32\drivers\wdmaud.sys

  0xACF41000 \SystemRoot\system32\drivers\sysaudio.sys

  0xAAAA4000 \SystemRoot\System32\Drivers\Cdfs.SYS

  0xA9FFB000 \SystemRoot\System32\Drivers\HTTP.sys

  0xA8C05000 \SystemRoot\system32\drivers\kmixer.sys

  0xAF6EF000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS

  0xB957E000 \??\C:\DOKUME~1\TS\LOKALE~1\Temp\catchme.sys

  0x7C910000 \WINDOWS\system32\ntdll.dll
 

Processes (total 74):

       0 System Idle Process

       4 System

    2000 C:\WINDOWS\system32\smss.exe

     332 csrss.exe

     364 C:\WINDOWS\system32\winlogon.exe

     412 C:\WINDOWS\system32\services.exe

     416 C:\WINDOWS\system32\lsass.exe

     660 C:\WINDOWS\system32\ati2evxx.exe

     672 C:\WINDOWS\system32\svchost.exe

     728 svchost.exe

     988 C:\WINDOWS\system32\svchost.exe

    1084 svchost.exe

    1364 svchost.exe

    1676 C:\WINDOWS\system32\spoolsv.exe

    1724 scardsvr.exe

    1740 C:\Programme\Avira\AntiVir Desktop\sched.exe

    1804 svchost.exe

     876 C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe

     888 C:\Programme\Avira\AntiVir Desktop\avguard.exe

     904 svchost.exe

    1092 C:\WINDOWS\ehome\ehRecvr.exe

    1104 C:\WINDOWS\ehome\ehSched.exe

    1240 C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe

    1276 C:\Programme\Java\jre6\bin\jqs.exe

    1300 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE

    1356 C:\Programme\LANCOM\Advanced VPN Client\ncpclcfg.exe

    1404 C:\Programme\LANCOM\Advanced VPN Client\ncprwsnt.exe

    1944 C:\Program Files\Softex\OmniPass\OmniServ.exe

     312 C:\Programme\RSA Security\RSA Authenticator Utility\RsaP11Svc.exe

     428 C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

    2184 C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

    2272 C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe

    2300 C:\WINDOWS\system32\svchost.exe

    2484 C:\Programme\Xobni\XobniService.exe

    3824 C:\Programme\Avira\AntiVir Desktop\avshadow.exe

    3844 C:\WINDOWS\system32\dllhost.exe

    4048 alg.exe

    3892 C:\WINDOWS\system32\ati2evxx.exe

    1472 wmiprvse.exe

    1368 C:\Programme\RSA Security\RSA Authenticator Utility\NTNotify.exe

    2992 C:\WINDOWS\ehome\ehtray.exe

    3952 C:\Programme\ATI Technologies\ATI.ACE\CLI.exe

    1192 C:\Programme\Synaptics\SynTP\SynTPEnh.exe

    2744 C:\Program Files\LG Software\Battery Miser\batterymiser.exe

     328 C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe

    2676 C:\Program Files\LG Software\IP Operator 2005\IP Operator.exe

    2836 C:\WINDOWS\system32\LGDMEBTN.exe

    2052 C:\Programme\LG Software\On Screen Display\HotKey.exe

    1888 C:\WINDOWS\ehome\ehmsas.exe

    2240 C:\WINDOWS\RTHDCPL.exe

    2920 C:\WINDOWS\AGRSMMSG.exe

    3264 C:\Programme\Microsoft IntelliPoint\ipoint.exe

    3388 C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

    2016 C:\Program Files\Softex\OmniPass\scureapp.exe

    2344 C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe

    1504 C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

    2940 C:\Programme\LANCOM\Advanced VPN Client\NcpBudgetGui.exe

    3608 C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe

    3336 C:\Programme\Avira\AntiVir Desktop\avgnt.exe

    2212 C:\WINDOWS\system32\ctfmon.exe

    1712 C:\Programme\Microsoft ActiveSync\wcescomm.exe

    1204 C:\Programme\LANCOM\LANCAPI\rcapi.exe

    3284 C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

     976 C:\Programme\Keyspan\USB Server\nhciTask.exe

    2564 C:\Programme\ArcSoft\TotalMedia 3.5\TMMonitor.exe

    3520 C:\Programme\Deutsche_Telekom\Octopus_CTI\aocphone.exe

    5912 C:\Programme\ATI Technologies\ATI.ACE\CLI.exe

    4460 C:\WINDOWS\system32\wscntfy.exe

    3092 C:\WINDOWS\system32\notepad.exe

    4832 C:\WINDOWS\explorer.exe

    4648 C:\Programme\Internet Explorer\iexplore.exe

    5936 C:\Programme\Internet Explorer\iexplore.exe

    3332 C:\Programme\Internet Explorer\iexplore.exe

    6100 C:\Dokumente und Einstellungen\TS\Desktop\MBRCheck.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
 

PhysicalDrive0 Model Number: FUJITSUMHV2120BHPL, Rev: 00000029
 

      Size  Device Name          MBR Status

  --------------------------------------------

    111 GB  \\.\PhysicalDrive0   Legit MBR code detected

            SHA1: F967EBE03AE62014C22E0D3BCDE97AF7F5F1069F
 
 

Done!

ok,
malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

So, der Scan läuft und habe da mal eine Zwischenfrage. In der Aufregung am Anfang habe ich vergessen dir mitzuteilen, das ich auch im abgesicherten Modus im Administrator Profil die gleichen Probleme hatte. Muss ich da etwas wiederholen oder ist die Bereinigung für alle Profile wirksam?

hatt das konto admin rechte? dann müsste es für alle passen

Das Konto wird ja nur dann angezeigt, wenn der Rechner im abgesicherten Modus gestartet wird. Es ist das Konto das bei der Installation automatisch erstellt wird. Somit kann ich deine Frage mit ja beantworten :)

jo, wir werden dann ja beim neustart sehen was bei rumm kommt, obwohl du ja eig jetzt schon im normalen modus arbeiten solltest :-)