Bundespolizei Trojaner

Sphirex · 30.11.2011, 19:49

Hallo,

leider habe ich mir ebenfalls den Bundespolizei Trojaner eingefangen und habe diverse Schritte aus einem Guide befolgt um den PC wieder starten zu können. Er startet nun auch wieder ohne Probleme, nun möchte ich aber natürlich sicher gehen das der PC auch wieder clean ist, daher bitte ich um eure Hilfe.

PS: Ich habe ebenso einen Fremdzugriff auf einem meiner Spielaccounts registrieren müssen.

OTL.Txt:

Code:

ATTFilter

OTL logfile created on: 30.11.2011 19:32:51 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = D:\Eigene Dateien\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,64% Memory free
8,00 Gb Paging File | 6,56 Gb Available in Paging File | 82,07% Paging File free
Paging file location(s): d:\pagefile.sys 4096 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 102,05 Gb Free Space | 69,72% Space Free | Partition Type: NTFS
Drive D: | 123,96 Gb Total Space | 111,31 Gb Free Space | 89,79% Space Free | Partition Type: NTFS
Drive G: | 195,31 Gb Total Space | 183,39 Gb Free Space | 93,89% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.30 13:22:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Eigene Dateien\Desktop\OTL.exe
PRC - [2011.10.09 10:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011.05.21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.04.27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011.04.27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.05.21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.20 13:28:53 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.04.07 20:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.03.29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.04.27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.03 16:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.08.04 19:17:14 | 001,342,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007.08.20 09:05:02 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004.06.22 14:44:50 | 000,005,632 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)
DRV - [2004.04.08 11:06:08 | 000,070,400 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.04.08 09:46:50 | 000,054,272 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003.12.01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.09.06 13:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A 03 73 F9 B4 08 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 220.118.19.148:80
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.05.02 12:18:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.05.02 12:18:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.29 14:50:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.07.23 16:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2011.11.05 14:28:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\z5qsi9t9.default\extensions
[2011.09.25 13:37:17 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\z5qsi9t9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.05 14:28:29 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\z5qsi9t9.default\extensions\foxyproxy@eric.h.jung
[2011.07.23 16:18:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.09.15 19:35:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.15 19:35:40 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.15 19:35:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.15 19:35:40 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.15 19:35:40 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.15 19:35:40 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.15 19:35:40 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} hxxp://file.gamehi.kr/keyboard/cab/kdfense8.cab (Kdfense8 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EFDAE20-20BD-4175-81D3-0A15E7436D72}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e7a5a15b-d79d-11e0-8031-00252289251b}\Shell - "" = AutoRun
O33 - MountPoints2\{e7a5a15b-d79d-11e0-8031-00252289251b}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{f6cbab81-749e-11e0-bafc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f6cbab81-749e-11e0-bafc-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE -autorun
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: HDAudDeck - hkey= - key= - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.30 18:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.30 18:31:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.11.30 13:22:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- D:\Eigene Dateien\Desktop\OTL.exe
[2011.11.29 14:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.11.29 14:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011.11.29 14:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.11.29 14:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.11.29 14:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.11.29 14:49:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011.11.23 10:36:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DE319A25-1BEC-4F52-9D41-FD609A5A48C1}
[2011.11.23 10:36:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{64F12703-B3BF-4A76-8BA6-0E468E89DEAB}
[2011.11.22 20:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\vShare
[2011.11.19 23:50:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BDE265CD-E3A9-48AF-999F-63FF86A5F4C1}
[2011.11.19 23:50:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FE8A5199-9E83-4727-A28E-8F3CCDC5C007}
[2011.11.17 11:31:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FE6BF7FA-08A0-425E-908F-C2BCB5845F11}
[2011.11.17 11:31:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B1675427-0BEB-4153-92FD-572AE29568EE}
[2011.11.16 12:08:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{63B9870B-0321-416D-84D8-236129ABC3E9}
[2011.11.16 12:08:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{223E6AAB-2ED8-4F28-811C-0319E3F312F1}
[2011.11.15 23:13:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{57995C24-7D9F-4E4A-AC04-37B38C99EA1D}
[2011.11.15 23:13:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E923CFDF-BBF3-4243-AA76-B52F97D4252E}
[2011.11.13 11:06:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.11.12 20:03:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Microsoft Games
[2011.11.12 19:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2011.11.12 12:15:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Adobe Mini Bridge CS5
[2011.11.12 12:15:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.11.12 11:19:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0C680F02-A2C9-46CE-B8BB-E740AEEE65CD}
[2011.11.12 11:18:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{798F945C-D43B-42CA-B4B6-69DB9DCDF899}
[2011.11.11 13:37:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{59176673-5487-48FD-933F-473C8F737872}
[2011.11.11 13:37:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{23C8E14D-BD18-4ABB-B7E6-FE137E4DB231}
[2011.11.08 11:29:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{803A7CCE-0E69-4B19-8DE6-420558F6871D}
[2011.11.08 11:29:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A46712EB-4BDE-4194-BE0A-BD26904E2171}
[2011.11.05 14:25:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BB26327F-A483-4F58-A37B-C7E94D512D83}
[2011.11.05 14:25:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{82D0AEDC-C536-4D6D-9F9E-2DF9974E17F3}
[2011.11.05 14:16:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D70BDF10-52C9-45E6-ADAF-094D7041A137}
[2011.11.05 14:16:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D5071F84-746C-4DCF-B072-DEA33E368655}
[2011.11.03 13:46:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{57A54B72-3254-4A62-9007-81120987C4C0}
[2011.11.03 13:46:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{538AB6D2-34CC-4979-9AA8-16B76E4CFC2C}
[2011.11.02 16:06:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C2319DB0-4D07-458F-84BD-78E1716482A4}
[2011.11.02 16:06:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{951FC3DD-3900-4129-94D1-DCC1F386721A}
[2011.11.01 14:01:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{38479DFA-A221-487F-BAA0-C18296456644}
[2011.11.01 14:01:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3876CD6B-7260-4E0E-84CA-81A607B785A7}
[2011.10.31 20:39:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E6F83189-3032-4B86-9319-AF37FD542B8A}
[2011.10.31 20:39:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7587A644-11E0-4CFD-B97A-A8B55AE2990D}
[2011.05.12 11:53:30 | 000,147,456 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2010.02.03 23:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.30 18:31:48 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.30 13:26:19 | 001,505,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.30 13:26:19 | 000,656,250 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.30 13:26:19 | 000,618,132 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.30 13:26:19 | 000,131,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.30 13:26:19 | 000,107,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.30 13:22:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Eigene Dateien\Desktop\OTL.exe
[2011.11.30 12:45:15 | 000,022,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.30 12:45:15 | 000,022,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.30 12:38:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.30 12:37:58 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.29 14:58:07 | 000,088,280 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.11.29 14:49:22 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.11.12 15:39:14 | 000,000,132 | ---- | M] () -- C:\Users\User\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.11.10 10:07:40 | 004,827,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.11.07 01:28:17 | 000,000,132 | ---- | M] () -- C:\Users\User\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.11.01 10:30:13 | 000,001,275 | ---- | M] () -- D:\Eigene Dateien\Desktop\Thang.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.30 18:31:48 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.29 14:58:07 | 000,088,280 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.11.29 14:49:22 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.09.20 10:24:44 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.23 16:55:10 | 000,000,132 | ---- | C] () -- C:\Users\User\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.07.23 16:18:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.06.27 11:23:32 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2011.05.24 10:27:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.05.23 20:09:16 | 000,003,584 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.23 19:51:57 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011.05.13 08:58:12 | 002,785,280 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011.05.11 19:01:03 | 000,000,132 | ---- | C] () -- C:\Users\User\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.05.11 17:10:33 | 000,000,132 | ---- | C] () -- C:\Users\User\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2011.05.03 22:48:13 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2011.05.02 12:20:49 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2011.04.11 18:09:18 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.03.19 10:06:02 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.03.19 10:04:28 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.03.15 04:31:48 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
 
========== LOP Check ==========
 
[2011.07.02 11:09:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.minecraft
[2011.11.30 11:21:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Atari
[2011.05.02 21:27:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Azureus
[2011.09.09 15:33:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2011.09.25 13:37:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft
[2011.05.20 20:02:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.06 12:22:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DYA_NVURBDAHNPILDSNTI
[2011.11.24 14:21:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileZilla
[2011.05.24 12:26:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FOG Downloader
[2011.09.05 16:10:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2011.07.23 15:05:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Notepad++
[2011.09.05 16:06:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenCandy
[2011.05.11 12:09:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2011.07.06 11:39:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PhotoFiltre
[2011.11.12 12:15:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.09.19 09:17:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\temp
[2011.06.27 11:36:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ThangOnline
[2011.09.06 22:21:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2011.05.24 10:05:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Win7codecs
[2011.10.19 13:04:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Windows Live Writer
[2011.11.20 16:56:51 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.05.02 09:13:11 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.11.29 14:52:02 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.05.02 09:12:49 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.08.15 19:44:00 | 000,000,000 | ---D | M] -- C:\Download
[2011.07.18 09:19:36 | 000,000,000 | ---D | M] -- C:\MSDERelA
[2011.05.31 11:57:00 | 000,000,000 | ---D | M] -- C:\Nexon
[2011.05.02 10:32:14 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.11.29 14:49:07 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.11.30 18:31:44 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.10.06 16:10:04 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.05.02 09:12:49 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.05.02 09:12:49 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.11.30 19:33:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.09.20 10:23:47 | 000,000,000 | R--D | M] -- C:\Users
[2011.05.26 11:08:37 | 000,000,000 | ---D | M] -- C:\VueScan
[2011.11.30 12:38:01 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_SBXNV9VVGV1BF1V4WG4H6PT4KGM8HTV4K6N636VFSVF7JB4VPJGF

< End of report >

mbam-log:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8279

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

30.11.2011 19:19:03
mbam-log-2011-11-30 (19-19-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|)
Durchsuchte Objekte: 327718
Laufzeit: 30 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 30.11.2011, 22:10

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Sphirex · 30.11.2011, 22:59

Ingesamt kann ich nur die folgenden3 anbieten:

mbam-log-2011-05-15 (15-31-20).txt

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6584

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

15.05.2011 15:31:20
mbam-log-2011-05-15 (15-31-20).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 164126
Laufzeit: 1 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

mbam-log-2011-11-30 (18-33-59).txt

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8279

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

30.11.2011 18:33:59
mbam-log-2011-11-30 (18-33-59).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 195825
Laufzeit: 1 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

mbam-log-2011-11-30 (19-19-03).txt

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8279

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

30.11.2011 19:19:03
mbam-log-2011-11-30 (19-19-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|)
Durchsuchte Objekte: 327718
Laufzeit: 30 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 01.12.2011, 10:30

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Sphirex · 01.12.2011, 12:17

Schon wieder Java...

ESET log:

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0261070d7f1a1f448ebe118e4630c8ff
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-01 11:15:12
# local_time=2011-12-01 12:15:12 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 6229206 74364802 0 0
# compatibility_mode=8192 67108863 100 0 3726 3726 0 0
# scanned=141888
# found=2
# cleaned=0
# scan_time=3160
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\2bbf930a-66d164fe	a variant of Java/Agent.DU trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\287bfa07-5fcae78d	a variant of Java/Agent.DU trojan (unable to clean)	00000000000000000000000000000000	I

cosinus · 02.12.2011, 11:23

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A 03 73 F9 B4 08 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 220.118.19.148:80
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e7a5a15b-d79d-11e0-8031-00252289251b}\Shell - "" = AutoRun
O33 - MountPoints2\{e7a5a15b-d79d-11e0-8031-00252289251b}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{f6cbab81-749e-11e0-bafc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f6cbab81-749e-11e0-bafc-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE -autorun
@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_SBXNV9VVGV1BF1V4WG4H6PT4KGM8HTV4K6N636VFSVF7JB4VPJGF
:Files
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Sphirex · 02.12.2011, 11:35

Wow unglaublich was er alles im Cache gefunden hat, dabei nutze ich regelmäßig CCleaner. Meine Startseite wurde von Google zu MSN, weitere Veränderungen konnte ich bisher nicht bemerken.

OTL log:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7a5a15b-d79d-11e0-8031-00252289251b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e7a5a15b-d79d-11e0-8031-00252289251b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7a5a15b-d79d-11e0-8031-00252289251b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e7a5a15b-d79d-11e0-8031-00252289251b}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6cbab81-749e-11e0-bafc-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6cbab81-749e-11e0-bafc-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6cbab81-749e-11e0-bafc-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6cbab81-749e-11e0-bafc-806e6f6e6963}\ not found.
File E:\SETUP.EXE -autorun not found.
ADS C:\ProgramData:$SS_DESCRIPTOR_SBXNV9VVGV1BF1V4WG4H6PT4KGM8HTV4K6N636VFSVF7JB4VPJGF deleted successfully.
========== FILES ==========
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 2836 bytes
 
User: UpdatusUser.User-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
 
User: User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 18723837 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44468977 bytes
->Flash cache emptied: 487 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21868 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 60,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12022011_113002

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus · 02.12.2011, 12:42

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Sphirex · 02.12.2011, 12:58

TDSS-Killer log:

Code:

ATTFilter

12:56:47.0251 3204	TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
12:56:47.0673 3204	============================================================
12:56:47.0673 3204	Current date / time: 2011/12/02 12:56:47.0673
12:56:47.0673 3204	SystemInfo:
12:56:47.0673 3204	
12:56:47.0673 3204	OS Version: 6.1.7601 ServicePack: 1.0
12:56:47.0673 3204	Product type: Workstation
12:56:47.0673 3204	ComputerName: USER-PC
12:56:47.0673 3204	UserName: User
12:56:47.0673 3204	Windows directory: C:\Windows
12:56:47.0673 3204	System windows directory: C:\Windows
12:56:47.0673 3204	Running under WOW64
12:56:47.0673 3204	Processor architecture: Intel x64
12:56:47.0673 3204	Number of processors: 4
12:56:47.0673 3204	Page size: 0x1000
12:56:47.0673 3204	Boot type: Normal boot
12:56:47.0673 3204	============================================================
12:56:49.0299 3204	Initialize success
12:57:26.0701 2564	============================================================
12:57:26.0701 2564	Scan started
12:57:26.0701 2564	Mode: Manual; SigCheck; TDLFS; 
12:57:26.0701 2564	============================================================
12:57:28.0060 2564	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:57:28.0154 2564	1394ohci - ok
12:57:28.0169 2564	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:57:28.0201 2564	ACPI - ok
12:57:28.0201 2564	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:57:28.0294 2564	AcpiPmi - ok
12:57:28.0326 2564	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
12:57:28.0357 2564	adp94xx - ok
12:57:28.0388 2564	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
12:57:28.0404 2564	adpahci - ok
12:57:28.0419 2564	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
12:57:28.0435 2564	adpu320 - ok
12:57:28.0498 2564	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
12:57:28.0576 2564	AFD - ok
12:57:28.0607 2564	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:57:28.0623 2564	agp440 - ok
12:57:28.0638 2564	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:57:28.0654 2564	aliide - ok
12:57:28.0669 2564	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:57:28.0685 2564	amdide - ok
12:57:28.0701 2564	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
12:57:28.0748 2564	AmdK8 - ok
12:57:28.0763 2564	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:57:28.0794 2564	AmdPPM - ok
12:57:28.0826 2564	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:57:28.0841 2564	amdsata - ok
12:57:28.0857 2564	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
12:57:28.0873 2564	amdsbs - ok
12:57:28.0888 2564	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:57:28.0904 2564	amdxata - ok
12:57:28.0935 2564	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:57:29.0060 2564	AppID - ok
12:57:29.0169 2564	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
12:57:29.0201 2564	arc - ok
12:57:29.0201 2564	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
12:57:29.0216 2564	arcsas - ok
12:57:29.0248 2564	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:57:29.0388 2564	AsyncMac - ok
12:57:29.0404 2564	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:57:29.0419 2564	atapi - ok
12:57:29.0466 2564	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
12:57:29.0529 2564	b06bdrv - ok
12:57:29.0560 2564	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:57:29.0623 2564	b57nd60a - ok
12:57:29.0669 2564	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:57:29.0748 2564	Beep - ok
12:57:29.0779 2564	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:57:29.0810 2564	blbdrive - ok
12:57:29.0857 2564	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:57:29.0919 2564	bowser - ok
12:57:29.0966 2564	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
12:57:30.0029 2564	BrFiltLo - ok
12:57:30.0044 2564	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
12:57:30.0060 2564	BrFiltUp - ok
12:57:30.0076 2564	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:57:30.0123 2564	Brserid - ok
12:57:30.0138 2564	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:57:30.0169 2564	BrSerWdm - ok
12:57:30.0185 2564	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:57:30.0216 2564	BrUsbMdm - ok
12:57:30.0216 2564	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:57:30.0232 2564	BrUsbSer - ok
12:57:30.0263 2564	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
12:57:30.0326 2564	BTHMODEM - ok
12:57:30.0357 2564	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:57:30.0404 2564	cdfs - ok
12:57:30.0435 2564	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:57:30.0482 2564	cdrom - ok
12:57:30.0498 2564	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
12:57:30.0544 2564	circlass - ok
12:57:30.0576 2564	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:57:30.0591 2564	CLFS - ok
12:57:30.0623 2564	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
12:57:30.0654 2564	CmBatt - ok
12:57:30.0669 2564	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:57:30.0685 2564	cmdide - ok
12:57:30.0701 2564	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
12:57:30.0732 2564	CNG - ok
12:57:30.0748 2564	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
12:57:30.0763 2564	Compbatt - ok
12:57:30.0779 2564	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:57:30.0810 2564	CompositeBus - ok
12:57:30.0841 2564	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
12:57:30.0857 2564	crcdisk - ok
12:57:30.0888 2564	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
12:57:30.0935 2564	CSC - ok
12:57:30.0982 2564	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:57:31.0013 2564	DfsC - ok
12:57:31.0029 2564	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:57:31.0060 2564	discache - ok
12:57:31.0107 2564	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
12:57:31.0138 2564	Disk - ok
12:57:31.0154 2564	dmvsc           (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
12:57:31.0232 2564	dmvsc - ok
12:57:31.0263 2564	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:57:31.0294 2564	drmkaud - ok
12:57:31.0341 2564	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:57:31.0373 2564	DXGKrnl - ok
12:57:31.0451 2564	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
12:57:31.0544 2564	ebdrv - ok
12:57:31.0576 2564	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
12:57:31.0591 2564	elxstor - ok
12:57:31.0638 2564	ENTECH64        (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
12:57:31.0716 2564	ENTECH64 - ok
12:57:31.0748 2564	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:57:31.0763 2564	ErrDev - ok
12:57:31.0810 2564	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:57:31.0841 2564	exfat - ok
12:57:31.0857 2564	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:57:31.0904 2564	fastfat - ok
12:57:31.0919 2564	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
12:57:31.0982 2564	fdc - ok
12:57:31.0998 2564	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:57:32.0029 2564	FileInfo - ok
12:57:32.0044 2564	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:57:32.0076 2564	Filetrace - ok
12:57:32.0091 2564	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
12:57:32.0107 2564	flpydisk - ok
12:57:32.0138 2564	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:57:32.0154 2564	FltMgr - ok
12:57:32.0169 2564	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:57:32.0185 2564	FsDepends - ok
12:57:32.0201 2564	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:57:32.0201 2564	Fs_Rec - ok
12:57:32.0216 2564	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:57:32.0232 2564	fvevol - ok
12:57:32.0248 2564	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
12:57:32.0263 2564	gagp30kx - ok
12:57:32.0294 2564	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:57:32.0326 2564	GEARAspiWDM - ok
12:57:32.0341 2564	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:57:32.0404 2564	hcw85cir - ok
12:57:32.0451 2564	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:57:32.0513 2564	HdAudAddService - ok
12:57:32.0544 2564	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:57:32.0591 2564	HDAudBus - ok
12:57:32.0607 2564	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
12:57:32.0638 2564	HidBatt - ok
12:57:32.0654 2564	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
12:57:32.0685 2564	HidBth - ok
12:57:32.0701 2564	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
12:57:32.0732 2564	HidIr - ok
12:57:32.0763 2564	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:57:32.0810 2564	HidUsb - ok
12:57:32.0841 2564	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:57:32.0857 2564	HpSAMD - ok
12:57:32.0888 2564	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:57:32.0951 2564	HTTP - ok
12:57:32.0966 2564	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:57:32.0982 2564	hwpolicy - ok
12:57:32.0998 2564	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:57:33.0013 2564	i8042prt - ok
12:57:33.0044 2564	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:57:33.0060 2564	iaStorV - ok
12:57:33.0076 2564	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
12:57:33.0091 2564	iirsp - ok
12:57:33.0107 2564	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:57:33.0107 2564	intelide - ok
12:57:33.0138 2564	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
12:57:33.0185 2564	intelppm - ok
12:57:33.0216 2564	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:57:33.0248 2564	IpFilterDriver - ok
12:57:33.0263 2564	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:57:33.0279 2564	IPMIDRV - ok
12:57:33.0294 2564	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:57:33.0341 2564	IPNAT - ok
12:57:33.0388 2564	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:57:33.0466 2564	IRENUM - ok
12:57:33.0498 2564	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:57:33.0529 2564	isapnp - ok
12:57:33.0560 2564	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:57:33.0607 2564	iScsiPrt - ok
12:57:33.0623 2564	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:57:33.0638 2564	kbdclass - ok
12:57:33.0669 2564	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:57:33.0701 2564	kbdhid - ok
12:57:33.0716 2564	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
12:57:33.0732 2564	KSecDD - ok
12:57:33.0748 2564	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
12:57:33.0763 2564	KSecPkg - ok
12:57:33.0763 2564	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:57:33.0810 2564	ksthunk - ok
12:57:33.0857 2564	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:57:33.0919 2564	lltdio - ok
12:57:33.0951 2564	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
12:57:33.0966 2564	LSI_FC - ok
12:57:33.0982 2564	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
12:57:33.0998 2564	LSI_SAS - ok
12:57:34.0013 2564	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
12:57:34.0013 2564	LSI_SAS2 - ok
12:57:34.0029 2564	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
12:57:34.0044 2564	LSI_SCSI - ok
12:57:34.0076 2564	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:57:34.0138 2564	luafv - ok
12:57:34.0154 2564	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
12:57:34.0154 2564	megasas - ok
12:57:34.0169 2564	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
12:57:34.0185 2564	MegaSR - ok
12:57:34.0216 2564	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:57:34.0248 2564	Modem - ok
12:57:34.0279 2564	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:57:34.0326 2564	monitor - ok
12:57:34.0357 2564	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:57:34.0373 2564	mouclass - ok
12:57:34.0388 2564	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:57:34.0419 2564	mouhid - ok
12:57:34.0435 2564	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:57:34.0451 2564	mountmgr - ok
12:57:34.0498 2564	MpFilter        (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
12:57:34.0529 2564	MpFilter - ok
12:57:34.0544 2564	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:57:34.0560 2564	mpio - ok
12:57:34.0576 2564	MpNWMon         (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
12:57:34.0591 2564	MpNWMon - ok
12:57:34.0607 2564	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:57:34.0654 2564	mpsdrv - ok
12:57:34.0669 2564	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:57:34.0701 2564	MRxDAV - ok
12:57:34.0716 2564	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:57:34.0779 2564	mrxsmb - ok
12:57:34.0810 2564	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:57:34.0857 2564	mrxsmb10 - ok
12:57:34.0873 2564	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:57:34.0888 2564	mrxsmb20 - ok
12:57:34.0904 2564	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:57:34.0919 2564	msahci - ok
12:57:34.0935 2564	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:57:34.0951 2564	msdsm - ok
12:57:34.0982 2564	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:57:35.0029 2564	Msfs - ok
12:57:35.0044 2564	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:57:35.0076 2564	mshidkmdf - ok
12:57:35.0091 2564	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:57:35.0107 2564	msisadrv - ok
12:57:35.0123 2564	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:57:35.0169 2564	MSKSSRV - ok
12:57:35.0201 2564	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:57:35.0248 2564	MSPCLOCK - ok
12:57:35.0248 2564	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:57:35.0326 2564	MSPQM - ok
12:57:35.0341 2564	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:57:35.0357 2564	MsRPC - ok
12:57:35.0373 2564	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:57:35.0388 2564	mssmbios - ok
12:57:35.0404 2564	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:57:35.0435 2564	MSTEE - ok
12:57:35.0451 2564	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
12:57:35.0482 2564	MTConfig - ok
12:57:35.0498 2564	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:57:35.0498 2564	Mup - ok
12:57:35.0529 2564	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:57:35.0560 2564	NativeWifiP - ok
12:57:35.0623 2564	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:57:35.0685 2564	NDIS - ok
12:57:35.0701 2564	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:57:35.0732 2564	NdisCap - ok
12:57:35.0763 2564	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:57:35.0794 2564	NdisTapi - ok
12:57:35.0810 2564	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:57:35.0841 2564	Ndisuio - ok
12:57:35.0873 2564	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:57:35.0935 2564	NdisWan - ok
12:57:35.0951 2564	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:57:35.0998 2564	NDProxy - ok
12:57:36.0029 2564	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:57:36.0060 2564	NetBIOS - ok
12:57:36.0091 2564	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:57:36.0138 2564	NetBT - ok
12:57:36.0169 2564	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
12:57:36.0185 2564	nfrd960 - ok
12:57:36.0201 2564	NisDrv          (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:57:36.0216 2564	NisDrv - ok
12:57:36.0263 2564	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:57:36.0326 2564	Npfs - ok
12:57:36.0341 2564	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:57:36.0404 2564	nsiproxy - ok
12:57:36.0466 2564	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:57:36.0529 2564	Ntfs - ok
12:57:36.0544 2564	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:57:36.0591 2564	Null - ok
12:57:36.0638 2564	NVENETFD        (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
12:57:36.0685 2564	NVENETFD - ok
12:57:36.0732 2564	NVHDA           (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
12:57:36.0763 2564	NVHDA - ok
12:57:37.0107 2564	nvlddmkm        (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:57:37.0857 2564	nvlddmkm - ok
12:57:37.0952 2564	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:57:37.0999 2564	nvraid - ok
12:57:38.0045 2564	nvsmu           (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
12:57:38.0077 2564	nvsmu - ok
12:57:38.0108 2564	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:57:38.0139 2564	nvstor - ok
12:57:38.0170 2564	nvstor64        (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
12:57:38.0186 2564	nvstor64 - ok
12:57:38.0249 2564	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:57:38.0280 2564	nv_agp - ok
12:57:38.0295 2564	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:57:38.0327 2564	ohci1394 - ok
12:57:38.0358 2564	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
12:57:38.0389 2564	Parport - ok
12:57:38.0405 2564	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:57:38.0420 2564	partmgr - ok
12:57:38.0436 2564	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:57:38.0467 2564	pci - ok
12:57:38.0483 2564	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:57:38.0499 2564	pciide - ok
12:57:38.0514 2564	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
12:57:38.0530 2564	pcmcia - ok
12:57:38.0545 2564	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:57:38.0561 2564	pcw - ok
12:57:38.0577 2564	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:57:38.0639 2564	PEAUTH - ok
12:57:38.0686 2564	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:57:38.0733 2564	PptpMiniport - ok
12:57:38.0749 2564	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
12:57:38.0795 2564	Processor - ok
12:57:38.0811 2564	prodrv06 - ok
12:57:38.0827 2564	prohlp02 - ok
12:57:38.0858 2564	prosync1 - ok
12:57:38.0905 2564	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
12:57:38.0968 2564	ql2300 - ok
12:57:38.0984 2564	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
12:57:39.0000 2564	ql40xx - ok
12:57:39.0015 2564	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:57:39.0046 2564	QWAVEdrv - ok
12:57:39.0062 2564	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:57:39.0125 2564	RasAcd - ok
12:57:39.0156 2564	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:57:39.0203 2564	RasAgileVpn - ok
12:57:39.0218 2564	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:57:39.0265 2564	Rasl2tp - ok
12:57:39.0281 2564	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:57:39.0375 2564	RasPppoe - ok
12:57:39.0390 2564	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:57:39.0468 2564	RasSstp - ok
12:57:39.0484 2564	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:57:39.0531 2564	rdbss - ok
12:57:39.0531 2564	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:57:39.0546 2564	rdpbus - ok
12:57:39.0562 2564	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:57:39.0593 2564	RDPCDD - ok
12:57:39.0625 2564	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
12:57:39.0687 2564	RDPDR - ok
12:57:39.0718 2564	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:57:39.0796 2564	RDPENCDD - ok
12:57:39.0812 2564	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:57:39.0843 2564	RDPREFMP - ok
12:57:39.0859 2564	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
12:57:39.0890 2564	RDPWD - ok
12:57:39.0921 2564	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:57:39.0937 2564	rdyboost - ok
12:57:39.0969 2564	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:57:40.0016 2564	rspndr - ok
12:57:40.0047 2564	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
12:57:40.0063 2564	s3cap - ok
12:57:40.0079 2564	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:57:40.0094 2564	sbp2port - ok
12:57:40.0110 2564	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:57:40.0141 2564	scfilter - ok
12:57:40.0172 2564	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:57:40.0204 2564	secdrv - ok
12:57:40.0219 2564	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
12:57:40.0235 2564	Serenum - ok
12:57:40.0266 2564	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
12:57:40.0297 2564	Serial - ok
12:57:40.0313 2564	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
12:57:40.0344 2564	sermouse - ok
12:57:40.0360 2564	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:57:40.0375 2564	sffdisk - ok
12:57:40.0391 2564	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:57:40.0407 2564	sffp_mmc - ok
12:57:40.0407 2564	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:57:40.0438 2564	sffp_sd - ok
12:57:40.0454 2564	sfhlp01 - ok
12:57:40.0469 2564	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
12:57:40.0532 2564	sfloppy - ok
12:57:40.0563 2564	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
12:57:40.0579 2564	SiSRaid2 - ok
12:57:40.0594 2564	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
12:57:40.0610 2564	SiSRaid4 - ok
12:57:40.0625 2564	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:57:40.0672 2564	Smb - ok
12:57:40.0704 2564	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:57:40.0719 2564	spldr - ok
12:57:40.0766 2564	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:57:40.0844 2564	srv - ok
12:57:40.0875 2564	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:57:40.0907 2564	srv2 - ok
12:57:40.0938 2564	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:57:40.0954 2564	srvnet - ok
12:57:41.0033 2564	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
12:57:41.0064 2564	stexstor - ok
12:57:41.0095 2564	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
12:57:41.0126 2564	storflt - ok
12:57:41.0158 2564	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
12:57:41.0158 2564	storvsc - ok
12:57:41.0173 2564	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:57:41.0189 2564	swenum - ok
12:57:41.0298 2564	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:57:41.0361 2564	Tcpip - ok
12:57:41.0423 2564	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:57:41.0470 2564	TCPIP6 - ok
12:57:41.0501 2564	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:57:41.0564 2564	tcpipreg - ok
12:57:41.0580 2564	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:57:41.0611 2564	TDPIPE - ok
12:57:41.0626 2564	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:57:41.0658 2564	TDTCP - ok
12:57:41.0689 2564	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:57:41.0705 2564	tdx - ok
12:57:41.0720 2564	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
12:57:41.0736 2564	TermDD - ok
12:57:41.0767 2564	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:57:41.0798 2564	tssecsrv - ok
12:57:41.0830 2564	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:57:41.0876 2564	TsUsbFlt - ok
12:57:41.0892 2564	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
12:57:41.0908 2564	TsUsbGD - ok
12:57:41.0939 2564	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:57:41.0987 2564	tunnel - ok
12:57:42.0018 2564	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
12:57:42.0034 2564	uagp35 - ok
12:57:42.0065 2564	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:57:42.0112 2564	udfs - ok
12:57:42.0143 2564	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:57:42.0159 2564	uliagpkx - ok
12:57:42.0174 2564	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:57:42.0206 2564	umbus - ok
12:57:42.0221 2564	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
12:57:42.0268 2564	UmPass - ok
12:57:42.0315 2564	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
12:57:42.0409 2564	USBAAPL64 - ok
12:57:42.0471 2564	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:57:42.0502 2564	usbaudio - ok
12:57:42.0534 2564	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:57:42.0565 2564	usbccgp - ok
12:57:42.0612 2564	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:57:42.0659 2564	usbcir - ok
12:57:42.0690 2564	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:57:42.0706 2564	usbehci - ok
12:57:42.0768 2564	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:57:42.0815 2564	usbhub - ok
12:57:42.0846 2564	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
12:57:42.0862 2564	usbohci - ok
12:57:42.0893 2564	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
12:57:42.0940 2564	usbprint - ok
12:57:42.0956 2564	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:57:43.0003 2564	USBSTOR - ok
12:57:43.0019 2564	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:57:43.0050 2564	usbuhci - ok
12:57:43.0082 2564	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:57:43.0097 2564	vdrvroot - ok
12:57:43.0113 2564	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:57:43.0128 2564	vga - ok
12:57:43.0144 2564	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:57:43.0207 2564	VgaSave - ok
12:57:43.0222 2564	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:57:43.0238 2564	vhdmp - ok
12:57:43.0300 2564	VIAHdAudAddService (8f69c38a8ba725f891f26aac8888696e) C:\Windows\system32\drivers\viahduaa.sys
12:57:43.0332 2564	VIAHdAudAddService - ok
12:57:43.0347 2564	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:57:43.0363 2564	viaide - ok
12:57:43.0378 2564	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
12:57:43.0394 2564	vmbus - ok
12:57:43.0410 2564	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
12:57:43.0425 2564	VMBusHID - ok
12:57:43.0457 2564	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:57:43.0457 2564	volmgr - ok
12:57:43.0488 2564	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:57:43.0503 2564	volmgrx - ok
12:57:43.0535 2564	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:57:43.0566 2564	volsnap - ok
12:57:43.0582 2564	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
12:57:43.0597 2564	vsmraid - ok
12:57:43.0613 2564	vtany - ok
12:57:43.0628 2564	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:57:43.0660 2564	vwifibus - ok
12:57:43.0675 2564	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
12:57:43.0707 2564	WacomPen - ok
12:57:43.0738 2564	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:57:43.0785 2564	WANARP - ok
12:57:43.0800 2564	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:57:43.0832 2564	Wanarpv6 - ok
12:57:43.0847 2564	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
12:57:43.0863 2564	Wd - ok
12:57:43.0878 2564	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:57:43.0894 2564	Wdf01000 - ok
12:57:43.0925 2564	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:57:43.0957 2564	WfpLwf - ok
12:57:43.0957 2564	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:57:43.0972 2564	WIMMount - ok
12:57:44.0020 2564	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:57:44.0051 2564	WinUsb - ok
12:57:44.0067 2564	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:57:44.0083 2564	WmiAcpi - ok
12:57:44.0098 2564	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:57:44.0129 2564	ws2ifsl - ok
12:57:44.0161 2564	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:57:44.0192 2564	WudfPf - ok
12:57:44.0239 2564	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:57:44.0301 2564	WUDFRd - ok
12:57:44.0333 2564	x64kdss - ok
12:57:44.0395 2564	xspirit - ok
12:57:44.0411 2564	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:57:44.0489 2564	\Device\Harddisk0\DR0 - ok
12:57:44.0504 2564	Boot (0x1200)   (16d634c969f61552ae581172ea937575) \Device\Harddisk0\DR0\Partition0
12:57:44.0504 2564	\Device\Harddisk0\DR0\Partition0 - ok
12:57:44.0536 2564	Boot (0x1200)   (6a150f080328231085cef6e13a265fba) \Device\Harddisk0\DR0\Partition1
12:57:44.0536 2564	\Device\Harddisk0\DR0\Partition1 - ok
12:57:44.0551 2564	Boot (0x1200)   (a07476ecf73a3292a7dacf5f7579d283) \Device\Harddisk0\DR0\Partition2
12:57:44.0551 2564	\Device\Harddisk0\DR0\Partition2 - ok
12:57:44.0551 2564	Boot (0x1200)   (49ecda0f3a5675e7a3b0adef3cdb4154) \Device\Harddisk0\DR0\Partition3
12:57:44.0551 2564	\Device\Harddisk0\DR0\Partition3 - ok
12:57:44.0551 2564	============================================================
12:57:44.0551 2564	Scan finished
12:57:44.0551 2564	============================================================
12:57:44.0614 1548	Detected object count: 0
12:57:44.0614 1548	Actual detected object count: 0

cosinus · 02.12.2011, 13:02

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Sphirex · 02.12.2011, 13:18

ComboFix.log:

Code:

ATTFilter

ComboFix 11-12-02.01 - User 02.12.2011  13:09:45.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4095.2888 [GMT 1:00]
ausgeführt von:: d:\eigene dateien\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\DYA_NVURBDAHNPILDSNTI
c:\programdata\DYA_NVURBDAHNPILDSNTI\1.0.0\Data\app.dat
c:\programdata\DYA_NVURBDAHNPILDSNTI\1.0.0\Data\updates.dat
c:\users\User\AppData\Roaming\DYA_NVURBDAHNPILDSNTI
c:\users\User\AppData\Roaming\DYA_NVURBDAHNPILDSNTI\1.0.0\Data\dya.dat
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-02 bis 2011-12-02  ))))))))))))))))))))))))))))))
.
.
2011-12-02 12:13 . 2011-12-02 12:13	69000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2D465460-2D97-486E-BFC2-FD83760CF3F2}\offreg.dll
2011-12-01 20:50 . 2011-11-21 11:40	8822856	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2D465460-2D97-486E-BFC2-FD83760CF3F2}\mpengine.dll
2011-12-01 10:20 . 2011-12-01 10:20	--------	d-----w-	c:\program files (x86)\ESET
2011-11-30 17:31 . 2011-11-30 17:31	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-29 13:50 . 2011-11-29 13:50	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-11-29 13:50 . 2011-11-29 13:50	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-11-29 13:50 . 2011-11-29 13:50	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-11-29 13:50 . 2011-11-29 13:50	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-11-29 13:50 . 2011-11-29 13:50	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-11-29 13:50 . 2011-11-29 13:50	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-11-29 13:50 . 2011-11-29 13:50	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-11-29 13:50 . 2011-11-29 13:50	--------	d-----w-	c:\program files (x86)\QuickTime
2011-11-29 13:49 . 2011-11-29 13:49	--------	d-----w-	c:\program files\iPod
2011-11-29 13:49 . 2011-11-29 13:49	--------	d-----w-	c:\program files\iTunes
2011-11-29 13:49 . 2011-11-29 13:49	--------	d-----w-	c:\program files (x86)\iTunes
2011-11-22 19:46 . 2011-11-24 21:52	--------	d-----w-	c:\program files (x86)\vShare
2011-11-13 10:06 . 2011-11-13 10:06	--------	d-----w-	c:\windows\system32\Macromed
2011-11-12 19:03 . 2011-11-12 19:53	--------	d-----w-	c:\users\User\AppData\Local\Microsoft Games
2011-11-12 18:58 . 2011-11-12 18:58	--------	d-----w-	c:\program files\Microsoft Games
2011-11-12 11:15 . 2011-11-12 11:15	--------	d-----w-	c:\users\User\AppData\Roaming\Adobe Mini Bridge CS5
2011-11-12 11:15 . 2011-11-12 11:15	--------	d-----w-	c:\users\User\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-11-09 14:53 . 2011-10-01 05:45	886784	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-11-09 14:53 . 2011-10-01 04:37	708608	----a-w-	c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 14:53 . 2011-09-29 16:29	1923952	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-09 14:53 . 2011-09-29 04:03	3144704	----a-w-	c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-13 10:06 . 2011-06-04 09:15	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 13:29 . 2011-10-24 13:29	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2011-10-19 15:24 . 2011-10-14 10:56	90472	----a-w-	c:\windows\SysWow64\kdfapi.dll
2011-10-19 15:24 . 2011-10-14 10:56	61440	----a-w-	c:\windows\SysWow64\proDefense.dll
2011-10-19 15:24 . 2011-10-14 10:56	53248	----a-w-	c:\windows\SysWow64\Kdfhok.dll
2011-10-19 15:24 . 2011-10-14 10:56	52320	----a-w-	c:\windows\SysWow64\drivers\kck86s.sys
2011-10-19 15:24 . 2011-10-14 10:56	192512	----a-w-	c:\windows\SysWow64\kdfvmgr.exe
2011-10-19 15:24 . 2011-10-14 10:56	1220968	----a-w-	c:\windows\SysWow64\GSZWAAAA.exe
2011-10-14 10:56 . 2011-10-14 10:56	137904	----a-w-	c:\windows\SysWow64\kcu86s.dll
2011-10-12 08:12 . 2011-10-12 08:12	917840	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74AC3C88-C7BD-4196-8EA3-0F0E6F3D89F1}\gapaengine.dll
2011-10-07 08:09 . 2011-05-09 13:06	1092400	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-10-07 04:16 . 2011-09-21 14:33	8570192	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-20 09:26 . 2011-10-12 08:12	601424	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2007-08-20 12744]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 x64kdss;x64kdss;syswow64\Drivers\x64kdss.sys [x]
R3 xspirit;xspirit;c:\users\User\AppData\Local\Temp\xspirit.sys [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = 
IE: Free YouTube to MP3 Converter - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.178.1
DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://file.gamehi.kr/keyboard/cab/kdfense8.cab
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z5qsi9t9.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-kdefense - c:\windows\system32\uninstallkdf8.exe
AddRemove-Thang Global English - c:\program files (x86)\Jaca Entertainment Inc(Korea)\Thang Global\Uninstal.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2922242583-1484504311-889644895-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2922242583-1484504311-889644895-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2922242583-1484504311-889644895-1001\Software\SecuROM\License information*]
"datasecu"=hex:2a,75,30,17,2d,b9,ab,8e,85,b4,eb,c5,ad,f8,db,d3,18,57,df,b3,17,
   58,a8,76,5f,b5,32,72,95,76,10,6e,26,ac,13,c3,47,0c,71,25,d8,05,a7,d4,90,53,\
"rkeysecu"=hex:c9,ab,b5,b2,de,a3,68,09,c9,4e,63,65,11,a8,04,ba
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\05\01\02\13++B"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-02  13:16:05 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-12-02 12:16
.
Vor Suchlauf: 11 Verzeichnis(se), 109.539.708.928 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 109.143.015.424 Bytes frei
.
- - End Of File - - 226C999A6D908D4468806FF340C1F6D9

cosinus · 02.12.2011, 13:29

Ich brauch den Quarantäneordner von Combofix. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner Quarantine in C:\Qoobox in eine Datei zippen
3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Sphirex · 02.12.2011, 13:46

Funktioniert leider nicht bekomme folgende Fehlermeldung:

Code:

ATTFilter

!   Kann den Inhalt von C:\Qoobox\BackEnv\* nicht lesen.

cosinus · 02.12.2011, 13:47

Punkt 2 mal bitte richtig lesen

Sphirex · 02.12.2011, 14:07

Mein Fehler, sorry. Zip-Ordner wurde hochgeladen.

30.11.2011, 22:10	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundespolizei Trojaner Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind. __________________ __________________

02.12.2011, 13:47	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundespolizei Trojaner Punkt 2 mal bitte richtig lesen __________________ Logfiles bitte immer in CODE-Tags posten

Bundespolizei Trojaner

Plagegeister aller Art und deren Bekämpfung: Bundespolizei Trojaner