Trojaner Sirefef.P trojan

Michael_w · 02.01.2012, 19:18

Liebes Trojaner-Board Team,

nachdem mein Rechner seit einigen Tagen infiziert ist, hat sich nun auch der Rechner meiner Freundin als infiziert herausgestellt und wir haben keinen arbeitsfähigen Rechner.

Hier die Logfiles der Virusscans:

1.) ESET

Code:

ATTFilter

 C:\Users\Francia\AppData\Local\23ceaf07\U\80000000.@	Win64/Sirefef.P trojan	cleaned by deleting - quarantined
C:\Users\Francia\AppData\Local\23ceaf07\U\800000cb.@	Win64/Sirefef.M trojan	cleaned by deleting - quarantined
C:\Users\Francia\AppData\Local\23ceaf07\U\800000cf.@	Win64/Sirefef.O trojan	cleaned by deleting - quarantined

2.) OTL-Logs - siehe Anhang

und

3.) Defogger [ließ sich leider nicht ausführen?]

Code:

ATTFilter

 defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:17 on 02/01/2012 (Francia)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Vielen Dank Euch schon einmal für Eure Hilfe. Ich bin langsam echt verzweifelt, weil alle meine Rechner momentan unbrauchbar sind...

cosinus · 03.01.2012, 21:28

Malwarebytes auch schon scannen lassen?

Michael_w · 03.01.2012, 21:59

Hi Arne,

danke das Du mir auch bei dem anderen Rechner hilfst. Malwarebytescan gerade durchlaufen lassen, hier der Inhalt der Log-Datei

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.03.04

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 7.0.6001.18000
Francia :: FRANCIA-PC [Administrator]

03.01.2012 21:51:08
mbam-log-2012-01-03 (21-57-46).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 176690
Laufzeit: 5 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Daten: C:\Users\Francia\AppData\Local\23ceaf07\X -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 03.01.2012, 22:10

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal diesen Rechner mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Michael_w · 03.01.2012, 22:20

Hi,

nein das war der erste Scan. Habe das Programm gerade erst auf den Rechner geladen.

cosinus · 04.01.2012, 17:27

Zitat:

Art des Suchlaufs: Quick-Scan

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Michael_w · 04.01.2012, 19:50

Hi Arne,

hier das Logfile:

Ich hatte davor einen Scan begonnen, habe aber gemerkt, dass Antivir noch aktiv war und deswegen abgebrochen. Brauchst Du das Logfile dann auch?

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.04.03

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 7.0.6001.18000
Francia :: FRANCIA-PC [Administrator]

04.01.2012 18:39:36
mbam-log-2012-01-04 (18-39-36).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 355174
Laufzeit: 1 Stunde(n), 4 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Daten: C:\Users\Francia\AppData\Local\23ceaf07\X -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

1000 Dank schonmal

cosinus · 04.01.2012, 20:08

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Michael_w · 04.01.2012, 20:34

Hi,

hier die otl.txt. Ich habe allerdings aus Versehen auf SCAN anstatt QUICK SCAN gedrückt, hoffe das ist auch i.O.

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 04.01.2012 20:12:05 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Francia\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 49,04% Memory free
6,21 Gb Paging File | 4,23 Gb Available in Paging File | 68,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218,20 Gb Total Space | 76,18 Gb Free Space | 34,91% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 5,15 Gb Free Space | 35,14% Space Free | Partition Type: NTFS
 
Computer Name: FRANCIA-PC | User Name: Francia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.02 17:47:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Francia\Desktop\OTL.exe
PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.06.28 22:42:38 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.28 09:04:16 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.04 14:47:40 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009.06.24 22:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009.05.21 14:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009.05.21 14:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.05.23 20:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.29 10:28:13 | 005,451,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\59f9dfe0ea64752c07f5a59c283c163b\System.Xml.ni.dll
MOD - [2011.06.29 10:25:19 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\a9288099fbc6849c6c7523745b4f64f4\System.ni.dll
MOD - [2011.06.29 10:24:49 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a189480a53deaaf80a820de30553259b\mscorlib.ni.dll
MOD - [2006.08.24 13:17:52 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\Messenger Plus! Live\Detoured.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.03.19 17:26:10 | 000,268,288 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009.03.19 17:25:42 | 000,089,600 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008.12.21 19:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008.11.26 22:45:44 | 000,918,528 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.06.28 22:42:38 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 09:04:16 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.05.21 14:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008.07.27 19:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.06.28 22:42:42 | 000,123,784 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.28 22:42:42 | 000,088,288 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.10.11 00:31:12 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.09.28 20:57:28 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.06.15 19:06:42 | 000,172,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009.05.06 16:03:00 | 000,313,696 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2009.03.19 17:26:24 | 000,477,696 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.03.06 06:33:58 | 000,159,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd)
DRV:64bit: - [2008.12.21 19:34:48 | 000,022,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008.12.16 17:56:52 | 001,526,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008.11.26 22:45:50 | 004,824,064 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2008.11.26 22:45:50 | 004,824,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008.11.25 15:56:58 | 000,261,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008.10.07 18:49:52 | 000,252,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2008.09.15 18:11:04 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008.09.15 18:11:00 | 000,062,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008.09.15 18:10:58 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.01.21 03:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008.01.21 03:46:55 | 000,317,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2007.11.14 09:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009.09.28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=mp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.spiegel.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {76aeea42-e04a-4b62-83ab-df4b2be2541e}:2.7.1.3
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Francia\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.27 13:57:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.10 08:12:23 | 000,000,000 | ---D | M]
 
[2009.10.19 17:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Francia\AppData\Roaming\mozilla\Extensions
[2011.12.29 14:12:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Francia\AppData\Roaming\mozilla\Firefox\Profiles\7ycs46wx.default\extensions
[2011.04.10 08:44:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Francia\AppData\Roaming\mozilla\Firefox\Profiles\7ycs46wx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.08 08:32:04 | 000,000,000 | ---D | M] (MessengerPlusLive Germany TB Community Toolbar) -- C:\Users\Francia\AppData\Roaming\mozilla\Firefox\Profiles\7ycs46wx.default\extensions\{76aeea42-e04a-4b62-83ab-df4b2be2541e}
[2011.05.10 08:13:19 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Francia\AppData\Roaming\mozilla\Firefox\Profiles\7ycs46wx.default\extensions\engine@conduit.com
[2011.08.25 22:45:21 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Francia\AppData\Roaming\mozilla\Firefox\Profiles\7ycs46wx.default\extensions\foxmarks@kei.com
[2009.10.20 22:36:17 | 000,002,171 | ---- | M] () -- C:\Users\Francia\AppData\Roaming\Mozilla\Firefox\Profiles\7ycs46wx.default\searchplugins\bing.xml
[2011.12.28 10:54:07 | 000,001,018 | ---- | M] () -- C:\Users\Francia\AppData\Roaming\Mozilla\Firefox\Profiles\7ycs46wx.default\searchplugins\facebook.xml
[2011.11.27 13:57:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.12.29 17:12:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\FRANCIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YCS46WX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.27 13:57:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.10 08:12:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.10 08:12:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.05.10 08:12:18 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.10 08:12:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.10 08:12:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.10 08:12:18 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (MessengerPlusLive Germany TB Toolbar) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - C:\Program Files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06F4689E-70FE-4B1F-AB21-738BF7F49F34}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD65CAB6-9DFE-4F02-9CDD-33B132D30124}: DhcpNameServer = 200.11.248.12 200.44.32.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Francia\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Francia\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2196201f-cf9a-11df-9a4c-0026b90858df}\Shell\AutoRun\command - "" = F:\MEGA\\\\sudbina.exe
O33 - MountPoints2\{2196201f-cf9a-11df-9a4c-0026b90858df}\Shell\explore\command - "" = F:\MEGA\\\\\sudbina.exe
O33 - MountPoints2\{2196201f-cf9a-11df-9a4c-0026b90858df}\Shell\open\command - "" = F:\MEGA\\\\\sudbina.exe
O33 - MountPoints2\{21962024-cf9a-11df-9a4c-0026b90858df}\Shell - "" = AutoRun
O33 - MountPoints2\{21962024-cf9a-11df-9a4c-0026b90858df}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{da898e8c-b5a4-11df-97c1-0026b90858df}\Shell - "" = AutoRun
O33 - MountPoints2\{da898e8c-b5a4-11df-97c1-0026b90858df}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: mcmscsvc - Service
SafeBootNet:64bit: MCODS - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.03 21:49:18 | 000,000,000 | ---D | C] -- C:\Users\Francia\AppData\Roaming\Malwarebytes
[2012.01.03 21:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.03 21:48:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.03 21:48:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.01.03 21:44:56 | 010,847,608 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Francia\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.02 17:47:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Francia\Desktop\OTL.exe
[2011.12.30 10:52:32 | 000,000,000 | -HSD | C] -- C:\Users\Francia\AppData\Local\23ceaf07
[2011.12.22 12:22:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.12.20 15:25:22 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Francia\Desktop\esetsmartinstaller_enu.exe
[2011.12.20 10:37:46 | 000,000,000 | ---D | C] -- C:\Users\Francia\AppData\Roaming\QuickScan
[2011.12.20 00:07:55 | 000,000,000 | ---D | C] -- C:\Users\Francia\Desktop\USB Stick Isabel
[2009.12.12 22:43:21 | 008,653,312 | ---- | C] (Dell, Inc.                                                   ) -- C:\Users\Francia\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Users\Francia\Desktop\*.tmp files -> C:\Users\Francia\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.04 20:08:41 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.04 20:08:41 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.04 18:14:00 | 000,628,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.04 18:14:00 | 000,595,996 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.04 18:14:00 | 000,126,454 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.04 18:14:00 | 000,104,070 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.04 18:13:59 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.04 18:08:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.04 18:08:37 | 3215,831,040 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.03 21:48:16 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.03 21:45:03 | 010,847,608 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Francia\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.03 21:41:15 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6882B1FB-B252-412A-BC71-4449CA8C7B9B}.job
[2012.01.03 21:39:45 | 000,002,655 | ---- | M] () -- C:\Users\Francia\Desktop\Microsoft Office Word 2007.lnk
[2012.01.02 18:54:03 | 000,000,000 | ---- | M] () -- C:\Users\Francia\defogger_reenable
[2012.01.02 17:47:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Francia\Desktop\OTL.exe
[2012.01.02 17:43:38 | 000,050,477 | ---- | M] () -- C:\Users\Francia\Desktop\Defogger.exe
[2011.12.30 19:27:45 | 000,000,732 | ---- | M] () -- C:\Users\Francia\AppData\Local\d3d9caps64.dat
[2011.12.21 14:42:43 | 000,489,073 | ---- | M] () -- C:\Users\Francia\Desktop\13D8K9.pdf
[2011.12.20 15:25:23 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Francia\Desktop\esetsmartinstaller_enu.exe
[2011.12.12 14:15:02 | 000,121,856 | ---- | M] () -- C:\Users\Francia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.10 15:24:08 | 000,023,152 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Users\Francia\Desktop\*.tmp files -> C:\Users\Francia\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.03 21:48:16 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.03 21:48:13 | 000,023,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2012.01.02 18:54:03 | 000,000,000 | ---- | C] () -- C:\Users\Francia\defogger_reenable
[2012.01.02 17:43:37 | 000,050,477 | ---- | C] () -- C:\Users\Francia\Desktop\Defogger.exe
[2011.12.21 14:42:43 | 000,489,073 | ---- | C] () -- C:\Users\Francia\Desktop\13D8K9.pdf
[2011.03.24 20:28:59 | 000,000,732 | ---- | C] () -- C:\Users\Francia\AppData\Local\d3d9caps64.dat
[2010.08.24 17:53:36 | 000,006,836 | ---- | C] () -- C:\Users\Francia\AppData\Local\d3d9caps.dat
[2009.11.29 20:27:27 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009.11.26 10:00:24 | 000,157,424 | ---- | C] () -- C:\Windows\SysWow64\STWmiM64.dll
[2009.11.26 10:00:24 | 000,000,060 | ---- | C] () -- C:\Windows\SysWow64\winpeshl.ini
[2009.11.26 10:00:24 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\ST_LOG.INI
[2009.11.26 10:00:23 | 002,303,728 | ---- | C] () -- C:\Windows\SysWow64\libxml2.dll
[2009.11.26 10:00:23 | 001,372,672 | ---- | C] () -- C:\Windows\SysWow64\Restore7.exe
[2009.11.26 10:00:23 | 000,619,760 | ---- | C] () -- C:\Windows\SysWow64\STBackupEngine.dll
[2009.11.26 10:00:23 | 000,581,872 | ---- | C] () -- C:\Windows\SysWow64\STRegistry64.dll
[2009.11.26 10:00:23 | 000,578,288 | ---- | C] () -- C:\Windows\SysWow64\BackupApi.dll
[2009.11.26 10:00:23 | 000,540,912 | ---- | C] () -- C:\Windows\SysWow64\STString64d.dll
[2009.11.26 10:00:23 | 000,385,264 | ---- | C] () -- C:\Windows\SysWow64\STFiles64.dll
[2009.11.26 10:00:23 | 000,334,576 | ---- | C] () -- C:\Windows\SysWow64\RestoreLauncher.exe
[2009.11.26 10:00:23 | 000,172,784 | ---- | C] () -- C:\Windows\SysWow64\STLog64.dll
[2009.11.26 10:00:23 | 000,152,816 | ---- | C] () -- C:\Windows\SysWow64\STNLS64.dll
[2009.11.26 10:00:23 | 000,134,384 | ---- | C] () -- C:\Windows\SysWow64\PSTVdsDisk64.dll
[2009.11.26 10:00:23 | 000,132,848 | ---- | C] () -- C:\Windows\SysWow64\STPE64.dll
[2009.11.26 10:00:23 | 000,127,728 | ---- | C] () -- C:\Windows\SysWow64\STCrypto64.dll
[2009.11.26 10:00:23 | 000,108,272 | ---- | C] () -- C:\Windows\FixBCD.exe
[2009.11.26 10:00:23 | 000,106,224 | ---- | C] () -- C:\Windows\SysWow64\STMsXml64.dll
[2009.11.26 10:00:23 | 000,092,400 | ---- | C] () -- C:\Windows\SysWow64\STEncryptableVol64.dll
[2009.11.26 10:00:23 | 000,089,328 | ---- | C] () -- C:\Windows\SysWow64\STProcessDLL64.dll
[2009.11.26 10:00:23 | 000,089,328 | ---- | C] () -- C:\Windows\SysWow64\STProcess64.dll
[2009.11.26 10:00:23 | 000,052,464 | ---- | C] () -- C:\Windows\SysWow64\STCoreXml64.dll
[2009.11.26 10:00:23 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\abort.dat
[2009.10.21 22:28:55 | 000,121,856 | ---- | C] () -- C:\Users\Francia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.20 11:23:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.11 00:28:12 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2009.10.10 23:01:39 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009.10.10 22:11:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.04.30 11:52:55 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.04.30 11:52:55 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.01.21 03:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.10.20 09:32:38 | 000,000,000 | ---D | M] -- C:\Users\Francia\AppData\Roaming\Adobe
[2011.06.29 08:13:58 | 000,000,000 | ---D | M] -- C:\Users\Francia\AppData\Roaming\ASCOMP Software
[2009.10.19 17:36:05 | 000,000,000 | ---D | M] -- C:\Users\Francia\AppData\Roaming\ATI
[2011.02.27 11:56:26 | 000,000,000 | ---D | M] -- C:\Users\Francia\AppData\Roaming\Avira
[2009.11.29 20:27:53 | 000,000,000 | ---D | M] -- C:\Users\Francia\AppData\Roaming\Canneverbe_Limited
[2010.07.16 12:48:54 | 000,000,000 | ---D | M] -- C:\Users\Francia\AppData\Roaming\Creative
[2009.10.19 17:37:46 | 000,000,000 | ---D | M] -- C:\Users\Francia\AppData\Roaming\Dell
[2011.08.03 10:00:00 | 000,000,000 | ---D | M] -- C:\Users\Francia\AppData\Roaming\dvdcss
[2010.06.27 09:10:38 | 000,000,000 | ---D | M] -- C:\Users\Francia\AppData\Roaming\Facebook
[2009.10.19 17:34:35 | 000,000,000 | ---D | M] -- C:\Users\Francia\AppData\Roaming\Identities
[2009.10.19 17:48:44 | 000,000,000 | ---D | M] -- C:\Users\Francia\AppData\Roaming\Macromedia
[2012.01.03 21:49:18 | 000,000,000 | ---D | M] -- C:\Users\Francia\AppData\Roaming\Malwarebytes
[2006.11.02 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\Francia\AppData\Roaming\Media Center Programs
[2011.07.15 19:17:46 | 000,000,000 | --SD | M] -- C:\Users\Francia\AppData\Roaming\Microsoft
[2009.10.19 17:57:12 | 000,000,000 | ---D | M] -- C:\Users\Francia\AppData\Roaming\Mozilla
[2011.01.07 13:29:18 | 000,000,000 | ---D | M] -- C:\Users\Francia\AppData\Roaming\Nokia
[2009.12.17 04:30:19 | 000,000,000 | ---D | M] -- C:\Users\Francia\AppData\Roaming\PC Suite
[2011.12.20 10:37:53 | 000,000,000 | ---D | M] -- C:\Users\Francia\AppData\Roaming\QuickScan
[2010.05.03 21:58:25 | 000,000,000 | ---D | M] -- C:\Users\Francia\AppData\Roaming\Reallusion
[2012.01.04 20:10:01 | 000,000,000 | ---D | M] -- C:\Users\Francia\AppData\Roaming\Skype
[2011.07.08 07:01:47 | 000,000,000 | ---D | M] -- C:\Users\Francia\AppData\Roaming\skypePM
[2010.10.05 20:31:16 | 000,000,000 | ---D | M] -- C:\Users\Francia\AppData\Roaming\U3
[2011.12.12 13:55:00 | 000,000,000 | ---D | M] -- C:\Users\Francia\AppData\Roaming\vlc
[2009.11.22 17:53:08 | 000,000,000 | ---D | M] -- C:\Users\Francia\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.01.14 12:50:00 | 008,653,312 | ---- | M] (Dell, Inc.                                                   ) -- C:\Users\Francia\AppData\Roaming\DataSafeDotNet.exe
[2010.06.27 09:10:38 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\Francia\AppData\Roaming\Facebook\uninstall.exe
[2007.10.23 08:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Francia\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 09:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\Francia\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] () MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.30 11:21:29 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009.04.30 11:21:29 | 000,022,584 | ---- | M] () MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.30 11:21:29 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] () MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] () MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 03:51:03 | 000,716,800 | ---- | M] () MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\SysNative\netlogon.dll
[2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] () MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 03:49:49 | 000,235,520 | ---- | M] () MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\SysNative\scecli.dll
[2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\SysWOW64\user32.dll
[2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
[2008.01.21 03:48:29 | 000,820,224 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2008.01.21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] () MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] () MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 03:49:47 | 000,406,016 | ---- | M] () MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SysNative\winlogon.exe
[2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe
[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] () MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.04.21 15:57:48 | 006,078,976 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
 
<           >

< End of report >

--- --- ---

cosinus · 04.01.2012, 21:58

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.msn.com/?ocid=mp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p="
[2011.05.10 08:13:19 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Francia\AppData\Roaming\mozilla\Firefox\Profiles\7ycs46wx.default\extensions\engine@conduit.com
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (MessengerPlusLive Germany TB Toolbar) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - C:\Program Files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2196201f-cf9a-11df-9a4c-0026b90858df}\Shell\AutoRun\command - "" = F:\MEGA\\\\sudbina.exe
O33 - MountPoints2\{2196201f-cf9a-11df-9a4c-0026b90858df}\Shell\explore\command - "" = F:\MEGA\\\\\sudbina.exe
O33 - MountPoints2\{2196201f-cf9a-11df-9a4c-0026b90858df}\Shell\open\command - "" = F:\MEGA\\\\\sudbina.exe
O33 - MountPoints2\{21962024-cf9a-11df-9a4c-0026b90858df}\Shell - "" = AutoRun
O33 - MountPoints2\{21962024-cf9a-11df-9a4c-0026b90858df}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{da898e8c-b5a4-11df-97c1-0026b90858df}\Shell - "" = AutoRun
O33 - MountPoints2\{da898e8c-b5a4-11df-97c1-0026b90858df}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
:Files
C:\Users\Francia\AppData\Local\23ceaf07
C:\Users\Francia\AppData\Roaming\QuickScan
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Michael_w · 04.01.2012, 22:41

Hi Arne,
habe alles ausgeführt. Hier das Logfile:

Code:

ATTFilter

 All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{76aeea42-e04a-4b62-83ab-df4b2be2541e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76aeea42-e04a-4b62-83ab-df4b2be2541e}\ deleted successfully.
C:\Program Files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{76aeea42-e04a-4b62-83ab-df4b2be2541e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76aeea42-e04a-4b62-83ab-df4b2be2541e}\ not found.
File C:\Program Files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll not found.
Prefs.js: "Yahoo" removed from browser.search.defaultenginename
Prefs.js: "hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=" removed from browser.search.defaulturl
Prefs.js: "moz2-ytff-sunm" removed from browser.search.param.yahoo-fr
Prefs.js: "moz2-ytff-sunm" removed from browser.search.param.yahoo-fr-cjkt
Prefs.js: "hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=" removed from keyword.URL
C:\Users\Francia\AppData\Roaming\mozilla\Firefox\Profiles\7ycs46wx.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Francia\AppData\Roaming\mozilla\Firefox\Profiles\7ycs46wx.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Francia\AppData\Roaming\mozilla\Firefox\Profiles\7ycs46wx.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Francia\AppData\Roaming\mozilla\Firefox\Profiles\7ycs46wx.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Francia\AppData\Roaming\mozilla\Firefox\Profiles\7ycs46wx.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Francia\AppData\Roaming\mozilla\Firefox\Profiles\7ycs46wx.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Francia\AppData\Roaming\mozilla\Firefox\Profiles\7ycs46wx.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Francia\AppData\Roaming\mozilla\Firefox\Profiles\7ycs46wx.default\extensions\engine@conduit.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
C:\PROGRA~2\SPYBOT~1\SDHelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76aeea42-e04a-4b62-83ab-df4b2be2541e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76aeea42-e04a-4b62-83ab-df4b2be2541e}\ not found.
File C:\Program Files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{76aeea42-e04a-4b62-83ab-df4b2be2541e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76aeea42-e04a-4b62-83ab-df4b2be2541e}\ not found.
File C:\Program Files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E}\ not found.
File C:\Program Files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2196201f-cf9a-11df-9a4c-0026b90858df}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2196201f-cf9a-11df-9a4c-0026b90858df}\ not found.
File F:\MEGA\\\\sudbina.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2196201f-cf9a-11df-9a4c-0026b90858df}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2196201f-cf9a-11df-9a4c-0026b90858df}\ not found.
File F:\MEGA\\\\\sudbina.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2196201f-cf9a-11df-9a4c-0026b90858df}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2196201f-cf9a-11df-9a4c-0026b90858df}\ not found.
File F:\MEGA\\\\\sudbina.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21962024-cf9a-11df-9a4c-0026b90858df}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21962024-cf9a-11df-9a4c-0026b90858df}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21962024-cf9a-11df-9a4c-0026b90858df}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21962024-cf9a-11df-9a4c-0026b90858df}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da898e8c-b5a4-11df-97c1-0026b90858df}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da898e8c-b5a4-11df-97c1-0026b90858df}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da898e8c-b5a4-11df-97c1-0026b90858df}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da898e8c-b5a4-11df-97c1-0026b90858df}\ not found.
File G:\LaunchU3.exe -a not found.
========== FILES ==========
C:\Users\Francia\AppData\Local\23ceaf07\U folder moved successfully.
C:\Users\Francia\AppData\Local\23ceaf07 folder moved successfully.
C:\Users\Francia\AppData\Roaming\QuickScan folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Francia
->Temp folder emptied: 42279312 bytes
->Temporary Internet Files folder emptied: 46551246 bytes
->Java cache emptied: 18259738 bytes
->FireFox cache emptied: 62067042 bytes
->Flash cache emptied: 63945 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7413408 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
RecycleBin emptied: 13568815002 bytes
 
Total Files Cleaned = 13.109,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01042012_223447

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP0000005CEEC58D08066169B2 not found!
File\Folder C:\Windows\temp\TMP0000005D392FE575BDA4FFF5 not found!
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T6QAYG1O\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RU9UCXNO\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R2Z0JMX8\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AHZU3ETK\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4IOPFCQQ\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus · 05.01.2012, 10:05

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Michael_w · 05.01.2012, 10:13

Guten Morgen,

alles gerade durchgeführt. Hier das Log:

Code:

ATTFilter

 10:09:37.0118 4556	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
10:09:37.0321 4556	============================================================
10:09:37.0321 4556	Current date / time: 2012/01/05 10:09:37.0321
10:09:37.0321 4556	SystemInfo:
10:09:37.0321 4556	
10:09:37.0321 4556	OS Version: 6.0.6001 ServicePack: 1.0
10:09:37.0321 4556	Product type: Workstation
10:09:37.0321 4556	ComputerName: FRANCIA-PC
10:09:37.0321 4556	UserName: Francia
10:09:37.0321 4556	Windows directory: C:\Windows
10:09:37.0321 4556	System windows directory: C:\Windows
10:09:37.0321 4556	Running under WOW64
10:09:37.0321 4556	Processor architecture: Intel x64
10:09:37.0321 4556	Number of processors: 2
10:09:37.0321 4556	Page size: 0x1000
10:09:37.0321 4556	Boot type: Normal boot
10:09:37.0321 4556	============================================================
10:09:38.0694 4556	Initialize success
10:10:25.0384 4676	============================================================
10:10:25.0384 4676	Scan started
10:10:25.0384 4676	Mode: Manual; SigCheck; TDLFS; 
10:10:25.0384 4676	============================================================
10:10:26.0180 4676	ACPI            (af3a1aa81f875169dd9e55b1320057d6) C:\Windows\system32\drivers\acpi.sys
10:10:26.0336 4676	ACPI - ok
10:10:26.0430 4676	adp94xx         (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
10:10:26.0492 4676	adp94xx - ok
10:10:26.0601 4676	adpahci         (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
10:10:26.0632 4676	adpahci - ok
10:10:26.0726 4676	adpu160m        (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
10:10:26.0742 4676	adpu160m - ok
10:10:26.0788 4676	adpu320         (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
10:10:26.0804 4676	adpu320 - ok
10:10:26.0960 4676	AFD             (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys
10:10:27.0054 4676	AFD - ok
10:10:27.0147 4676	agp440          (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
10:10:27.0163 4676	agp440 - ok
10:10:27.0256 4676	aic78xx         (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
10:10:27.0272 4676	aic78xx - ok
10:10:27.0350 4676	aliide          (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
10:10:27.0366 4676	aliide - ok
10:10:27.0397 4676	amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
10:10:27.0412 4676	amdide - ok
10:10:27.0506 4676	AmdK8           (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
10:10:27.0600 4676	AmdK8 - ok
10:10:27.0724 4676	arc             (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
10:10:27.0740 4676	arc - ok
10:10:27.0834 4676	arcsas          (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
10:10:27.0849 4676	arcsas - ok
10:10:27.0943 4676	AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
10:10:28.0021 4676	AsyncMac - ok
10:10:28.0099 4676	atapi           (f988bb0690cd660318037908e9b8dbf7) C:\Windows\system32\drivers\atapi.sys
10:10:28.0114 4676	atapi - ok
10:10:28.0317 4676	atikmdag        (cef278088637401f07a0064b0b900a32) C:\Windows\system32\DRIVERS\atikmdag.sys
10:10:28.0988 4676	atikmdag - ok
10:10:29.0082 4676	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
10:10:29.0128 4676	avgntflt - ok
10:10:29.0222 4676	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
10:10:29.0238 4676	avipbb - ok
10:10:29.0347 4676	BCM42RLY        (a7c9995ba861fce78b2ceaae61d39fd7) C:\Windows\system32\drivers\BCM42RLY.sys
10:10:29.0362 4676	BCM42RLY - ok
10:10:29.0487 4676	BCM43XX         (912012b708a7d8e8ce2ee55afb663dff) C:\Windows\system32\DRIVERS\bcmwl664.sys
10:10:29.0596 4676	BCM43XX - ok
10:10:29.0737 4676	blbdrive        (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
10:10:29.0862 4676	blbdrive - ok
10:10:29.0955 4676	bowser          (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
10:10:30.0033 4676	bowser - ok
10:10:30.0127 4676	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
10:10:30.0252 4676	BrFiltLo - ok
10:10:30.0330 4676	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
10:10:30.0392 4676	BrFiltUp - ok
10:10:30.0486 4676	Brserid         (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
10:10:30.0688 4676	Brserid - ok
10:10:30.0766 4676	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
10:10:30.0876 4676	BrSerWdm - ok
10:10:30.0954 4676	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
10:10:31.0063 4676	BrUsbMdm - ok
10:10:31.0141 4676	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
10:10:31.0234 4676	BrUsbSer - ok
10:10:31.0328 4676	BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
10:10:31.0437 4676	BTHMODEM - ok
10:10:31.0531 4676	cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
10:10:31.0609 4676	cdfs - ok
10:10:31.0702 4676	cdrom           (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
10:10:31.0796 4676	cdrom - ok
10:10:31.0905 4676	circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
10:10:31.0968 4676	circlass - ok
10:10:32.0077 4676	CLFS            (c12c4ee07843b595036da0baa6317936) C:\Windows\system32\CLFS.sys
10:10:32.0092 4676	CLFS - ok
10:10:32.0202 4676	CmBatt          (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
10:10:32.0295 4676	CmBatt - ok
10:10:32.0373 4676	cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
10:10:32.0389 4676	cmdide - ok
10:10:32.0404 4676	Compbatt        (34a6aa82aa36c87fc8816f2097efa345) C:\Windows\system32\DRIVERS\compbatt.sys
10:10:32.0420 4676	Compbatt - ok
10:10:32.0514 4676	crcdisk         (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
10:10:32.0529 4676	crcdisk - ok
10:10:32.0638 4676	CtClsFlt        (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
10:10:32.0701 4676	CtClsFlt - ok
10:10:32.0841 4676	DfsC            (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys
10:10:32.0904 4676	DfsC - ok
10:10:33.0013 4676	disk            (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
10:10:33.0028 4676	disk - ok
10:10:33.0138 4676	drmkaud         (97dc2a789c1be458976507846a1a8ced) C:\Windows\system32\drivers\drmkaud.sys
10:10:33.0184 4676	drmkaud - ok
10:10:33.0278 4676	DXGKrnl         (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
10:10:33.0356 4676	DXGKrnl - ok
10:10:33.0465 4676	e1express       (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
10:10:33.0543 4676	e1express - ok
10:10:33.0652 4676	E1G60           (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
10:10:33.0715 4676	E1G60 - ok
10:10:33.0808 4676	Ecache          (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
10:10:33.0824 4676	Ecache - ok
10:10:33.0918 4676	elxstor         (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
10:10:33.0949 4676	elxstor - ok
10:10:34.0058 4676	ErrDev          (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
10:10:34.0105 4676	ErrDev - ok
10:10:34.0198 4676	exfat           (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
10:10:34.0261 4676	exfat - ok
10:10:34.0354 4676	fastfat         (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
10:10:34.0432 4676	fastfat - ok
10:10:34.0542 4676	fdc             (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
10:10:34.0604 4676	fdc - ok
10:10:34.0682 4676	FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
10:10:34.0713 4676	FileInfo - ok
10:10:34.0776 4676	Filetrace       (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
10:10:34.0838 4676	Filetrace - ok
10:10:34.0916 4676	flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:10:34.0963 4676	flpydisk - ok
10:10:35.0056 4676	FltMgr          (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
10:10:35.0088 4676	FltMgr - ok
10:10:35.0166 4676	Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
10:10:35.0244 4676	Fs_Rec - ok
10:10:35.0337 4676	gagp30kx        (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
10:10:35.0353 4676	gagp30kx - ok
10:10:35.0462 4676	HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
10:10:35.0571 4676	HdAudAddService - ok
10:10:35.0649 4676	HDAudBus        (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:10:35.0727 4676	HDAudBus - ok
10:10:35.0821 4676	HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
10:10:35.0930 4676	HidBth - ok
10:10:36.0008 4676	HidIr           (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
10:10:36.0117 4676	HidIr - ok
10:10:36.0211 4676	HidUsb          (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
10:10:36.0320 4676	HidUsb - ok
10:10:36.0414 4676	HpCISSs         (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
10:10:36.0429 4676	HpCISSs - ok
10:10:36.0538 4676	HTTP            (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
10:10:36.0648 4676	HTTP - ok
10:10:36.0757 4676	i2omp           (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
10:10:36.0772 4676	i2omp - ok
10:10:36.0882 4676	i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
10:10:36.0960 4676	i8042prt - ok
10:10:37.0053 4676	iaStorV         (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
10:10:37.0069 4676	iaStorV - ok
10:10:37.0147 4676	iirsp           (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
10:10:37.0162 4676	iirsp - ok
10:10:37.0256 4676	intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
10:10:37.0272 4676	intelide - ok
10:10:37.0350 4676	intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
10:10:37.0443 4676	intelppm - ok
10:10:37.0568 4676	IpFilterDriver  (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:10:37.0646 4676	IpFilterDriver - ok
10:10:37.0708 4676	IpInIp - ok
10:10:37.0755 4676	IPMIDRV         (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
10:10:37.0818 4676	IPMIDRV - ok
10:10:37.0896 4676	IPNAT           (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
10:10:37.0974 4676	IPNAT - ok
10:10:38.0067 4676	IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
10:10:38.0161 4676	IRENUM - ok
10:10:38.0254 4676	isapnp          (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
10:10:38.0270 4676	isapnp - ok
10:10:38.0348 4676	iScsiPrt        (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
10:10:38.0364 4676	iScsiPrt - ok
10:10:38.0379 4676	iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
10:10:38.0395 4676	iteatapi - ok
10:10:38.0488 4676	iteraid         (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
10:10:38.0504 4676	iteraid - ok
10:10:38.0582 4676	k57nd60a        (eb5c7891b9e6e4a1a4428f2160b12b53) C:\Windows\system32\DRIVERS\k57nd60a.sys
10:10:38.0660 4676	k57nd60a - ok
10:10:38.0754 4676	kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
10:10:38.0769 4676	kbdclass - ok
10:10:38.0847 4676	kbdhid          (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
10:10:38.0925 4676	kbdhid - ok
10:10:39.0019 4676	KSecDD          (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
10:10:39.0050 4676	KSecDD - ok
10:10:39.0128 4676	ksthunk         (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
10:10:39.0206 4676	ksthunk - ok
10:10:39.0315 4676	lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
10:10:39.0393 4676	lltdio - ok
10:10:39.0502 4676	LSI_FC          (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
10:10:39.0534 4676	LSI_FC - ok
10:10:39.0612 4676	LSI_SAS         (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
10:10:39.0627 4676	LSI_SAS - ok
10:10:39.0721 4676	LSI_SCSI        (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
10:10:39.0736 4676	LSI_SCSI - ok
10:10:39.0752 4676	luafv           (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
10:10:39.0830 4676	luafv - ok
10:10:39.0924 4676	megasas         (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
10:10:39.0939 4676	megasas - ok
10:10:40.0033 4676	MegaSR          (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
10:10:40.0064 4676	MegaSR - ok
10:10:40.0158 4676	Modem           (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
10:10:40.0220 4676	Modem - ok
10:10:40.0314 4676	monitor         (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
10:10:40.0376 4676	monitor - ok
10:10:40.0454 4676	mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
10:10:40.0470 4676	mouclass - ok
10:10:40.0563 4676	mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
10:10:40.0641 4676	mouhid - ok
10:10:40.0719 4676	MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
10:10:40.0735 4676	MountMgr - ok
10:10:40.0844 4676	mpio            (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
10:10:40.0860 4676	mpio - ok
10:10:40.0875 4676	mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
10:10:40.0938 4676	mpsdrv - ok
10:10:41.0031 4676	Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
10:10:41.0047 4676	Mraid35x - ok
10:10:41.0125 4676	MRxDAV          (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
10:10:41.0187 4676	MRxDAV - ok
10:10:41.0296 4676	mrxsmb          (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:10:41.0343 4676	mrxsmb - ok
10:10:41.0468 4676	mrxsmb10        (9a797e27fd28500ee13d43000c931435) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:10:41.0499 4676	mrxsmb10 - ok
10:10:41.0608 4676	mrxsmb20        (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:10:41.0624 4676	mrxsmb20 - ok
10:10:41.0733 4676	msahci          (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
10:10:41.0749 4676	msahci - ok
10:10:41.0827 4676	msdsm           (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
10:10:41.0842 4676	msdsm - ok
10:10:41.0936 4676	Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
10:10:42.0014 4676	Msfs - ok
10:10:42.0123 4676	msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
10:10:42.0139 4676	msisadrv - ok
10:10:42.0232 4676	MSKSSRV         (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
10:10:42.0310 4676	MSKSSRV - ok
10:10:42.0404 4676	MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
10:10:42.0466 4676	MSPCLOCK - ok
10:10:42.0560 4676	MSPQM           (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
10:10:42.0638 4676	MSPQM - ok
10:10:42.0716 4676	MsRPC           (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
10:10:42.0747 4676	MsRPC - ok
10:10:42.0778 4676	mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
10:10:42.0794 4676	mssmbios - ok
10:10:42.0856 4676	MSTEE           (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
10:10:42.0934 4676	MSTEE - ok
10:10:43.0028 4676	Mup             (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
10:10:43.0044 4676	Mup - ok
10:10:43.0137 4676	NativeWifiP     (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
10:10:43.0168 4676	NativeWifiP - ok
10:10:43.0262 4676	NDIS            (f9a3ae5c9f047d71a36a99f9abca7d02) C:\Windows\system32\drivers\ndis.sys
10:10:43.0340 4676	NDIS - ok
10:10:43.0449 4676	NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
10:10:43.0496 4676	NdisTapi - ok
10:10:43.0574 4676	Ndisuio         (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
10:10:43.0652 4676	Ndisuio - ok
10:10:43.0746 4676	NdisWan         (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
10:10:43.0824 4676	NdisWan - ok
10:10:43.0902 4676	NDProxy         (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
10:10:43.0964 4676	NDProxy - ok
10:10:44.0058 4676	NetBIOS         (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
10:10:44.0136 4676	NetBIOS - ok
10:10:44.0229 4676	netbt           (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
10:10:44.0292 4676	netbt - ok
10:10:44.0401 4676	nfrd960         (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
10:10:44.0416 4676	nfrd960 - ok
10:10:44.0526 4676	Npfs            (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
10:10:44.0604 4676	Npfs - ok
10:10:44.0682 4676	nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
10:10:44.0744 4676	nsiproxy - ok
10:10:44.0884 4676	Ntfs            (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
10:10:44.0994 4676	Ntfs - ok
10:10:45.0087 4676	Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
10:10:45.0181 4676	Null - ok
10:10:45.0228 4676	nvraid          (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
10:10:45.0243 4676	nvraid - ok
10:10:45.0321 4676	nvstor          (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
10:10:45.0337 4676	nvstor - ok
10:10:45.0368 4676	nv_agp          (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
10:10:45.0384 4676	nv_agp - ok
10:10:45.0446 4676	NwlnkFlt - ok
10:10:45.0462 4676	NwlnkFwd - ok
10:10:45.0540 4676	OA008Ufd        (404b0121ae1a75d9a63b6934eb07c258) C:\Windows\system32\DRIVERS\OA008Ufd.sys
10:10:45.0586 4676	OA008Ufd - ok
10:10:45.0680 4676	OA008Vid        (126885007e8f601861165fc77c93f1be) C:\Windows\system32\DRIVERS\OA008Vid.sys
10:10:45.0711 4676	OA008Vid - ok
10:10:45.0820 4676	ohci1394        (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
10:10:45.0883 4676	ohci1394 - ok
10:10:45.0992 4676	Parport         (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
10:10:46.0101 4676	Parport - ok
10:10:46.0195 4676	partmgr         (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
10:10:46.0210 4676	partmgr - ok
10:10:46.0304 4676	pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
10:10:46.0320 4676	pccsmcfd - ok
10:10:46.0429 4676	pci             (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
10:10:46.0444 4676	pci - ok
10:10:46.0522 4676	pciide          (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
10:10:46.0538 4676	pciide - ok
10:10:46.0554 4676	pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
10:10:46.0585 4676	pcmcia - ok
10:10:46.0663 4676	PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
10:10:46.0803 4676	PEAUTH - ok
10:10:46.0944 4676	PptpMiniport    (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
10:10:47.0022 4676	PptpMiniport - ok
10:10:47.0068 4676	Processor       (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
10:10:47.0146 4676	Processor - ok
10:10:47.0240 4676	PSched          (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
10:10:47.0302 4676	PSched - ok
10:10:47.0396 4676	PxHlpa64        (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
10:10:47.0412 4676	PxHlpa64 - ok
10:10:47.0474 4676	ql2300          (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
10:10:47.0536 4676	ql2300 - ok
10:10:47.0614 4676	ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
10:10:47.0630 4676	ql40xx - ok
10:10:47.0646 4676	QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
10:10:47.0677 4676	QWAVEdrv - ok
10:10:47.0880 4676	R300            (cef278088637401f07a0064b0b900a32) C:\Windows\system32\DRIVERS\atikmdag.sys
10:10:48.0098 4676	R300 - ok
10:10:48.0176 4676	RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
10:10:48.0254 4676	RasAcd - ok
10:10:48.0348 4676	Rasl2tp         (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:10:48.0426 4676	Rasl2tp - ok
10:10:48.0504 4676	RasPppoe        (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
10:10:48.0566 4676	RasPppoe - ok
10:10:48.0582 4676	RasSstp         (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
10:10:48.0660 4676	RasSstp - ok
10:10:48.0753 4676	rdbss           (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
10:10:48.0847 4676	rdbss - ok
10:10:48.0925 4676	RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:10:48.0987 4676	RDPCDD - ok
10:10:49.0065 4676	rdpdr           (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
10:10:49.0128 4676	rdpdr - ok
10:10:49.0206 4676	RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
10:10:49.0284 4676	RDPENCDD - ok
10:10:49.0362 4676	RDPWD           (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
10:10:49.0424 4676	RDPWD - ok
10:10:49.0549 4676	rimmptsk        (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
10:10:49.0611 4676	rimmptsk - ok
10:10:49.0705 4676	rimsptsk        (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
10:10:49.0752 4676	rimsptsk - ok
10:10:49.0845 4676	rismxdp         (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
10:10:49.0908 4676	rismxdp - ok
10:10:49.0986 4676	rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
10:10:50.0032 4676	rspndr - ok
10:10:50.0064 4676	sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
10:10:50.0079 4676	sbp2port - ok
10:10:50.0188 4676	sdbus           (fb30126d3e617c86cd8e8643792ca3cf) C:\Windows\system32\DRIVERS\sdbus.sys
10:10:50.0251 4676	sdbus - ok
10:10:50.0313 4676	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:10:50.0407 4676	secdrv - ok
10:10:50.0438 4676	Serenum         (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
10:10:50.0532 4676	Serenum - ok
10:10:50.0610 4676	Serial          (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
10:10:50.0703 4676	Serial - ok
10:10:50.0781 4676	sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
10:10:50.0859 4676	sermouse - ok
10:10:50.0968 4676	sffdisk         (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
10:10:51.0031 4676	sffdisk - ok
10:10:51.0062 4676	sffp_mmc        (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
10:10:51.0140 4676	sffp_mmc - ok
10:10:51.0218 4676	sffp_sd         (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
10:10:51.0296 4676	sffp_sd - ok
10:10:51.0374 4676	sfloppy         (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
10:10:51.0483 4676	sfloppy - ok
10:10:51.0561 4676	SiSRaid2        (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
10:10:51.0577 4676	SiSRaid2 - ok
10:10:51.0592 4676	SiSRaid4        (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
10:10:51.0608 4676	SiSRaid4 - ok
10:10:51.0733 4676	Smb             (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
10:10:51.0795 4676	Smb - ok
10:10:51.0889 4676	spldr           (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
10:10:51.0904 4676	spldr - ok
10:10:52.0029 4676	srv             (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
10:10:52.0092 4676	srv - ok
10:10:52.0216 4676	srv2            (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys
10:10:52.0263 4676	srv2 - ok
10:10:52.0372 4676	srvnet          (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys
10:10:52.0419 4676	srvnet - ok
10:10:52.0528 4676	StarOpen        (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
10:10:52.0544 4676	StarOpen ( UnsignedFile.Multi.Generic ) - warning
10:10:52.0544 4676	StarOpen - detected UnsignedFile.Multi.Generic (1)
10:10:52.0638 4676	STHDA           (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys
10:10:52.0716 4676	STHDA - ok
10:10:52.0825 4676	swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
10:10:52.0840 4676	swenum - ok
10:10:52.0934 4676	Symc8xx         (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
10:10:52.0950 4676	Symc8xx - ok
10:10:52.0981 4676	Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
10:10:52.0996 4676	Sym_hi - ok
10:10:53.0012 4676	Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
10:10:53.0028 4676	Sym_u3 - ok
10:10:53.0137 4676	SynTP           (79a93ec9d224b1f43c0e2f023d61dca3) C:\Windows\system32\DRIVERS\SynTP.sys
10:10:53.0168 4676	SynTP - ok
10:10:53.0308 4676	Tcpip           (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys
10:10:53.0386 4676	Tcpip - ok
10:10:53.0527 4676	Tcpip6          (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys
10:10:53.0620 4676	Tcpip6 - ok
10:10:53.0714 4676	tcpipreg        (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
10:10:53.0776 4676	tcpipreg - ok
10:10:53.0870 4676	TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
10:10:53.0948 4676	TDPIPE - ok
10:10:54.0026 4676	TDTCP           (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
10:10:54.0088 4676	TDTCP - ok
10:10:54.0166 4676	tdx             (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
10:10:54.0244 4676	tdx - ok
10:10:54.0354 4676	TermDD          (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
10:10:54.0369 4676	TermDD - ok
10:10:54.0416 4676	tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:10:54.0494 4676	tssecsrv - ok
10:10:54.0588 4676	tunmp           (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
10:10:54.0619 4676	tunmp - ok
10:10:54.0759 4676	tunnel          (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
10:10:54.0806 4676	tunnel - ok
10:10:54.0884 4676	uagp35          (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
10:10:54.0900 4676	uagp35 - ok
10:10:54.0931 4676	udfs            (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
10:10:55.0009 4676	udfs - ok
10:10:55.0102 4676	uliagpkx        (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
10:10:55.0134 4676	uliagpkx - ok
10:10:55.0165 4676	uliahci         (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
10:10:55.0180 4676	uliahci - ok
10:10:55.0258 4676	UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
10:10:55.0274 4676	UlSata - ok
10:10:55.0305 4676	ulsata2         (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
10:10:55.0321 4676	ulsata2 - ok
10:10:55.0383 4676	umbus           (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
10:10:55.0461 4676	umbus - ok
10:10:55.0539 4676	upperdev - ok
10:10:55.0586 4676	usbccgp         (cee5090e3c2f23df52b732dc3cc16ad8) C:\Windows\system32\DRIVERS\usbccgp.sys
10:10:55.0648 4676	usbccgp - ok
10:10:55.0726 4676	usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
10:10:55.0836 4676	usbcir - ok
10:10:55.0914 4676	usbehci         (3bb628ad6e7391e801ce4bda9a52bb1d) C:\Windows\system32\DRIVERS\usbehci.sys
10:10:55.0960 4676	usbehci - ok
10:10:56.0054 4676	usbhub          (d02090110a4d92b4b9a9a2e17729e997) C:\Windows\system32\DRIVERS\usbhub.sys
10:10:56.0101 4676	usbhub - ok
10:10:56.0179 4676	usbohci         (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
10:10:56.0288 4676	usbohci - ok
10:10:56.0366 4676	usbprint        (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
10:10:56.0428 4676	usbprint - ok
10:10:56.0444 4676	USBSTOR         (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:10:56.0522 4676	USBSTOR - ok
10:10:56.0631 4676	usbuhci         (d63b28cffbba74bc374b41a60543190c) C:\Windows\system32\DRIVERS\usbuhci.sys
10:10:56.0662 4676	usbuhci - ok
10:10:56.0756 4676	usbvideo        (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
10:10:56.0818 4676	usbvideo - ok
10:10:56.0850 4676	vga             (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
10:10:56.0928 4676	vga - ok
10:10:57.0006 4676	VgaSave         (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
10:10:57.0068 4676	VgaSave - ok
10:10:57.0084 4676	viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
10:10:57.0099 4676	viaide - ok
10:10:57.0177 4676	volmgr          (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
10:10:57.0193 4676	volmgr - ok
10:10:57.0208 4676	volmgrx         (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
10:10:57.0240 4676	volmgrx - ok
10:10:57.0318 4676	volsnap         (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
10:10:57.0333 4676	volsnap - ok
10:10:57.0364 4676	vsmraid         (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
10:10:57.0380 4676	vsmraid - ok
10:10:57.0411 4676	WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
10:10:57.0505 4676	WacomPen - ok
10:10:57.0567 4676	Wanarp          (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
10:10:57.0645 4676	Wanarp - ok
10:10:57.0645 4676	Wanarpv6        (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
10:10:57.0708 4676	Wanarpv6 - ok
10:10:57.0739 4676	Wd              (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
10:10:57.0754 4676	Wd - ok
10:10:57.0848 4676	Wdf01000        (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
10:10:57.0895 4676	Wdf01000 - ok
10:10:58.0020 4676	WmiAcpi         (7999dfb1c555efc0db69576f70027867) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:10:58.0035 4676	WmiAcpi - ok
10:10:58.0113 4676	WpdUsb          (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
10:10:58.0160 4676	WpdUsb - ok
10:10:58.0238 4676	ws2ifsl         (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
10:10:58.0316 4676	ws2ifsl - ok
10:10:58.0425 4676	WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:10:58.0472 4676	WUDFRd - ok
10:10:58.0519 4676	MBR (0x1B8)     (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
10:10:59.0424 4676	\Device\Harddisk0\DR0 - ok
10:10:59.0455 4676	Boot (0x1200)   (1c981d0e92186a444f16c0bd0130d3ea) \Device\Harddisk0\DR0\Partition0
10:10:59.0455 4676	\Device\Harddisk0\DR0\Partition0 - ok
10:10:59.0470 4676	Boot (0x1200)   (b75ff2aef26b9c1f554507219a41df21) \Device\Harddisk0\DR0\Partition1
10:10:59.0470 4676	\Device\Harddisk0\DR0\Partition1 - ok
10:10:59.0470 4676	============================================================
10:10:59.0470 4676	Scan finished
10:10:59.0470 4676	============================================================
10:10:59.0502 3428	Detected object count: 1
10:10:59.0502 3428	Actual detected object count: 1
10:11:13.0417 3428	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
10:11:13.0417 3428	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip

Danke schön!!!

cosinus · 05.01.2012, 10:48

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Michael_w · 05.01.2012, 11:24

Hi Arne,

combofix gerade beender, hier das Log:

Code:

ATTFilter

Combofix Logfile:

	Code: 

 ATTFilter

  
	ComboFix 12-01-05.01 - Francia 05.01.2012  11:06:30.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3066.1632 [GMT 1:00]
ausgeführt von:: c:\users\Francia\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\java.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-05 bis 2012-01-05  ))))))))))))))))))))))))))))))
.
.
2012-01-05 10:14 . 2012-01-05 10:14	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0EA51693-7407-41EE-A8F0-11F9F6024D6C}\offreg.dll
2012-01-05 10:12 . 2012-01-05 10:16	--------	d-----w-	c:\users\Francia\AppData\Local\temp
2012-01-05 10:12 . 2012-01-05 10:12	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-04 21:46 . 2012-01-04 21:46	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-01-04 21:34 . 2012-01-04 21:34	--------	d-----w-	C:\_OTL
2012-01-03 20:49 . 2012-01-03 20:49	--------	d-----w-	c:\users\Francia\AppData\Roaming\Malwarebytes
2012-01-03 20:48 . 2012-01-03 20:48	--------	d-----w-	c:\programdata\Malwarebytes
2012-01-03 20:48 . 2012-01-03 20:48	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-03 20:48 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-03 20:46 . 2011-11-21 11:40	8822856	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0EA51693-7407-41EE-A8F0-11F9F6024D6C}\mpengine.dll
2011-12-22 11:22 . 2011-12-22 11:22	--------	d-----w-	c:\program files (x86)\ESET
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-10 04:54 . 2010-05-22 16:32	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-04 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-04 c:\windows\Tasks\User_Feed_Synchronization-{6882B1FB-B252-412A-BC71-4449CA8C7B9B}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-25 1657128]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2008-09-26 2041112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = 
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Francia\AppData\Roaming\Mozilla\Firefox\Profiles\7ycs46wx.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.spiegel.de
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-05  11:21:01 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-05 10:21
.
Vor Suchlauf: 12 Verzeichnis(se), 93.330.264.064 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 93.141.254.144 Bytes frei
.
- - End Of File - - 0E763328344BD85A29E2621698D319EC
         
 --- --- ---

Beste Grüße und Danke!!!

03.01.2012, 21:28	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner Sirefef.P trojan Malwarebytes auch schon scannen lassen? __________________ __________________

03.01.2012, 22:10	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner Sirefef.P trojan Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal diesen Rechner mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. __________________ Logfiles bitte immer in CODE-Tags posten

Trojaner Sirefef.P trojan

Plagegeister aller Art und deren Bekämpfung: Trojaner Sirefef.P trojan