Bundespolizei-Virus - Festplatte unbedingt formatieren?

nightingale7 · 06.01.2012, 10:14

Habe während der Ausführung von ComboFix von Windows die Fehlermeldung bekommen "Das Programm PEV.exe funktioniert nicht mehr". Weiß nicht, ob das von Bedeutung ist. Ansonsten gab es keine Probleme.

Hier das Log:

Code:

ATTFilter

ComboFix 12-01-05.04 - ASUS x72v 06.01.2012   9:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1686 [GMT 1:00]
ausgeführt von:: c:\users\ASUS x72v\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ASUS x72v\AppData\Local\evmeufct.dat
c:\users\ASUS x72v\AppData\Local\evmeufct_nav.dat
c:\users\ASUS x72v\AppData\Local\evmeufct_navps.dat
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-06 bis 2012-01-06  ))))))))))))))))))))))))))))))
.
.
2012-01-06 09:07 . 2012-01-06 09:07	--------	d-----w-	c:\users\ASUS x72v\AppData\Local\temp
2012-01-06 08:34 . 2012-01-06 08:34	--------	d-----w-	c:\users\ASUS x72v\AppData\Local\DDMSettings
2012-01-05 22:11 . 2012-01-05 22:11	--------	d-----w-	C:\_OTL
2012-01-05 17:02 . 2012-01-05 17:02	--------	d-----w-	c:\program files\ESET
2012-01-05 14:38 . 2012-01-05 14:38	--------	d-----w-	c:\users\ASUS x72v\AppData\Roaming\Malwarebytes
2012-01-05 14:38 . 2012-01-05 14:38	--------	d-----w-	c:\programdata\Malwarebytes
2012-01-05 14:38 . 2012-01-05 14:38	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-01-05 14:38 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-04 20:30 . 2012-01-04 20:30	--------	d-----w-	c:\program files\7-Zip
2012-01-03 21:56 . 2012-01-03 21:56	--------	d-----w-	c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-01-03 21:47 . 2011-11-07 08:26	939368	----a-w-	c:\windows\system32\flash.ocx
2012-01-03 21:46 . 2012-01-03 21:46	--------	d-----w-	c:\users\ASUS x72v\AppData\Local\PackageAware
2012-01-03 19:36 . 2011-11-21 10:47	6823496	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{64A2CD85-29B2-447A-84AD-0E78B6C3F578}\mpengine.dll
2012-01-02 21:48 . 2012-01-02 21:55	--------	d-----w-	c:\users\ASUS x72v\AppData\Local\Ubisoft Game Launcher
2012-01-02 21:47 . 2012-01-02 21:47	--------	d-----w-	c:\programdata\Solidshield
2012-01-02 21:37 . 2010-06-02 03:55	74072	----a-w-	c:\windows\system32\XAPOFX1_5.dll
2012-01-02 21:37 . 2010-06-02 03:55	527192	----a-w-	c:\windows\system32\XAudio2_7.dll
2012-01-02 21:37 . 2010-06-02 03:55	239960	----a-w-	c:\windows\system32\xactengine3_7.dll
2012-01-02 21:37 . 2010-05-26 10:41	2106216	----a-w-	c:\windows\system32\D3DCompiler_43.dll
2011-12-22 16:13 . 2011-10-27 08:01	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-12-22 16:13 . 2011-10-27 08:01	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-12-22 16:13 . 2011-07-29 16:01	293376	----a-w-	c:\windows\system32\psisdecd.dll
2011-12-22 16:13 . 2011-07-29 16:01	217088	----a-w-	c:\windows\system32\psisrndr.ax
2011-12-22 16:13 . 2011-07-29 16:00	57856	----a-w-	c:\windows\system32\MSDvbNP.ax
2011-12-22 16:13 . 2011-07-29 16:00	69632	----a-w-	c:\windows\system32\Mpeg2Data.ax
2011-12-22 16:12 . 2011-10-14 16:02	429056	----a-w-	c:\windows\system32\EncDec.dll
2011-12-22 16:12 . 2011-09-20 21:02	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-12-22 16:12 . 2011-11-23 13:37	2043904	----a-w-	c:\windows\system32\win32k.sys
2011-12-22 16:12 . 2011-11-08 12:10	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-12-22 16:12 . 2011-10-25 15:56	49152	----a-w-	c:\windows\system32\csrsrv.dll
2011-12-22 16:12 . 2011-11-08 14:42	2048	----a-w-	c:\windows\system32\tzres.dll
2011-12-22 16:12 . 2011-08-25 16:15	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2011-12-22 16:12 . 2011-08-25 16:14	563712	----a-w-	c:\windows\system32\oleaut32.dll
2011-12-22 16:12 . 2011-08-25 16:14	238080	----a-w-	c:\windows\system32\oleacc.dll
2011-12-22 16:12 . 2011-08-25 13:31	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2011-12-22 16:12 . 2011-09-30 15:57	707584	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-12-22 15:40 . 2011-12-22 15:40	--------	d-----w-	c:\program files\CCleaner
2011-12-22 14:30 . 2011-12-22 14:30	--------	d-----w-	c:\users\ASUS x72v\AppData\Roaming\Avira
2011-12-19 20:35 . 2011-12-19 20:35	--------	d-----w-	c:\users\Nebelkrähe\AppData\Roaming\Avira
2011-12-19 20:34 . 2012-01-01 20:25	--------	d-----w-	c:\users\Nebelkrähe\AppData\Local\Mozilla Firefox
2011-12-19 20:30 . 2011-12-19 20:30	--------	d-----w-	c:\programdata\Avira
2011-12-19 20:30 . 2011-12-09 11:40	74640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-12-19 20:30 . 2011-12-09 11:40	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-12-19 20:30 . 2011-12-09 11:40	134856	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-12-19 20:30 . 2011-12-19 20:30	--------	d-----w-	c:\program files\Avira
2011-12-19 20:17 . 2011-12-19 20:17	--------	d-----w-	c:\program files\Common Files\Java
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-05 22:14 . 2008-10-09 07:40	45056	----a-w-	c:\windows\system32\acovcnt.exe
2011-11-16 18:55 . 2011-05-22 17:16	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-15 13:29 . 2009-10-02 23:31	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-11-10 04:54 . 2010-07-15 12:54	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-10-20 23:26 . 2011-10-20 23:26	94208	----a-w-	c:\windows\system32\dpl100.dll
2008-07-02 02:28 . 2008-07-02 02:28	61440	----a-w-	c:\program files\Common Files\CPInstallAction.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 92704]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2008-10-09 3054136]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2008-10-09 47672]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1328424]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-09 258512]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-10 752168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-19 10:33]
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-19 10:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-evmeufct - c:\users\asus x72v\appdata\local\evmeufct.exe
AddRemove-yqkcuogy - c:\users\asus x72v\appdata\local\yqkcuogy.bat
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-06 10:07
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\ASUS\AI TouchMedia\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2809889056-3464315095-2278337278-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:84,67,d9,a2,ff,ae,6e,7b,1d,cc,9f,08,f3,cb,9d,a3,f6,7f,ca,f1,1c,6e,f5,
   44,24,9e,63,78,20,ad,48,db,de,52,70,e3,50,b2,bf,3c,42,3b,a4,b0,b8,26,e4,43,\
"??"=hex:53,8c,13,17,b3,99,a5,77,93,3c,37,94,03,d3,fc,e4
.
[HKEY_USERS\S-1-5-21-2809889056-3464315095-2278337278-1000\Software\SecuROM\License information*]
"datasecu"=hex:54,af,de,74,4a,75,1b,66,1d,e6,46,c7,33,69,9b,04,1c,6c,8b,4d,a7,
   0d,6e,b8,54,7b,c7,e3,d0,16,08,f4,d0,0d,93,f8,d8,a8,dc,48,d8,6a,44,24,43,ad,\
"rkeysecu"=hex:0c,24,0e,b0,dd,8a,99,17,cd,87,74,4f,08,6f,32,f0
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3732)
c:\windows\system32\btmmhook.dll
.
Zeit der Fertigstellung: 2012-01-06  10:09:13
ComboFix-quarantined-files.txt  2012-01-06 09:09
.
Vor Suchlauf: 8 Verzeichnis(se), 82.741.362.688 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 82.011.377.664 Bytes frei
.
- - End Of File - - 9F8F695D8893A1C1860C74D3ABBF676E

cosinus · 06.01.2012, 14:40

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

nightingale7 · 06.01.2012, 16:11

Gmer ist mir tatsächlich 2mal abgestürzt. Beim ersten Mal gab's nur ne Fehlermeldung, aber beim zweiten Mal hatte ich nen Bluescreen und anschließend nen automatischen Neustart. Hab dann also mit OSAM weitergemacht.

OSAM-Log:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 15:45:33 on 06.01.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Unable to get information

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASMMAP" (ASMMAP) - ? - C:\Program Files\ATKGFNEX\ASMMAP.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\ASUSX7~1\AppData\Local\Temp\catchme.sys  (File not found)
"ghaio" (ghaio) - ? - C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"lacqsasj" (lacqsasj) - ? - C:\Windows\system32\drivers\lacqsasj.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"lullaby" (lullaby) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\System32\DRIVERS\lullaby.sys
"Pinnacle Marvin Bus" (MarvinBus) - "Pinnacle Systems GmbH" - C:\Windows\System32\DRIVERS\MarvinBus.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"VClone" (VClone) - ? - C:\Windows\System32\DRIVERS\VClone.sys  (File not found)
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\ASUS\AI TouchMedia\PlayMovie\000.fcl

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - C:\Program Files\Pinnacle\Studio 14\Programs\BlueShellExt.dll  (File found, but it contains no detailed information)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\Windows\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\ASUS x72v\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"ASUS Camera ScreenSaver" - ? - C:\Windows\AsScrProlog.exe  (File found, but it contains no detailed information)
"ASUS Screen Saver Protector" - "ASUS" - C:\Windows\AsScrPro.exe
"ATKMEDIA" - "ASUS" - C:\Program Files\ASUS\ATK Media\DMedia.exe
"ATKOSD2" - "ASUS" - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"HControlUser" - ? - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
"ASLDR Service" (ASLDRService) - ? - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
"ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"spmgr" (spmgr) - ? - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR-Log:

Code:

ATTFilter

aswMBR version 0.9.9.1156 Copyright(c) 2011 AVAST Software
Run date: 2012-01-06 15:51:40
-----------------------------
15:51:40.570    OS Version: Windows 6.0.6002 Service Pack 2
15:51:40.570    Number of processors: 2 586 0x1706
15:51:40.570    ComputerName: ASUSX72V-PC  UserName: ASUS x72v
15:52:17.417    Initialize success
15:53:13.542    AVAST engine defs: 12010600
15:53:34.306    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:53:34.306    Disk 0 Vendor: ST932032 0303 Size: 305245MB BusType: 3
15:53:34.321    Disk 0 MBR read successfully
15:53:34.321    Disk 0 MBR scan
15:53:34.352    Disk 0 unknown MBR code
15:53:34.352    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    10001 MB offset 63
15:53:34.368    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       152617 MB offset 20482875
15:53:34.368    Disk 0 Partition - 00     0F Extended LBA            142623 MB offset 333043515
15:53:34.399    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       142623 MB offset 333043578
15:53:34.415    Disk 0 scanning sectors +625137345
15:53:34.571    Disk 0 scanning C:\Windows\system32\drivers
15:53:54.617    Service scanning
15:53:56.021    Modules scanning
15:54:15.271    Disk 0 trace - called modules:
15:54:15.287    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys dxgkrnl.sys nvlddmkm.sys watchdog.sys ndis.sys NETw5v32.sys tcpip.sys NETIO.SYS 
15:54:15.287    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86aa5910]
15:54:15.302    3 CLASSPNP.SYS[8ada88b3] -> nt!IofCallDriver -> [0x84f86220]
15:54:15.302    5 acpi.sys[806986bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85943028]
15:54:15.880    AVAST engine scan C:\Windows
15:54:22.104    AVAST engine scan C:\Windows\system32
15:59:00.954    AVAST engine scan C:\Windows\system32\drivers
15:59:33.277    AVAST engine scan C:\Users\ASUS x72v
16:01:30.558    AVAST engine scan C:\ProgramData
16:03:11.194    Scan finished successfully
16:07:30.929    Disk 0 MBR has been saved successfully to "C:\Users\ASUS x72v\Desktop\MBR.dat"
16:07:30.929    The log file has been saved successfully to "C:\Users\ASUS x72v\Desktop\aswMBR.txt"

cosinus · 06.01.2012, 18:54

Zitat:

"lacqsasj" (lacqsasj) - ? - C:\Windows\system32\drivers\lacqsasj.sys (File not found)

Bitte mit OSAM deaktivieren und löschen. Danach neues Log mit OSAM machen.

Im Anschluss den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.
Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

nightingale7 · 06.01.2012, 20:21

Osam-Log nach Deaktivierung:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:40:13 on 06.01.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Unable to get information

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASMMAP" (ASMMAP) - ? - C:\Program Files\ATKGFNEX\ASMMAP.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\ASUSX7~1\AppData\Local\Temp\catchme.sys  (File not found)
"ghaio" (ghaio) - ? - C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"lullaby" (lullaby) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\System32\DRIVERS\lullaby.sys
"Pinnacle Marvin Bus" (MarvinBus) - "Pinnacle Systems GmbH" - C:\Windows\System32\DRIVERS\MarvinBus.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"VClone" (VClone) - ? - C:\Windows\System32\DRIVERS\VClone.sys  (File not found)
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\ASUS\AI TouchMedia\PlayMovie\000.fcl
(Disabled) "lacqsasj" (lacqsasj) - ? - C:\Windows\system32\drivers\lacqsasj.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - C:\Program Files\Pinnacle\Studio 14\Programs\BlueShellExt.dll  (File found, but it contains no detailed information)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\Windows\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\ASUS x72v\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"ASUS Camera ScreenSaver" - ? - C:\Windows\AsScrProlog.exe  (File found, but it contains no detailed information)
"ASUS Screen Saver Protector" - "ASUS" - C:\Windows\AsScrPro.exe
"ATKMEDIA" - "ASUS" - C:\Program Files\ASUS\ATK Media\DMedia.exe
"ATKOSD2" - "ASUS" - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"HControlUser" - ? - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
"ASLDR Service" (ASLDRService) - ? - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
"ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"spmgr" (spmgr) - ? - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Osam-Log nach Löschung:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:49:07 on 06.01.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Unable to get information

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASMMAP" (ASMMAP) - ? - C:\Program Files\ATKGFNEX\ASMMAP.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\ASUSX7~1\AppData\Local\Temp\catchme.sys  (File not found)
"ghaio" (ghaio) - ? - C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"lullaby" (lullaby) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\System32\DRIVERS\lullaby.sys
"Pinnacle Marvin Bus" (MarvinBus) - "Pinnacle Systems GmbH" - C:\Windows\System32\DRIVERS\MarvinBus.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"VClone" (VClone) - ? - C:\Windows\System32\DRIVERS\VClone.sys  (File not found)
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\ASUS\AI TouchMedia\PlayMovie\000.fcl

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - C:\Program Files\Pinnacle\Studio 14\Programs\BlueShellExt.dll  (File found, but it contains no detailed information)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\Windows\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\ASUS x72v\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"ASUS Camera ScreenSaver" - ? - C:\Windows\AsScrProlog.exe  (File found, but it contains no detailed information)
"ASUS Screen Saver Protector" - "ASUS" - C:\Windows\AsScrPro.exe
"ATKMEDIA" - "ASUS" - C:\Program Files\ASUS\ATK Media\DMedia.exe
"ATKOSD2" - "ASUS" - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"HControlUser" - ? - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
"ASLDR Service" (ASLDRService) - ? - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
"ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"spmgr" (spmgr) - ? - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR-Log des Fixes:

Code:

ATTFilter

aswMBR version 0.9.9.1156 Copyright(c) 2011 AVAST Software
Run date: 2012-01-06 19:50:53
-----------------------------
19:50:53.370    OS Version: Windows 6.0.6002 Service Pack 2
19:50:53.370    Number of processors: 2 586 0x1706
19:50:53.370    ComputerName: ASUSX72V-PC  UserName: ASUS x72v
19:50:54.088    Initialize success
19:51:02.777    AVAST engine defs: 12010600
19:51:40.656    Verifying
19:51:50.671    Disk 0 Windows 600 MBR fixed successfully
19:53:54.753    Disk 0 MBR has been saved successfully to "C:\Users\ASUS x72v\Desktop\MBR.dat"
19:53:54.753    The log file has been saved successfully to "C:\Users\ASUS x72v\Desktop\aswMBR_fixed.txt"

aswMBR-Log des Scans nach Fix und Reboot:

Code:

ATTFilter

aswMBR version 0.9.9.1156 Copyright(c) 2011 AVAST Software
Run date: 2012-01-06 19:59:25
-----------------------------
19:59:25.424    OS Version: Windows 6.0.6002 Service Pack 2
19:59:25.424    Number of processors: 2 586 0x1706
19:59:25.439    ComputerName: ASUSX72V-PC  UserName: ASUS x72v
19:59:26.157    Initialize success
19:59:36.079    AVAST engine defs: 12010600
19:59:50.119    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:59:50.119    Disk 0 Vendor: ST932032 0303 Size: 305245MB BusType: 3
19:59:50.134    Disk 0 MBR read successfully
19:59:50.134    Disk 0 MBR scan
19:59:50.150    Disk 0 Windows VISTA default MBR code
19:59:50.165    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    10001 MB offset 63
19:59:50.181    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       152617 MB offset 20482875
19:59:50.181    Disk 0 Partition - 00     0F Extended LBA            142623 MB offset 333043515
19:59:50.212    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       142623 MB offset 333043578
19:59:50.228    Disk 0 scanning sectors +625137345
19:59:50.337    Disk 0 scanning C:\Windows\system32\drivers
20:00:14.938    Service scanning
20:00:16.405    Modules scanning
20:00:29.665    Disk 0 trace - called modules:
20:00:29.711    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 
20:00:29.727    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8699d8b0]
20:00:29.727    3 CLASSPNP.SYS[8adac8b3] -> nt!IofCallDriver -> [0x84f8fb98]
20:00:29.727    5 acpi.sys[8069f6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85965028]
20:00:30.476    AVAST engine scan C:\Windows
20:00:42.394    AVAST engine scan C:\Windows\system32
20:05:42.023    AVAST engine scan C:\Windows\system32\drivers
20:05:58.435    AVAST engine scan C:\Users\ASUS x72v
20:07:56.074    AVAST engine scan C:\ProgramData
20:09:38.707    Scan finished successfully
20:13:27.127    Disk 0 MBR has been saved successfully to "C:\Users\ASUS x72v\Desktop\MBR.dat"
20:13:27.127    The log file has been saved successfully to "C:\Users\ASUS x72v\Desktop\aswMBR_after_fix_and_reboot.txt"

Alles richtig soweit? Ich bin mir mit dem aswMBR-Fix nicht ganz sicher. Aus deiner Anweisung schien es nicht hervor zu gehen, aber hätte ich das Programm erst einen Scan machen lassen sollen, damit es überhaupt weiß, was es fixen soll?

cosinus · 06.01.2012, 20:27

Hast du gut gemacht

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

nightingale7 · 07.01.2012, 22:33

Malwarebytes-Log:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.07.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
ASUS x72v :: ASUSX72V-PC [Administrator]

07.01.2012 17:33:51
mbam-log-2012-01-07 (17-33-51).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 315896
Laufzeit: 1 Stunde(n), 19 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

SUPERAntiSpyware-Log:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 01/07/2012 at 08:38 PM

Application Version : 5.0.1142

Core Rules Database Version : 8112
Trace Rules Database Version: 5924

Scan type       : Complete Scan
Total Scan Time : 01:29:39

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned      : 668
Memory threats detected   : 0
Registry items scanned    : 37474
Registry threats detected : 0
File items scanned        : 137221
File threats detected     : 93

Adware.Tracking Cookie
	.doubleclick.net [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	adx.chip.de [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.quartermedia.de [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.quartermedia.de [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	adx.chip.de [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.zanox.com [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zanox.com [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.effiliation.com [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.effiliation.com [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.effiliation.com [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.effiliation.com [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.effiliation.com [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.effiliation.com [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.divx.112.2o7.net [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.kontera.com [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tribalfusion.com [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad2.adfarm1.adition.com [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.apmebf.com [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.mediaplex.com [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.statcounter.com [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.im.banner.t-online.de [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.mediaplex.com [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\ASUS X72V\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.tracking.mindshare.de [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	rts.pgmediaserve.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	rts.pgmediaserve.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	rts.pgmediaserve.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.content.yieldmanager.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	tracking.mlsat02.de [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\NEBELKRäHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV376T07.DEFAULT\COOKIES.SQLITE ]

ESET-Log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4b3ba71c57ac5a47b56969e5e5838058
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-07 09:20:40
# local_time=2012-01-07 10:20:40 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 1642696 1642696 0 0
# compatibility_mode=5892 16776574 100 100 129233 163498447 0 0
# compatibility_mode=8192 67108863 100 0 186365 186365 0 0
# scanned=152795
# found=2
# cleaned=0
# scan_time=5520
D:\Install\Setup19_FreeConverter.exe	Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
D:\Install\SoftonicDownloader_fuer_scummvm.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I

Uh, schätze, die beiden Sachen, die ESET noch gefunden hat, können gelöscht werden, oder? Bei den Funden von SUPERAntiSpyware hoff ich ja, dass das allermeiste nur falscher Alarm ist...?

cosinus · 07.01.2012, 23:37

Ja das kann weg. SASW hat nur Cookies gefunden. Das sind keine Schädlinge, aber können so gelöscht werden.

Rechner wieder im Lot?

nightingale7 · 08.01.2012, 09:21

Ich hatte beim Start meines Benutzeraccounts nach dem manuellen Löschen der Funde von Antivir (also, bevor ich diesen Thread eröffnet hatte) immer 2 Fehlermeldungen. Seit du mir hier geholfen hast, habe ich mich nur noch in den Admin-Account eingeloggt. Eben war ich zum ersten Mal seit der ganzen Prozedur wieder in meinem eigenen Acc drin. Eine der Fehlermeldungen erscheint nicht mehr, aber die andere ist noch da:

Fehler beim Laden von
C:\Users\NEBELK~1\AppData\Local\Temp\wpbt0.dll
Das angegebene Modul wurde nicht gefunden.

Das hat doch sicher noch was mit der Kompromittierung des Systems zu tun? Und nachdem wir nun mehrmals die temporären Dateien sowie doch auch die Registry gesäubert haben, wie kann es sein, dass diese Fehlermeldung trotzdem noch kommt?

cosinus · 08.01.2012, 19:58

Das kommt weil zB bei OTL-Scans das Profil dienes anderen Benutzers nicht mitgescannt wurde. Mach mit diesem Benutzer nochmal ein neues OTL-Log

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

nightingale7 · 09.01.2012, 19:33

Ah, das macht natürlich Sinn.

Hier das neue OTL-Log:

Code:

ATTFilter

OTL logfile created on: 09.01.2012 19:07:16 - Run 8
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Nebelkrähe\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 59,92% Memory free
6,19 Gb Paging File | 5,05 Gb Available in Paging File | 81,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 83,48 Gb Free Space | 56,01% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 26,93 Gb Free Space | 19,33% Space Free | Partition Type: NTFS
Drive E: | 4,61 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ASUSX72V-PC | User Name: ASUS x72v | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.09 18:50:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nebelkrähe\Desktop\OTL.exe
PRC - [2011.12.09 12:40:20 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.12.09 12:40:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.12.09 12:39:54 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.12.09 12:39:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.09 08:30:20 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2008.07.15 19:29:00 | 007,651,328 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2008.07.15 19:22:46 | 000,217,088 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe
PRC - [2008.07.10 01:09:26 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2008.06.25 03:01:08 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2008.06.24 04:16:24 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008.06.19 20:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
PRC - [2008.06.13 06:52:51 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.06.04 01:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2008.04.10 19:32:18 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.03.18 05:27:11 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.01.23 18:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe
PRC - [2008.01.12 06:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2007.11.05 03:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
PRC - [2007.10.03 05:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2007.08.15 19:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.08.03 20:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007.07.06 00:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2005.07.06 23:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008.04.10 19:25:54 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2008.01.12 06:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
MOD - [2007.11.12 23:41:50 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTran.dll
MOD - [2007.08.14 21:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007.07.12 21:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 21:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.12.09 12:40:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.09 12:39:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2008.03.18 05:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.03 05:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.08.03 20:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.09 12:40:20 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.12.09 12:40:20 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.09 12:40:20 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.12.26 17:30:57 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.12.26 17:30:57 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.05.28 21:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.06.25 15:58:59 | 007,534,720 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.06.25 15:58:59 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.06.03 07:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008.05.29 18:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\lullaby.sys -- (lullaby)
DRV - [2008.05.20 01:15:42 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\ASUS\AI TouchMedia\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.05.02 06:59:39 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.03.21 05:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.02.16 01:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008.02.05 08:52:23 | 000,206,464 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etFilter.sys -- (FiltUSBET)
DRV - [2008.01.31 12:18:57 | 000,006,528 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etScan.sys -- (ScanUSBET)
DRV - [2007.12.19 01:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.09.06 09:43:49 | 000,474,624 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etDevice.sys -- (DCamUSBET)
DRV - [2007.08.03 05:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007.07.30 19:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 18:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.24 19:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.06.17 05:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2006.12.14 08:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2005.09.23 21:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-2809889056-3464315095-2278337278-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2809889056-3464315095-2278337278-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2809889056-3464315095-2278337278-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2809889056-3464315095-2278337278-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKU\S-1-5-21-2809889056-3464315095-2278337278-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.schnellsucher.com/?t=Q0908131707&s=h
IE - HKU\S-1-5-21-2809889056-3464315095-2278337278-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2809889056-3464315095-2278337278-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: multilinks@plugin:1.0.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.06 09:33:26 | 000,000,000 | ---D | M]
 
[2009.04.11 14:31:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS x72v\AppData\Roaming\mozilla\Extensions
[2011.12.19 17:49:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS x72v\AppData\Roaming\mozilla\Firefox\Profiles\fgey6id2.default\extensions
[2009.11.13 20:48:43 | 000,000,000 | ---D | M] (Multi Links) -- C:\Users\ASUS x72v\AppData\Roaming\mozilla\Firefox\Profiles\fgey6id2.default\extensions\multilinks@plugin
[2011.12.19 17:49:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS x72v\AppData\Roaming\mozilla\Firefox\Profiles\fgey6id2.default\extensions\staged
[2011.12.19 20:56:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.09.04 14:09:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\ASUS x72v\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google-Suche = C:\Users\ASUS x72v\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\ASUS x72v\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\ASUS x72v\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.01.06 10:07:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-2809889056-3464315095-2278337278-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-2809889056-3464315095-2278337278-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2809889056-3464315095-2278337278-1001..\Run: [EPSON Stylus DX8400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2809889056-3464315095-2278337278-1001..\Run: [EPSON Stylus DX9400F Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2809889056-3464315095-2278337278-1001..\Run: [iexploer.exe] C:\Users\Nebelkrähe\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2809889056-3464315095-2278337278-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2809889056-3464315095-2278337278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2809889056-3464315095-2278337278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2809889056-3464315095-2278337278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2809889056-3464315095-2278337278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-2809889056-3464315095-2278337278-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2809889056-3464315095-2278337278-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2809889056-3464315095-2278337278-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2809889056-3464315095-2278337278-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8A7E2A5-BF27-4014-93AD-F1B3729F6DCE}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC2AFD73-5775-499D-8010-29CA5974B896}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\ASUS x72v\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\ASUS x72v\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.10 14:54:08 | 002,290,144 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011.10.09 15:23:34 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011.10.09 15:23:34 | 000,224,630 | R--- | M] () - E:\autorun.ico -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "startup" - 2
 
SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F00842BF-035E-6FF4-D37F-9021C12AD969} - Microsoft Windows Media Player 11.0
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: wave2 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.07 18:59:15 | 000,000,000 | ---D | C] -- C:\Users\ASUS x72v\AppData\Roaming\SUPERAntiSpyware.com
[2012.01.07 18:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.01.07 18:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.01.07 18:58:11 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.01.07 18:55:36 | 013,597,392 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\ASUS x72v\Desktop\SUPERAntiSpyware.exe
[2012.01.06 19:33:23 | 000,000,000 | ---D | C] -- C:\Users\ASUS x72v\AppData\Roaming\Online Solutions
[2012.01.06 15:48:05 | 004,704,768 | ---- | C] (AVAST Software) -- C:\Users\ASUS x72v\Desktop\aswMBR.exe
[2012.01.06 15:13:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.01.06 15:11:08 | 000,000,000 | ---D | C] -- C:\Users\ASUS x72v\Desktop\osam_autorun_manager_5_0_portable
[2012.01.06 10:09:15 | 000,000,000 | ---D | C] -- C:\Users\ASUS x72v\AppData\Local\temp
[2012.01.06 10:08:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.01.06 09:56:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.01.06 09:56:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.01.06 09:56:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.01.06 09:56:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.01.06 09:56:33 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.01.06 09:56:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.01.06 09:40:20 | 004,372,321 | R--- | C] (Swearware) -- C:\Users\ASUS x72v\Desktop\ComboFix.exe
[2012.01.06 09:34:12 | 000,000,000 | ---D | C] -- C:\Users\ASUS x72v\AppData\Local\DDMSettings
[2012.01.05 23:31:35 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\ASUS x72v\Desktop\tdsskiller.exe
[2012.01.05 23:11:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.01.05 18:12:14 | 002,322,184 | ---- | C] (ESET) -- C:\Users\ASUS x72v\Desktop\esetsmartinstaller_enu.exe
[2012.01.05 18:02:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.01.05 15:38:58 | 000,000,000 | ---D | C] -- C:\Users\ASUS x72v\AppData\Roaming\Malwarebytes
[2012.01.05 15:38:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.05 15:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.05 15:38:41 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.05 15:38:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.04 21:30:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.01.04 21:30:25 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.01.04 19:49:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\ASUS x72v\Desktop\OTL.exe
[2012.01.03 22:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012.01.03 22:47:14 | 000,939,368 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\flash.ocx
[2012.01.03 22:46:59 | 000,000,000 | ---D | C] -- C:\Users\ASUS x72v\AppData\Local\PackageAware
[2012.01.02 23:34:36 | 000,000,000 | ---D | C] -- C:\Users\ASUS x72v\Documents\ANNO 2070
[2012.01.02 22:48:12 | 000,000,000 | ---D | C] -- C:\Users\ASUS x72v\AppData\Local\Ubisoft Game Launcher
[2012.01.02 22:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2011.12.22 16:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.12.22 16:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.22 15:30:32 | 000,000,000 | ---D | C] -- C:\Users\ASUS x72v\AppData\Roaming\Avira
[2011.12.19 21:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.19 21:30:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.12.19 21:30:23 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.19 21:30:23 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.12.19 21:30:23 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.12.19 21:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.12.19 21:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.12.19 21:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2008.06.03 07:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.09 19:05:07 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.09 18:20:43 | 000,121,213 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.01.09 18:20:33 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012.01.09 18:20:33 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.09 18:11:28 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012.01.09 18:11:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.09 18:11:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.09 18:11:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.09 18:11:04 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.09 15:03:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.01.07 18:58:15 | 000,001,767 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.01.07 18:55:39 | 013,597,392 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\ASUS x72v\Desktop\SUPERAntiSpyware.exe
[2012.01.06 19:16:42 | 000,019,456 | ---- | M] () -- C:\Users\ASUS x72v\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.06 15:48:09 | 004,704,768 | ---- | M] (AVAST Software) -- C:\Users\ASUS x72v\Desktop\aswMBR.exe
[2012.01.06 15:40:35 | 331,832,016 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.01.06 10:07:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.01.06 09:42:18 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.06 09:42:18 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.06 09:42:18 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.06 09:42:18 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.06 09:40:33 | 004,372,321 | R--- | M] (Swearware) -- C:\Users\ASUS x72v\Desktop\ComboFix.exe
[2012.01.05 23:31:31 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ASUS x72v\Desktop\tdsskiller.exe
[2012.01.05 18:12:00 | 002,322,184 | ---- | M] (ESET) -- C:\Users\ASUS x72v\Desktop\esetsmartinstaller_enu.exe
[2012.01.05 15:38:43 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.05 13:30:42 | 000,000,378 | ---- | M] () -- C:\Users\ASUS x72v\Documents\cc_20120105_133037.reg
[2012.01.05 09:38:04 | 000,003,202 | ---- | M] () -- C:\Users\ASUS x72v\Documents\cc_20120105_093755.reg
[2012.01.04 20:08:31 | 000,302,592 | ---- | M] () -- C:\Users\ASUS x72v\Desktop\lovg4e3u.exe
[2012.01.04 19:49:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS x72v\Desktop\OTL.exe
[2012.01.04 19:48:39 | 000,000,000 | ---- | M] () -- C:\Users\ASUS x72v\defogger_reenable
[2012.01.04 19:44:46 | 000,050,477 | ---- | M] () -- C:\Users\ASUS x72v\Desktop\Defogger.exe
[2012.01.03 22:58:52 | 000,040,046 | ---- | M] () -- C:\Users\ASUS x72v\Documents\cc_20120103_225837.reg
[2012.01.03 22:06:25 | 000,000,067 | ---- | M] () -- C:\Windows\wininit.ini
[2012.01.03 22:05:01 | 000,000,341 | ---- | M] () -- C:\Windows\SIERRA.INI
[2012.01.03 20:49:54 | 000,450,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.03 20:42:03 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012.01.03 20:42:03 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012.01.03 20:41:52 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.01.02 22:39:12 | 000,121,213 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.12.22 16:48:05 | 000,000,206 | ---- | M] () -- C:\Users\ASUS x72v\Documents\cc_20111222_164801.reg
[2011.12.22 16:47:39 | 000,005,888 | ---- | M] () -- C:\Users\ASUS x72v\Documents\cc_20111222_164734.reg
[2011.12.22 16:47:08 | 000,014,124 | ---- | M] () -- C:\Users\ASUS x72v\Documents\cc_20111222_164703.reg
[2011.12.22 16:46:24 | 000,218,176 | ---- | M] () -- C:\Users\ASUS x72v\Documents\cc_20111222_164557.reg
[2011.12.22 15:29:24 | 000,000,680 | RHS- | M] () -- C:\Users\ASUS x72v\ntuser.pol
[2011.12.19 21:30:36 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
 
========== Files Created - No Company Name ==========
 
[2012.01.07 18:58:15 | 000,001,767 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.01.06 15:40:35 | 331,832,016 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.01.06 09:56:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.01.06 09:56:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.01.06 09:56:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.01.06 09:56:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.01.06 09:56:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.01.05 15:38:43 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.05 13:30:40 | 000,000,378 | ---- | C] () -- C:\Users\ASUS x72v\Documents\cc_20120105_133037.reg
[2012.01.05 09:38:01 | 000,003,202 | ---- | C] () -- C:\Users\ASUS x72v\Documents\cc_20120105_093755.reg
[2012.01.04 20:08:30 | 000,302,592 | ---- | C] () -- C:\Users\ASUS x72v\Desktop\lovg4e3u.exe
[2012.01.04 19:48:39 | 000,000,000 | ---- | C] () -- C:\Users\ASUS x72v\defogger_reenable
[2012.01.04 19:44:45 | 000,050,477 | ---- | C] () -- C:\Users\ASUS x72v\Desktop\Defogger.exe
[2012.01.03 22:58:42 | 000,040,046 | ---- | C] () -- C:\Users\ASUS x72v\Documents\cc_20120103_225837.reg
[2012.01.03 22:06:25 | 000,000,067 | ---- | C] () -- C:\Windows\wininit.ini
[2012.01.03 20:41:52 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.12.22 16:48:03 | 000,000,206 | ---- | C] () -- C:\Users\ASUS x72v\Documents\cc_20111222_164801.reg
[2011.12.22 16:47:36 | 000,005,888 | ---- | C] () -- C:\Users\ASUS x72v\Documents\cc_20111222_164734.reg
[2011.12.22 16:47:05 | 000,014,124 | ---- | C] () -- C:\Users\ASUS x72v\Documents\cc_20111222_164703.reg
[2011.12.22 16:46:07 | 000,218,176 | ---- | C] () -- C:\Users\ASUS x72v\Documents\cc_20111222_164557.reg
[2011.12.19 21:30:36 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.18 23:23:29 | 3220,295,680 | -HS- | C] () -- C:\hiberfil.sys
[2011.08.18 21:00:49 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011.01.23 14:36:37 | 000,000,341 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.12.26 17:30:57 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.12.26 17:30:57 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.11.22 19:56:21 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009.10.01 17:02:49 | 000,004,907 | ---- | C] () -- C:\ProgramData\ypkpiykb.yyr
[2009.09.14 15:40:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.14 15:40:53 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.13 20:06:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.13 16:44:57 | 000,000,081 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.02.27 09:57:49 | 000,000,680 | ---- | C] () -- C:\Users\ASUS x72v\AppData\Local\d3d9caps.dat
[2009.02.07 15:04:06 | 000,024,206 | ---- | C] () -- C:\Users\ASUS x72v\AppData\Roaming\UserTile.png
[2009.01.15 18:16:05 | 000,019,456 | ---- | C] () -- C:\Users\ASUS x72v\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.13 12:37:56 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2008.12.06 10:04:44 | 000,121,213 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.12.05 20:29:39 | 000,121,213 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.10.09 08:41:14 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ChkMail.ini
[2008.10.09 08:40:56 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2008.10.09 08:30:30 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2008.10.09 07:06:39 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.09 06:16:03 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.07.02 03:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008.05.22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008.04.16 12:11:34 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.04.16 12:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.04.16 12:11:34 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.04.16 12:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.04.16 11:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007.04.16 11:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2007.03.06 07:39:19 | 000,049,152 | ---- | C] () -- C:\Windows\revdevdll.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,450,704 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.09 02:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.04.03 00:29:59 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll
[2001.11.14 21:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1998.05.06 05:09:59 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll
 
========== LOP Check ==========
 
[2010.12.23 23:58:49 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\FreeAudioPack
[2011.01.18 21:02:01 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\GOA
[2012.01.06 19:37:00 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\Online Solutions
[2009.02.07 15:04:06 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\PeerNetworking
[2011.05.07 09:51:25 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\ScummVM
[2012.01.02 22:38:39 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\Ubisoft
[2011.07.01 14:47:52 | 000,000,000 | ---D | M] -- C:\Users\Nebelkrähe\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.08.18 21:04:31 | 000,000,000 | ---D | M] -- C:\Users\Nebelkrähe\AppData\Roaming\Daedalic Entertainment
[2011.03.19 10:50:57 | 000,000,000 | ---D | M] -- C:\Users\Nebelkrähe\AppData\Roaming\elsterformular
[2010.07.16 16:25:05 | 000,000,000 | ---D | M] -- C:\Users\Nebelkrähe\AppData\Roaming\EPSON
[2010.12.24 00:01:32 | 000,000,000 | ---D | M] -- C:\Users\Nebelkrähe\AppData\Roaming\FreeAudioPack
[2009.10.04 12:59:42 | 000,000,000 | ---D | M] -- C:\Users\Nebelkrähe\AppData\Roaming\GetRightToGo
[2011.01.19 16:33:46 | 000,000,000 | ---D | M] -- C:\Users\Nebelkrähe\AppData\Roaming\GOA
[2009.08.10 15:11:00 | 000,000,000 | ---D | M] -- C:\Users\Nebelkrähe\AppData\Roaming\My Games
[2011.05.07 10:26:56 | 000,000,000 | ---D | M] -- C:\Users\Nebelkrähe\AppData\Roaming\ScummVM
[2009.08.13 12:56:14 | 000,000,000 | ---D | M] -- C:\Users\Nebelkrähe\AppData\Roaming\Sega
[2010.01.07 22:05:29 | 000,000,000 | ---D | M] -- C:\Users\Nebelkrähe\AppData\Roaming\Ubisoft
[2011.11.25 19:57:41 | 000,000,000 | ---D | M] -- C:\Users\Nebelkrähe\AppData\Roaming\WB Games
[2012.01.09 15:03:59 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.07.01 14:47:42 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\Adobe
[2011.12.22 15:30:32 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\Avira
[2009.06.04 17:16:05 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\CyberLink
[2012.01.06 19:16:40 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\DivX
[2009.10.02 11:23:34 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\dvdcss
[2010.12.23 23:58:49 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\FreeAudioPack
[2011.01.18 21:02:01 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\GOA
[2008.12.05 20:29:12 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\Identities
[2008.12.05 20:29:36 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\Macromedia
[2012.01.05 15:38:58 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\Media Center Programs
[2012.01.03 22:04:16 | 000,000,000 | --SD | M] -- C:\Users\ASUS x72v\AppData\Roaming\Microsoft
[2009.04.11 14:31:53 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\Mozilla
[2012.01.06 19:37:00 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\Online Solutions
[2009.02.07 15:04:06 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\PeerNetworking
[2011.05.07 09:51:25 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\ScummVM
[2009.04.13 16:57:49 | 000,000,000 | RH-D | M] -- C:\Users\ASUS x72v\AppData\Roaming\SecuROM
[2009.11.12 18:56:19 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\Skype
[2012.01.07 18:59:15 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\SUPERAntiSpyware.com
[2008.12.05 20:29:50 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\Symantec
[2012.01.02 22:38:39 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\Ubisoft
[2009.05.10 03:08:31 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\vlc
[2011.12.22 16:42:36 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\Winamp
[2009.06.17 14:38:33 | 000,000,000 | ---D | M] -- C:\Users\ASUS x72v\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.22 05:59:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=76D70915EB81608DC6ACA87887FAB38F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22120_none_ddac250d3ab7a648\atapi.sys
[2008.02.22 06:03:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=92210921EEFC081693F649C3631DEEC2 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_3d9c5057\atapi.sys
[2008.02.22 06:03:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=92210921EEFC081693F649C3631DEEC2 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18023_none_dd25892021975283\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.05.07 10:40:01 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\drivers\iaStor.sys
[2008.05.07 10:40:01 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1ab0331f\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

cosinus · 09.01.2012, 21:55

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-2809889056-3464315095-2278337278-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKU\S-1-5-21-2809889056-3464315095-2278337278-1001..\Run: [iexploer.exe] C:\Users\Nebelkrähe\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe File not found
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

nightingale7 · 09.01.2012, 23:36

Leider erscheint die besagte Fehlermeldung nach dem Fix beim Neustart immer noch.

Hier das Log:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-2809889056-3464315095-2278337278-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-2809889056-3464315095-2278337278-1001\Software\Microsoft\Windows\CurrentVersion\Run\\iexploer.exe deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: ASUS x72v
->Temp folder emptied: 50419037 bytes
->Temporary Internet Files folder emptied: 950522 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 294631734 bytes
->Flash cache emptied: 976 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
 
User: Nebelkrähe
->Temp folder emptied: 33917 bytes
->Temporary Internet Files folder emptied: 67988 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 165761236 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 531 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 663274 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 489,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01092012_232301

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 10.01.2012, 00:03

BHast du mit dem betroffenen Benutzerkonto das OTL-Log erstellt?

nightingale7 · 10.01.2012, 08:02

Ja. Ich hab mir OTL.exe ein zweites Mal runtergeladen und es auf den Desktop des betroffenen Benutzerkontos gelegt. Habe aber die erste OTL.exe auf dem Desktop des Admins vorher nicht deinstallieren können, weil Windows es nicht in der Übersicht der installierten Programme auflistet. Sind die beiden sich in die Quere gekommen? Gescannt habe ich jedenfalls vom betroffenen Konto.

07.01.2012, 23:37	#23
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundespolizei-Virus - Festplatte unbedingt formatieren? Ja das kann weg. SASW hat nur Cookies gefunden. Das sind keine Schädlinge, aber können so gelöscht werden. Rechner wieder im Lot? __________________ Logfiles bitte immer in CODE-Tags posten

10.01.2012, 00:03	#29
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundespolizei-Virus - Festplatte unbedingt formatieren? BHast du mit dem betroffenen Benutzerkonto das OTL-Log erstellt? __________________ Logfiles bitte immer in CODE-Tags posten

Bundespolizei-Virus - Festplatte unbedingt formatieren?

Log-Analyse und Auswertung: Bundespolizei-Virus - Festplatte unbedingt formatieren?