Windows - Delayed Write Failed (2012-01-25)

Käpsele · 25.01.2012, 19:28

Sooo...

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "https://www.facebook.com/" removed from browser.startup.homepage
Prefs.js: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" removed from keyword.URL
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
C:\Users\Helene\AppData\Local\Facebook\Update\FacebookUpdate.exe moved successfully.
C:\ProgramData\4TfnehsAgC2AHT moved successfully.
C:\ProgramData\~4TfnehsAgC2AHT moved successfully.
C:\ProgramData\~4TfnehsAgC2AHTr moved successfully.
C:\Users\Helene\Desktop\System Check.lnk moved successfully.
C:\ProgramData\4TfnehsAgC2AHT.exe moved successfully.
C:\Windows\SysNative\AutoRunFilter.ini moved successfully.
C:\ProgramData\vjFDrMidYFj.exe moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3547748543-4258099140-2045507340-1001Core.job moved successfully.
C:\Windows\SysNative\acovcnt.exe moved successfully.
ADS C:\ProgramData\Temp:41099CE9 deleted successfully.
ADS C:\ProgramData\Temp:5D458568 deleted successfully.
ADS C:\ProgramData\Temp:3E7393FC deleted successfully.
ADS C:\ProgramData\Temp:81F83028 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Helene
->Temp folder emptied: 10743860871 bytes
->Temporary Internet Files folder emptied: 157001133 bytes
->Java cache emptied: 1177580 bytes
->FireFox cache emptied: 329236109 bytes
->Flash cache emptied: 8148368 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 237109674 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 1805 bytes
 
Total Files Cleaned = 10.945,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01252012_192146

Files\Folders moved on Reboot...
File\Folder C:\Users\Helene\AppData\Local\Temp\2011-11-08-1200614869_04-RG.PDF  not found!
C:\Users\Helene\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus · 25.01.2012, 20:00

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Käpsele · 25.01.2012, 20:15

TDSS-Log:

Code:

ATTFilter

20:12:19.0981 1408	TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
20:12:20.0449 1408	============================================================
20:12:20.0449 1408	Current date / time: 2012/01/25 20:12:20.0449
20:12:20.0449 1408	SystemInfo:
20:12:20.0449 1408	
20:12:20.0449 1408	OS Version: 6.1.7601 ServicePack: 1.0
20:12:20.0449 1408	Product type: Workstation
20:12:20.0449 1408	ComputerName: HELENE-NOTEBOOK
20:12:20.0449 1408	UserName: Helene
20:12:20.0449 1408	Windows directory: C:\Windows
20:12:20.0449 1408	System windows directory: C:\Windows
20:12:20.0449 1408	Running under WOW64
20:12:20.0449 1408	Processor architecture: Intel x64
20:12:20.0449 1408	Number of processors: 4
20:12:20.0449 1408	Page size: 0x1000
20:12:20.0449 1408	Boot type: Normal boot
20:12:20.0449 1408	============================================================
20:12:21.0151 1408	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:12:21.0261 1408	Initialize success
20:12:29.0342 3112	============================================================
20:12:29.0342 3112	Scan started
20:12:29.0342 3112	Mode: Manual; SigCheck; TDLFS; 
20:12:29.0342 3112	============================================================
20:12:29.0856 3112	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:12:30.0044 3112	1394ohci - ok
20:12:30.0106 3112	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:12:30.0153 3112	ACPI - ok
20:12:30.0184 3112	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:12:30.0309 3112	AcpiPmi - ok
20:12:30.0402 3112	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:12:30.0465 3112	adp94xx - ok
20:12:30.0480 3112	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:12:30.0512 3112	adpahci - ok
20:12:30.0543 3112	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:12:30.0558 3112	adpu320 - ok
20:12:30.0636 3112	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
20:12:30.0746 3112	AFD - ok
20:12:30.0777 3112	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:12:30.0808 3112	agp440 - ok
20:12:30.0855 3112	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:12:30.0886 3112	aliide - ok
20:12:30.0917 3112	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:12:30.0933 3112	amdide - ok
20:12:30.0948 3112	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:12:31.0058 3112	AmdK8 - ok
20:12:31.0073 3112	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:12:31.0151 3112	AmdPPM - ok
20:12:31.0198 3112	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:12:31.0229 3112	amdsata - ok
20:12:31.0260 3112	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:12:31.0307 3112	amdsbs - ok
20:12:31.0323 3112	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:12:31.0338 3112	amdxata - ok
20:12:31.0401 3112	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:12:31.0635 3112	AppID - ok
20:12:31.0666 3112	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:12:31.0697 3112	arc - ok
20:12:31.0697 3112	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:12:31.0728 3112	arcsas - ok
20:12:31.0838 3112	ASMMAP64        (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
20:12:31.0931 3112	ASMMAP64 - ok
20:12:31.0978 3112	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:12:32.0165 3112	AsyncMac - ok
20:12:32.0212 3112	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:12:32.0243 3112	atapi - ok
20:12:32.0352 3112	athr            (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
20:12:32.0586 3112	athr - ok
20:12:32.0633 3112	ATKWMIACPIIO    (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
20:12:32.0664 3112	ATKWMIACPIIO - ok
20:12:32.0727 3112	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
20:12:32.0758 3112	avgntflt - ok
20:12:32.0774 3112	avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
20:12:32.0805 3112	avipbb - ok
20:12:32.0836 3112	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
20:12:32.0852 3112	avkmgr - ok
20:12:32.0930 3112	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:12:33.0023 3112	b06bdrv - ok
20:12:33.0086 3112	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:12:33.0179 3112	b57nd60a - ok
20:12:33.0226 3112	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:12:33.0335 3112	Beep - ok
20:12:33.0335 3112	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:12:33.0398 3112	blbdrive - ok
20:12:33.0444 3112	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:12:33.0507 3112	bowser - ok
20:12:33.0522 3112	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:12:33.0632 3112	BrFiltLo - ok
20:12:33.0632 3112	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:12:33.0678 3112	BrFiltUp - ok
20:12:33.0710 3112	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:12:33.0772 3112	Brserid - ok
20:12:33.0803 3112	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:12:33.0866 3112	BrSerWdm - ok
20:12:33.0881 3112	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:12:33.0912 3112	BrUsbMdm - ok
20:12:33.0928 3112	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:12:33.0975 3112	BrUsbSer - ok
20:12:33.0990 3112	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:12:34.0053 3112	BTHMODEM - ok
20:12:34.0100 3112	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:12:34.0193 3112	cdfs - ok
20:12:34.0256 3112	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:12:34.0318 3112	cdrom - ok
20:12:34.0349 3112	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:12:34.0380 3112	circlass - ok
20:12:34.0427 3112	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:12:34.0458 3112	CLFS - ok
20:12:34.0505 3112	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:12:34.0552 3112	CmBatt - ok
20:12:34.0583 3112	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:12:34.0614 3112	cmdide - ok
20:12:34.0677 3112	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:12:34.0739 3112	CNG - ok
20:12:34.0755 3112	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:12:34.0770 3112	Compbatt - ok
20:12:34.0786 3112	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:12:34.0848 3112	CompositeBus - ok
20:12:34.0864 3112	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:12:34.0880 3112	crcdisk - ok
20:12:34.0958 3112	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:12:35.0051 3112	DfsC - ok
20:12:35.0067 3112	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:12:35.0129 3112	discache - ok
20:12:35.0160 3112	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:12:35.0176 3112	Disk - ok
20:12:35.0223 3112	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:12:35.0270 3112	drmkaud - ok
20:12:35.0332 3112	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:12:35.0410 3112	DXGKrnl - ok
20:12:35.0582 3112	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:12:35.0784 3112	ebdrv - ok
20:12:35.0862 3112	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:12:35.0925 3112	elxstor - ok
20:12:35.0956 3112	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:12:35.0987 3112	ErrDev - ok
20:12:36.0034 3112	ETD             (5b042aa9cebdab5b61e747ddcebff51b) C:\Windows\system32\DRIVERS\ETD.sys
20:12:36.0050 3112	ETD - ok
20:12:36.0081 3112	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:12:36.0174 3112	exfat - ok
20:12:36.0206 3112	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:12:36.0299 3112	fastfat - ok
20:12:36.0330 3112	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:12:36.0362 3112	fdc - ok
20:12:36.0393 3112	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:12:36.0408 3112	FileInfo - ok
20:12:36.0424 3112	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:12:36.0518 3112	Filetrace - ok
20:12:36.0533 3112	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:12:36.0564 3112	flpydisk - ok
20:12:36.0611 3112	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:12:36.0642 3112	FltMgr - ok
20:12:36.0658 3112	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:12:36.0674 3112	FsDepends - ok
20:12:36.0720 3112	fssfltr         (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
20:12:36.0752 3112	fssfltr - ok
20:12:36.0783 3112	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:12:36.0798 3112	Fs_Rec - ok
20:12:36.0861 3112	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:12:36.0892 3112	fvevol - ok
20:12:36.0939 3112	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:12:36.0954 3112	gagp30kx - ok
20:12:36.0986 3112	GEARAspiWDM - ok
20:12:37.0032 3112	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:12:37.0095 3112	hcw85cir - ok
20:12:37.0157 3112	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:12:37.0251 3112	HdAudAddService - ok
20:12:37.0298 3112	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:12:37.0329 3112	HDAudBus - ok
20:12:37.0344 3112	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:12:37.0376 3112	HidBatt - ok
20:12:37.0391 3112	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:12:37.0422 3112	HidBth - ok
20:12:37.0438 3112	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:12:37.0500 3112	HidIr - ok
20:12:37.0532 3112	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
20:12:37.0578 3112	HidUsb - ok
20:12:37.0625 3112	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:12:37.0641 3112	HpSAMD - ok
20:12:37.0719 3112	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:12:37.0844 3112	HTTP - ok
20:12:37.0875 3112	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:12:37.0890 3112	hwpolicy - ok
20:12:37.0953 3112	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:12:38.0000 3112	i8042prt - ok
20:12:38.0062 3112	iaStor          (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
20:12:38.0093 3112	iaStor - ok
20:12:38.0124 3112	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:12:38.0187 3112	iaStorV - ok
20:12:38.0577 3112	igfx            (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:12:39.0216 3112	igfx - ok
20:12:39.0279 3112	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:12:39.0310 3112	iirsp - ok
20:12:39.0435 3112	IntcAzAudAddService (3e3926f4fa7c9162c5c3ec6bf1e4f349) C:\Windows\system32\drivers\RTKVHD64.sys
20:12:39.0544 3112	IntcAzAudAddService - ok
20:12:39.0606 3112	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
20:12:39.0684 3112	IntcDAud - ok
20:12:39.0731 3112	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:12:39.0762 3112	intelide - ok
20:12:39.0778 3112	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:12:39.0825 3112	intelppm - ok
20:12:39.0887 3112	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:12:39.0996 3112	IpFilterDriver - ok
20:12:40.0028 3112	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:12:40.0090 3112	IPMIDRV - ok
20:12:40.0106 3112	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:12:40.0199 3112	IPNAT - ok
20:12:40.0230 3112	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:12:40.0324 3112	IRENUM - ok
20:12:40.0355 3112	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:12:40.0386 3112	isapnp - ok
20:12:40.0449 3112	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:12:40.0496 3112	iScsiPrt - ok
20:12:40.0511 3112	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:12:40.0527 3112	kbdclass - ok
20:12:40.0574 3112	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:12:40.0620 3112	kbdhid - ok
20:12:40.0698 3112	kbfiltr         (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
20:12:40.0730 3112	kbfiltr - ok
20:12:40.0761 3112	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:12:40.0808 3112	KSecDD - ok
20:12:40.0823 3112	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:12:40.0870 3112	KSecPkg - ok
20:12:40.0886 3112	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:12:40.0979 3112	ksthunk - ok
20:12:41.0026 3112	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:12:41.0104 3112	lltdio - ok
20:12:41.0151 3112	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:12:41.0166 3112	LSI_FC - ok
20:12:41.0182 3112	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:12:41.0213 3112	LSI_SAS - ok
20:12:41.0213 3112	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:12:41.0244 3112	LSI_SAS2 - ok
20:12:41.0244 3112	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:12:41.0276 3112	LSI_SCSI - ok
20:12:41.0291 3112	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:12:41.0354 3112	luafv - ok
20:12:41.0369 3112	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:12:41.0385 3112	megasas - ok
20:12:41.0400 3112	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:12:41.0432 3112	MegaSR - ok
20:12:41.0478 3112	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
20:12:41.0510 3112	MEIx64 - ok
20:12:41.0541 3112	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:12:41.0634 3112	Modem - ok
20:12:41.0666 3112	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:12:41.0712 3112	monitor - ok
20:12:41.0759 3112	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:12:41.0775 3112	mouclass - ok
20:12:41.0822 3112	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:12:41.0853 3112	mouhid - ok
20:12:41.0900 3112	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:12:41.0915 3112	mountmgr - ok
20:12:41.0962 3112	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:12:42.0009 3112	mpio - ok
20:12:42.0024 3112	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:12:42.0118 3112	mpsdrv - ok
20:12:42.0165 3112	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:12:42.0290 3112	MRxDAV - ok
20:12:42.0321 3112	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:12:42.0383 3112	mrxsmb - ok
20:12:42.0399 3112	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:12:42.0446 3112	mrxsmb10 - ok
20:12:42.0492 3112	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:12:42.0539 3112	mrxsmb20 - ok
20:12:42.0570 3112	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:12:42.0586 3112	msahci - ok
20:12:42.0633 3112	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:12:42.0664 3112	msdsm - ok
20:12:42.0680 3112	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:12:42.0773 3112	Msfs - ok
20:12:42.0820 3112	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:12:42.0914 3112	mshidkmdf - ok
20:12:42.0929 3112	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:12:42.0945 3112	msisadrv - ok
20:12:42.0992 3112	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:12:43.0070 3112	MSKSSRV - ok
20:12:43.0101 3112	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:12:43.0163 3112	MSPCLOCK - ok
20:12:43.0179 3112	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:12:43.0241 3112	MSPQM - ok
20:12:43.0288 3112	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:12:43.0350 3112	MsRPC - ok
20:12:43.0382 3112	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:12:43.0413 3112	mssmbios - ok
20:12:43.0428 3112	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:12:43.0522 3112	MSTEE - ok
20:12:43.0538 3112	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:12:43.0569 3112	MTConfig - ok
20:12:43.0584 3112	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:12:43.0616 3112	Mup - ok
20:12:43.0662 3112	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:12:43.0709 3112	NativeWifiP - ok
20:12:43.0787 3112	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:12:43.0850 3112	NDIS - ok
20:12:43.0896 3112	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:12:43.0974 3112	NdisCap - ok
20:12:44.0021 3112	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:12:44.0084 3112	NdisTapi - ok
20:12:44.0130 3112	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:12:44.0208 3112	Ndisuio - ok
20:12:44.0255 3112	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:12:44.0349 3112	NdisWan - ok
20:12:44.0396 3112	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:12:44.0489 3112	NDProxy - ok
20:12:44.0505 3112	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:12:44.0567 3112	NetBIOS - ok
20:12:44.0614 3112	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:12:44.0692 3112	NetBT - ok
20:12:44.0739 3112	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:12:44.0770 3112	nfrd960 - ok
20:12:44.0801 3112	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:12:44.0879 3112	Npfs - ok
20:12:44.0895 3112	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:12:44.0957 3112	nsiproxy - ok
20:12:45.0035 3112	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:12:45.0160 3112	Ntfs - ok
20:12:45.0176 3112	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:12:45.0269 3112	Null - ok
20:12:45.0644 3112	nvlddmkm        (41a7c6ed2bab4c304633b785c884a912) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:12:45.0987 3112	nvlddmkm - ok
20:12:46.0002 3112	nvpciflt        (d542153cb23459b8aad88cf17e36b670) C:\Windows\system32\DRIVERS\nvpciflt.sys
20:12:46.0018 3112	nvpciflt - ok
20:12:46.0080 3112	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:12:46.0112 3112	nvraid - ok
20:12:46.0143 3112	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:12:46.0174 3112	nvstor - ok
20:12:46.0205 3112	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:12:46.0221 3112	nv_agp - ok
20:12:46.0268 3112	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:12:46.0314 3112	ohci1394 - ok
20:12:46.0392 3112	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:12:46.0439 3112	Parport - ok
20:12:46.0486 3112	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:12:46.0517 3112	partmgr - ok
20:12:46.0548 3112	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:12:46.0595 3112	pci - ok
20:12:46.0626 3112	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:12:46.0642 3112	pciide - ok
20:12:46.0673 3112	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:12:46.0720 3112	pcmcia - ok
20:12:46.0736 3112	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:12:46.0767 3112	pcw - ok
20:12:46.0798 3112	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:12:46.0907 3112	PEAUTH - ok
20:12:47.0001 3112	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:12:47.0094 3112	PptpMiniport - ok
20:12:47.0126 3112	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:12:47.0188 3112	Processor - ok
20:12:47.0235 3112	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:12:47.0313 3112	Psched - ok
20:12:47.0391 3112	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:12:47.0531 3112	ql2300 - ok
20:12:47.0547 3112	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:12:47.0562 3112	ql40xx - ok
20:12:47.0578 3112	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:12:47.0656 3112	QWAVEdrv - ok
20:12:47.0656 3112	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:12:47.0718 3112	RasAcd - ok
20:12:47.0765 3112	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:12:47.0843 3112	RasAgileVpn - ok
20:12:47.0874 3112	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:12:47.0937 3112	Rasl2tp - ok
20:12:47.0968 3112	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:12:48.0077 3112	RasPppoe - ok
20:12:48.0077 3112	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:12:48.0140 3112	RasSstp - ok
20:12:48.0202 3112	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:12:48.0327 3112	rdbss - ok
20:12:48.0358 3112	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:12:48.0389 3112	rdpbus - ok
20:12:48.0420 3112	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:12:48.0467 3112	RDPCDD - ok
20:12:48.0498 3112	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:12:48.0561 3112	RDPENCDD - ok
20:12:48.0561 3112	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:12:48.0639 3112	RDPREFMP - ok
20:12:48.0670 3112	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:12:48.0764 3112	RDPWD - ok
20:12:48.0810 3112	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:12:48.0857 3112	rdyboost - ok
20:12:48.0920 3112	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:12:49.0029 3112	rspndr - ok
20:12:49.0091 3112	RSUSBVSTOR      (e57fac2cdb73f06586ed2ed310b80932) C:\Windows\system32\Drivers\RtsUVStor.sys
20:12:49.0138 3112	RSUSBVSTOR - ok
20:12:49.0200 3112	RTL8167         (20a466b9ea2bd828c0ec723f99b8cfe7) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:12:49.0232 3112	RTL8167 - ok
20:12:49.0278 3112	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:12:49.0310 3112	sbp2port - ok
20:12:49.0356 3112	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:12:49.0450 3112	scfilter - ok
20:12:49.0466 3112	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:12:49.0528 3112	secdrv - ok
20:12:49.0559 3112	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:12:49.0590 3112	Serenum - ok
20:12:49.0622 3112	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:12:49.0684 3112	Serial - ok
20:12:49.0731 3112	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:12:49.0762 3112	sermouse - ok
20:12:49.0809 3112	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:12:49.0856 3112	sffdisk - ok
20:12:49.0887 3112	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:12:49.0934 3112	sffp_mmc - ok
20:12:49.0934 3112	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:12:49.0980 3112	sffp_sd - ok
20:12:49.0996 3112	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:12:50.0027 3112	sfloppy - ok
20:12:50.0074 3112	SiSGbeLH        (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
20:12:50.0121 3112	SiSGbeLH - ok
20:12:50.0136 3112	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:12:50.0168 3112	SiSRaid2 - ok
20:12:50.0183 3112	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:12:50.0214 3112	SiSRaid4 - ok
20:12:50.0230 3112	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:12:50.0324 3112	Smb - ok
20:12:50.0417 3112	SNP2UVC         (c98375d19f9e9966f6201bae65fb3728) C:\Windows\system32\DRIVERS\snp2uvc.sys
20:12:50.0604 3112	SNP2UVC - ok
20:12:50.0620 3112	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:12:50.0636 3112	spldr - ok
20:12:50.0682 3112	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:12:50.0745 3112	srv - ok
20:12:50.0792 3112	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:12:50.0870 3112	srv2 - ok
20:12:50.0901 3112	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:12:50.0948 3112	srvnet - ok
20:12:51.0010 3112	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:12:51.0026 3112	stexstor - ok
20:12:51.0088 3112	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:12:51.0119 3112	swenum - ok
20:12:51.0228 3112	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:12:51.0369 3112	Tcpip - ok
20:12:51.0462 3112	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:12:51.0525 3112	TCPIP6 - ok
20:12:51.0556 3112	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:12:51.0650 3112	tcpipreg - ok
20:12:51.0665 3112	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:12:51.0728 3112	TDPIPE - ok
20:12:51.0743 3112	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:12:51.0806 3112	TDTCP - ok
20:12:51.0852 3112	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:12:51.0899 3112	tdx - ok
20:12:51.0930 3112	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:12:51.0962 3112	TermDD - ok
20:12:52.0008 3112	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:12:52.0071 3112	tssecsrv - ok
20:12:52.0133 3112	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:12:52.0196 3112	TsUsbFlt - ok
20:12:52.0258 3112	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:12:52.0352 3112	tunnel - ok
20:12:52.0398 3112	TurboB          (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys
20:12:52.0414 3112	TurboB - ok
20:12:52.0445 3112	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:12:52.0476 3112	uagp35 - ok
20:12:52.0523 3112	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:12:52.0648 3112	udfs - ok
20:12:52.0679 3112	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:12:52.0695 3112	uliagpkx - ok
20:12:52.0742 3112	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:12:52.0773 3112	umbus - ok
20:12:52.0788 3112	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:12:52.0804 3112	UmPass - ok
20:12:52.0835 3112	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:12:52.0882 3112	usbccgp - ok
20:12:52.0913 3112	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:12:52.0976 3112	usbcir - ok
20:12:53.0007 3112	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:12:53.0054 3112	usbehci - ok
20:12:53.0085 3112	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:12:53.0163 3112	usbhub - ok
20:12:53.0194 3112	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:12:53.0241 3112	usbohci - ok
20:12:53.0256 3112	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:12:53.0303 3112	usbprint - ok
20:12:53.0334 3112	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:12:53.0366 3112	USBSTOR - ok
20:12:53.0397 3112	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:12:53.0428 3112	usbuhci - ok
20:12:53.0475 3112	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
20:12:53.0537 3112	usbvideo - ok
20:12:53.0584 3112	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:12:53.0600 3112	vdrvroot - ok
20:12:53.0631 3112	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:12:53.0678 3112	vga - ok
20:12:53.0709 3112	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:12:53.0787 3112	VgaSave - ok
20:12:53.0802 3112	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:12:53.0834 3112	vhdmp - ok
20:12:53.0849 3112	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:12:53.0865 3112	viaide - ok
20:12:53.0896 3112	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:12:53.0912 3112	volmgr - ok
20:12:53.0958 3112	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:12:53.0990 3112	volmgrx - ok
20:12:54.0005 3112	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:12:54.0052 3112	volsnap - ok
20:12:54.0099 3112	vpnva           (0e4df91e83da5739ffb18535d4db10aa) C:\Windows\system32\DRIVERS\vpnva64.sys
20:12:54.0114 3112	vpnva - ok
20:12:54.0146 3112	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:12:54.0177 3112	vsmraid - ok
20:12:54.0208 3112	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:12:54.0239 3112	vwifibus - ok
20:12:54.0255 3112	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:12:54.0286 3112	vwififlt - ok
20:12:54.0302 3112	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:12:54.0333 3112	WacomPen - ok
20:12:54.0380 3112	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:12:54.0473 3112	WANARP - ok
20:12:54.0504 3112	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:12:54.0551 3112	Wanarpv6 - ok
20:12:54.0676 3112	WCMVCAM         (3a2d452c40162823b79867040b46d4a8) C:\Windows\system32\DRIVERS\wcmvcam64.sys
20:12:54.0738 3112	WCMVCAM - ok
20:12:54.0754 3112	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:12:54.0785 3112	Wd - ok
20:12:54.0816 3112	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:12:54.0879 3112	Wdf01000 - ok
20:12:54.0926 3112	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:12:55.0004 3112	WfpLwf - ok
20:12:55.0066 3112	WimFltr         (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
20:12:55.0097 3112	WimFltr - ok
20:12:55.0128 3112	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:12:55.0160 3112	WIMMount - ok
20:12:55.0269 3112	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:12:55.0316 3112	WmiAcpi - ok
20:12:55.0362 3112	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:12:55.0456 3112	ws2ifsl - ok
20:12:55.0518 3112	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:12:55.0612 3112	WudfPf - ok
20:12:55.0628 3112	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:12:55.0690 3112	WUDFRd - ok
20:12:55.0737 3112	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:12:55.0971 3112	\Device\Harddisk0\DR0 - ok
20:12:55.0986 3112	Boot (0x1200)   (8f48b47b8db8dd8c713fafa0f915bef7) \Device\Harddisk0\DR0\Partition0
20:12:55.0986 3112	\Device\Harddisk0\DR0\Partition0 - ok
20:12:56.0018 3112	Boot (0x1200)   (e7dc66a91668317c69f3aa45d8d27130) \Device\Harddisk0\DR0\Partition1
20:12:56.0018 3112	\Device\Harddisk0\DR0\Partition1 - ok
20:12:56.0018 3112	============================================================
20:12:56.0018 3112	Scan finished
20:12:56.0018 3112	============================================================
20:12:56.0049 5040	Detected object count: 0
20:12:56.0049 5040	Actual detected object count: 0

Beim unhide bin ich gerade noch dabei.

Käpsele · 25.01.2012, 20:24

Hm, also Unhide hat jetzt meine Userdateien (Bilder, Dokumente, Musik, ...) wieder sichtbar gemacht. Aber die Verknüpfungen auf dem Desktop und die Schnellstrartleiste sind nicht wieder aufgetaucht. Und im Startmenü fehlt leider auch weiterhin alles.

cosinus · 25.01.2012, 20:35

Zitat:

Und im Startmenü fehlt leider auch weiterhin alles.

Damit das klar ist: was vom Schädling gelöscht wurde, lässt sich nicht durch eine Bereingung einfach so wieder zurückholen.

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Käpsele · 25.01.2012, 20:45

Ich hab Avira ausgeschaltet (Echtzeit-Scanner nicht aktiviert), aber Combofix sagt mir, dass es immernoch aktiv ist. Und jetzt steht da "Bitte nehme zur Kenntnis, das dies in eigener Verantwotung geschieht." (Das "dass" nach dem Komma müsste übrigens zwei s haben.) Und ich will nichts falsch machen.

cosinus · 25.01.2012, 20:48

Wenn der Scanner nicht aktiviert ist (regenschirm zu) kannst du CF werkeln lassen

Käpsele · 25.01.2012, 20:48

Alles klar, danke.

Käpsele · 25.01.2012, 21:20

Combofix-Log:

Code:

ATTFilter

ComboFix 12-01-23.02 - Helene 25.01.2012  20:49:49.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4008.2602 [GMT 1:00]
ausgeführt von:: c:\users\Helene\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Helene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Helene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Helene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-25 bis 2012-01-25  ))))))))))))))))))))))))))))))
.
.
2012-01-25 19:59 . 2012-01-25 19:59	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-01-25 19:59 . 2012-01-25 19:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-25 19:25 . 2012-01-25 19:26	--------	d-----w-	c:\users\Helene\AppData\Roaming\vlc
2012-01-25 18:25 . 2012-01-25 20:01	45056	----a-w-	c:\windows\system32\acovcnt.exe
2012-01-25 18:21 . 2012-01-25 18:21	--------	d-----w-	C:\_OTL
2012-01-25 12:40 . 2012-01-25 12:40	--------	d-----w-	c:\program files (x86)\ESET
2012-01-25 10:46 . 2012-01-25 10:46	--------	d-----w-	c:\users\Helene\AppData\Roaming\Malwarebytes
2012-01-25 10:45 . 2012-01-25 10:45	--------	d-----w-	c:\programdata\Malwarebytes
2012-01-25 10:45 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-25 10:45 . 2012-01-25 10:45	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-25 09:27 . 2012-01-06 05:15	8602168	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC3A6931-6130-4478-A850-2E76C9ABEE7C}\mpengine.dll
2012-01-16 21:02 . 2012-01-16 21:34	--------	d-----w-	c:\users\Helene\.jenny
2012-01-11 12:01 . 2011-10-26 05:25	1572864	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 12:01 . 2011-10-26 05:25	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-01-11 12:01 . 2011-10-26 04:32	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-01-11 12:01 . 2011-10-26 04:32	1328128	----a-w-	c:\windows\SysWow64\quartz.dll
2012-01-11 11:56 . 2011-11-17 06:41	1731920	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 11:56 . 2011-11-17 05:38	1292080	----a-w-	c:\windows\SysWow64\ntdll.dll
2012-01-11 11:56 . 2011-11-19 14:58	77312	----a-w-	c:\windows\system32\packager.dll
2012-01-11 11:56 . 2011-11-19 14:01	67072	----a-w-	c:\windows\SysWow64\packager.dll
2012-01-09 22:24 . 2012-01-09 22:24	--------	d-----w-	c:\users\Helene\AppData\Local\DDMSettings
2012-01-09 22:23 . 2012-01-09 22:23	--------	d-----w-	c:\users\Helene\AppData\Roaming\DivX
2012-01-09 22:23 . 2012-01-09 22:23	--------	d-----w-	c:\program files (x86)\Common Files\PX Storage Engine
2012-01-04 00:48 . 2012-01-04 00:48	354176	----a-w-	c:\windows\SysWow64\DivXControlPanelApplet.cpl
2012-01-03 13:10 . 2012-01-03 13:10	182672	----a-w-	c:\program files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-25 20:01 . 2011-03-16 14:32	17920	----a-w-	c:\windows\system32\rpcnetp.exe
2012-01-25 20:01 . 2011-10-08 15:20	58288	----a-w-	c:\windows\SysWow64\rpcnet.dll
2012-01-25 09:31 . 2011-10-08 17:50	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-13 22:12 . 2011-10-08 17:29	15664	----a-w-	c:\windows\SysWow64\drivers\GEARAspiWDM.sys
2011-12-13 22:12 . 2011-10-08 17:29	109360	----a-w-	c:\windows\SysWow64\GEARAspi.dll
2011-12-13 21:08 . 2011-10-08 15:36	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-12-05 18:48 . 2011-12-05 18:48	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-30 18:25 . 2011-11-30 18:25	158056	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-24 04:52 . 2011-12-13 22:18	3145216	----a-w-	c:\windows\system32\win32k.sys
2011-11-15 13:29 . 2011-10-11 10:42	270720	------w-	c:\windows\system32\MpSigStub.exe
2011-11-09 19:21 . 2011-11-09 19:21	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2011-11-09 19:21 . 2011-11-09 19:21	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2011-11-09 19:21 . 2011-11-09 19:21	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2011-11-09 19:21 . 2011-11-09 19:21	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-11-09 19:21 . 2011-11-09 19:21	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2011-11-09 19:21 . 2011-11-09 19:21	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2011-11-09 19:21 . 2011-11-09 19:21	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2011-11-09 19:21 . 2011-11-09 19:21	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2011-11-09 19:21 . 2011-11-09 19:21	367104	----a-w-	c:\windows\SysWow64\html.iec
2011-11-09 19:21 . 2011-11-09 19:21	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2011-11-09 19:21 . 2011-11-09 19:21	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2011-11-09 19:21 . 2011-11-09 19:21	222208	----a-w-	c:\windows\system32\msls31.dll
2011-11-09 19:21 . 2011-11-09 19:21	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2011-11-09 19:21 . 2011-11-09 19:21	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2011-11-09 19:21 . 2011-11-09 19:21	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2011-11-09 19:21 . 2011-11-09 19:21	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2011-11-09 19:21 . 2011-11-09 19:21	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2011-11-09 19:21 . 2011-11-09 19:21	12288	----a-w-	c:\windows\system32\mshta.exe
2011-11-09 19:21 . 2011-11-09 19:21	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2011-11-09 19:21 . 2011-11-09 19:21	114176	----a-w-	c:\windows\system32\admparse.dll
2011-11-09 19:21 . 2011-11-09 19:21	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2011-11-09 19:21 . 2011-11-09 19:21	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2011-11-09 19:21 . 2011-11-09 19:21	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2011-11-09 19:21 . 2011-11-09 19:21	85504	----a-w-	c:\windows\system32\iesetup.dll
2011-11-09 19:21 . 2011-11-09 19:21	76800	----a-w-	c:\windows\system32\tdc.ocx
2011-11-09 19:21 . 2011-11-09 19:21	603648	----a-w-	c:\windows\system32\vbscript.dll
2011-11-09 19:21 . 2011-11-09 19:21	49664	----a-w-	c:\windows\system32\imgutil.dll
2011-11-09 19:21 . 2011-11-09 19:21	48640	----a-w-	c:\windows\system32\mshtmler.dll
2011-11-09 19:21 . 2011-11-09 19:21	448512	----a-w-	c:\windows\system32\html.iec
2011-11-09 19:21 . 2011-11-09 19:21	30720	----a-w-	c:\windows\system32\licmgr10.dll
2011-11-09 19:21 . 2011-11-09 19:21	165888	----a-w-	c:\windows\system32\iexpress.exe
2011-11-09 19:21 . 2011-11-09 19:21	160256	----a-w-	c:\windows\system32\wextract.exe
2011-11-09 19:21 . 2011-11-09 19:21	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2011-11-09 19:21 . 2011-11-09 19:21	111616	----a-w-	c:\windows\system32\iesysprep.dll
2011-11-05 05:32 . 2011-12-13 22:18	2048	----a-w-	c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-13 22:18	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 10:03	2309120	----a-w-	c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 10:03	1390080	----a-w-	c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 10:03	1493504	----a-w-	c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 10:03	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 10:03	1798144	----a-w-	c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 10:03	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 10:03	1127424	----a-w-	c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 10:03	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-05 258512]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-09-08 2317312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-08 136176]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-08 136176]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-05 86224]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-16 2009704]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-08 16:32]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-08 16:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-16 2188904]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2010-01-21 909824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mStart Page = 
mLocal Page = 
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 212.202.215.1 212.202.215.2
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\Helene\AppData\Roaming\Mozilla\Firefox\Profiles\3kpj2a17.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://de-de.facebook.com/
FF - user.js: general.useragent.extra.brc - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\rpcnet.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-25  21:11:44 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-25 20:11
.
Vor Suchlauf: 13 Verzeichnis(se), 40.372.113.408 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 39.730.880.512 Bytes frei
.
- - End Of File - - 26118383F78BAB18E3C2A7C1F3CF7C9E

Im Moment habe ich noch diese Fehlermeldung, die im "How to"- Post beschrieben wird. Ich starte aber jetzt mal den Rechner neu.

Ach ja, zwei Sachen noch. In meinem persönlichen Ordner ist ein leere Ordner, der .jenny heißt. Der war früher nicht da. Da bin ich mir ganz sicher.
Und, seit dem OTL-Fix sind meine Suchmaschinen bei Firefox durcheinander und auch wenn ich sie richtig sortiere, nach dem nächsten Start von FF sind sie wieder durcheinander. Kann man da was ändern?

cosinus · 26.01.2012, 11:21

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

Folder::
c:\users\Helene\.jenny

File::
c:\windows\system32\acovcnt.exe

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Käpsele · 26.01.2012, 12:00

Okay, weiter geht's. Hier also der neue Combofix-Log:

Code:

ATTFilter

ComboFix 12-01-23.02 - Helene 26.01.2012  11:30:09.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4008.2589 [GMT 1:00]
ausgeführt von:: c:\users\Helene\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Helene\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\acovcnt.exe"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Helene\.jenny
c:\users\Helene\AppData\Local\uninst.tmp
c:\windows\system32\acovcnt.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-26 bis 2012-01-26  ))))))))))))))))))))))))))))))
.
.
2012-01-26 10:39 . 2012-01-26 10:39	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-01-26 10:39 . 2012-01-26 10:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-25 19:25 . 2012-01-25 19:26	--------	d-----w-	c:\users\Helene\AppData\Roaming\vlc
2012-01-25 18:21 . 2012-01-25 18:21	--------	d-----w-	C:\_OTL
2012-01-25 12:40 . 2012-01-25 12:40	--------	d-----w-	c:\program files (x86)\ESET
2012-01-25 10:46 . 2012-01-25 10:46	--------	d-----w-	c:\users\Helene\AppData\Roaming\Malwarebytes
2012-01-25 10:45 . 2012-01-25 10:45	--------	d-----w-	c:\programdata\Malwarebytes
2012-01-25 10:45 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-25 10:45 . 2012-01-25 10:45	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-25 09:27 . 2012-01-06 05:15	8602168	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC3A6931-6130-4478-A850-2E76C9ABEE7C}\mpengine.dll
2012-01-11 12:01 . 2011-10-26 05:25	1572864	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 12:01 . 2011-10-26 05:25	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-01-11 12:01 . 2011-10-26 04:32	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-01-11 12:01 . 2011-10-26 04:32	1328128	----a-w-	c:\windows\SysWow64\quartz.dll
2012-01-11 11:56 . 2011-11-17 06:41	1731920	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 11:56 . 2011-11-17 05:38	1292080	----a-w-	c:\windows\SysWow64\ntdll.dll
2012-01-11 11:56 . 2011-11-19 14:58	77312	----a-w-	c:\windows\system32\packager.dll
2012-01-11 11:56 . 2011-11-19 14:01	67072	----a-w-	c:\windows\SysWow64\packager.dll
2012-01-09 22:24 . 2012-01-09 22:24	--------	d-----w-	c:\users\Helene\AppData\Local\DDMSettings
2012-01-09 22:23 . 2012-01-09 22:23	--------	d-----w-	c:\users\Helene\AppData\Roaming\DivX
2012-01-09 22:23 . 2012-01-09 22:23	--------	d-----w-	c:\program files (x86)\Common Files\PX Storage Engine
2012-01-04 00:48 . 2012-01-04 00:48	354176	----a-w-	c:\windows\SysWow64\DivXControlPanelApplet.cpl
2012-01-03 13:10 . 2012-01-03 13:10	182672	----a-w-	c:\program files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 10:40 . 2011-03-16 14:32	17920	----a-w-	c:\windows\system32\rpcnetp.exe
2012-01-26 10:40 . 2011-10-08 15:20	58288	----a-w-	c:\windows\SysWow64\rpcnet.dll
2012-01-25 09:31 . 2011-10-08 17:50	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-13 22:12 . 2011-10-08 17:29	15664	----a-w-	c:\windows\SysWow64\drivers\GEARAspiWDM.sys
2011-12-13 22:12 . 2011-10-08 17:29	109360	----a-w-	c:\windows\SysWow64\GEARAspi.dll
2011-12-13 21:08 . 2011-10-08 15:36	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-12-05 18:48 . 2011-12-05 18:48	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-30 18:25 . 2011-11-30 18:25	158056	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-24 04:52 . 2011-12-13 22:18	3145216	----a-w-	c:\windows\system32\win32k.sys
2011-11-15 13:29 . 2011-10-11 10:42	270720	------w-	c:\windows\system32\MpSigStub.exe
2011-11-09 19:21 . 2011-11-09 19:21	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2011-11-09 19:21 . 2011-11-09 19:21	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2011-11-09 19:21 . 2011-11-09 19:21	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2011-11-09 19:21 . 2011-11-09 19:21	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-11-09 19:21 . 2011-11-09 19:21	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2011-11-09 19:21 . 2011-11-09 19:21	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2011-11-09 19:21 . 2011-11-09 19:21	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2011-11-09 19:21 . 2011-11-09 19:21	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2011-11-09 19:21 . 2011-11-09 19:21	367104	----a-w-	c:\windows\SysWow64\html.iec
2011-11-09 19:21 . 2011-11-09 19:21	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2011-11-09 19:21 . 2011-11-09 19:21	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2011-11-09 19:21 . 2011-11-09 19:21	222208	----a-w-	c:\windows\system32\msls31.dll
2011-11-09 19:21 . 2011-11-09 19:21	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2011-11-09 19:21 . 2011-11-09 19:21	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2011-11-09 19:21 . 2011-11-09 19:21	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2011-11-09 19:21 . 2011-11-09 19:21	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2011-11-09 19:21 . 2011-11-09 19:21	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2011-11-09 19:21 . 2011-11-09 19:21	12288	----a-w-	c:\windows\system32\mshta.exe
2011-11-09 19:21 . 2011-11-09 19:21	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2011-11-09 19:21 . 2011-11-09 19:21	114176	----a-w-	c:\windows\system32\admparse.dll
2011-11-09 19:21 . 2011-11-09 19:21	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2011-11-09 19:21 . 2011-11-09 19:21	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2011-11-09 19:21 . 2011-11-09 19:21	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2011-11-09 19:21 . 2011-11-09 19:21	85504	----a-w-	c:\windows\system32\iesetup.dll
2011-11-09 19:21 . 2011-11-09 19:21	76800	----a-w-	c:\windows\system32\tdc.ocx
2011-11-09 19:21 . 2011-11-09 19:21	603648	----a-w-	c:\windows\system32\vbscript.dll
2011-11-09 19:21 . 2011-11-09 19:21	49664	----a-w-	c:\windows\system32\imgutil.dll
2011-11-09 19:21 . 2011-11-09 19:21	48640	----a-w-	c:\windows\system32\mshtmler.dll
2011-11-09 19:21 . 2011-11-09 19:21	448512	----a-w-	c:\windows\system32\html.iec
2011-11-09 19:21 . 2011-11-09 19:21	30720	----a-w-	c:\windows\system32\licmgr10.dll
2011-11-09 19:21 . 2011-11-09 19:21	165888	----a-w-	c:\windows\system32\iexpress.exe
2011-11-09 19:21 . 2011-11-09 19:21	160256	----a-w-	c:\windows\system32\wextract.exe
2011-11-09 19:21 . 2011-11-09 19:21	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2011-11-09 19:21 . 2011-11-09 19:21	111616	----a-w-	c:\windows\system32\iesysprep.dll
2011-11-05 05:32 . 2011-12-13 22:18	2048	----a-w-	c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-13 22:18	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 10:03	2309120	----a-w-	c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 10:03	1390080	----a-w-	c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 10:03	1493504	----a-w-	c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 10:03	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 10:03	1798144	----a-w-	c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 10:03	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 10:03	1127424	----a-w-	c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 10:03	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-01-25_20.02.13   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-16 16:04 . 2012-01-26 09:00	39426              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-26 09:00	31170              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-09 04:31 . 2012-01-25 20:29	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-09 04:31 . 2012-01-25 19:52	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-01-25 19:52 . 2012-01-25 19:52	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-25 19:52 . 2012-01-25 20:29	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-25 19:52	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-25 20:29	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-25 22:32 . 2012-01-25 22:32	92534              c:\windows\Installer\{64452561-169F-4A36-A2FF-B5E118EC65F5}\_4ae13d6c.exe
- 2011-03-16 16:22 . 2011-03-16 16:22	92534              c:\windows\Installer\{64452561-169F-4A36-A2FF-B5E118EC65F5}\_4ae13d6c.exe
- 2011-03-16 16:22 . 2011-03-16 16:22	12862              c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
+ 2011-03-16 16:22 . 2012-01-25 22:31	12862              c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
+ 2011-03-16 16:22 . 2012-01-25 22:31	12862              c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_6FEFF9B68218417F98F549.exe
- 2011-03-16 16:22 . 2011-03-16 16:22	12862              c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_6FEFF9B68218417F98F549.exe
- 2011-03-16 16:22 . 2011-03-16 16:22	12862              c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_06A25776E43957E4BCFF7B.exe
+ 2011-03-16 16:22 . 2012-01-25 22:31	12862              c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_06A25776E43957E4BCFF7B.exe
+ 2011-10-08 13:39 . 2012-01-26 09:00	7858              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3547748543-4258099140-2045507340-1001_UserData.bin
- 2012-01-25 20:01 . 2012-01-25 20:01	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-26 10:40 . 2012-01-26 10:40	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-25 20:01 . 2012-01-25 20:01	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-26 10:40 . 2012-01-26 10:40	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-03-16 01:39 . 2012-01-25 20:00	768528              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-03-16 01:39 . 2012-01-26 10:39	768528              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-01-25 20:00	276612              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-26 10:39	276612              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-08 20:47 . 2012-01-25 22:06	277380              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3547748543-4258099140-2045507340-1001-12288.dat
- 2011-10-08 20:47 . 2012-01-25 18:24	277380              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3547748543-4258099140-2045507340-1001-12288.dat
+ 2009-12-29 08:41 . 2009-12-29 08:41	829440              c:\windows\Installer\6fbbc.msi
+ 2010-12-17 17:57 . 2010-12-17 17:57	651492              c:\windows\Installer\6fb43.msi
+ 2010-09-23 08:54 . 2010-09-23 08:54	888832              c:\windows\Installer\6fa21.msi
+ 2011-06-07 08:28 . 2011-06-07 08:28	461312              c:\windows\Installer\22b18.msi
- 2012-01-11 13:16 . 2012-01-11 13:16	114734              c:\windows\Installer\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}\_294823.exe
+ 2012-01-25 22:17 . 2012-01-25 22:17	114734              c:\windows\Installer\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}\_294823.exe
+ 2011-03-16 16:22 . 2012-01-25 22:31	103022              c:\windows\Installer\{38253529-D97D-4901-AE53-5CC9736D3A2E}\_F80BCFB01BCF9FE6C39A80.exe
- 2011-03-16 16:22 . 2011-03-16 16:22	103022              c:\windows\Installer\{38253529-D97D-4901-AE53-5CC9736D3A2E}\_F80BCFB01BCF9FE6C39A80.exe
+ 2011-03-16 16:22 . 2012-01-25 22:31	103022              c:\windows\Installer\{38253529-D97D-4901-AE53-5CC9736D3A2E}\_6FEFF9B68218417F98F549.exe
- 2011-03-16 16:22 . 2011-03-16 16:22	103022              c:\windows\Installer\{38253529-D97D-4901-AE53-5CC9736D3A2E}\_6FEFF9B68218417F98F549.exe
- 2011-03-16 16:22 . 2011-03-16 16:22	103022              c:\windows\Installer\{38253529-D97D-4901-AE53-5CC9736D3A2E}\_6335154612896D402F98C3.exe
+ 2011-03-16 16:22 . 2012-01-25 22:31	103022              c:\windows\Installer\{38253529-D97D-4901-AE53-5CC9736D3A2E}\_6335154612896D402F98C3.exe
- 2011-03-16 16:19 . 2011-03-16 16:19	372078              c:\windows\Installer\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}\_C9BEC68FDCE220A882D6B5.exe
+ 2011-03-16 16:19 . 2012-01-25 22:25	372078              c:\windows\Installer\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}\_C9BEC68FDCE220A882D6B5.exe
+ 2011-03-16 16:19 . 2012-01-25 22:25	372078              c:\windows\Installer\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}\_6FEFF9B68218417F98F549.exe
- 2011-03-16 16:19 . 2011-03-16 16:19	372078              c:\windows\Installer\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}\_6FEFF9B68218417F98F549.exe
+ 2009-12-18 08:19 . 2009-12-18 08:19	8536576              c:\windows\Installer\6fb50.msi
+ 2011-06-06 11:55 . 2011-06-06 11:55	1189004              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-10-08 16:19 . 2012-01-26 10:39	20938740              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3547748543-4258099140-2045507340-1001-8192.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-05 258512]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-09-08 2317312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-3-16 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-08 136176]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-08 136176]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-25 17536]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-05 86224]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-16 2009704]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-08 16:32]
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-08 16:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-16 2188904]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2010-01-21 909824]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mStart Page = 
mLocal Page = 
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 212.202.215.1 212.202.215.2
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\Helene\AppData\Roaming\Mozilla\Firefox\Profiles\3kpj2a17.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://de-de.facebook.com/
FF - user.js: general.useragent.extra.brc - 
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\rpcnet.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-26  11:54:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-26 10:54
ComboFix2.txt  2012-01-25 20:11
.
Vor Suchlauf: 15 Verzeichnis(se), 39.396.904.960 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 38.750.183.424 Bytes frei
.
- - End Of File - - 825C31C842D3703D01AFBD3C58CB2AF6

cosinus · 26.01.2012, 16:32

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Käpsele · 26.01.2012, 17:02

aswMBR-Log:

Code:

ATTFilter

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-01-26 16:40:00
-----------------------------
16:40:00.554    OS Version: Windows x64 6.1.7601 Service Pack 1
16:40:00.554    Number of processors: 4 586 0x2A07
16:40:00.554    ComputerName: HELENE-NOTEBOOK  UserName: Helene
16:40:01.677    Initialize success
16:42:34.725    AVAST engine defs: 12012601
16:43:11.573    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:43:11.588    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
16:43:11.604    Disk 0 MBR read successfully
16:43:11.619    Disk 0 MBR scan
16:43:11.619    Disk 0 Windows 7 default MBR code
16:43:11.635    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    22003 MB offset 63
16:43:11.666    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       119235 MB offset 45062328
16:43:11.682    Disk 0 Partition - 00     0F Extended LBA            335700 MB offset 289257472
16:43:11.713    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       335699 MB offset 289259520
16:43:11.729    Service scanning
16:43:16.783    Modules scanning
16:43:16.783    Disk 0 trace - called modules:
16:43:16.799    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
16:43:16.814    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069a8060]
16:43:16.830    3 CLASSPNP.SYS[fffff88001b9743f] -> nt!IofCallDriver -> [0xfffffa8004ac2c40]
16:43:16.830    5 ACPI.sys[fffff88000eec7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ac6050]
16:43:17.329    AVAST engine scan C:\Windows
16:43:22.071    AVAST engine scan C:\Windows\system32
16:43:32.867    File: C:\Windows\system32\consrv.dll  **INFECTED** Win32:Sirefef-HO [Rtk]
16:46:48.678    AVAST engine scan C:\Windows\system32\drivers
16:47:00.222    AVAST engine scan C:\Users\Helene
17:00:15.028    AVAST engine scan C:\ProgramData
17:01:01.048    Scan finished successfully
17:01:25.790    Disk 0 MBR has been saved successfully to "C:\Users\Helene\Desktop\MBR.dat"
17:01:25.805    The log file has been saved successfully to "C:\Users\Helene\Desktop\aswMBR.txt"

cosinus · 26.01.2012, 17:18

Zitat:

C:\Windows\system32\consrv.dll

Versuch diese Datei mal manuell zu löschen.
Hinweis: http://www.trojaner-board.de/59624-a...-sichtbar.html

Wenn das klappte bitte wieder ein neues Log mit aswMBR machen

Käpsele · 26.01.2012, 17:48

So, hier der neue aswMBR-Log:

Code:

ATTFilter

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-01-26 17:28:00
-----------------------------
17:28:00.524    OS Version: Windows x64 6.1.7601 Service Pack 1
17:28:00.524    Number of processors: 4 586 0x2A07
17:28:00.524    ComputerName: HELENE-NOTEBOOK  UserName: Helene
17:28:01.881    Initialize success
17:28:07.934    AVAST engine defs: 12012601
17:28:14.876    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:28:14.876    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
17:28:14.922    Disk 0 MBR read successfully
17:28:14.922    Disk 0 MBR scan
17:28:14.938    Disk 0 Windows 7 default MBR code
17:28:14.938    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    22003 MB offset 63
17:28:14.969    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       119235 MB offset 45062328
17:28:14.985    Disk 0 Partition - 00     0F Extended LBA            335700 MB offset 289257472
17:28:15.016    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       335699 MB offset 289259520
17:28:15.032    Service scanning
17:28:16.155    Modules scanning
17:28:16.155    Disk 0 trace - called modules:
17:28:16.186    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
17:28:16.186    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069a8060]
17:28:16.202    3 CLASSPNP.SYS[fffff88001b9743f] -> nt!IofCallDriver -> [0xfffffa8004ac2c40]
17:28:16.202    5 ACPI.sys[fffff88000eec7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ac6050]
17:28:17.122    AVAST engine scan C:\Windows
17:28:27.964    AVAST engine scan C:\Windows\system32
17:31:04.245    AVAST engine scan C:\Windows\system32\drivers
17:31:15.336    AVAST engine scan C:\Users\Helene
17:40:28.108    AVAST engine scan C:\ProgramData
17:41:17.903    Scan finished successfully
17:42:37.089    Disk 0 MBR has been saved successfully to "C:\Users\Helene\Desktop\MBR.dat"
17:42:37.104    The log file has been saved successfully to "C:\Users\Helene\Desktop\aswMBR.txt"

Als ich die consrv.dll-Datei gelöscht hab, hat Antivir gleich einen Fund im Papierkorb gemeldet und ich hab die Datei in Quarantäne verschieben lassen. Und als dann der Scan angelaufen ist, kam gleich wieder eine Antivir-Meldung über einen Fund. Und zwar die hier:
In der Datei 'C:\Users\Helene\AppData\Local\Temp\_avast4_\unp215731785.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner

25.01.2012, 20:48	#22
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows - Delayed Write Failed (2012-01-25) Wenn der Scanner nicht aktiviert ist (regenschirm zu) kannst du CF werkeln lassen __________________ Logfiles bitte immer in CODE-Tags posten

Windows - Delayed Write Failed (2012-01-25)

Plagegeister aller Art und deren Bekämpfung: Windows - Delayed Write Failed (2012-01-25)