Rootkit.Win32.TDSS.tdl3 bitte mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.

erledigt, hier das neue log:

Code: Alles auswählenAufklappen

ATTFilter

 16:41:04.0611 5484	TDSS rootkit removing tool 2.7.9.0 Feb  1 2012 09:28:49
16:41:04.0830 5484	============================================================
16:41:04.0830 5484	Current date / time: 2012/02/03 16:41:04.0830
16:41:04.0830 5484	SystemInfo:
16:41:04.0830 5484	
16:41:04.0830 5484	OS Version: 6.0.6002 ServicePack: 2.0
16:41:04.0830 5484	Product type: Workstation
16:41:04.0830 5484	ComputerName: FMNOTEBOOK
16:41:04.0830 5484	UserName: Fabian
16:41:04.0830 5484	Windows directory: C:\Windows
16:41:04.0830 5484	System windows directory: C:\Windows
16:41:04.0830 5484	Processor architecture: Intel x86
16:41:04.0830 5484	Number of processors: 2
16:41:04.0830 5484	Page size: 0x1000
16:41:04.0830 5484	Boot type: Normal boot
16:41:04.0830 5484	============================================================
16:41:06.0406 5484	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:41:06.0438 5484	\Device\Harddisk0\DR0:
16:41:06.0469 5484	MBR used
16:41:06.0469 5484	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2F800, BlocksNum 0x1400000
16:41:06.0469 5484	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x142F800, BlocksNum 0x110E97F8
16:41:06.0672 5484	Initialize success
16:41:06.0672 5484	============================================================
16:42:03.0549 5896	============================================================
16:42:03.0549 5896	Scan started
16:42:03.0549 5896	Mode: Manual; SigCheck; TDLFS; 
16:42:03.0549 5896	============================================================
16:42:07.0153 5896	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:42:07.0402 5896	ACPI - ok
16:42:08.0276 5896	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
16:42:08.0416 5896	adp94xx - ok
16:42:08.0557 5896	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
16:42:08.0619 5896	adpahci - ok
16:42:08.0666 5896	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
16:42:08.0697 5896	adpu160m - ok
16:42:08.0744 5896	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
16:42:08.0760 5896	adpu320 - ok
16:42:08.0947 5896	Afc             (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
16:42:09.0118 5896	Afc - ok
16:42:10.0195 5896	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:42:10.0444 5896	AFD - ok
16:42:10.0897 5896	agp440          (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
16:42:10.0944 5896	agp440 - ok
16:42:11.0115 5896	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:42:11.0162 5896	aic78xx - ok
16:42:11.0209 5896	aliide          (e32a92e1574a467f7c762922f6162d76) C:\Windows\system32\drivers\aliide.sys
16:42:11.0240 5896	aliide - ok
16:42:11.0365 5896	amdagp          (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
16:42:11.0396 5896	amdagp - ok
16:42:11.0458 5896	amdide          (b52b576cb0099a62f87214f371031561) C:\Windows\system32\drivers\amdide.sys
16:42:11.0474 5896	amdide - ok
16:42:11.0521 5896	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
16:42:12.0706 5896	AmdK7 - ok
16:42:12.0956 5896	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
16:42:13.0159 5896	AmdK8 - ok
16:42:13.0377 5896	ApfiltrService  (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
16:42:13.0486 5896	ApfiltrService - ok
16:42:14.0032 5896	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
16:42:14.0064 5896	arc - ok
16:42:14.0157 5896	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
16:42:14.0188 5896	arcsas - ok
16:42:14.0313 5896	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:42:14.0454 5896	AsyncMac - ok
16:42:14.0578 5896	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
16:42:14.0594 5896	atapi - ok
16:42:14.0672 5896	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
16:42:14.0703 5896	avgntflt - ok
16:42:14.0906 5896	avipbb          (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
16:42:15.0000 5896	avipbb - ok
16:42:15.0452 5896	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
16:42:15.0530 5896	avkmgr - ok
16:42:15.0842 5896	BCM42RLY - ok
16:42:15.0967 5896	BCM43XX         (abd543e555bc0453bf52664936df4dcd) C:\Windows\system32\DRIVERS\bcmwl6.sys
16:42:16.0045 5896	BCM43XX - ok
16:42:16.0170 5896	blbdrive - ok
16:42:16.0248 5896	BlueletAudio    (852a1bd08e7dfeb9e30b5440881c0501) C:\Windows\system32\DRIVERS\blueletaudio.sys
16:42:16.0279 5896	BlueletAudio - ok
16:42:16.0294 5896	BlueletSCOAudio (8fc27b12a02b43947787f0ef1885df9b) C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys
16:42:16.0310 5896	BlueletSCOAudio - ok
16:42:16.0528 5896	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:42:16.0622 5896	bowser - ok
16:42:16.0778 5896	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:42:16.0903 5896	BrFiltLo - ok
16:42:17.0012 5896	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:42:17.0074 5896	BrFiltUp - ok
16:42:17.0152 5896	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:42:17.0246 5896	Brserid - ok
16:42:17.0355 5896	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:42:17.0449 5896	BrSerWdm - ok
16:42:17.0480 5896	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:42:17.0558 5896	BrUsbMdm - ok
16:42:17.0683 5896	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:42:17.0792 5896	BrUsbSer - ok
16:42:17.0901 5896	BT              (c5cce2b26f73f8cf7f3c82159e79aa08) C:\Windows\system32\DRIVERS\btnetdrv.sys
16:42:17.0917 5896	BT - ok
16:42:18.0042 5896	Btcsrusb        (da473d279420234170da795f1cad4479) C:\Windows\system32\Drivers\btcusb.sys
16:42:18.0057 5896	Btcsrusb - ok
16:42:18.0151 5896	BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
16:42:18.0229 5896	BthEnum - ok
16:42:18.0322 5896	BTHidEnum       (ce643d0918123d76a5caab008fca9663) C:\Windows\system32\Drivers\vbtenum.sys
16:42:18.0338 5896	BTHidEnum - ok
16:42:18.0400 5896	BTHidMgr        (dfca4fe4c8aec786b4d0f432eb730f48) C:\Windows\system32\Drivers\BTHidMgr.sys
16:42:18.0416 5896	BTHidMgr - ok
16:42:18.0478 5896	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:42:18.0541 5896	BTHMODEM - ok
16:42:18.0666 5896	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
16:42:18.0759 5896	BthPan - ok
16:42:19.0134 5896	BTHPORT         (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
16:42:19.0336 5896	BTHPORT - ok
16:42:19.0477 5896	BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
16:42:19.0555 5896	BTHUSB - ok
16:42:19.0695 5896	btwaudio        (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
16:42:19.0742 5896	btwaudio - ok
16:42:19.0804 5896	btwavdt         (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
16:42:19.0836 5896	btwavdt - ok
16:42:19.0960 5896	btwrchid        (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
16:42:19.0992 5896	btwrchid - ok
16:42:20.0070 5896	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:42:20.0132 5896	cdfs - ok
16:42:20.0350 5896	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:42:20.0538 5896	cdrom - ok
16:42:20.0662 5896	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
16:42:20.0803 5896	circlass - ok
16:42:20.0865 5896	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:42:20.0896 5896	CLFS - ok
16:42:21.0099 5896	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:42:21.0193 5896	CmBatt - ok
16:42:21.0318 5896	cmdide          (c177dd90b5dc1dcaa96ccece752e6f0f) C:\Windows\system32\drivers\cmdide.sys
16:42:21.0349 5896	cmdide - ok
16:42:21.0411 5896	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:42:21.0458 5896	Compbatt - ok
16:42:21.0474 5896	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
16:42:21.0489 5896	crcdisk - ok
16:42:21.0520 5896	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
16:42:21.0645 5896	Crusoe - ok
16:42:21.0864 5896	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:42:21.0973 5896	DfsC - ok
16:42:22.0129 5896	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:42:22.0176 5896	disk - ok
16:42:22.0269 5896	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:42:22.0347 5896	drmkaud - ok
16:42:22.0597 5896	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:42:22.0659 5896	DXGKrnl - ok
16:42:23.0065 5896	e1express       (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
16:42:23.0205 5896	e1express - ok
16:42:23.0330 5896	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:42:23.0439 5896	E1G60 - ok
16:42:23.0533 5896	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:42:23.0564 5896	Ecache - ok
16:42:23.0689 5896	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
16:42:23.0798 5896	elxstor - ok
16:42:24.0266 5896	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:42:24.0453 5896	exfat - ok
16:42:24.0984 5896	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:42:25.0093 5896	fastfat - ok
16:42:25.0249 5896	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
16:42:25.0389 5896	fdc - ok
16:42:25.0498 5896	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:42:25.0545 5896	FileInfo - ok
16:42:25.0654 5896	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:42:25.0701 5896	Filetrace - ok
16:42:25.0779 5896	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
16:42:25.0888 5896	flpydisk - ok
16:42:25.0998 5896	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:42:26.0029 5896	FltMgr - ok
16:42:26.0200 5896	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:42:26.0278 5896	Fs_Rec - ok
16:42:26.0388 5896	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
16:42:26.0419 5896	gagp30kx - ok
16:42:26.0544 5896	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
16:42:26.0559 5896	GEARAspiWDM - ok
16:42:26.0809 5896	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:42:26.0934 5896	HDAudBus - ok
16:42:27.0043 5896	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:42:27.0152 5896	HidBth - ok
16:42:27.0183 5896	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:42:27.0277 5896	HidIr - ok
16:42:27.0417 5896	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:42:27.0542 5896	HidUsb - ok
16:42:27.0807 5896	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
16:42:27.0885 5896	HpCISSs - ok
16:42:28.0774 5896	HSF_DPV         (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:42:29.0445 5896	HSF_DPV - ok
16:42:30.0100 5896	HSXHWAZL        (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:42:30.0256 5896	HSXHWAZL - ok
16:42:30.0662 5896	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
16:42:30.0834 5896	HTTP - ok
16:42:31.0270 5896	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
16:42:31.0333 5896	i2omp - ok
16:42:31.0972 5896	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:42:32.0113 5896	i8042prt - ok
16:42:32.0596 5896	iaStor          (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
16:42:32.0628 5896	iaStor - ok
16:42:33.0220 5896	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
16:42:33.0298 5896	iaStorV - ok
16:42:34.0312 5896	igfx            (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:42:36.0169 5896	igfx - ok
16:42:36.0699 5896	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:42:36.0746 5896	iirsp - ok
16:42:37.0323 5896	IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
16:42:37.0526 5896	IntcHdmiAddService - ok
16:42:38.0041 5896	intelide        (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\DRIVERS\intelide.sys
16:42:38.0088 5896	intelide - ok
16:42:38.0556 5896	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:42:38.0649 5896	intelppm - ok
16:42:38.0992 5896	IpInIp - ok
16:42:39.0382 5896	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
16:42:39.0726 5896	IPMIDRV - ok
16:42:40.0084 5896	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:42:40.0209 5896	IPNAT - ok
16:42:40.0911 5896	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:42:41.0020 5896	IRENUM - ok
16:42:41.0644 5896	isapnp          (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
16:42:41.0722 5896	isapnp - ok
16:42:41.0878 5896	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:42:41.0910 5896	iScsiPrt - ok
16:42:42.0081 5896	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:42:42.0159 5896	iteatapi - ok
16:42:42.0721 5896	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:42:42.0783 5896	iteraid - ok
16:42:43.0126 5896	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:42:43.0236 5896	kbdclass - ok
16:42:43.0610 5896	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:42:43.0704 5896	kbdhid - ok
16:42:44.0156 5896	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:42:44.0967 5896	KSecDD - ok
16:42:45.0264 5896	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:42:45.0404 5896	lltdio - ok
16:42:46.0028 5896	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
16:42:46.0122 5896	LSI_FC - ok
16:42:46.0480 5896	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
16:42:46.0558 5896	LSI_SAS - ok
16:42:47.0011 5896	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
16:42:47.0089 5896	LSI_SCSI - ok
16:42:47.0619 5896	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:42:47.0869 5896	luafv - ok
16:42:48.0072 5896	mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:42:48.0181 5896	mdmxsdk - ok
16:42:48.0696 5896	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
16:42:48.0805 5896	megasas - ok
16:42:49.0179 5896	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:42:49.0320 5896	Modem - ok
16:42:49.0772 5896	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:42:49.0834 5896	monitor - ok
16:42:50.0256 5896	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:42:50.0318 5896	mouclass - ok
16:42:50.0942 5896	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:42:51.0082 5896	mouhid - ok
16:42:51.0816 5896	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:42:52.0065 5896	MountMgr - ok
16:42:52.0642 5896	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
16:42:54.0124 5896	mpio - ok
16:42:54.0655 5896	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:42:55.0107 5896	mpsdrv - ok
16:42:55.0653 5896	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:42:55.0747 5896	Mraid35x - ok
16:42:56.0293 5896	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:42:56.0527 5896	MRxDAV - ok
16:42:56.0995 5896	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:42:57.0166 5896	mrxsmb - ok
16:42:57.0884 5896	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:42:58.0134 5896	mrxsmb10 - ok
16:42:58.0539 5896	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:42:58.0680 5896	mrxsmb20 - ok
16:42:59.0101 5896	msahci          (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys
16:42:59.0194 5896	msahci - ok
16:42:59.0990 5896	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
16:43:00.0052 5896	msdsm - ok
16:43:00.0364 5896	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:43:00.0520 5896	Msfs - ok
16:43:01.0035 5896	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:43:01.0098 5896	msisadrv - ok
16:43:01.0628 5896	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:43:01.0784 5896	MSKSSRV - ok
16:43:02.0548 5896	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:43:02.0673 5896	MSPCLOCK - ok
16:43:03.0360 5896	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:43:03.0531 5896	MSPQM - ok
16:43:03.0781 5896	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:43:03.0890 5896	MsRPC - ok
16:43:04.0498 5896	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:43:04.0514 5896	mssmbios - ok
16:43:04.0654 5896	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:43:04.0779 5896	MSTEE - ok
16:43:05.0091 5896	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:43:05.0185 5896	Mup - ok
16:43:05.0590 5896	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:43:05.0715 5896	NativeWifiP - ok
16:43:06.0480 5896	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:43:06.0558 5896	NDIS - ok
16:43:07.0057 5896	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:43:07.0431 5896	NdisTapi - ok
16:43:07.0930 5896	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:43:08.0164 5896	Ndisuio - ok
16:43:08.0508 5896	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:43:08.0632 5896	NdisWan - ok
16:43:09.0022 5896	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:43:09.0178 5896	NDProxy - ok
16:43:09.0724 5896	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:43:09.0849 5896	NetBIOS - ok
16:43:10.0473 5896	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:43:10.0645 5896	netbt - ok
16:43:11.0628 5896	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:43:11.0690 5896	nfrd960 - ok
16:43:12.0111 5896	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:43:12.0236 5896	Npfs - ok
16:43:12.0798 5896	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:43:12.0954 5896	nsiproxy - ok
16:43:14.0638 5896	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:43:15.0574 5896	Ntfs - ok
16:43:15.0964 5896	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:43:16.0136 5896	ntrigdigi - ok
16:43:16.0713 5896	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:43:16.0807 5896	Null - ok
16:43:17.0462 5896	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
16:43:17.0556 5896	nvraid - ok
16:43:18.0086 5896	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
16:43:18.0195 5896	nvstor - ok
16:43:18.0585 5896	nv_agp          (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
16:43:18.0679 5896	nv_agp - ok
16:43:19.0131 5896	NwlnkFlt - ok
16:43:19.0194 5896	NwlnkFwd - ok
16:43:19.0771 5896	OEM02Dev        (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
16:43:19.0974 5896	OEM02Dev - ok
16:43:20.0426 5896	OEM02Vfx        (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
16:43:20.0504 5896	OEM02Vfx - ok
16:43:20.0863 5896	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
16:43:20.0956 5896	ohci1394 - ok
16:43:21.0440 5896	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:43:21.0627 5896	Parport - ok
16:43:22.0158 5896	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:43:22.0251 5896	partmgr - ok
16:43:22.0563 5896	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:43:22.0782 5896	Parvdm - ok
16:43:23.0218 5896	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:43:23.0343 5896	pci - ok
16:43:23.0764 5896	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
16:43:23.0858 5896	pciide - ok
16:43:24.0654 5896	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:43:24.0716 5896	pcmcia - ok
16:43:25.0543 5896	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:43:26.0151 5896	PEAUTH - ok
16:43:26.0853 5896	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:43:26.0978 5896	PptpMiniport - ok
16:43:27.0384 5896	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
16:43:27.0571 5896	Processor - ok
16:43:28.0117 5896	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:43:28.0273 5896	PSched - ok
16:43:28.0975 5896	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
16:43:29.0100 5896	PxHelp20 - ok
16:43:29.0786 5896	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
16:43:30.0036 5896	ql2300 - ok
16:43:30.0472 5896	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:43:30.0566 5896	ql40xx - ok
16:43:31.0096 5896	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:43:31.0408 5896	QWAVEdrv - ok
16:43:32.0376 5896	R300            (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
16:43:34.0216 5896	R300 - ok
16:43:34.0825 5896	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:43:34.0903 5896	RasAcd - ok
16:43:35.0355 5896	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:43:35.0511 5896	Rasl2tp - ok
16:43:36.0026 5896	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:43:36.0151 5896	RasPppoe - ok
16:43:36.0634 5896	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:43:36.0759 5896	RasSstp - ok
16:43:37.0180 5896	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:43:37.0399 5896	rdbss - ok
16:43:37.0914 5896	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:43:38.0007 5896	RDPCDD - ok
16:43:38.0460 5896	rdpdr           (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
16:43:38.0631 5896	rdpdr - ok
16:43:39.0536 5896	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:43:39.0708 5896	RDPENCDD - ok
16:43:40.0285 5896	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:43:40.0410 5896	RDPWD - ok
16:43:41.0346 5896	RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
16:43:41.0486 5896	RFCOMM - ok
16:43:41.0938 5896	rimmptsk        (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
16:43:42.0079 5896	rimmptsk - ok
16:43:42.0625 5896	rimsptsk        (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
16:43:42.0781 5896	rimsptsk - ok
16:43:43.0264 5896	rismxdp         (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
16:43:43.0389 5896	rismxdp - ok
16:43:43.0998 5896	ROOTMODEM       (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
16:43:44.0138 5896	ROOTMODEM - ok
16:43:44.0887 5896	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:43:45.0183 5896	rspndr - ok
16:43:45.0542 5896	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:43:45.0589 5896	sbp2port - ok
16:43:46.0088 5896	sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
16:43:46.0182 5896	sdbus - ok
16:43:46.0712 5896	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:43:46.0852 5896	secdrv - ok
16:43:47.0102 5896	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
16:43:47.0227 5896	Serenum - ok
16:43:47.0710 5896	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:43:47.0944 5896	Serial - ok
16:43:48.0459 5896	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:43:48.0568 5896	sermouse - ok
16:43:49.0083 5896	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
16:43:49.0224 5896	sffdisk - ok
16:43:50.0300 5896	sffp_mmc        (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
16:43:50.0456 5896	sffp_mmc - ok
16:43:50.0986 5896	sffp_sd         (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:43:51.0127 5896	sffp_sd - ok
16:43:51.0517 5896	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:43:51.0720 5896	sfloppy - ok
16:43:52.0297 5896	sisagp          (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
16:43:52.0390 5896	sisagp - ok
16:43:52.0827 5896	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
16:43:52.0905 5896	SiSRaid2 - ok
16:43:53.0514 5896	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
16:43:53.0607 5896	SiSRaid4 - ok
16:43:54.0075 5896	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:43:54.0216 5896	Smb - ok
16:43:54.0808 5896	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:43:54.0902 5896	spldr - ok
16:43:55.0495 5896	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:43:55.0698 5896	srv - ok
16:43:56.0244 5896	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:43:56.0446 5896	srv2 - ok
16:43:56.0992 5896	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:43:57.0102 5896	srvnet - ok
16:43:57.0554 5896	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
16:43:57.0632 5896	ssmdrv - ok
16:43:58.0318 5896	STHDA           (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
16:43:58.0646 5896	STHDA - ok
16:43:59.0067 5896	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:43:59.0130 5896	swenum - ok
16:43:59.0598 5896	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:43:59.0722 5896	Symc8xx - ok
16:44:00.0175 5896	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:44:00.0237 5896	Sym_hi - ok
16:44:00.0799 5896	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:44:00.0892 5896	Sym_u3 - ok
16:44:01.0470 5896	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
16:44:02.0125 5896	Tcpip - ok
16:44:02.0577 5896	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
16:44:02.0655 5896	Tcpip6 - ok
16:44:03.0170 5896	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:44:03.0279 5896	tcpipreg - ok
16:44:03.0856 5896	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:44:04.0012 5896	TDPIPE - ok
16:44:04.0558 5896	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:44:04.0746 5896	TDTCP - ok
16:44:05.0198 5896	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
16:44:05.0354 5896	tdx - ok
16:44:05.0697 5896	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:44:05.0791 5896	TermDD - ok
16:44:06.0212 5896	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:44:06.0337 5896	tssecsrv - ok
16:44:06.0805 5896	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:44:06.0945 5896	tunmp - ok
16:44:07.0460 5896	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:44:07.0632 5896	tunnel - ok
16:44:08.0240 5896	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
16:44:08.0318 5896	uagp35 - ok
16:44:08.0880 5896	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:44:09.0036 5896	udfs - ok
16:44:09.0582 5896	uliagpkx        (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
16:44:09.0660 5896	uliagpkx - ok
16:44:10.0299 5896	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
16:44:10.0455 5896	uliahci - ok
16:44:10.0845 5896	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:44:10.0939 5896	UlSata - ok
16:44:11.0407 5896	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:44:11.0516 5896	ulsata2 - ok
16:44:11.0906 5896	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:44:12.0046 5896	umbus - ok
16:44:12.0624 5896	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:44:12.0764 5896	usbccgp - ok
16:44:13.0045 5896	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:44:13.0279 5896	usbcir - ok
16:44:13.0918 5896	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:44:14.0043 5896	usbehci - ok
16:44:14.0402 5896	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:44:14.0589 5896	usbhub - ok
16:44:15.0073 5896	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:44:15.0260 5896	usbohci - ok
16:44:16.0040 5896	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:44:16.0383 5896	usbprint - ok
16:44:17.0038 5896	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:44:17.0226 5896	usbscan - ok
16:44:17.0803 5896	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:44:17.0959 5896	USBSTOR - ok
16:44:18.0552 5896	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:44:18.0661 5896	usbuhci - ok
16:44:19.0144 5896	VComm           (51750b0539986186c6931fc40d171521) C:\Windows\system32\DRIVERS\VComm.sys
16:44:19.0222 5896	VComm - ok
16:44:19.0628 5896	VcommMgr        (6d9c891c0a761afed1f3609c2e56f2b9) C:\Windows\system32\Drivers\VcommMgr.sys
16:44:19.0722 5896	VcommMgr - ok
16:44:20.0221 5896	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
16:44:20.0424 5896	vga - ok
16:44:20.0892 5896	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:44:21.0032 5896	VgaSave - ok
16:44:21.0656 5896	viaagp          (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
16:44:21.0750 5896	viaagp - ok
16:44:22.0296 5896	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
16:44:22.0498 5896	ViaC7 - ok
16:44:23.0278 5896	viaide          (689547ce911998d1e0da7a5992e025fc) C:\Windows\system32\drivers\viaide.sys
16:44:23.0356 5896	viaide - ok
16:44:23.0512 5896	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:44:23.0575 5896	volmgr - ok
16:44:23.0934 5896	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:44:24.0058 5896	volmgrx - ok
16:44:24.0573 5896	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:44:24.0667 5896	volsnap - ok
16:44:25.0197 5896	vpnva           (fc94804932cfc35f01b3ae510e3b4d5c) C:\Windows\system32\DRIVERS\vpnva.sys
16:44:25.0275 5896	vpnva - ok
16:44:25.0774 5896	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
16:44:25.0868 5896	vsmraid - ok
16:44:26.0274 5896	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:44:26.0445 5896	WacomPen - ok
16:44:26.0960 5896	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:44:27.0100 5896	Wanarp - ok
16:44:27.0116 5896	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:44:27.0163 5896	Wanarpv6 - ok
16:44:27.0537 5896	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
16:44:27.0646 5896	Wd - ok
16:44:28.0177 5896	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:44:28.0348 5896	Wdf01000 - ok
16:44:28.0832 5896	winachsf        (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:44:28.0972 5896	winachsf - ok
16:44:29.0581 5896	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:44:29.0659 5896	WmiAcpi - ok
16:44:30.0018 5896	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:44:30.0174 5896	WpdUsb - ok
16:44:30.0298 5896	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:44:30.0423 5896	ws2ifsl - ok
16:44:30.0548 5896	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:44:30.0657 5896	WUDFRd - ok
16:44:30.0735 5896	XAudio          (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
16:44:30.0782 5896	XAudio - ok
16:44:30.0922 5896	yukonwlh        (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys
16:44:31.0032 5896	yukonwlh - ok
16:44:31.0110 5896	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:44:31.0297 5896	\Device\Harddisk0\DR0 - ok
16:44:31.0344 5896	Boot (0x1200)   (293e1023632a465dd237e47019bdb3dc) \Device\Harddisk0\DR0\Partition0
16:44:31.0344 5896	\Device\Harddisk0\DR0\Partition0 - ok
16:44:31.0344 5896	Boot (0x1200)   (36f83092e4e3be7d2f2c7764cab9bc57) \Device\Harddisk0\DR0\Partition1
16:44:31.0359 5896	\Device\Harddisk0\DR0\Partition1 - ok
16:44:31.0359 5896	============================================================
16:44:31.0359 5896	Scan finished
16:44:31.0359 5896	============================================================
16:44:31.0390 5888	Detected object count: 0
16:44:31.0390 5888	Actual detected object count: 0
         

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop.

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

combofix erledigt, hier das log:

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 12-02-03.02 - Fabian 04.02.2012  14:28:45.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2037.1116 [GMT 1:00]
ausgeführt von:: c:\users\Babe\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Fabian\AppData\Local\assembly\tmp
c:\users\Fabian\AppData\Local\TempDIR
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-04 bis 2012-02-04  ))))))))))))))))))))))))))))))
.
.
2012-02-04 13:39 . 2012-02-04 13:40	--------	d-----w-	c:\users\Fabian\AppData\Local\temp
2012-02-04 13:39 . 2012-02-04 13:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-04 13:39 . 2012-02-04 13:39	--------	d-----w-	c:\users\Babe 2\AppData\Local\temp
2012-02-04 11:50 . 2012-02-04 11:50	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A92AF949-71F4-4C5F-A94A-789D2B120303}\offreg.dll
2012-02-03 15:34 . 2012-02-03 15:34	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-02-03 14:23 . 2012-02-03 14:23	--------	d-----w-	c:\users\Babe\AppData\Roaming\TuneUp Software
2012-02-03 14:14 . 2012-02-03 14:14	--------	d-----w-	c:\users\Fabian\AppData\Roaming\TuneUp Software
2012-02-03 14:12 . 2012-02-03 14:15	--------	d-----w-	c:\programdata\TuneUp Software
2012-02-03 14:12 . 2012-02-03 14:12	--------	d-sh--w-	c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-02-03 13:30 . 2012-01-06 04:19	6557240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A92AF949-71F4-4C5F-A94A-789D2B120303}\mpengine.dll
2012-02-02 18:07 . 2012-02-02 18:07	--------	d-----w-	C:\_OTL
2012-01-31 22:32 . 2012-02-03 23:51	--------	d-----w-	c:\users\Babe\AppData\Local\PokerStars
2012-01-31 00:11 . 2012-01-31 00:11	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-01-30 21:33 . 2012-01-30 21:33	--------	d-----w-	c:\program files\ESET
2012-01-28 20:13 . 2012-01-28 20:14	--------	d-----w-	c:\users\Fabian\AppData\Local\PokerStars
2012-01-28 20:13 . 2012-01-28 20:13	--------	d-----w-	c:\program files\PokerStars
2012-01-28 20:05 . 2012-01-28 20:08	--------	d-----w-	c:\users\Babe\AppData\Local\FullTiltPoker
2012-01-28 19:54 . 2012-01-28 19:54	--------	d-----w-	c:\users\Babe\AppData\Local\Conduit
2012-01-25 11:10 . 2012-01-25 11:10	--------	d-----w-	C:\Fabian_abOktober10
2012-01-23 18:51 . 2011-11-17 06:48	440192	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-01-23 18:51 . 2011-11-16 16:23	377344	----a-w-	c:\windows\system32\winhttp.dll
2012-01-23 18:51 . 2011-11-16 16:23	72704	----a-w-	c:\windows\system32\secur32.dll
2012-01-23 18:51 . 2011-11-16 16:23	278528	----a-w-	c:\windows\system32\schannel.dll
2012-01-23 18:51 . 2011-11-16 16:21	1259008	----a-w-	c:\windows\system32\lsasrv.dll
2012-01-23 18:51 . 2011-11-16 14:12	9728	----a-w-	c:\windows\system32\lsass.exe
2012-01-23 18:39 . 2012-01-23 18:39	--------	d-----w-	c:\program files\iPod
2012-01-23 18:39 . 2012-01-23 18:39	--------	d-----w-	C:\Fabian_abMai08
2012-01-23 11:53 . 2011-10-14 16:03	189952	----a-w-	c:\windows\system32\winmm.dll
2012-01-23 11:53 . 2011-10-14 16:00	23552	----a-w-	c:\windows\system32\mciseq.dll
2012-01-23 11:53 . 2011-11-18 20:23	1205064	----a-w-	c:\windows\system32\ntdll.dll
2012-01-23 11:52 . 2011-11-18 17:47	66560	----a-w-	c:\windows\system32\packager.dll
2012-01-23 11:52 . 2011-11-25 15:59	376320	----a-w-	c:\windows\system32\winsrv.dll
2012-01-23 11:52 . 2011-12-01 15:21	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-01-23 11:52 . 2011-10-25 15:58	1314816	----a-w-	c:\windows\system32\quartz.dll
2012-01-23 11:52 . 2011-10-25 15:58	497152	----a-w-	c:\windows\system32\qdvd.dll
2012-01-23 11:40 . 2011-11-08 14:42	2048	----a-w-	c:\windows\system32\tzres.dll
2012-01-23 11:21 . 2011-10-25 15:56	49152	----a-w-	c:\windows\system32\csrsrv.dll
2012-01-23 11:21 . 2011-10-27 08:01	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-01-23 11:21 . 2011-10-27 08:01	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-01-23 11:20 . 2011-10-14 16:02	429056	----a-w-	c:\windows\system32\EncDec.dll
2012-01-23 11:19 . 2011-11-23 13:37	2043904	----a-w-	c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 15:36 . 2009-10-21 10:48	226280	----a-w-	c:\windows\system32\drivers\volsnap.sys
2012-01-26 23:21 . 2009-10-02 16:34	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-01-23 18:23 . 2011-05-15 17:00	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 00:48 . 2012-01-04 00:48	354176	----a-w-	c:\windows\system32\DivXControlPanelApplet.cpl
2011-12-08 21:39 . 2011-10-15 08:20	134856	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-04-30 18:39 . 2011-03-22 19:46	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	---ha-w-	c:\users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	---ha-w-	c:\users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	---ha-w-	c:\users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-01-30 992256]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-11 101136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"iTunesHelper"="c:\fabian_abmai08\Programme\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-04-11 217088]
" Malwarebytes Anti-Malware  (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2011-12-24 1080904]
" Malwarebytes Anti-Malware "="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-26 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
SetPoint.lnk - c:\programme\SetPoint\SetPoint.exe [2008-5-10 679936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 15:43	118784	------w-	c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 09:13	206064	----a-w-	c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08	1259376	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 16:22	421736	----a-w-	c:\fabian_abmai08\Programme\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 13:15	13351304	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31	247144	---ha-w-	c:\fabian_abjan10\Programme\TomTom\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3497887377-387843333-1673539603-1000]
"EnableNotificationsRef"=dword:00000001
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3497887377-387843333-1673539603-1001Core.job
- c:\users\Babe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-05 01:24]
.
2012-02-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3497887377-387843333-1673539603-1001UA.job
- c:\users\Babe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-05 01:24]
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 15:22]
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 15:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uInternet Settings,ProxyOverride = *.local
IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D40413F7-9AC5-46FE-84B2-EDA3193D2645}: NameServer = 10.10.10.1
FF - ProfilePath - c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\t9k1hfdu.default\
FF - prefs.js: browser.startup.homepage - 
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-conhost - c:\users\Fabian\AppData\Roaming\Microsoft\conhost.exe
SafeBoot-85869856.sys
MSConfigStartUp-13906258451053471646257583519029 - c:\program files\Antivirus 2009\av2009.exe
MSConfigStartUp-oovoo - c:\program files\ooVoo\oovoo.exe
AddRemove-Excel to PDF Converter_is1 - c:\fabian_ab13oktober08\Programme\xls2pdf\unins000.exe
AddRemove-Free M4a to MP3 Converter_is1 - c:\fabian_aboktober10\Programme\Youtube converter\mp4 to mp3\unins000.exe
AddRemove-gretl_is1 - c:\fabian_aboktober10\Programme\gretl\unins000.exe
AddRemove-Icy Tower v1.4_is1 - c:\fabian_aboktober10\Programme\Icy Tower\icytower1.4\unins000.exe
AddRemove-PDF to Excel 22_is1 - c:\fabian_ab13oktober08\Programme\PDF to Excel 22\unins000.exe
AddRemove-PokerStars.net - c:\program files\PokerStars.NET\PokerStarsUninstall.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
AddRemove-Winamp Toolbar for Firefox - c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\t9k1hfdu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-04 14:40
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,d3,bd,9d,7a,53,c7,4c,87,9e,fd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,d3,bd,9d,7a,53,c7,4c,87,9e,fd,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(6092)
c:\programme\SetPoint\lgscroll.dll
.
Zeit der Fertigstellung: 2012-02-04  14:55:36
ComboFix-quarantined-files.txt  2012-02-04 13:55
.
Vor Suchlauf: 24 Verzeichnis(se), 19.645.906.944 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 19.802.968.064 Bytes frei
.
- - End Of File - - 0498577B19624A1B44EA64FAA15109B2
         

--- --- ---

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

• Starte die aswMBR.exe - (aswMBR.exe Anleitung)
  Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
• Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
  Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  
• Klicke auf Scan.
• Warte bitte bis Scan finished successfully im DOS-Fenster steht.
• Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

hi,

GMER ist leider immer abgestürzt.
anbei die beiden logs von OSAM und aswMBR.

da ich mir nicht selber antworten kann (sonst siehst du nicht mehr, dass ich geschrieben hab..) bitte mir schreiben wenn das prozedere mit den logs machen vorbei ist, nur damit ich das weiß

OSAM Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:46:46 on 06.02.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"FacebookUpdateTaskUserS-1-5-21-3497887377-387843333-1673539603-1001Core.job" - "Facebook Inc." - C:\Users\Babe\AppData\Local\Facebook\Update\FacebookUpdate.exe
"FacebookUpdateTaskUserS-1-5-21-3497887377-387843333-1673539603-1001UA.job" - "Facebook Inc." - C:\Users\Babe\AppData\Local\Facebook\Update\FacebookUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BCMWLCPL.CPL" - "Dell Inc." - C:\Windows\system32\BCMWLCPL.CPL
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"DMdm32.cpl" - ? - C:\Windows\system32\DMdm32.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"bcmwlcpl.cpl" - "Dell Inc." - C:\Windows\System32\bcmwlcpl.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"BCM42RLY" (BCM42RLY) - ? - C:\Windows\System32\drivers\BCM42RLY.sys  (File not found)
"Beep" (Beep) - ? - C:\Windows\system32\drivers\Beep.sys  (File not found)
"catchme" (catchme) - ? - C:\Users\Fabian\AppData\Local\Temp\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\FA0E9B~1\PROGRA~1\YOUTUB~1\MP4TOM~1\m4a_menu.dll  (File not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Fabian_abMai08\Programme\iTunes\iTunesMiniPlayer.dll
{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? -   (File not found)
{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} "IZArc Shell Context Menu" - ? -   (File not found)
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech Inc." - C:\Programme\SetPoint\kbcplext.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech Inc." - C:\Programme\SetPoint\mcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.6.0" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.7.0" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\npjpi170.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.0.0" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash11e.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
"ICQ6" - "ICQ, LLC." - C:\Fabian_abAugust09\Programme\ICQ6.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Digital Line Detect.lnk" - "Avanquest Software " - C:\Program Files\Digital Line Detect\DLG.exe  (Shortcut exists | File exists)
"QuickSet.lnk" - "Dell Inc." - C:\Program Files\Dell\QuickSet\quickset.exe  (Shortcut exists | File exists)
"SetPoint.lnk" - "Logitech Inc." - C:\Programme\SetPoint\SetPoint.exe  (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Broadcom Wireless Manager UI" - "Dell Inc." - C:\Windows\system32\WLTRAY.exe
"CanonSolutionMenu" - "CANON INC." - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"dellsupportcenter" - "SupportSoft, Inc." - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"dscactivate" - " " - "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
"FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe
"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"iTunesHelper" - "Apple Inc." - "C:\Fabian_abMai08\Programme\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"OrderReminder" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
"PCMService" - "CyberLink Corp." - "C:\Program Files\Dell\MediaDirect\PCMService.exe"
"SearchSettings" - "GreenTree Applications, Inc." - C:\Program Files\pdfforge Toolbar\SearchSettings.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )-----
" Malwarebytes Anti-Malware " - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
" Malwarebytes Anti-Malware  (cleanup)" - "Malwarebytes Corporation" - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Dell Wireless WLAN Card Logon Provider" - "Dell Inc." - C:\Windows\System32\BCMLogon.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFConverter" - ? - C:\Windows\system32\pdfmonnt.dll  (File found, but it contains no detailed information)
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"PrimoMon" - ? - C:\Windows\system32\Primomonnt.dll  (File found, but it contains no detailed information)
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
"VeryPDF" - ? - C:\Windows\system32\_pdfxp.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ArcSoft Connect Daemon" (ACDaemon) - ? - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe  (File not found)
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Program Files\Canon\CAL\CALMAIN.exe
"Cisco AnyConnect VPN Agent" (vpnagent) - "Cisco Systems, Inc." - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
"Dell Wireless WLAN Tray Service" (wltrysvc) - ? - C:\Windows\System32\WLTRYSVC.EXE  (File found, but it contains no detailed information)
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SafeConnect Manager" (SCManager) - "Impulse Point, LLC" - C:\Program Files\SafeConnect\scManager.sys
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"SupportSoft Sprocket Service (dellsupportcenter)" (sprtsvc_dellsupportcenter) - "SupportSoft, Inc." - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
"TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Fabian_abJan10\Programme\TomTom\TomTomHOMEService.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
[/code]

Code: Alles auswählenAufklappen

ATTFilter

 aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-06 22:47:33
-----------------------------
22:47:33.565    OS Version: Windows 6.0.6002 Service Pack 2
22:47:33.565    Number of processors: 2 586 0xF0D
22:47:33.565    ComputerName: FMNOTEBOOK  UserName: Fabian
22:47:35.468    Initialize success
22:48:31.620    AVAST engine defs: 12020601
22:51:09.165    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:51:09.165    Disk 0 Vendor: Hitachi_ BBCO Size: 152627MB BusType: 3
22:51:09.196    Disk 0 MBR read successfully
22:51:09.196    Disk 0 MBR scan
22:51:09.211    Disk 0 Windows VISTA default MBR code
22:51:09.227    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       94 MB offset 63
22:51:09.243    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10240 MB offset 194560
22:51:09.274    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       139730 MB offset 21166080
22:51:09.289    Disk 0 Partition - 00     0F Extended LBA              2560 MB offset 307335168
22:51:09.336    Disk 0 Partition 4 00     DD              MSDOS5.0     2559 MB offset 307337216
22:51:09.352    Disk 0 scanning sectors +312578048
22:51:09.430    Disk 0 scanning C:\Windows\system32\drivers
22:51:28.384    Service scanning
22:51:30.037    Modules scanning
22:51:41.394    Disk 0 trace - called modules:
22:51:41.441    ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 
22:51:41.457    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8660dac8]
22:51:41.472    3 CLASSPNP.SYS[8899e8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85602030]
22:51:42.705    AVAST engine scan C:\Windows
22:51:48.523    AVAST engine scan C:\Windows\system32
22:57:12.968    AVAST engine scan C:\Windows\system32\drivers
22:57:37.741    AVAST engine scan C:\Users\Fabian
23:01:41.635    AVAST engine scan C:\ProgramData
23:06:11.335    Scan finished successfully
23:07:27.693    Disk 0 MBR has been saved successfully to "C:\Users\Babe\Desktop\MBR.dat"
23:07:27.708    The log file has been saved successfully to "C:\Users\Babe\Desktop\aswMBR.txt"
         

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

hier die logs, malware hat nichts gefunden, SASW schon (SASW hatte zuviele zeilen für code tags, daher angehängt):

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.07.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Fabian :: FMNOTEBOOK [Administrator]

07.02.2012 13:27:57
mbam-log-2012-02-07 (13-27-57).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 446310
Laufzeit: 9 Stunde(n), 25 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Sieht ok aus, da wurden nur Cookies gefunden und ein Überrest, kann alles weg.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

ich hab alles von SUPERAntiSpyware entfernt und dann wie angegeben nochmal im abgesicherten modus einen scan gemacht, keine funde, log angehängt.

es läuft alles soweit wieder, wobei ich deine meinung zu den folgenden beiden problemen sehr schätzen würde: was ich tun kann bzw. ein guter ansprechpartner bei trojaner-board würde mir helfen.

1) Wenn ich neue Seiten aufrufe von google (damit meine ich keine seite wie facebook.com die man ständig aufruft) werde ich immer redirected zu komischen anderen seiten, muss dann immer zurück klicken und ca. beim vierten mal auf den google link klicken läd sich dann endlich die richtige seite..

2) mein laptop ist allgemein sehr langsam und ich denke es liegt daran dass ich da jede menge zeug (verwaiste dateien, prozesse/dienste) drauf hab was überflüssig ist und nur speicher verbraucht und dadurch der laptop langsamer wird. kann man das iwie überprüfen, gibts für sowas eine schwarze liste oder ... ?

danke für deine hilfe!

Code: Alles auswählenAufklappen

ATTFilter

 SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 02/09/2012 at 08:24 AM

Application Version : 5.0.1144

Core Rules Database Version : 8219
Trace Rules Database Version: 6031

Scan type       : Complete Scan
Total Scan Time : 03:03:44

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Limited User

Memory items scanned      : 283
Memory threats detected   : 0
Registry items scanned    : 34436
Registry threats detected : 0
File items scanned        : 247234
File threats detected     : 0
         

http://www.trojaner-board.de/71631-p...samer-tun.html