Erpresser-Virus

KazZk · 09.02.2012, 16:51

Moin..

nu hats mich auch erwischt. Wenn Internet an ist und Firefox startet, Bildschirm schwarz, "Ihr Betriebssystem funktioniert nichtmehr, kostenpflichtiges Update blabla", mit Kaspersky und MS Logo unten.

Habe Malware Antibytes schonmal was löschen lassen als erste kurzschlussreaktion, half aber nix.

Im Taskmanager is ne datei: wdc.exe, lässt sich nicht schließen. Außerdem meckert auch HijackThis rum, dass es nicht auf hosts zugreifen kann.

Kann mir da bitte jemand weiterhelfen?

cosinus · 09.02.2012, 16:56

Zitat:

Habe Malware Antibytes schonmal was löschen lassen als erste kurzschlussreaktion, half aber nix.

Log posten!

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

KazZk · 09.02.2012, 17:04

MBAM beim ersten Fund:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122203

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

05.02.2012 20:40:42
mbam-log-2012-02-05 (20-40-42).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 168003
Laufzeit: 4 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Gilberto\AppData\Local\Temp\ms0cfg32.exe (Exploit.Drop.CFG) -> Quarantined and deleted successfully.

2. Fund

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.07.06

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Gilberto :: MARV [Administrator]

07.02.2012 22:52:29
mbam-log-2012-02-07 (22-52-29).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 175277
Laufzeit: 3 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Firefox helper (Trojan.Ransom) -> Daten: C:\Users\Gilberto\AppData\Local\Mozilla\Firefox\firefox.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Gilberto\AppData\Local\Mozilla\Firefox\firefox.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

und Hijackthis, wo wir grad dabei sind. das is auch nich koscher

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:39:10, on 09.02.2012
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\windows\system32\wuauclt.exe
C:\Users\Gilberto\Desktop\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Gilberto\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gilberto\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6891 bytes

cosinus · 09.02.2012, 17:09

Bitte KEINE Hijackthis-Logs posten!!!

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

KazZk · 09.02.2012, 19:02

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7d793f9e63ef384691b6e1f5f938fb8a
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-09 05:47:21
# local_time=2012-02-09 06:47:21 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 338174 65341677 383495 0
# compatibility_mode=5893 16776573 100 94 3905 80436012 0 0
# compatibility_mode=8192 67108863 100 0 4364 4364 0 0
# scanned=272845
# found=3
# cleaned=0
# scan_time=4820
C:\Program Files\sexvilla\3D SexVilla 2\Binaries\fc3DSexVillaRun.DE.exe	a variant of Win32/Inject.NDT trojan (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\sexvilla\3D SexVilla 2\Binaries\fc3DSexVillaRun.EN.exe	a variant of Win32/Inject.NDT trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Gilberto\Documents\3D Sexvilla 2.058.002\3d_Sexvilla_2.058.002.exe	a variant of Win32/Inject.NDT trojan (unable to clean)	00000000000000000000000000000000	I

cosinus · 09.02.2012, 21:23

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

KazZk · 11.02.2012, 15:08

hier das otl log

herzlichen dank schonmal

Code:

ATTFilter

OTL logfile created on: 11.02.2012 14:48:49 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Gilberto\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 60,51% Memory free
5,93 Gb Paging File | 4,73 Gb Available in Paging File | 79,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,93 Gb Total Space | 132,89 Gb Free Space | 46,15% Space Free | Partition Type: NTFS
Drive E: | 964,00 Mb Total Space | 961,17 Mb Free Space | 99,71% Space Free | Partition Type: FAT32
 
Computer Name: MARV | User Name: Gilberto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Gilberto\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
PRC - C:\Programme\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Programme\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Programme\P4G\BatteryLife.exe (ATK)
PRC - C:\Programme\ASUS\ATK Hotkey\MsgTranAgt.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe ()
PRC - C:\Programme\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\skin.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll ()
MOD - C:\Programme\P4G\OvrClk.dll ()
MOD - C:\Programme\P4G\DevMng.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll ()
MOD - C:\Programme\ASUS\ATK Hotkey\MsgTran.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.)
DRV - (AmUStor) -- C:\Windows\System32\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1723137728-4224196469-615314354-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
IE - HKU\S-1-5-21-1723137728-4224196469-615314354-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
IE - HKU\S-1-5-21-1723137728-4224196469-615314354-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1723137728-4224196469-615314354-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.web.de"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Gilberto\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.27 12:08:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.25 07:41:12 | 000,000,000 | ---D | M]
 
[2010.10.21 13:47:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Gilberto\AppData\Roaming\mozilla\Extensions
[2011.12.27 17:06:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Gilberto\AppData\Roaming\mozilla\Firefox\Profiles\12vgrl5m.default\extensions
[2011.12.27 17:06:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Gilberto\AppData\Roaming\mozilla\Firefox\Profiles\12vgrl5m.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.27 12:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.08 16:14:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.01.02 04:45:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.10.21 16:22:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\defaults\profile\0gj7tdx3.default\extensions
[2010.10.21 16:22:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Programme\Mozilla Firefox\defaults\profile\0gj7tdx3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.21 16:22:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Programme\Mozilla Firefox\defaults\profile\0gj7tdx3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.10.21 16:22:29 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Programme\Mozilla Firefox\defaults\profile\0gj7tdx3.default\extensions\battlefieldheroespatcher@ea.com
[2011.11.27 12:08:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.10 00:30:58 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.10 00:30:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.10 00:30:58 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.10 00:30:58 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.10 00:30:58 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.10 00:30:58 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.04.19 14:05:04 | 000,432,374 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14880 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [ATKOSD2] C:\Programme\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HControlUser] C:\Programme\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-1723137728-4224196469-615314354-1000..\Run: [Facebook Update] C:\Users\Gilberto\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gilberto\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA0484B3-011A-4741-AC22-CB349771BBC4}: DhcpNameServer = 82.144.41.8 82.145.9.8
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0079fd73-feb3-11df-bdb2-e0cb4e99190b}\Shell - "" = AutoRun
O33 - MountPoints2\{0079fd73-feb3-11df-bdb2-e0cb4e99190b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: facemoods - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: NBAgent - hkey= - key= - C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\steam.exe (Valve Corporation)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3acm - C:\windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\windows\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.11 14:45:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Gilberto\Desktop\OTL.exe
[2012.02.09 17:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.02.09 17:14:05 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Gilberto\Desktop\esetsmartinstaller_enu.exe
[2012.02.09 16:37:12 | 000,000,000 | ---D | C] -- C:\windows\LastGood
[2012.02.02 14:25:36 | 000,000,000 | ---D | C] -- C:\Users\Gilberto\4.0
[2012.02.02 14:25:36 | 000,000,000 | ---D | C] -- C:\Users\Gilberto\.tfo4
[2012.01.22 15:39:10 | 000,000,000 | ---D | C] -- C:\Users\Gilberto\Desktop\GTA Tracks
[2012.01.19 17:09:08 | 000,000,000 | ---D | C] -- C:\Users\Gilberto\Desktop\PROJEKT
[2012.01.16 18:32:47 | 035,944,352 | ---- | C] (TuneUp Software) -- C:\Users\Gilberto\Desktop\TuneUpUtilities2012_de-DE.exe
[2012.01.16 18:32:29 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Users\Gilberto\Desktop\ccsetup314.exe
[2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.11 14:48:15 | 000,000,918 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1723137728-4224196469-615314354-1000Core.job
[2012.02.11 14:46:31 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.11 14:39:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Gilberto\Desktop\OTL.exe
[2012.02.11 14:39:23 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.11 14:39:05 | 000,000,940 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1723137728-4224196469-615314354-1000UA.job
[2012.02.11 14:38:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.02.09 17:13:10 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Gilberto\Desktop\esetsmartinstaller_enu.exe
[2012.02.09 16:38:27 | 000,654,610 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.02.09 16:38:27 | 000,616,452 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.02.09 16:38:27 | 000,130,192 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.02.09 16:38:27 | 000,106,574 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.02.09 16:33:13 | 000,014,608 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.09 16:33:13 | 000,014,608 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.07 23:03:18 | 2388,459,520 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.07 22:47:52 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.05 18:47:35 | 000,167,633 | ---- | M] () -- C:\Users\Gilberto\Desktop\sponsorenkonzept.pdf
[2012.02.02 13:52:36 | 000,075,543 | ---- | M] () -- C:\Users\Gilberto\Desktop\Angebot OSZ Berlin 12062012.pdf
[2012.02.01 15:27:48 | 014,634,870 | ---- | M] () -- C:\Users\Gilberto\Desktop\Studie 2009 Laufender Text.pdf
[2012.01.16 18:35:32 | 035,944,352 | ---- | M] (TuneUp Software) -- C:\Users\Gilberto\Desktop\TuneUpUtilities2012_de-DE.exe
[2012.01.16 18:32:56 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Users\Gilberto\Desktop\ccsetup314.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.07 22:47:52 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.05 18:47:33 | 000,167,633 | ---- | C] () -- C:\Users\Gilberto\Desktop\sponsorenkonzept.pdf
[2012.02.02 13:52:32 | 000,075,543 | ---- | C] () -- C:\Users\Gilberto\Desktop\Angebot OSZ Berlin 12062012.pdf
[2012.02.01 15:26:22 | 014,634,870 | ---- | C] () -- C:\Users\Gilberto\Desktop\Studie 2009 Laufender Text.pdf
[2011.03.13 23:43:43 | 000,007,605 | -H-- | C] () -- C:\Users\Gilberto\AppData\Local\Resmon.ResmonCfg
[2010.12.27 02:49:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.29 20:46:21 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2010.11.03 18:34:34 | 000,000,632 | ---- | C] () -- C:\windows\CoD.INI
[2010.11.02 21:36:00 | 000,165,376 | ---- | C] () -- C:\windows\System32\unrar.dll
[2010.11.02 21:36:00 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2010.11.02 21:35:57 | 000,790,528 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2010.11.02 21:35:57 | 000,134,144 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2010.11.02 21:35:57 | 000,108,032 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2010.08.25 19:30:02 | 000,439,308 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2010.08.25 19:30:00 | 000,982,240 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2010.08.25 19:30:00 | 000,092,356 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2010.08.12 10:09:01 | 000,140,288 | ---- | C] () -- C:\windows\System32\igfxtvcx.dll
[2010.08.12 10:00:50 | 001,752,704 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2010.08.12 10:00:50 | 000,028,672 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2010.08.12 10:00:38 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
[2010.08.12 10:00:38 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
[2010.08.12 10:00:36 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2009.09.30 10:57:29 | 000,654,610 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009.09.30 10:57:29 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009.09.30 10:57:29 | 000,130,192 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009.09.30 10:57:29 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009.07.14 05:33:53 | 001,757,808 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,616,452 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,574 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009.07.13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2012.01.02 06:48:47 | 000,000,000 | ---D | M] -- C:\Users\Gilberto\AppData\Roaming\.minecraft
[2011.09.05 18:50:27 | 000,000,000 | ---D | M] -- C:\Users\Gilberto\AppData\Roaming\DVDVideoSoft
[2011.04.16 21:30:16 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.10 15:49:15 | 000,000,000 | ---D | M] -- C:\Users\Gilberto\AppData\Roaming\LolClient
[2012.02.11 14:48:20 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\SoftGrid Client
[2011.04.19 10:18:17 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Teeworlds
[2010.10.21 16:32:03 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Thinstall
[2010.11.03 22:48:56 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\TP
[2011.10.10 00:35:30 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\TS3Client
[2012.02.11 14:48:15 | 000,000,918 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1723137728-4224196469-615314354-1000Core.job
[2012.02.11 14:39:05 | 000,000,940 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1723137728-4224196469-615314354-1000UA.job
[2011.01.13 15:15:20 | 000,032,630 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.02 06:48:47 | 000,000,000 | ---D | M] -- C:\Users\Gilberto\AppData\Roaming\.minecraft
[2011.06.20 21:10:13 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Adobe
[2010.11.05 10:10:26 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Apple Computer
[2010.10.21 14:17:55 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Avira
[2012.01.02 06:47:56 | 000,000,000 | ---D | M] -- C:\Users\Gilberto\AppData\Roaming\DivX
[2011.04.24 20:57:31 | 000,000,000 | ---D | M] -- C:\Users\Gilberto\AppData\Roaming\dvdcss
[2011.09.05 18:50:27 | 000,000,000 | ---D | M] -- C:\Users\Gilberto\AppData\Roaming\DVDVideoSoft
[2011.04.16 21:30:16 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.21 12:55:26 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Identities
[2011.10.10 15:49:15 | 000,000,000 | ---D | M] -- C:\Users\Gilberto\AppData\Roaming\LolClient
[2010.10.21 14:07:22 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Macromedia
[2011.04.19 01:53:28 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Malwarebytes
[2009.07.14 08:48:18 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Media Center Programs
[2012.01.17 11:33:33 | 000,000,000 | --SD | M] -- C:\Users\Gilberto\AppData\Roaming\Microsoft
[2010.10.21 13:47:19 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Mozilla
[2010.10.21 14:59:21 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Nero
[2010.10.21 16:43:01 | 000,000,000 | RH-D | M] -- C:\Users\Gilberto\AppData\Roaming\SecuROM
[2011.12.22 16:00:04 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Skype
[2011.10.12 13:35:34 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\skypePM
[2012.02.11 14:48:20 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\SoftGrid Client
[2011.04.19 10:18:17 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Teeworlds
[2010.10.21 16:32:03 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Thinstall
[2010.11.03 22:48:56 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\TP
[2011.10.10 00:35:30 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\TS3Client
[2012.02.09 20:00:50 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\vlc
[2010.10.24 21:43:51 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.04.06 18:48:16 | 000,270,848 | ---- | M] (Teckda) -- C:\Users\Gilberto\AppData\Roaming\.minecraft\Minecraft Custom Nickname Loader.exe
[2010.10.21 03:00:02 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Gilberto\AppData\Roaming\.minecraft\Minecraft Updater.exe
[2011.01.14 12:37:54 | 000,232,501 | ---- | M] () -- C:\Users\Gilberto\AppData\Roaming\.minecraft\Minecraft.exe
[2011.04.06 18:48:16 | 000,270,848 | ---- | M] (Teckda) -- C:\Users\Gilberto\AppData\Roaming\DivX\.minecraft\Minecraft Custom Nickname Loader.exe
[2010.10.21 03:00:02 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Gilberto\AppData\Roaming\DivX\.minecraft\Minecraft Updater.exe
[2011.01.14 12:37:54 | 000,232,501 | ---- | M] () -- C:\Users\Gilberto\AppData\Roaming\DivX\.minecraft\Minecraft.exe
[2010.11.03 19:10:57 | 000,011,502 | RH-- | M] () -- C:\Users\Gilberto\AppData\Roaming\Microsoft\Installer\{7E641E46-81DB-4D1D-906A-48342523051C}\ARPPRODUCTICON.exe
[2010.11.03 19:10:57 | 000,053,248 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\Gilberto\AppData\Roaming\Microsoft\Installer\{7E641E46-81DB-4D1D-906A-48342523051C}\FlatOut2.exe1_C884B05AF5D94AE49D84E6BD9F6E7890.exe
[2010.11.03 19:10:57 | 000,053,248 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\Gilberto\AppData\Roaming\Microsoft\Installer\{7E641E46-81DB-4D1D-906A-48342523051C}\FlatOut2.exe_C884B05AF5D94AE49D84E6BD9F6E7890.exe
[2010.11.03 19:10:57 | 000,015,086 | RH-- | M] () -- C:\Users\Gilberto\AppData\Roaming\Microsoft\Installer\{7E641E46-81DB-4D1D-906A-48342523051C}\NewShortcut5_C884B05AF5D94AE49D84E6BD9F6E7890.exe
[2010.11.03 19:10:57 | 000,008,854 | RH-- | M] () -- C:\Users\Gilberto\AppData\Roaming\Microsoft\Installer\{7E641E46-81DB-4D1D-906A-48342523051C}\Uninstall_FlatOut2_C884B05AF5D94AE49D84E6BD9F6E7890.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

KazZk · 12.02.2012, 13:49

und nun?

cosinus · 12.02.2012, 14:51

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-1723137728-4224196469-615314354-1000..\Run: [Facebook Update] C:\Users\Gilberto\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0079fd73-feb3-11df-bdb2-e0cb4e99190b}\Shell - "" = AutoRun
O33 - MountPoints2\{0079fd73-feb3-11df-bdb2-e0cb4e99190b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
MsConfig - StartUpReg: facemoods - hkey= - key= -  File not found
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

KazZk · 12.02.2012, 15:14

er hat sofort erstma n neustart gemacht, log war dann aber noch da. immerhin hat er jetzt schon nicht mehr die benutzeranmeldung übersprungen

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1723137728-4224196469-615314354-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
C:\Users\Gilberto\AppData\Local\Facebook\Update\FacebookUpdate.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0079fd73-feb3-11df-bdb2-e0cb4e99190b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0079fd73-feb3-11df-bdb2-e0cb4e99190b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0079fd73-feb3-11df-bdb2-e0cb4e99190b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0079fd73-feb3-11df-bdb2-e0cb4e99190b}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\facemoods\ deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gilberto
->Temp folder emptied: 4561492 bytes
->Temporary Internet Files folder emptied: 1337653 bytes
->Java cache emptied: 17501967 bytes
->FireFox cache emptied: 49102543 bytes
->Flash cache emptied: 548 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 548950 bytes
RecycleBin emptied: 1147242 bytes
 
Total Files Cleaned = 71,00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 02122012_151004

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus · 12.02.2012, 15:29

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

KazZk · 12.02.2012, 16:00

Ist das normal, dass antivir, trotz inaktivität rummeckert über tdsskiller?

hier ist das log:

Code:

ATTFilter

15:48:41.0776 1000	TDSS rootkit removing tool 2.7.11.0 Feb  9 2012 10:12:57
15:48:41.0808 1000	============================================================
15:48:41.0808 1000	Current date / time: 2012/02/12 15:48:41.0808
15:48:41.0808 1000	SystemInfo:
15:48:41.0808 1000	
15:48:41.0808 1000	OS Version: 6.1.7600 ServicePack: 0.0
15:48:41.0808 1000	Product type: Workstation
15:48:41.0808 1000	ComputerName: MARV
15:48:41.0808 1000	UserName: Gilberto
15:48:41.0808 1000	Windows directory: C:\windows
15:48:41.0808 1000	System windows directory: C:\windows
15:48:41.0808 1000	Processor architecture: Intel x86
15:48:41.0808 1000	Number of processors: 2
15:48:41.0808 1000	Page size: 0x1000
15:48:41.0808 1000	Boot type: Normal boot
15:48:41.0808 1000	============================================================
15:48:43.0368 1000	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:48:43.0368 1000	Drive \Device\Harddisk1\DR5 - Size: 0x3C800000 (0.95 Gb), SectorSize: 0x800, Cylinders: 0x1E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:48:43.0383 1000	\Device\Harddisk0\DR0:
15:48:43.0383 1000	MBR used
15:48:43.0383 1000	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x23FDD000
15:48:43.0383 1000	\Device\Harddisk1\DR5:
15:48:43.0383 1000	MBR used
15:48:43.0461 1000	Initialize success
15:48:43.0461 1000	============================================================
15:50:44.0112 3256	============================================================
15:50:44.0112 3256	Scan started
15:50:44.0112 3256	Mode: Manual; SigCheck; TDLFS; 
15:50:44.0112 3256	============================================================
15:50:44.0814 3256	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
15:50:44.0923 3256	1394ohci - ok
15:50:45.0048 3256	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
15:50:45.0063 3256	ACPI - ok
15:50:45.0188 3256	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
15:50:45.0235 3256	AcpiPmi - ok
15:50:45.0360 3256	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
15:50:45.0391 3256	adp94xx - ok
15:50:45.0516 3256	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
15:50:45.0547 3256	adpahci - ok
15:50:45.0797 3256	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
15:50:45.0812 3256	adpu320 - ok
15:50:46.0077 3256	AFD             (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
15:50:46.0155 3256	AFD - ok
15:50:46.0265 3256	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
15:50:46.0280 3256	agp440 - ok
15:50:46.0389 3256	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
15:50:46.0405 3256	aic78xx - ok
15:50:46.0530 3256	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
15:50:46.0545 3256	aliide - ok
15:50:46.0577 3256	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
15:50:46.0592 3256	amdagp - ok
15:50:46.0701 3256	amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
15:50:46.0717 3256	amdide - ok
15:50:46.0904 3256	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
15:50:46.0951 3256	AmdK8 - ok
15:50:47.0169 3256	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
15:50:47.0216 3256	AmdPPM - ok
15:50:47.0357 3256	amdsata         (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
15:50:47.0372 3256	amdsata - ok
15:50:47.0419 3256	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
15:50:47.0450 3256	amdsbs - ok
15:50:47.0544 3256	amdxata         (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
15:50:47.0559 3256	amdxata - ok
15:50:47.0591 3256	AmUStor         (d2bf422c2611632afb9ce8f7b2a8c306) C:\windows\system32\drivers\AmUStor.SYS
15:50:47.0622 3256	AmUStor - ok
15:50:47.0778 3256	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
15:50:47.0825 3256	AppID - ok
15:50:48.0027 3256	arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
15:50:48.0043 3256	arc - ok
15:50:48.0152 3256	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
15:50:48.0183 3256	arcsas - ok
15:50:48.0308 3256	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
15:50:48.0402 3256	AsyncMac - ok
15:50:48.0511 3256	atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
15:50:48.0527 3256	atapi - ok
15:50:48.0667 3256	athr            (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys
15:50:48.0729 3256	athr - ok
15:50:48.0870 3256	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\windows\system32\DRIVERS\avgntflt.sys
15:50:48.0932 3256	avgntflt - ok
15:50:49.0119 3256	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\windows\system32\DRIVERS\avipbb.sys
15:50:49.0151 3256	avipbb - ok
15:50:49.0338 3256	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
15:50:49.0400 3256	b06bdrv - ok
15:50:49.0509 3256	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
15:50:49.0556 3256	b57nd60x - ok
15:50:49.0681 3256	Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
15:50:49.0743 3256	Beep - ok
15:50:49.0837 3256	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
15:50:49.0868 3256	blbdrive - ok
15:50:50.0009 3256	bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
15:50:50.0040 3256	bowser - ok
15:50:50.0180 3256	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
15:50:50.0211 3256	BrFiltLo - ok
15:50:50.0227 3256	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
15:50:50.0274 3256	BrFiltUp - ok
15:50:50.0414 3256	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
15:50:50.0461 3256	Brserid - ok
15:50:50.0555 3256	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
15:50:50.0601 3256	BrSerWdm - ok
15:50:50.0695 3256	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
15:50:50.0742 3256	BrUsbMdm - ok
15:50:50.0851 3256	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
15:50:50.0898 3256	BrUsbSer - ok
15:50:50.0991 3256	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
15:50:51.0038 3256	BTHMODEM - ok
15:50:51.0163 3256	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
15:50:51.0225 3256	cdfs - ok
15:50:51.0350 3256	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
15:50:51.0381 3256	cdrom - ok
15:50:51.0506 3256	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
15:50:51.0537 3256	circlass - ok
15:50:51.0709 3256	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
15:50:51.0725 3256	CLFS - ok
15:50:51.0927 3256	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
15:50:51.0959 3256	CmBatt - ok
15:50:52.0005 3256	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
15:50:52.0037 3256	cmdide - ok
15:50:52.0099 3256	CNG             (36c252e474b2ffa0f0fbbff20d92a640) C:\windows\system32\Drivers\cng.sys
15:50:52.0161 3256	CNG - ok
15:50:52.0271 3256	Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
15:50:52.0302 3256	Compbatt - ok
15:50:52.0349 3256	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
15:50:52.0380 3256	CompositeBus - ok
15:50:52.0489 3256	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
15:50:52.0505 3256	crcdisk - ok
15:50:52.0692 3256	DfsC            (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
15:50:52.0739 3256	DfsC - ok
15:50:52.0879 3256	discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
15:50:52.0941 3256	discache - ok
15:50:53.0113 3256	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
15:50:53.0129 3256	Disk - ok
15:50:53.0269 3256	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
15:50:53.0300 3256	drmkaud - ok
15:50:53.0441 3256	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
15:50:53.0472 3256	DXGKrnl - ok
15:50:53.0690 3256	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
15:50:53.0815 3256	ebdrv - ok
15:50:53.0987 3256	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
15:50:54.0018 3256	elxstor - ok
15:50:54.0205 3256	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
15:50:54.0236 3256	ErrDev - ok
15:50:54.0361 3256	ETD             (249d08177b2080163e600c3424f1a6af) C:\windows\system32\DRIVERS\ETD.sys
15:50:54.0392 3256	ETD - ok
15:50:54.0455 3256	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
15:50:54.0517 3256	exfat - ok
15:50:54.0626 3256	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
15:50:54.0689 3256	fastfat - ok
15:50:54.0813 3256	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
15:50:54.0845 3256	fdc - ok
15:50:54.0969 3256	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
15:50:54.0985 3256	FileInfo - ok
15:50:55.0016 3256	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
15:50:55.0063 3256	Filetrace - ok
15:50:55.0266 3256	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
15:50:55.0297 3256	flpydisk - ok
15:50:55.0484 3256	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
15:50:55.0515 3256	FltMgr - ok
15:50:55.0656 3256	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
15:50:55.0671 3256	FsDepends - ok
15:50:55.0874 3256	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
15:50:55.0890 3256	Fs_Rec - ok
15:50:56.0124 3256	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
15:50:56.0155 3256	fvevol - ok
15:50:56.0311 3256	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
15:50:56.0327 3256	gagp30kx - ok
15:50:56.0514 3256	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
15:50:56.0529 3256	GEARAspiWDM - ok
15:50:56.0717 3256	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
15:50:56.0795 3256	hcw85cir - ok
15:50:56.0966 3256	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
15:50:57.0013 3256	HdAudAddService - ok
15:50:57.0185 3256	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
15:50:57.0216 3256	HDAudBus - ok
15:50:57.0387 3256	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
15:50:57.0419 3256	HidBatt - ok
15:50:57.0559 3256	HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
15:50:57.0606 3256	HidBth - ok
15:50:57.0777 3256	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
15:50:57.0809 3256	HidIr - ok
15:50:57.0996 3256	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
15:50:58.0027 3256	HidUsb - ok
15:50:58.0230 3256	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
15:50:58.0245 3256	HpSAMD - ok
15:50:58.0464 3256	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
15:50:58.0526 3256	HTTP - ok
15:50:58.0651 3256	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
15:50:58.0667 3256	hwpolicy - ok
15:50:58.0791 3256	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
15:50:58.0823 3256	i8042prt - ok
15:50:58.0963 3256	iaStorV         (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
15:50:58.0979 3256	iaStorV - ok
15:50:59.0540 3256	igfx            (8266ae06df974e5ba047b3e9e9e70b3f) C:\windows\system32\DRIVERS\igdkmd32.sys
15:50:59.0837 3256	igfx - ok
15:50:59.0946 3256	iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
15:50:59.0961 3256	iirsp - ok
15:50:59.0993 3256	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
15:51:00.0008 3256	intelide - ok
15:51:00.0133 3256	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
15:51:00.0164 3256	intelppm - ok
15:51:00.0273 3256	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
15:51:00.0336 3256	IpFilterDriver - ok
15:51:00.0492 3256	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
15:51:00.0523 3256	IPMIDRV - ok
15:51:00.0617 3256	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
15:51:00.0648 3256	IPNAT - ok
15:51:00.0773 3256	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
15:51:00.0835 3256	IRENUM - ok
15:51:01.0038 3256	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
15:51:01.0053 3256	isapnp - ok
15:51:01.0147 3256	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
15:51:01.0163 3256	iScsiPrt - ok
15:51:01.0334 3256	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
15:51:01.0350 3256	kbdclass - ok
15:51:01.0506 3256	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
15:51:01.0537 3256	kbdhid - ok
15:51:01.0646 3256	KSecDD          (0263364acb9c834ace52fb85c2c064ec) C:\windows\system32\Drivers\ksecdd.sys
15:51:01.0662 3256	KSecDD - ok
15:51:01.0833 3256	KSecPkg         (27391db553be2a4e2b0adeea2873b2af) C:\windows\system32\Drivers\ksecpkg.sys
15:51:01.0849 3256	KSecPkg - ok
15:51:01.0989 3256	L1E             (f7cdaba15c7e853f0a11af6d77fca990) C:\windows\system32\DRIVERS\L1E62x86.sys
15:51:02.0036 3256	L1E - ok
15:51:02.0161 3256	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
15:51:02.0208 3256	lltdio - ok
15:51:02.0379 3256	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
15:51:02.0395 3256	LSI_FC - ok
15:51:02.0520 3256	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
15:51:02.0535 3256	LSI_SAS - ok
15:51:02.0660 3256	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
15:51:02.0676 3256	LSI_SAS2 - ok
15:51:02.0707 3256	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
15:51:02.0738 3256	LSI_SCSI - ok
15:51:02.0847 3256	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
15:51:02.0879 3256	luafv - ok
15:51:03.0019 3256	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
15:51:03.0035 3256	megasas - ok
15:51:03.0144 3256	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
15:51:03.0175 3256	MegaSR - ok
15:51:03.0284 3256	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
15:51:03.0347 3256	Modem - ok
15:51:03.0456 3256	monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
15:51:03.0503 3256	monitor - ok
15:51:03.0612 3256	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
15:51:03.0612 3256	mouclass - ok
15:51:03.0737 3256	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
15:51:03.0799 3256	mouhid - ok
15:51:03.0908 3256	mountmgr        (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
15:51:03.0924 3256	mountmgr - ok
15:51:04.0017 3256	mpio            (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
15:51:04.0049 3256	mpio - ok
15:51:04.0080 3256	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
15:51:04.0189 3256	mpsdrv - ok
15:51:04.0283 3256	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
15:51:04.0314 3256	MRxDAV - ok
15:51:04.0439 3256	mrxsmb          (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
15:51:04.0501 3256	mrxsmb - ok
15:51:04.0641 3256	mrxsmb10        (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys
15:51:04.0673 3256	mrxsmb10 - ok
15:51:04.0907 3256	mrxsmb20        (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
15:51:04.0938 3256	mrxsmb20 - ok
15:51:05.0187 3256	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
15:51:05.0203 3256	msahci - ok
15:51:05.0328 3256	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
15:51:05.0359 3256	msdsm - ok
15:51:05.0562 3256	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
15:51:05.0640 3256	Msfs - ok
15:51:05.0827 3256	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
15:51:05.0874 3256	mshidkmdf - ok
15:51:06.0170 3256	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
15:51:06.0201 3256	msisadrv - ok
15:51:06.0357 3256	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
15:51:06.0451 3256	MSKSSRV - ok
15:51:06.0669 3256	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
15:51:06.0763 3256	MSPCLOCK - ok
15:51:06.0981 3256	MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
15:51:07.0013 3256	MSPQM - ok
15:51:07.0309 3256	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
15:51:07.0340 3256	MsRPC - ok
15:51:07.0543 3256	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
15:51:07.0559 3256	mssmbios - ok
15:51:07.0808 3256	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
15:51:07.0855 3256	MSTEE - ok
15:51:08.0089 3256	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
15:51:08.0136 3256	MTConfig - ok
15:51:08.0261 3256	MTsensor        (bb16693616427eac1a436e106ea8d318) C:\windows\system32\DRIVERS\ATKACPI.sys
15:51:08.0276 3256	MTsensor - ok
15:51:08.0307 3256	Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
15:51:08.0339 3256	Mup - ok
15:51:08.0448 3256	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
15:51:08.0479 3256	NativeWifiP - ok
15:51:08.0635 3256	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
15:51:08.0651 3256	NDIS - ok
15:51:08.0822 3256	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
15:51:08.0885 3256	NdisCap - ok
15:51:08.0916 3256	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
15:51:08.0947 3256	NdisTapi - ok
15:51:09.0025 3256	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
15:51:09.0103 3256	Ndisuio - ok
15:51:09.0197 3256	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
15:51:09.0243 3256	NdisWan - ok
15:51:09.0275 3256	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
15:51:09.0337 3256	NDProxy - ok
15:51:09.0446 3256	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
15:51:09.0509 3256	NetBIOS - ok
15:51:09.0618 3256	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
15:51:09.0665 3256	NetBT - ok
15:51:09.0789 3256	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
15:51:09.0805 3256	nfrd960 - ok
15:51:10.0070 3256	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
15:51:10.0117 3256	Npfs - ok
15:51:10.0164 3256	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
15:51:10.0195 3256	nsiproxy - ok
15:51:10.0304 3256	Ntfs            (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
15:51:10.0351 3256	Ntfs - ok
15:51:10.0445 3256	Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
15:51:10.0523 3256	Null - ok
15:51:10.0725 3256	nvraid          (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
15:51:10.0757 3256	nvraid - ok
15:51:10.0975 3256	nvstor          (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
15:51:11.0006 3256	nvstor - ok
15:51:11.0084 3256	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
15:51:11.0115 3256	nv_agp - ok
15:51:11.0178 3256	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
15:51:11.0209 3256	ohci1394 - ok
15:51:11.0318 3256	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
15:51:11.0349 3256	Parport - ok
15:51:11.0381 3256	partmgr         (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
15:51:11.0396 3256	partmgr - ok
15:51:11.0459 3256	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
15:51:11.0490 3256	Parvdm - ok
15:51:11.0537 3256	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
15:51:11.0552 3256	pci - ok
15:51:11.0568 3256	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
15:51:11.0583 3256	pciide - ok
15:51:11.0661 3256	pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
15:51:11.0677 3256	pcmcia - ok
15:51:11.0708 3256	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
15:51:11.0739 3256	pcw - ok
15:51:11.0817 3256	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
15:51:11.0880 3256	PEAUTH - ok
15:51:12.0067 3256	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
15:51:12.0114 3256	PptpMiniport - ok
15:51:12.0301 3256	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
15:51:12.0348 3256	Processor - ok
15:51:12.0551 3256	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
15:51:12.0597 3256	Psched - ok
15:51:12.0800 3256	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
15:51:12.0831 3256	ql2300 - ok
15:51:12.0972 3256	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
15:51:12.0987 3256	ql40xx - ok
15:51:13.0143 3256	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
15:51:13.0190 3256	QWAVEdrv - ok
15:51:13.0331 3256	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
15:51:13.0377 3256	RasAcd - ok
15:51:13.0518 3256	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
15:51:13.0580 3256	RasAgileVpn - ok
15:51:13.0689 3256	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
15:51:13.0752 3256	Rasl2tp - ok
15:51:13.0908 3256	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
15:51:13.0955 3256	RasPppoe - ok
15:51:14.0142 3256	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
15:51:14.0173 3256	RasSstp - ok
15:51:14.0345 3256	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
15:51:14.0407 3256	rdbss - ok
15:51:14.0501 3256	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
15:51:14.0547 3256	rdpbus - ok
15:51:14.0703 3256	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
15:51:14.0766 3256	RDPCDD - ok
15:51:14.0875 3256	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
15:51:14.0953 3256	RDPENCDD - ok
15:51:15.0078 3256	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
15:51:15.0109 3256	RDPREFMP - ok
15:51:15.0218 3256	RDPWD           (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
15:51:15.0281 3256	RDPWD - ok
15:51:15.0405 3256	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
15:51:15.0437 3256	rdyboost - ok
15:51:15.0530 3256	RimUsb          (0f6756ef8bda6dfa7be50465c83132bb) C:\windows\system32\Drivers\RimUsb.sys
15:51:15.0577 3256	RimUsb - ok
15:51:15.0686 3256	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
15:51:15.0749 3256	rspndr - ok
15:51:15.0842 3256	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
15:51:15.0873 3256	sbp2port - ok
15:51:16.0045 3256	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
15:51:16.0092 3256	scfilter - ok
15:51:16.0217 3256	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
15:51:16.0326 3256	secdrv - ok
15:51:16.0451 3256	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
15:51:16.0482 3256	Serenum - ok
15:51:16.0529 3256	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
15:51:16.0544 3256	Serial - ok
15:51:16.0653 3256	sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
15:51:16.0685 3256	sermouse - ok
15:51:16.0794 3256	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
15:51:16.0825 3256	sffdisk - ok
15:51:16.0856 3256	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
15:51:16.0887 3256	sffp_mmc - ok
15:51:16.0965 3256	sffp_sd         (a0708bbd07d245c06ff9de549ca47185) C:\windows\system32\DRIVERS\sffp_sd.sys
15:51:16.0997 3256	sffp_sd - ok
15:51:17.0012 3256	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
15:51:17.0043 3256	sfloppy - ok
15:51:17.0153 3256	Sftfs           (8f00cc8cacf83dce5b35079f615b0f12) C:\windows\system32\DRIVERS\Sftfslh.sys
15:51:17.0168 3256	Sftfs - ok
15:51:17.0293 3256	Sftplay         (afdb934586c4c8b2be39ae7eea6f52be) C:\windows\system32\DRIVERS\Sftplaylh.sys
15:51:17.0309 3256	Sftplay - ok
15:51:17.0324 3256	Sftredir        (6b1865d82e0290729ed7496c24275592) C:\windows\system32\DRIVERS\Sftredirlh.sys
15:51:17.0340 3256	Sftredir - ok
15:51:17.0418 3256	Sftvol          (621eccb1265a01ce2bdf6f2c5e727e2b) C:\windows\system32\DRIVERS\Sftvollh.sys
15:51:17.0433 3256	Sftvol - ok
15:51:17.0667 3256	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
15:51:17.0683 3256	sisagp - ok
15:51:17.0839 3256	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
15:51:17.0855 3256	SiSRaid2 - ok
15:51:17.0979 3256	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
15:51:17.0995 3256	SiSRaid4 - ok
15:51:18.0167 3256	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
15:51:18.0229 3256	Smb - ok
15:51:18.0525 3256	SNP2UVC         (060f51141b20b8156804446a04ab8b2a) C:\windows\system32\DRIVERS\snp2uvc.sys
15:51:18.0572 3256	SNP2UVC - ok
15:51:18.0697 3256	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
15:51:18.0713 3256	spldr - ok
15:51:18.0884 3256	srv             (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
15:51:18.0947 3256	srv - ok
15:51:19.0103 3256	srv2            (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
15:51:19.0118 3256	srv2 - ok
15:51:19.0274 3256	srvnet          (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
15:51:19.0321 3256	srvnet - ok
15:51:19.0539 3256	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
15:51:19.0571 3256	ssmdrv - ok
15:51:19.0695 3256	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
15:51:19.0711 3256	stexstor - ok
15:51:19.0820 3256	swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
15:51:19.0851 3256	swenum - ok
15:51:19.0929 3256	Tcpip           (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\drivers\tcpip.sys
15:51:19.0992 3256	Tcpip - ok
15:51:20.0148 3256	TCPIP6          (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\DRIVERS\tcpip.sys
15:51:20.0195 3256	TCPIP6 - ok
15:51:20.0304 3256	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
15:51:20.0351 3256	tcpipreg - ok
15:51:20.0475 3256	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
15:51:20.0522 3256	TDPIPE - ok
15:51:20.0616 3256	TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
15:51:20.0678 3256	TDTCP - ok
15:51:20.0694 3256	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
15:51:20.0725 3256	tdx - ok
15:51:20.0834 3256	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
15:51:20.0850 3256	TermDD - ok
15:51:20.0975 3256	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
15:51:21.0037 3256	tssecsrv - ok
15:51:21.0224 3256	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
15:51:21.0287 3256	tunnel - ok
15:51:21.0474 3256	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
15:51:21.0489 3256	uagp35 - ok
15:51:21.0583 3256	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
15:51:21.0614 3256	udfs - ok
15:51:21.0786 3256	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
15:51:21.0801 3256	uliagpkx - ok
15:51:21.0864 3256	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
15:51:21.0911 3256	umbus - ok
15:51:22.0035 3256	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
15:51:22.0098 3256	UmPass - ok
15:51:22.0223 3256	usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
15:51:22.0238 3256	usbccgp - ok
15:51:22.0332 3256	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
15:51:22.0363 3256	usbcir - ok
15:51:22.0472 3256	usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
15:51:22.0503 3256	usbehci - ok
15:51:22.0613 3256	usbhub          (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys
15:51:22.0644 3256	usbhub - ok
15:51:22.0753 3256	usbohci         (eb2d819a639015253c871cda09d91d58) C:\windows\system32\drivers\usbohci.sys
15:51:22.0769 3256	usbohci - ok
15:51:22.0800 3256	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
15:51:22.0815 3256	usbprint - ok
15:51:22.0940 3256	USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
15:51:22.0971 3256	USBSTOR - ok
15:51:23.0018 3256	usbuhci         (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\DRIVERS\usbuhci.sys
15:51:23.0049 3256	usbuhci - ok
15:51:23.0143 3256	usbvideo        (f642a7e4bf78cfa359cca0a3557c28d7) C:\windows\System32\Drivers\usbvideo.sys
15:51:23.0174 3256	usbvideo - ok
15:51:23.0283 3256	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
15:51:23.0315 3256	vdrvroot - ok
15:51:23.0393 3256	vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
15:51:23.0424 3256	vga - ok
15:51:23.0502 3256	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
15:51:23.0549 3256	VgaSave - ok
15:51:23.0611 3256	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
15:51:23.0627 3256	vhdmp - ok
15:51:23.0829 3256	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
15:51:23.0845 3256	viaagp - ok
15:51:23.0970 3256	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
15:51:24.0001 3256	ViaC7 - ok
15:51:24.0126 3256	VIAHdAudAddService (f6c19f00f10343af369f6251969e9047) C:\windows\system32\drivers\viahduaa.sys
15:51:24.0188 3256	VIAHdAudAddService - ok
15:51:24.0282 3256	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
15:51:24.0297 3256	viaide - ok
15:51:24.0313 3256	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
15:51:24.0329 3256	volmgr - ok
15:51:24.0360 3256	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
15:51:24.0375 3256	volmgrx - ok
15:51:24.0485 3256	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
15:51:24.0500 3256	volsnap - ok
15:51:24.0609 3256	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
15:51:24.0641 3256	vsmraid - ok
15:51:24.0672 3256	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
15:51:24.0703 3256	vwifibus - ok
15:51:24.0812 3256	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
15:51:24.0859 3256	vwififlt - ok
15:51:24.0953 3256	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
15:51:24.0984 3256	WacomPen - ok
15:51:25.0031 3256	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
15:51:25.0093 3256	WANARP - ok
15:51:25.0093 3256	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
15:51:25.0124 3256	Wanarpv6 - ok
15:51:25.0202 3256	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
15:51:25.0233 3256	Wd - ok
15:51:25.0265 3256	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
15:51:25.0296 3256	Wdf01000 - ok
15:51:25.0436 3256	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
15:51:25.0483 3256	WfpLwf - ok
15:51:25.0608 3256	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
15:51:25.0623 3256	WIMMount - ok
15:51:25.0842 3256	WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
15:51:25.0904 3256	WinUsb - ok
15:51:26.0045 3256	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
15:51:26.0091 3256	WmiAcpi - ok
15:51:26.0263 3256	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
15:51:26.0294 3256	ws2ifsl - ok
15:51:26.0403 3256	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
15:51:26.0466 3256	WudfPf - ok
15:51:26.0559 3256	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
15:51:26.0622 3256	WUDFRd - ok
15:51:26.0684 3256	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:51:26.0778 3256	\Device\Harddisk0\DR0 - ok
15:51:26.0809 3256	MBR (0x1B8)     (17e9e7ca52a3da4e3a5b81c0a1b93922) \Device\Harddisk1\DR5
15:53:13.0373 3256	\Device\Harddisk1\DR5 - ok
15:53:13.0404 3256	Boot (0x1200)   (b7c28429e5c049b0169784c6c2c2881d) \Device\Harddisk0\DR0\Partition0
15:53:13.0404 3256	\Device\Harddisk0\DR0\Partition0 - ok
15:53:13.0404 3256	============================================================
15:53:13.0404 3256	Scan finished
15:53:13.0404 3256	============================================================
15:53:13.0435 2052	Detected object count: 0
15:53:13.0435 2052	Actual detected object count: 0

cosinus · 12.02.2012, 16:11

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

KazZk · 13.02.2012, 12:27

hier das CF log:

Code:

ATTFilter

ComboFix 12-02-12.01 - Gilberto 13.02.2012  12:15:57.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3037.2049 [GMT 1:00]
ausgeführt von:: c:\users\Gilberto\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gilberto\4.0
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-13 bis 2012-02-13  ))))))))))))))))))))))))))))))
.
.
2012-02-13 11:22 . 2012-02-13 11:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-12 14:10 . 2012-02-12 14:10	--------	d-----w-	C:\_OTL
2012-02-09 16:21 . 2012-01-06 04:19	6557240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7096B073-7654-4BCC-90A4-AE19E3EBF38E}\mpengine.dll
2012-02-09 16:14 . 2012-02-09 16:14	--------	d-----w-	c:\program files\ESET
2012-02-02 13:25 . 2012-02-02 13:31	--------	d-----w-	c:\users\Gilberto\.tfo4
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:21 . 2010-10-21 12:45	237072	------w-	c:\windows\system32\MpSigStub.exe
2011-12-10 14:24 . 2011-04-19 00:53	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-24 04:23 . 2011-12-15 13:36	2340352	----a-w-	c:\windows\system32\win32k.sys
2011-11-19 14:06 . 2012-01-11 23:02	67072	----a-w-	c:\windows\system32\packager.dll
2011-11-17 05:48 . 2012-01-14 03:35	134000	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2011-11-17 05:48 . 2012-01-14 03:35	67440	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2011-11-17 05:42 . 2012-01-14 03:35	369352	----a-w-	c:\windows\system32\drivers\cng.sys
2011-11-17 05:41 . 2012-01-11 23:02	1288984	----a-w-	c:\windows\system32\ntdll.dll
2011-11-17 05:39 . 2012-01-14 03:35	314368	----a-w-	c:\windows\system32\webio.dll
2011-11-17 05:39 . 2012-01-14 03:35	99840	----a-w-	c:\windows\system32\sspicli.dll
2011-11-17 05:39 . 2012-01-14 03:35	15360	----a-w-	c:\windows\system32\sspisrv.dll
2011-11-17 05:39 . 2012-01-14 03:35	224768	----a-w-	c:\windows\system32\schannel.dll
2011-11-17 05:39 . 2012-01-14 03:35	22016	----a-w-	c:\windows\system32\secur32.dll
2011-11-17 05:38 . 2012-01-14 03:35	1037312	----a-w-	c:\windows\system32\lsasrv.dll
2011-11-17 05:36 . 2012-01-14 03:35	22528	----a-w-	c:\windows\system32\lsass.exe
2011-11-27 11:08 . 2011-05-11 17:15	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2009-09-01 233472]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 1474560]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07	932288	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04	1164584	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-10 23:40	421160	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-14 20:34	1086760	----a-w-	c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07	2260480	--sha-r-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-09-30 19:31	1242448	----a-w-	c:\program files\Steam\Steam.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-03 136176]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 27136]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-07-29 87040]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-03 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-12-08 3616768]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 577384]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1066496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 29529008
*NewlyCreated* - 71440135
*Deregistered* - 29529008
*Deregistered* - 71440135
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-03 08:55]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-03 08:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://nmd.msn.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Gilberto\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\users\Gilberto\AppData\Roaming\Mozilla\Firefox\Profiles\12vgrl5m.default\
FF - prefs.js: browser.startup.homepage - www.web.de
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1723137728-4224196469-615314354-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:47,b5,6e,7e,84,cc,f5,10,6e,53,80,b2,f8,6f,28,7c,9f,43,8b,96,f8,d4,25,
   08,d2,de,d8,08,c7,31,ae,fc,a8,01,04,d4,d3,4b,d6,86,e0,f0,55,92,95,7a,3e,58,\
"??"=hex:bf,58,93,bd,da,24,13,ce,36,a9,00,da,dd,94,de,a2
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-13  12:24:28
ComboFix-quarantined-files.txt  2012-02-13 11:24
.
Vor Suchlauf: 15 Verzeichnis(se), 143.611.633.664 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 143.729.078.272 Bytes frei
.
- - End Of File - - 627EEEF2AD2A3E6DFC3D354C77B69CBC

cosinus · 13.02.2012, 13:15

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).