Nach Update Virusmeldung von AVIRA

masi76 · 19.02.2012, 05:59

Hallo Trojaner-Team,

der Rechner sich gestern nach dem fertiggestellten Update normal heruntergefahren. Gestern abend habe ich ihn eingeschaltet und
nach zwei Versuchen ihn hochzufahren hat es dann auch geklappt.
Zuvor blieb es nach dem Einschalten bei einem schwarzen Bildschirm.
Habe AntiMalwareBytes-Quickscan laufen lassen und es wurde tatsächlich
etwas gefunden (Banker-Trojaner). Log habe ich beigefügt. Während des
Scans hat sich auch AVIRA mit Folgendem gemeldet: In der Datei´C:\User\Markus\AppData\Local\...\plugin-pdf2.php´ wurde ein Virus oder unerwünschtes Programm ´EXP/Pidief.hcm´gefunden. Kann jemand mal drüber schauen, ob der Schädling noch da ist?

Merci!!!

cosinus · 20.02.2012, 13:08

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

masi76 · 21.02.2012, 22:53

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d0981509bee53c42abe9a9defe537834
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-27 03:42:42
# local_time=2010-10-27 05:42:42 (+0100, W. Europe Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 428077 428077 0 0
# compatibility_mode=1024 16777215 100 0 75847330 75847330 0 0
# compatibility_mode=1797 16775165 100 100 514405 63703884 20827 0
# compatibility_mode=5892 16776573 100 100 29490 125721305 0 0
# compatibility_mode=8192 67108863 100 0 681 681 0 0
# scanned=133035
# found=0
# cleaned=0
# scan_time=5585
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d0981509bee53c42abe9a9defe537834
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-23 09:42:11
# local_time=2010-11-23 10:42:11 (+0100, W. Europe Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 2734452 2734452 0 0
# compatibility_mode=1024 16777215 100 0 78153705 78153705 0 0
# compatibility_mode=1797 16775165 100 100 710478 65391516 742481 0
# compatibility_mode=5892 16776573 100 100 4284 128027680 0 0
# compatibility_mode=8192 67108863 100 0 2307056 2307056 0 0
# scanned=132685
# found=1
# cleaned=0
# scan_time=10379
C:\Users\Markus\AppData\Local\VirtualStore\Windows\System32\owlg.uto a variant of Win32/Oficla.IF trojan 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d0981509bee53c42abe9a9defe537834
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-21 06:18:56
# local_time=2012-02-21 07:18:56 (+0100, W. Europe Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 42068793 42068793 0 0
# compatibility_mode=1024 16777215 100 0 117488046 117488046 0 0
# compatibility_mode=1792 16777215 100 0 8328212 8328212 0 0
# compatibility_mode=5892 16776573 100 100 25763 167362021 0 0
# compatibility_mode=8192 67108863 100 0 41641397 41641397 0 0
# scanned=145791
# found=8
# cleaned=8
# scan_time=19045
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.url Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Markus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.url Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Public\Desktop\eBay.url Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\03102011_151855\C_Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\03102011_151855\C_Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\03102011_151855\C_Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\03102011_151855\C_Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\03102011_151855\C_Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
[/CODE]

cosinus · 22.02.2012, 10:59

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

masi76 · 22.02.2012, 14:23

Code:

ATTFilter

OTL logfile created on: 22/02/2012 13:55:50 - Run 4
OTL by OldTimer - Version 3.2.33.2     Folder = C:\Users\Markus\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1013.38 Mb Total Physical Memory | 305.05 Mb Available Physical Memory | 30.10% Memory free
2.24 Gb Paging File | 1.10 Gb Available in Paging File | 49.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.41 Gb Total Space | 28.23 Gb Free Space | 40.67% Space Free | Partition Type: NTFS
Drive D: | 5.12 Gb Total Space | 1.16 Gb Free Space | 22.74% Space Free | Partition Type: NTFS
 
Computer Name: PIM-PC | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Markus\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\DivX\DivX Plus Web Player\DPB3.dll ()
MOD - C:\Program Files\DivX\DivX Plus Web Player\libxml2.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()
MOD - C:\Windows\System32\hccutils.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=irst&s={searchTerms}&f=4
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1916800003-2860886627-113782704-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-1916800003-2860886627-113782704-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-1916800003-2860886627-113782704-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com/?l=dis&o=APN10023&gct=hp
IE - HKU\S-1-5-21-1916800003-2860886627-113782704-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1916800003-2860886627-113782704-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928
FF - prefs.js..extensions.enabledItems: {E5886C91-CDD7-4832-B32D-0830705A9C60}:1.0
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=iron"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Users\Markus\Desktop\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/31 06:08:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E5886C91-CDD7-4832-B32D-0830705A9C60}: C:\Users\Markus\AppData\Roaming\5012 [2011/03/23 21:53:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/21 13:50:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/28 17:05:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{E5886C91-CDD7-4832-B32D-0830705A9C60}: C:\Users\Markus\AppData\Roaming\5012 [2011/03/23 21:53:42 | 000,000,000 | ---D | M]
 
[2008/11/11 18:54:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\Mozilla\Extensions
[2012/01/26 09:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions
[2010/11/13 07:14:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/26 09:13:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/02/18 06:49:02 | 000,002,395 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\searchplugins\askcom.xml
[2011/02/10 19:02:38 | 000,003,915 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\searchplugins\sweetim.xml
[2011/11/23 11:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/11/06 21:46:25 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
() (No name found) -- C:\USERS\MARKUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6YWJG3VY.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
[2012/02/21 13:50:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/28 17:04:07 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012/01/11 04:23:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/11 04:23:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/11 04:23:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/03/24 09:09:10 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/01/11 04:23:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/11 04:23:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/11 04:23:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Facemoods = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.2.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0\
 
O1 HOSTS File: ([2011/03/10 15:19:12 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll (facemoods.com)
O3 - HKU\S-1-5-21-1916800003-2860886627-113782704-1002\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1916800003-2860886627-113782704-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1916800003-2860886627-113782704-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1916800003-2860886627-113782704-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6A33F6E-692D-467C-BD0F-A4CA55D576A6}: DhcpNameServer = 10.50.1.50 10.50.1.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD9D5497-BBC7-43CB-8ABF-03120CBB8B12}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\CompaqFlow.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\CompaqFlow.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/02/02 13:17:59 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\AskToolbar
[2012/02/02 13:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
[2012/02/02 13:08:13 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
[2012/02/02 13:08:13 | 000,000,000 | ---D | C] -- C:\Program Files\SopCast
[2010/05/19 19:45:13 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Markus\AppData\Roaming\pcouffin.sys
[1 C:\Users\Markus\AppData\Roaming\*.tmp files -> C:\Users\Markus\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/02/22 14:02:04 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/02/22 14:00:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0798338A-4626-44DD-9D57-0FE79EFEF1D8}.job
[2012/02/22 13:35:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/22 13:35:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/22 13:20:17 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/22 13:20:17 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/22 13:19:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/22 07:07:32 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2012/02/22 07:06:21 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/21 22:56:28 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/02/19 04:50:18 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/02/18 20:04:04 | 000,441,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/17 09:56:17 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/17 09:56:16 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/17 06:10:27 | 002,147,831 | ---- | M] () -- C:\Users\Markus\Desktop\Bewilligungsbescheid.pdf
[2012/02/16 08:59:12 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/02/02 13:08:14 | 000,000,788 | ---- | M] () -- C:\Users\Markus\Desktop\SopCast.lnk
[2012/02/02 12:49:21 | 007,908,196 | ---- | M] () -- C:\Users\Markus\Desktop\Setup-SopCast-3.4.8-2012-1-1.exe
[1 C:\Users\Markus\AppData\Roaming\*.tmp files -> C:\Users\Markus\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/02/19 04:50:18 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/02/17 06:11:20 | 002,147,831 | ---- | C] () -- C:\Users\Markus\Desktop\Bewilligungsbescheid.pdf
[2012/02/02 13:08:14 | 000,000,788 | ---- | C] () -- C:\Users\Markus\Desktop\SopCast.lnk
[2011/03/25 07:43:21 | 000,002,048 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\6ywjg3vy.default.dat
[2011/03/24 08:37:11 | 000,000,084 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\urhtps.dat
[2011/02/10 18:58:26 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011/02/07 19:11:57 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/07 19:11:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/07 19:11:57 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/07 19:11:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/07 19:11:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/05/19 19:45:13 | 000,007,887 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.cat
[2010/05/19 19:45:13 | 000,001,144 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.inf
[2010/04/16 09:56:09 | 000,019,552 | ---- | C] () -- C:\Windows\hpqins13.dat
 
========== LOP Check ==========
 
[2011/03/23 21:53:42 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\5012
[2009/11/13 18:11:03 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\AvaTrader
[2011/02/05 06:11:36 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\D3dvis
[2011/03/28 17:05:34 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Foxit
[2009/08/26 06:58:03 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\HaCon
[2011/03/23 21:53:23 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\kock
[2008/11/01 11:35:02 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\PC Suite
[2010/11/25 07:28:21 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\QuickScan
[2009/05/20 08:48:41 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Thunderbird
[2010/05/19 19:45:14 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Vso
[2011/03/25 07:50:26 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\xmldm
[2012/02/22 07:07:32 | 000,000,334 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2012/02/21 22:56:35 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/22 14:00:00 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0798338A-4626-44DD-9D57-0FE79EFEF1D8}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/03/23 21:53:42 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\5012
[2010/10/12 09:27:48 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Adobe
[2009/11/19 14:04:39 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Apple Computer
[2009/11/13 18:11:03 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\AvaTrader
[2011/11/17 05:47:44 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Avira
[2009/07/12 14:24:32 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\CyberLink
[2011/02/05 06:11:36 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\D3dvis
[2010/09/14 06:27:59 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\DivX
[2011/03/28 17:05:34 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Foxit
[2009/08/26 06:58:03 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\HaCon
[2009/07/12 14:24:14 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\HP
[2008/10/24 17:38:50 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Identities
[2011/03/23 21:53:23 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\kock
[2008/10/24 17:54:07 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Macromedia
[2010/10/21 17:02:02 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Malwarebytes
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Media Center Programs
[2010/10/22 16:15:00 | 000,000,000 | --SD | M] -- C:\Users\Markus\AppData\Roaming\Microsoft
[2009/05/20 08:48:45 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Mozilla
[2008/11/01 11:35:02 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\PC Suite
[2010/11/25 07:28:21 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\QuickScan
[2010/03/31 06:12:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Real
[2010/05/14 15:51:18 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Roxio
[2012/02/19 19:59:03 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Skype
[2012/02/19 16:03:46 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\skypePM
[2009/05/20 08:48:41 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Thunderbird
[2010/05/19 19:45:14 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Vso
[2011/03/25 07:50:26 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\xmldm
 
< %APPDATA%\*.exe /s >
[2009/04/06 22:39:16 | 001,603,584 | ---- | M] (ACT Forex) -- C:\Users\Markus\AppData\Roaming\AvaTrader\APP#088424AE\Fx_Client.exe
[2008/12/19 07:53:42 | 001,485,824 | ---- | M] (ACT Forex) -- C:\Users\Markus\AppData\Roaming\AvaTrader\APP#20EC98D1\Fx_Client.exe
[2009/04/06 22:39:16 | 001,603,584 | ---- | M] (ACT Forex) -- C:\Users\Markus\AppData\Roaming\AvaTrader\APP#37374F9A\Fx_Client.exe
[2009/01/08 22:43:38 | 001,542,656 | ---- | M] (ACT Forex) -- C:\Users\Markus\AppData\Roaming\AvaTrader\APP#531F45AB\Fx_Client.exe
[2009/08/27 20:40:00 | 001,665,024 | ---- | M] (ACT Forex) -- C:\Users\Markus\AppData\Roaming\AvaTrader\APP#5FB093AB\Fx_Client.exe
[2009/02/18 03:44:26 | 001,475,584 | ---- | M] (ACT Forex) -- C:\Users\Markus\AppData\Roaming\AvaTrader\APP#CE4C7B98\Fx_Client.exe
[2009/04/06 22:39:16 | 001,603,584 | ---- | M] (ACT Forex) -- C:\Users\Markus\AppData\Roaming\AvaTrader\APP#E37EC0CC\Fx_Client.exe
[2009/08/27 20:40:00 | 001,665,024 | ---- | M] (ACT Forex) -- C:\Users\Markus\AppData\Roaming\AvaTrader\APP#F04EB047\Fx_Client.exe
[2009/04/06 22:39:16 | 001,603,584 | ---- | M] (ACT Forex) -- C:\Users\Markus\AppData\Roaming\AvaTrader\APP#F81F84B8\Fx_Client.exe
[2010/01/05 08:39:42 | 000,402,952 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Markus\AppData\Roaming\Real\RealPlayer\setup\AU_setup11.exe
[2009/05/27 11:49:16 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Markus\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
[2010/03/29 21:47:52 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Markus\AppData\Roaming\Real\Update\setup3.10\setup.exe
[2010/12/09 07:17:26 | 000,506,024 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Markus\AppData\Roaming\Real\Update\setup3.13\setup.exe
[2011/01/31 21:25:13 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Markus\AppData\Roaming\Real\Update\setup3.14\setup.exe
[2009/03/19 08:14:14 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Markus\AppData\Roaming\Real\Update\temp\~Upg0\RealPlayer11.exe
[2009/04/08 07:53:30 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Markus\AppData\Roaming\Real\Update\temp\~Upg1\RealPlayer11.exe
[2009/04/20 13:03:49 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Markus\AppData\Roaming\Real\Update\temp\~Upg2\RealPlayer11.exe
[2009/05/05 11:47:25 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Markus\AppData\Roaming\Real\Update\temp\~Upg3\RealPlayer11.exe
[2009/05/15 11:48:18 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Markus\AppData\Roaming\Real\Update\temp\~Upg4\RealPlayer11.exe
[2009/05/27 11:49:11 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Markus\AppData\Roaming\Real\Update\temp\~Upg5\RealPlayer11.exe
[2012/02/22 13:42:54 | 000,315,512 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Markus\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.01\rnupgagent.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/15 15:34:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/15 15:34:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/15 15:34:22 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006/11/02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008/01/19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007/04/30 19:46:17 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009/04/11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll
[2009/04/11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009/04/11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2007/04/30 19:46:18 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008/01/19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006/11/02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008/01/19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008/01/19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006/11/02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008/01/19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008/01/19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

cosinus · 22.02.2012, 19:03

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
PRC - C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=irst&s={searchTerms}&f=4
IE - HKU\S-1-5-21-1916800003-2860886627-113782704-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-1916800003-2860886627-113782704-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-1916800003-2860886627-113782704-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com/?l=dis&o=APN10023&gct=hp
IE - HKU\S-1-5-21-1916800003-2860886627-113782704-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=iron"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
[2010/11/13 07:14:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/26 09:13:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/02/18 06:49:02 | 000,002,395 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\searchplugins\askcom.xml
[2011/02/10 19:02:38 | 000,003,915 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\searchplugins\sweetim.xml
[2012/01/11 04:23:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/03/24 09:09:10 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll (facemoods.com)
O3 - HKU\S-1-5-21-1916800003-2860886627-113782704-1002\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe (facemoods.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1916800003-2860886627-113782704-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1916800003-2860886627-113782704-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1916800003-2860886627-113782704-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2012/02/02 13:17:59 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\AskToolbar
[2011/03/23 21:53:42 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\5012
[2011/03/23 21:53:23 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\kock
[2011/03/25 07:50:26 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\xmldm
[2012/02/22 07:07:32 | 000,000,334 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

masi76 · 23.02.2012, 08:28

Hallo Arne,

beim Fix-Scan kam zwischendurch folgende Meldung:

OTL: OTL.exe-Corrupt File
The file or directory
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\
Cache.Trash\1\C2
is corrupt and unreadable. Please run the Chkdsk utility.

Diese Meldung lies sich nicht mit "OK" wegclicken, erst beim rebooten des
Rechners verschwand die Meldung.

Hier nun das Log:

Code:

ATTFilter

All processes killed
========== OTL ==========
No active process named Updater.exe was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKU\S-1-5-21-1916800003-2860886627-113782704-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1916800003-2860886627-113782704-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-1916800003-2860886627-113782704-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1916800003-2860886627-113782704-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "http://search.sweetim.com/search.asp?src=2&q=" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: ffxtlbr@Facemoods.com:1.2.1 removed from extensions.enabledItems
Prefs.js: "Facemoods Search" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "Facemoods Search" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Prefs.js: "http://start.facemoods.com/?a=iron" removed from browser.startup.homepage
Prefs.js: "chrome://browser-region/locale/region.properties" removed from sweetim.toolbar.previous.keyword.URL
C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\searchplugins\askcom.xml moved successfully.
C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\searchplugins\sweetim.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully.
C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1916800003-2860886627-113782704-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\facemoods deleted successfully.
C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1916800003-2860886627-113782704-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1916800003-2860886627-113782704-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1916800003-2860886627-113782704-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Users\Markus\AppData\Local\AskToolbar\Downloaded Program Files\temp folder moved successfully.
C:\Users\Markus\AppData\Local\AskToolbar\Downloaded Program Files folder moved successfully.
C:\Users\Markus\AppData\Local\AskToolbar folder moved successfully.
C:\Users\Markus\AppData\Roaming\5012\components folder moved successfully.
C:\Users\Markus\AppData\Roaming\5012 folder moved successfully.
C:\Users\Markus\AppData\Roaming\kock folder moved successfully.
C:\Users\Markus\AppData\Roaming\xmldm folder moved successfully.
C:\Windows\Tasks\RegistryBooster.job moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 400868 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Markus
->Temp folder emptied: 547492094 bytes
->Temporary Internet Files folder emptied: 108561284 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49348241 bytes
->Google Chrome cache emptied: 19311623 bytes
->Flash cache emptied: 129762 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 94496127 bytes
RecycleBin emptied: 9844501 bytes
 
Total Files Cleaned = 791.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.33.2 log created on 02232012_075929

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 23.02.2012, 12:19

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

masi76 · 23.02.2012, 16:13

Code:

ATTFilter

15:46:29.0160 4196	TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
15:46:29.0503 4196	============================================================
15:46:29.0504 4196	Current date / time: 2012/02/23 15:46:29.0503
15:46:29.0504 4196	SystemInfo:
15:46:29.0504 4196	
15:46:29.0504 4196	OS Version: 6.0.6002 ServicePack: 2.0
15:46:29.0504 4196	Product type: Workstation
15:46:29.0504 4196	ComputerName: PIM-PC
15:46:29.0509 4196	UserName: Markus
15:46:29.0509 4196	Windows directory: C:\Windows
15:46:29.0510 4196	System windows directory: C:\Windows
15:46:29.0510 4196	Processor architecture: Intel x86
15:46:29.0510 4196	Number of processors: 1
15:46:29.0510 4196	Page size: 0x1000
15:46:29.0510 4196	Boot type: Normal boot
15:46:29.0510 4196	============================================================
15:46:31.0793 4196	Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:46:31.0874 4196	\Device\Harddisk0\DR0:
15:46:31.0884 4196	MBR used
15:46:31.0884 4196	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8AD24E6
15:46:31.0884 4196	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x8AD2525, BlocksNum 0xA3BF9C
15:46:32.0144 4196	Initialize success
15:46:32.0144 4196	============================================================
15:51:33.0562 5024	============================================================
15:51:33.0563 5024	Scan started
15:51:33.0563 5024	Mode: Manual; SigCheck; TDLFS; 
15:51:33.0563 5024	============================================================
15:51:36.0283 5024	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:51:37.0016 5024	ACPI - ok
15:51:37.0586 5024	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
15:51:37.0748 5024	adp94xx - ok
15:51:38.0290 5024	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
15:51:38.0438 5024	adpahci - ok
15:51:38.0907 5024	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
15:51:38.0942 5024	adpu160m - ok
15:51:39.0371 5024	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
15:51:39.0410 5024	adpu320 - ok
15:51:39.0833 5024	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:51:40.0405 5024	AFD - ok
15:51:41.0041 5024	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
15:51:41.0073 5024	agp440 - ok
15:51:41.0478 5024	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:51:41.0525 5024	aic78xx - ok
15:51:42.0009 5024	aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
15:51:42.0087 5024	aliide - ok
15:51:42.0695 5024	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
15:51:42.0726 5024	amdagp - ok
15:51:43.0069 5024	amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
15:51:43.0101 5024	amdide - ok
15:51:43.0615 5024	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
15:51:44.0052 5024	AmdK7 - ok
15:51:44.0567 5024	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
15:51:44.0785 5024	AmdK8 - ok
15:51:45.0238 5024	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
15:51:45.0285 5024	arc - ok
15:51:45.0659 5024	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
15:51:45.0706 5024	arcsas - ok
15:51:46.0111 5024	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:51:46.0408 5024	AsyncMac - ok
15:51:46.0985 5024	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:51:47.0016 5024	atapi - ok
15:51:47.0562 5024	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
15:51:48.0779 5024	avgntflt - ok
15:51:49.0372 5024	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
15:51:49.0434 5024	avipbb - ok
15:51:49.0762 5024	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
15:51:49.0809 5024	avkmgr - ok
15:51:50.0245 5024	BCM43XV         (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
15:51:50.0448 5024	BCM43XV - ok
15:51:50.0573 5024	BCM43XX         (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
15:51:50.0667 5024	BCM43XX - ok
15:51:51.0088 5024	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:51:51.0259 5024	Beep - ok
15:51:51.0727 5024	blbdrive - ok
15:51:51.0883 5024	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:51:51.0961 5024	bowser - ok
15:51:52.0336 5024	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:51:52.0570 5024	BrFiltLo - ok
15:51:53.0053 5024	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:51:53.0163 5024	BrFiltUp - ok
15:51:53.0553 5024	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:51:53.0755 5024	Brserid - ok
15:51:53.0896 5024	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:51:54.0083 5024	BrSerWdm - ok
15:51:54.0223 5024	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:51:54.0411 5024	BrUsbMdm - ok
15:51:54.0473 5024	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:51:54.0660 5024	BrUsbSer - ok
15:51:54.0832 5024	BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
15:51:54.0925 5024	BthEnum - ok
15:51:55.0097 5024	BTHMODEM        (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
15:51:55.0191 5024	BTHMODEM - ok
15:51:55.0315 5024	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
15:51:55.0440 5024	BthPan - ok
15:51:55.0581 5024	BTHPORT         (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
15:51:55.0705 5024	BTHPORT - ok
15:51:55.0939 5024	BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
15:51:56.0002 5024	BTHUSB - ok
15:51:56.0064 5024	catchme - ok
15:51:56.0439 5024	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:51:56.0563 5024	cdfs - ok
15:51:57.0421 5024	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:51:57.0593 5024	cdrom - ok
15:51:58.0186 5024	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
15:51:58.0357 5024	circlass - ok
15:51:58.0763 5024	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:51:58.0872 5024	CLFS - ok
15:51:59.0418 5024	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:51:59.0543 5024	CmBatt - ok
15:52:00.0151 5024	cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
15:52:00.0198 5024	cmdide - ok
15:52:00.0588 5024	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:52:00.0635 5024	Compbatt - ok
15:52:01.0165 5024	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
15:52:01.0243 5024	crcdisk - ok
15:52:01.0789 5024	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
15:52:02.0008 5024	Crusoe - ok
15:52:02.0523 5024	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:52:02.0647 5024	DfsC - ok
15:52:03.0318 5024	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:52:03.0443 5024	disk - ok
15:52:04.0301 5024	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:52:04.0441 5024	drmkaud - ok
15:52:05.0112 5024	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:52:05.0206 5024	DXGKrnl - ok
15:52:05.0923 5024	E100B           (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
15:52:06.0111 5024	E100B - ok
15:52:06.0610 5024	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:52:06.0828 5024	E1G60 - ok
15:52:07.0093 5024	eabfiltr        (a6476585b4fefee46a9f42e4d2bfdfa4) C:\Windows\system32\DRIVERS\eabfiltr.sys
15:52:07.0171 5024	eabfiltr - ok
15:52:07.0483 5024	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:52:07.0561 5024	Ecache - ok
15:52:08.0139 5024	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
15:52:08.0201 5024	elxstor - ok
15:52:08.0700 5024	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:52:08.0825 5024	exfat - ok
15:52:09.0402 5024	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:52:09.0511 5024	fastfat - ok
15:52:09.0839 5024	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
15:52:10.0011 5024	fdc - ok
15:52:10.0338 5024	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:52:10.0369 5024	FileInfo - ok
15:52:10.0947 5024	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:52:11.0118 5024	Filetrace - ok
15:52:11.0493 5024	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
15:52:11.0758 5024	flpydisk - ok
15:52:12.0709 5024	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:52:12.0772 5024	FltMgr - ok
15:52:13.0661 5024	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:52:13.0755 5024	Fs_Rec - ok
15:52:14.0191 5024	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
15:52:14.0238 5024	gagp30kx - ok
15:52:14.0847 5024	GEARAspiWDM     (5dc17164f66380cbfefd895c18467773) C:\Windows\system32\Drivers\GEARAspiWDM.sys
15:52:14.0893 5024	GEARAspiWDM - ok
15:52:15.0330 5024	HBtnKey         (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
15:52:15.0393 5024	HBtnKey - ok
15:52:15.0907 5024	HdAudAddService (de4020f928a2f8a6327f5687f36d361b) C:\Windows\system32\drivers\CHDART.sys
15:52:15.0985 5024	HdAudAddService - ok
15:52:16.0531 5024	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:52:16.0719 5024	HDAudBus - ok
15:52:17.0202 5024	HidBth          (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
15:52:17.0327 5024	HidBth - ok
15:52:17.0733 5024	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:52:17.0935 5024	HidIr - ok
15:52:18.0357 5024	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:52:18.0450 5024	HidUsb - ok
15:52:18.0747 5024	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
15:52:18.0793 5024	HpCISSs - ok
15:52:19.0199 5024	HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:52:19.0355 5024	HSFHWAZL - ok
15:52:19.0729 5024	HSF_DPV         (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:52:19.0932 5024	HSF_DPV - ok
15:52:20.0307 5024	HSXHWAZL        (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:52:20.0369 5024	HSXHWAZL - ok
15:52:20.0697 5024	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:52:20.0821 5024	HTTP - ok
15:52:21.0258 5024	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
15:52:21.0289 5024	i2omp - ok
15:52:21.0586 5024	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:52:21.0679 5024	i8042prt - ok
15:52:22.0288 5024	ialm            (0215e1204d5410e50a5ea9d442fe7da3) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:52:22.0506 5024	ialm - ok
15:52:22.0849 5024	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
15:52:22.0927 5024	iaStorV - ok
15:52:23.0598 5024	igfx            (0215e1204d5410e50a5ea9d442fe7da3) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:52:23.0707 5024	igfx - ok
15:52:24.0160 5024	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:52:24.0191 5024	iirsp - ok
15:52:24.0565 5024	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:52:24.0612 5024	intelide - ok
15:52:24.0753 5024	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:52:24.0862 5024	intelppm - ok
15:52:25.0065 5024	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:52:25.0189 5024	IpFilterDriver - ok
15:52:25.0392 5024	IpInIp - ok
15:52:25.0642 5024	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
15:52:25.0813 5024	IPMIDRV - ok
15:52:26.0250 5024	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:52:26.0375 5024	IPNAT - ok
15:52:26.0812 5024	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:52:26.0905 5024	IRENUM - ok
15:52:27.0373 5024	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
15:52:27.0405 5024	isapnp - ok
15:52:27.0763 5024	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:52:27.0841 5024	iScsiPrt - ok
15:52:28.0044 5024	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:52:28.0075 5024	iteatapi - ok
15:52:28.0325 5024	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:52:28.0356 5024	iteraid - ok
15:52:28.0528 5024	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:52:28.0559 5024	kbdclass - ok
15:52:28.0699 5024	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:52:28.0762 5024	kbdhid - ok
15:52:29.0011 5024	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
15:52:29.0074 5024	KSecDD - ok
15:52:29.0323 5024	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:52:29.0417 5024	lltdio - ok
15:52:29.0698 5024	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
15:52:29.0729 5024	LSI_FC - ok
15:52:29.0869 5024	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
15:52:29.0901 5024	LSI_SAS - ok
15:52:30.0150 5024	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
15:52:30.0181 5024	LSI_SCSI - ok
15:52:30.0556 5024	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:52:30.0665 5024	luafv - ok
15:52:31.0055 5024	mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:52:31.0102 5024	mdmxsdk - ok
15:52:31.0445 5024	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
15:52:31.0476 5024	megasas - ok
15:52:31.0773 5024	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:52:31.0866 5024	Modem - ok
15:52:32.0272 5024	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:52:32.0365 5024	monitor - ok
15:52:32.0553 5024	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:52:32.0599 5024	mouclass - ok
15:52:32.0740 5024	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:52:32.0865 5024	mouhid - ok
15:52:33.0270 5024	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:52:33.0333 5024	MountMgr - ok
15:52:33.0489 5024	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
15:52:33.0520 5024	mpio - ok
15:52:33.0691 5024	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:52:33.0785 5024	mpsdrv - ok
15:52:33.0941 5024	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:52:33.0972 5024	Mraid35x - ok
15:52:34.0144 5024	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:52:34.0237 5024	MRxDAV - ok
15:52:34.0393 5024	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:52:34.0471 5024	mrxsmb - ok
15:52:34.0596 5024	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:52:34.0659 5024	mrxsmb10 - ok
15:52:34.0924 5024	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:52:34.0986 5024	mrxsmb20 - ok
15:52:35.0173 5024	msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
15:52:35.0205 5024	msahci - ok
15:52:35.0501 5024	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
15:52:35.0532 5024	msdsm - ok
15:52:35.0969 5024	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:52:36.0063 5024	Msfs - ok
15:52:36.0406 5024	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:52:36.0453 5024	msisadrv - ok
15:52:36.0718 5024	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:52:36.0827 5024	MSKSSRV - ok
15:52:37.0186 5024	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:52:37.0311 5024	MSPCLOCK - ok
15:52:37.0498 5024	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:52:37.0654 5024	MSPQM - ok
15:52:37.0888 5024	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:52:37.0981 5024	MsRPC - ok
15:52:38.0434 5024	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:52:38.0481 5024	mssmbios - ok
15:52:38.0652 5024	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:52:38.0746 5024	MSTEE - ok
15:52:39.0011 5024	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:52:39.0042 5024	Mup - ok
15:52:39.0557 5024	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:52:39.0619 5024	NativeWifiP - ok
15:52:40.0087 5024	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:52:40.0197 5024	NDIS - ok
15:52:40.0680 5024	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:52:40.0743 5024	NdisTapi - ok
15:52:41.0179 5024	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:52:41.0289 5024	Ndisuio - ok
15:52:41.0569 5024	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:52:41.0647 5024	NdisWan - ok
15:52:41.0991 5024	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:52:42.0084 5024	NDProxy - ok
15:52:42.0349 5024	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:52:42.0459 5024	NetBIOS - ok
15:52:42.0677 5024	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:52:42.0755 5024	netbt - ok
15:52:43.0051 5024	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:52:43.0083 5024	nfrd960 - ok
15:52:43.0285 5024	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:52:43.0348 5024	Npfs - ok
15:52:43.0597 5024	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:52:43.0707 5024	nsiproxy - ok
15:52:44.0097 5024	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:52:44.0253 5024	Ntfs - ok
15:52:44.0377 5024	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:52:44.0565 5024	ntrigdigi - ok
15:52:44.0923 5024	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:52:45.0001 5024	Null - ok
15:52:45.0220 5024	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
15:52:45.0267 5024	nvraid - ok
15:52:45.0376 5024	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
15:52:45.0407 5024	nvstor - ok
15:52:45.0594 5024	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
15:52:45.0625 5024	nv_agp - ok
15:52:45.0781 5024	NwlnkFlt - ok
15:52:45.0859 5024	NwlnkFwd - ok
15:52:45.0984 5024	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
15:52:46.0171 5024	ohci1394 - ok
15:52:46.0624 5024	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:52:46.0780 5024	Parport - ok
15:52:47.0185 5024	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
15:52:47.0217 5024	partmgr - ok
15:52:47.0373 5024	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:52:47.0560 5024	Parvdm - ok
15:52:47.0919 5024	pccsmcfd        (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
15:52:47.0981 5024	pccsmcfd - ok
15:52:48.0215 5024	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:52:48.0262 5024	pci - ok
15:52:48.0543 5024	pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
15:52:48.0574 5024	pciide - ok
15:52:48.0699 5024	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:52:48.0745 5024	pcmcia - ok
15:52:48.0933 5024	pcouffin        (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
15:52:49.0011 5024	pcouffin - ok
15:52:49.0494 5024	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:52:49.0775 5024	PEAUTH - ok
15:52:50.0212 5024	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:52:50.0305 5024	PptpMiniport - ok
15:52:50.0742 5024	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
15:52:50.0914 5024	Processor - ok
15:52:51.0257 5024	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:52:51.0382 5024	PSched - ok
15:52:51.0647 5024	PxHelp20        (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
15:52:51.0678 5024	PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
15:52:51.0678 5024	PxHelp20 - detected UnsignedFile.Multi.Generic (1)
15:52:52.0006 5024	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
15:52:52.0146 5024	ql2300 - ok
15:52:52.0505 5024	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:52:52.0552 5024	ql40xx - ok
15:52:52.0786 5024	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:52:52.0911 5024	QWAVEdrv - ok
15:52:53.0098 5024	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:52:53.0207 5024	RasAcd - ok
15:52:53.0457 5024	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:52:53.0550 5024	Rasl2tp - ok
15:52:53.0815 5024	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:52:53.0893 5024	RasPppoe - ok
15:52:54.0159 5024	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:52:54.0237 5024	RasSstp - ok
15:52:54.0408 5024	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:52:54.0486 5024	rdbss - ok
15:52:54.0814 5024	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:52:54.0939 5024	RDPCDD - ok
15:52:55.0204 5024	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
15:52:55.0391 5024	rdpdr - ok
15:52:55.0797 5024	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:52:55.0906 5024	RDPENCDD - ok
15:52:56.0249 5024	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
15:52:56.0343 5024	RDPWD - ok
15:52:56.0577 5024	RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
15:52:56.0686 5024	RFCOMM - ok
15:52:56.0982 5024	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:52:57.0060 5024	rspndr - ok
15:52:57.0232 5024	RTL8023xp       (dda0d5842335e78e375e96c308858a61) C:\Windows\system32\DRIVERS\Rtnicxp.sys
15:52:57.0341 5024	RTL8023xp - ok
15:52:57.0684 5024	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:52:57.0731 5024	sbp2port - ok
15:52:57.0996 5024	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:52:58.0168 5024	secdrv - ok
15:52:58.0433 5024	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:52:58.0605 5024	Serenum - ok
15:52:58.0698 5024	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:52:58.0870 5024	Serial - ok
15:52:59.0291 5024	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:52:59.0369 5024	sermouse - ok
15:52:59.0619 5024	sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
15:52:59.0759 5024	sffdisk - ok
15:53:00.0071 5024	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
15:53:00.0243 5024	sffp_mmc - ok
15:53:00.0508 5024	sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
15:53:00.0679 5024	sffp_sd - ok
15:53:01.0023 5024	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:53:01.0194 5024	sfloppy - ok
15:53:01.0459 5024	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
15:53:01.0506 5024	sisagp - ok
15:53:01.0756 5024	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
15:53:01.0787 5024	SiSRaid2 - ok
15:53:02.0021 5024	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
15:53:02.0052 5024	SiSRaid4 - ok
15:53:02.0505 5024	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:53:02.0583 5024	Smb - ok
15:53:02.0848 5024	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:53:02.0895 5024	spldr - ok
15:53:03.0160 5024	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:53:03.0300 5024	srv - ok
15:53:03.0706 5024	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:53:03.0784 5024	srv2 - ok
15:53:04.0252 5024	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:53:04.0361 5024	srvnet - ok
15:53:04.0891 5024	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
15:53:04.0923 5024	ssmdrv - ok
15:53:05.0437 5024	StillCam        (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
15:53:05.0515 5024	StillCam - ok
15:53:06.0077 5024	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:53:06.0108 5024	swenum - ok
15:53:06.0295 5024	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:53:06.0327 5024	Symc8xx - ok
15:53:06.0701 5024	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:53:06.0763 5024	Sym_hi - ok
15:53:06.0904 5024	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:53:06.0935 5024	Sym_u3 - ok
15:53:07.0216 5024	SynTP           (81cf7aa63bb3cca31e1d1944c0a45fc7) C:\Windows\system32\DRIVERS\SynTP.sys
15:53:07.0278 5024	SynTP - ok
15:53:07.0918 5024	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
15:53:08.0074 5024	Tcpip - ok
15:53:08.0386 5024	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
15:53:08.0479 5024	Tcpip6 - ok
15:53:08.0729 5024	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
15:53:08.0807 5024	tcpipreg - ok
15:53:08.0947 5024	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:53:09.0057 5024	TDPIPE - ok
15:53:09.0337 5024	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:53:09.0462 5024	TDTCP - ok
15:53:09.0665 5024	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:53:09.0743 5024	tdx - ok
15:53:09.0883 5024	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:53:09.0930 5024	TermDD - ok
15:53:10.0242 5024	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:53:10.0351 5024	tssecsrv - ok
15:53:10.0539 5024	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:53:10.0632 5024	tunmp - ok
15:53:10.0773 5024	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:53:10.0851 5024	tunnel - ok
15:53:10.0991 5024	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
15:53:11.0022 5024	uagp35 - ok
15:53:11.0163 5024	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:53:11.0241 5024	udfs - ok
15:53:11.0443 5024	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
15:53:11.0475 5024	uliagpkx - ok
15:53:11.0849 5024	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
15:53:11.0927 5024	uliahci - ok
15:53:12.0145 5024	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:53:12.0192 5024	UlSata - ok
15:53:12.0333 5024	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:53:12.0364 5024	ulsata2 - ok
15:53:12.0738 5024	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:53:12.0863 5024	umbus - ok
15:53:13.0066 5024	upperdev - ok
15:53:13.0237 5024	usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
15:53:13.0315 5024	usbaudio - ok
15:53:13.0581 5024	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:53:13.0690 5024	usbccgp - ok
15:53:14.0158 5024	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:53:14.0298 5024	usbcir - ok
15:53:14.0485 5024	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:53:14.0563 5024	usbehci - ok
15:53:14.0907 5024	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:53:15.0016 5024	usbhub - ok
15:53:15.0250 5024	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:53:15.0421 5024	usbohci - ok
15:53:15.0687 5024	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:53:15.0765 5024	usbprint - ok
15:53:16.0092 5024	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
15:53:16.0186 5024	usbscan - ok
15:53:16.0482 5024	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:53:16.0576 5024	USBSTOR - ok
15:53:16.0919 5024	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:53:16.0997 5024	usbuhci - ok
15:53:17.0403 5024	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
15:53:17.0621 5024	vga - ok
15:53:17.0949 5024	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:53:18.0058 5024	VgaSave - ok
15:53:18.0432 5024	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
15:53:18.0479 5024	viaagp - ok
15:53:18.0744 5024	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
15:53:18.0947 5024	ViaC7 - ok
15:53:19.0290 5024	viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
15:53:19.0337 5024	viaide - ok
15:53:19.0571 5024	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:53:19.0602 5024	volmgr - ok
15:53:19.0977 5024	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:53:20.0039 5024	volmgrx - ok
15:53:20.0491 5024	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:53:20.0554 5024	volsnap - ok
15:53:20.0944 5024	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
15:53:21.0006 5024	vsmraid - ok
15:53:21.0630 5024	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:53:21.0786 5024	WacomPen - ok
15:53:22.0332 5024	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:53:22.0410 5024	Wanarp - ok
15:53:22.0457 5024	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:53:22.0535 5024	Wanarpv6 - ok
15:53:23.0034 5024	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
15:53:23.0065 5024	Wd - ok
15:53:23.0362 5024	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:53:23.0471 5024	Wdf01000 - ok
15:53:24.0189 5024	winachsf        (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:53:24.0345 5024	winachsf - ok
15:53:24.0937 5024	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:53:25.0031 5024	WmiAcpi - ok
15:53:25.0530 5024	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
15:53:25.0608 5024	WpdUsb - ok
15:53:26.0154 5024	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:53:26.0279 5024	ws2ifsl - ok
15:53:26.0763 5024	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:53:26.0872 5024	WUDFRd - ok
15:53:27.0184 5024	XAudio          (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
15:53:27.0215 5024	XAudio - ok
15:53:27.0449 5024	MBR (0x1B8)     (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
15:53:27.0839 5024	\Device\Harddisk0\DR0 - ok
15:53:27.0886 5024	Boot (0x1200)   (afa8be4a6d6702efeb432cf273c22f74) \Device\Harddisk0\DR0\Partition0
15:53:27.0886 5024	\Device\Harddisk0\DR0\Partition0 - ok
15:53:27.0933 5024	Boot (0x1200)   (ee0f6aff642b96611152144e168d3af4) \Device\Harddisk0\DR0\Partition1
15:53:27.0933 5024	\Device\Harddisk0\DR0\Partition1 - ok
15:53:27.0948 5024	============================================================
15:53:27.0948 5024	Scan finished
15:53:27.0948 5024	============================================================
15:53:28.0011 5632	Detected object count: 1
15:53:28.0011 5632	Actual detected object count: 1
15:53:52.0019 5632	PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:52.0019 5632	PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:54:02.0284 5140	Deinitialize success

cosinus · 23.02.2012, 17:36

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

masi76 · 23.02.2012, 20:43

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-02-22.01 - Markus 23/02/2012  19:56:44.5.1 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.1013.476 [GMT 1:00]
Running from: c:\users\Markus\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.6\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.6\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.6\uninstall.exe
c:\users\Markus\AppData\Roaming\AcroIEHelpe.txt
c:\users\Markus\AppData\Roaming\srvblck2.tmp
c:\windows\system32\CF12618.exe
.
.
(((((((((((((((((((((((((   Files Created from 2012-01-23 to 2012-02-23  )))))))))))))))))))))))))))))))
.
.
2012-02-23 19:12 . 2012-02-23 19:12	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-02-23 19:12 . 2012-02-23 19:12	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-22 06:37 . 2012-02-22 06:37	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF9B3E70-5D93-4F5A-8088-03E1E5AD4211}\offreg.dll
2012-02-21 06:52 . 2012-02-08 06:03	6552120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF9B3E70-5D93-4F5A-8088-03E1E5AD4211}\mpengine.dll
2012-02-17 05:43 . 2011-12-14 16:17	680448	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-17 05:42 . 2012-01-12 19:52	2044416	----a-w-	c:\windows\system32\win32k.sys
2012-02-17 05:25 . 2011-12-20 10:56	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-02-02 12:08 . 2012-02-02 12:08	--------	d-----w-	c:\program files\SopCast
2012-01-25 18:58 . 2011-11-16 16:23	278528	----a-w-	c:\windows\system32\schannel.dll
2012-01-25 18:58 . 2011-11-17 06:48	440192	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-01-25 18:58 . 2011-11-16 16:21	1259008	----a-w-	c:\windows\system32\lsasrv.dll
2012-01-25 18:57 . 2011-11-16 16:23	377344	----a-w-	c:\windows\system32\winhttp.dll
2012-01-25 18:57 . 2011-11-16 16:23	72704	----a-w-	c:\windows\system32\secur32.dll
2012-01-25 18:57 . 2011-11-16 14:12	9728	----a-w-	c:\windows\system32\lsass.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 07:59 . 2011-11-17 04:38	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-01-29 04:10 . 2009-10-03 22:27	237072	------w-	c:\windows\system32\MpSigStub.exe
2011-12-10 14:24 . 2011-02-02 16:15	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-21 12:50 . 2012-01-11 03:23	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-10 46704]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-31 202256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	\0
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-30 04:02]
.
2012-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 09:02]
.
2012-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 09:02]
.
2012-02-23 c:\windows\Tasks\User_Feed_Synchronization-{0798338A-4626-44DD-9D57-0FE79EFEF1D8}.job
- c:\windows\system32\msfeedssync.exe [2011-04-26 05:40]
.
.
------- Supplementary Scan -------
.
uStart Page = 
mStart Page = 
mSearchMigratedDefaultURL = hxxp://www.Google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.6\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-23 20:12
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
 [0] 0x61002000
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-02-23  20:20:58
ComboFix-quarantined-files.txt  2012-02-23 19:20
ComboFix2.txt  2011-02-08 18:54
ComboFix3.txt  2011-02-07 18:40
.
Pre-Run: 31,314,505,728 bytes free
Post-Run: 31,284,715,520 bytes free
.
- - End Of File - - BB194D3FECFD180C1481FAE7BE6B6076

--- --- ---

cosinus · 23.02.2012, 21:29

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

masi76 · 24.02.2012, 13:23

GMER hat nicht funktioniert.
Konnte OSAM leider nur mit FILZIP entpacken, hoffe, dass das nicht allzuviel
Auswirkung hat.

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
http://www.online-solutions.ru/en/
Saved at 13:09:22 on 24.02.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 10.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Markus\AppData\Local\Temp\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"upperdev" (upperdev) - ? - C:\Windows\System32\DRIVERS\usbser_lowerflt.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{B28C18DB-6816-4F31-9630-397683E3C2C3} "Filzip Shell Extension" - ? - C:\PROGRA~1\Filzip\fzshext.dll
{6872d785-fe43-44cb-9b2a-2df4c5eb13b2} "HotShellExt" - ? - C:\Program Files\eFax Messenger 4.3\J2GShell.dll  (File not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"PDFill PDF Editor" - "PlotSoft LLC" - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - c:\program files\google\googletoolbar2.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"HP Health Check Scheduler" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
" Malwarebytes Anti-Malware  (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"CUSTPDF Writer Monitor" - ? - C:\Windows\system32\custmon2k.dll  (File found, but it contains no detailed information)
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"PCL hpz3l4v2" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l4v2.dll
"Redmon" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Google Update Service (gupdate1c9deaa14fed3cc)" (gupdate1c9deaa14fed3cc) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update Service (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"iPod Service" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit http://forum.online-solutio

masi76 · 24.02.2012, 14:06

Code:

ATTFilter

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-24 13:29:04
-----------------------------
13:29:04.199    OS Version: Windows 6.0.6002 Service Pack 2
13:29:04.200    Number of processors: 1 586 0xE08
13:29:04.210    ComputerName: PIM-PC  UserName: Markus
13:29:05.894    Initialize success
13:34:25.078    AVAST engine defs: 12022301
13:34:41.366    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
13:34:41.375    Disk 0 Vendor: ST98823AS 7.24 Size: 76319MB BusType: 3
13:34:41.418    Disk 0 MBR read successfully
13:34:41.438    Disk 0 MBR scan
13:34:41.503    Disk 0 unknown MBR code
13:34:41.530    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        71076 MB offset 63
13:34:41.569    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS         5239 MB offset 145564965
13:34:41.602    Disk 0 scanning sectors +156296385
13:34:41.686    Disk 0 scanning C:\Windows\system32\drivers
13:35:12.551    Service scanning
13:36:04.192    Modules scanning
13:36:16.713    Disk 0 trace - called modules:
13:36:16.760    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys 
13:36:16.820    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x849f98b8]
13:36:16.848    3 CLASSPNP.SYS[865a68b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x848a38a0]
13:36:18.219    AVAST engine scan C:\Windows
13:36:24.375    AVAST engine scan C:\Windows\system32
13:44:03.133    AVAST engine scan C:\Windows\system32\drivers
13:44:42.113    AVAST engine scan C:\Users\Markus
13:51:11.191    AVAST engine scan C:\ProgramData
13:53:35.309    Scan finished successfully
14:03:57.344    Disk 0 MBR has been saved successfully to "C:\Users\Markus\Desktop\MBR.dat"
14:03:57.368    The log file has been saved successfully to "C:\Users\Markus\Desktop\aswMBR.txt"

cosinus · 24.02.2012, 15:43

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.