Google Suchergebnisse werden weitergeleitet zu "abnow.com"

cosinus · 28.02.2012, 20:52

Wieso als Anhang? War die Datei zu groß?
Nach Möglichkeit immer in CODE-Tags!

Matz · 28.02.2012, 21:17

Ich gelobe Besserung ;-).

Hier nochmals die beiden Dateien. Zuerst Gmer:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-28 17:22:05
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST9160821AS rev.3.ALC
Running: 9040o0p9.exe; Driver: C:\Users\Matthias\AppData\Local\Temp\kwadquoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13D1                                                                            82C87369 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                   82CC0D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                   section is writeable [0x97BAE300, 0x3B6D8, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                   section is writeable [0x992A2300, 0x1BEE, 0xE8000020]
?               C:\Windows\system32\Drivers\PROCEXP113.SYS                                                               Das System kann die angegebene Datei nicht finden. !
?               C:\Users\Matthias\AppData\Local\Temp\catchme.sys                                                         Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                  Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000057                                                                        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                   rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                   rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                   rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers@AliveServerCount                            32
Reg             HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\5FDED6BB-6C7A-45E0-A4C5-132278869DEE@Alive  1

---- EOF - GMER 1.0.15 ----

Und nun OSAM:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:27:45 on 28.02.2012

OS: Windows 7  Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 10.0.2

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-669107202-3843920512-883216293-1001Core.job" - "Google Inc." - C:\Users\Matthias\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-669107202-3843920512-883216293-1001UA.job" - "Google Inc." - C:\Users\Matthias\AppData\Local\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%systemroot%\system32\cscsvc.dll,-202" (CSC) - ? - C:\Windows\System32\drivers\csc.sys  (File not found)
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"catchme" (catchme) - ? - C:\Users\Matthias\AppData\Local\Temp\catchme.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys
"kwadquoc" (kwadquoc) - ? - C:\Users\Matthias\AppData\Local\Temp\kwadquoc.sys  (Hidden registry entry, rootkit activity | File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys
"VirtualBox Bridged Networking Service" (VBoxNetFlt) - ? - C:\Windows\System32\DRIVERS\VBoxNetFlt.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - D:\Programme\7-Zip\7-zip.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{08073B06-A465-413A-BC71-085CEE78EB6D} "TagTuner shell extention" - ? - D:\Programme\TagTuner\TagTuner.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "{555D4D79-4BD2-4094-A395-CFC534424A05}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{F27237D7-93C8-44C2-AC6E-D6057B9A918F} "JuniperSetupClientControl Class" - "Juniper Networks" - C:\Windows\Downloaded Program Files\JuniperSetupClient.ocx / https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10s.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
"ICQ7.5" - "ICQ, LLC." - D:\Programme\ICQ7.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeAAMUpdater-1.0" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe
"GrooveMonitor" - "Microsoft Corporation" - "D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"KM Language Monitor" - "KYOCERA MITA Corporation" - C:\Windows\system32\KMPJLMN.DLL
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"ASLDR Service" (ASLDRService) - ? - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
"ATIBTXBAR" (e1000) - ? - C:\Windows\system32\GoogleDesktopManager-010708-104812.dll  (File not found)
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - D:\Programme\Cisco VPN\cvpnd.exe
"CoachAud" (btnetfilter) - ? - C:\Windows\system32\anio.dll  (File not found)
"Dbmanagerscheduler" (hSONYPVh) - ? - C:\Windows\system32\lxrsii1s.dll  (File not found)
"DivisCTP" (btwusb) - ? - C:\Windows\system32\taphss.dll  (File not found)
"FsVga" (SrvcTPIOMngr) - ? - C:\Windows\system32\asmagent.dll  (File not found)
"Ghoststartservice" (tifm) - ? - C:\Windows\system32\rt2870.dll  (File not found)
"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Gpc" (nimdbgk) - ? - C:\Windows\system32\vetefile.dll  (File not found)
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"Iaimfp1" (motmodem) - ? - C:\Windows\system32\vsdatant.dll  (File not found)
"Inorpc" (se44mdm) - ? - C:\Windows\system32\cmuda3.dll  (File not found)
"IntelC51" (HPFECP20) - ? - C:\Windows\system32\cbidf.dll  (File not found)
"MA8032C" (gameenum) - ? - C:\Windows\system32\racsvc.dll  (File not found)
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - D:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NETGEAR_MA111" (s616nd5) - ? - C:\Windows\system32\swupdtmr.dll  (File not found)
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Pmsveh" (bcm4sbxp) - ? - C:\Windows\system32\USB_RNDIS_XP.dll  (File not found)
"Raidmsvr" (zebrsce) - ? - C:\Windows\system32\navapel.dll  (File not found)
"Razerusb" (Evian) - ? - C:\Windows\system32\ssoftservice.dll  (File not found)
"SaiH040B" (winpower) - ? - C:\Windows\system32\nisvcloc.dll  (File not found)
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"Siskp" (LHidKe) - ? - C:\Windows\system32\winproxy.dll  (File not found)
"Ssoftservice" (iaimtv2) - ? - C:\Windows\system32\iAimFP7.dll  (File not found)
"Tvicport" (wfxsvc) - ? - C:\Windows\system32\se44mgmt.dll  (File not found)
"Us30service" (HIDSwvd) - ? - C:\Windows\system32\SfCtlCom.dll  (File not found)
"Viaagp1" (SISNICXP) - ? - C:\Windows\system32\backuplauncher.dll  (File not found)
"VKPWI" (VKPWI) - ? - C:\Users\Matthias\AppData\Local\Temp\VKPWI.exe  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus · 28.02.2012, 22:37

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Matz · 29.02.2012, 12:37

Leider schauts mit meinen laienhaften Augen doch nicht so gut aus.

Zuerst der Log von Malwarebytes, welches ich zuerst ausgeführt habe:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.29.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Matthias :: MATTHIAS-LAPTOP [Administrator]

Schutz: Deaktiviert

29.02.2012 08:23:27
mbam-log-2012-02-29 (08-23-27).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 440907
Laufzeit: 1 Stunde(n), 7 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Qoobox\Quarantine\C\Windows\system32\brmfrmps.dll.vir (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Und der Log von SuperAntiSpyware

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 02/29/2012 at 10:14 AM

Application Version : 5.0.1144

Core Rules Database Version : 8288
Trace Rules Database Version: 6100

Scan type       : Complete Scan
Total Scan Time : 00:34:56

Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 599
Memory threats detected   : 0
Registry items scanned    : 36218
Registry threats detected : 0
File items scanned        : 41809
File threats detected     : 43

Adware.Tracking Cookie
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\matthias@adx.chip[2].txt [ /adx.chip ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\matthias@content.yieldmanager[1].txt [ /content.yieldmanager ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\matthias@content.yieldmanager[3].txt [ /content.yieldmanager ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\matthias@invitemedia[1].txt [ /invitemedia ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\matthias@zanox[1].txt [ /zanox ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\N54ZXSJM.txt [ /ad.yieldmanager.com ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\0B7M3PTZ.txt [ /adfarm1.adition.com ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\3TZZ61BP.txt [ /imrworldwide.com ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\66JRM171.txt [ /mediaplex.com ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\WCQM1FE2.txt [ /tradedoubler.com ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\K803MD54.txt [ /ad2.adfarm1.adition.com ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\QGJWUWGX.txt [ /doubleclick.net ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\7B58YEHX.txt [ /ad3.adfarm1.adition.com ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\MY2Z76IV.txt [ /atdmt.com ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\I5G3TWZZ.txt [ /forum.usenext.de ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\CT3W93S0.txt [ /serving-sys.com ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\ZGUK51ZH.txt [ /smartadserver.com ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\ZRT9HR9O.txt [ /ads.creative-serving.com ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\H6PUTYZ6.txt [ /apmebf.com ]
	C:\USERS\MATTHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\C9Y1CRAV.txt [ Cookie:matthias@bs.serving-sys.com/ ]
	C:\USERS\MATTHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\matthias@imrworldwide[2].txt [ Cookie:matthias@imrworldwide.com/cgi-bin ]
	C:\USERS\MATTHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\U0UB6WAF.txt [ Cookie:matthias@mediaplex.com/ ]
	C:\USERS\MATTHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\DT3MPYTB.txt [ Cookie:matthias@msnportal.112.2o7.net/ ]
	C:\USERS\MATTHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\LVQ705EB.txt [ Cookie:matthias@tradedoubler.com/ ]
	C:\USERS\MATTHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\U1TMCUQ3.txt [ Cookie:matthias@media6degrees.com/ ]
	C:\USERS\MATTHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\YO5O21ZB.txt [ Cookie:matthias@ad2.adfarm1.adition.com/ ]
	C:\USERS\MATTHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\matthias@2o7[1].txt [ Cookie:matthias@2o7.net/ ]
	C:\USERS\MATTHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\T4CF7JLT.txt [ Cookie:matthias@ad3.adfarm1.adition.com/ ]
	C:\USERS\MATTHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\PYX59TAR.txt [ Cookie:matthias@atdmt.com/ ]
	C:\USERS\MATTHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZD35M3IV.txt [ Cookie:matthias@apmebf.com/ ]
	C:\USERS\MATTHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\KM0ZB54T.txt [ Cookie:matthias@tracking.quisma.com/ ]
	C:\USERS\MATTHIAS\Cookies\N54ZXSJM.txt [ Cookie:matthias@ad.yieldmanager.com/ ]
	C:\USERS\MATTHIAS\Cookies\3TZZ61BP.txt [ Cookie:matthias@imrworldwide.com/cgi-bin ]
	C:\USERS\MATTHIAS\Cookies\66JRM171.txt [ Cookie:matthias@mediaplex.com/ ]
	C:\USERS\MATTHIAS\Cookies\WCQM1FE2.txt [ Cookie:matthias@tradedoubler.com/ ]
	C:\USERS\MATTHIAS\Cookies\matthias@content.yieldmanager[1].txt [ Cookie:matthias@content.yieldmanager.com/ ]
	C:\USERS\MATTHIAS\Cookies\K803MD54.txt [ Cookie:matthias@ad2.adfarm1.adition.com/ ]
	C:\USERS\MATTHIAS\Cookies\7B58YEHX.txt [ Cookie:matthias@ad3.adfarm1.adition.com/ ]
	C:\USERS\MATTHIAS\Cookies\matthias@content.yieldmanager[3].txt [ Cookie:matthias@content.yieldmanager.com/ak/ ]
	C:\USERS\MATTHIAS\Cookies\MY2Z76IV.txt [ Cookie:matthias@atdmt.com/ ]
	C:\USERS\MATTHIAS\Cookies\H6PUTYZ6.txt [ Cookie:matthias@apmebf.com/ ]
	C:\USERS\MATTHIAS\Cookies\matthias@adx.chip[2].txt [ Cookie:matthias@adx.chip.de/ ]

Trojan.Agent/Gen-Krpytik
	D:\PROGRAMME\STREPLA6\BIN\AIRPAR32.EXE

Zu dem letzten Punkt im SUPERAntiSpyware Log habe ich eine Frage:

StrePla ist ein Segelflug Streckenplanungs & Auswertungsprogramm. Das gibt es als Testversion im Netz zum download und nach 30 Tagen lässt sich das Programm nur noch mit einem Aktivierungsschlüssel öffnen. Die 30 Tage sind mittlerweile lange abgelaufen, ich habe es allerdings drauf gelassen, da es mich nicht stört. Soll ich das ganze Programm dann sicherheitshalber deinstallieren (es nützt mir ja leider ehh nichts mehr)?

cosinus · 29.02.2012, 15:16

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Matz · 29.02.2012, 15:22

Hier das LogFile des TDSSKiller:

Code:

ATTFilter

15:19:51.0337 3892	TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
15:19:51.0753 3892	============================================================
15:19:51.0753 3892	Current date / time: 2012/02/29 15:19:51.0753
15:19:51.0753 3892	SystemInfo:
15:19:51.0753 3892	
15:19:51.0753 3892	OS Version: 6.1.7601 ServicePack: 1.0
15:19:51.0753 3892	Product type: Workstation
15:19:51.0754 3892	ComputerName: MATTHIAS-LAPTOP
15:19:51.0754 3892	UserName: Matthias
15:19:51.0754 3892	Windows directory: C:\Windows
15:19:51.0754 3892	System windows directory: C:\Windows
15:19:51.0754 3892	Processor architecture: Intel x86
15:19:51.0754 3892	Number of processors: 2
15:19:51.0754 3892	Page size: 0x1000
15:19:51.0754 3892	Boot type: Normal boot
15:19:51.0754 3892	============================================================
15:19:52.0905 3892	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0xAA57F, SectorsPerTrack: 0x4, TracksPerCylinder: 0x70, Type 'K0', Flags 0x00000050
15:19:52.0933 3892	\Device\Harddisk0\DR0:
15:19:52.0934 3892	MBR used
15:19:52.0934 3892	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:19:52.0934 3892	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x63CE000
15:19:52.0934 3892	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6400800, BlocksNum 0xC618800
15:19:53.0014 3892	Initialize success
15:19:53.0014 3892	============================================================
15:20:25.0298 3324	============================================================
15:20:25.0298 3324	Scan started
15:20:25.0298 3324	Mode: Manual; SigCheck; TDLFS; 
15:20:25.0298 3324	============================================================
15:20:25.0767 3324	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\DRIVERS\1394ohci.sys
15:20:25.0836 3324	1394ohci - ok
15:20:25.0886 3324	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
15:20:25.0904 3324	ACPI - ok
15:20:25.0947 3324	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
15:20:25.0981 3324	AcpiPmi - ok
15:20:26.0147 3324	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
15:20:26.0170 3324	adp94xx - ok
15:20:26.0224 3324	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
15:20:26.0243 3324	adpahci - ok
15:20:26.0266 3324	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
15:20:26.0281 3324	adpu320 - ok
15:20:26.0335 3324	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
15:20:26.0375 3324	AFD - ok
15:20:26.0401 3324	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
15:20:26.0413 3324	agp440 - ok
15:20:26.0460 3324	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
15:20:26.0473 3324	aic78xx - ok
15:20:26.0571 3324	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
15:20:26.0582 3324	aliide - ok
15:20:26.0600 3324	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
15:20:26.0612 3324	amdagp - ok
15:20:26.0645 3324	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
15:20:26.0657 3324	amdide - ok
15:20:26.0709 3324	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
15:20:26.0753 3324	AmdK8 - ok
15:20:26.0766 3324	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
15:20:26.0793 3324	AmdPPM - ok
15:20:26.0886 3324	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
15:20:26.0899 3324	amdsata - ok
15:20:26.0967 3324	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
15:20:26.0983 3324	amdsbs - ok
15:20:27.0036 3324	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
15:20:27.0048 3324	amdxata - ok
15:20:27.0105 3324	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
15:20:27.0176 3324	AppID - ok
15:20:27.0314 3324	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
15:20:27.0327 3324	arc - ok
15:20:27.0350 3324	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
15:20:27.0364 3324	arcsas - ok
15:20:27.0425 3324	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:20:27.0498 3324	AsyncMac - ok
15:20:27.0552 3324	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
15:20:27.0564 3324	atapi - ok
15:20:27.0636 3324	AtcL001         (3d8880a2cf21dcc057c8d9a194c41f10) C:\Windows\system32\DRIVERS\l160x86.sys
15:20:27.0657 3324	AtcL001 - ok
15:20:27.0754 3324	atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
15:20:27.0803 3324	atksgt - ok
15:20:27.0911 3324	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
15:20:27.0953 3324	b06bdrv - ok
15:20:28.0012 3324	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:20:28.0030 3324	b57nd60x - ok
15:20:28.0067 3324	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:20:28.0113 3324	Beep - ok
15:20:28.0282 3324	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:20:28.0305 3324	blbdrive - ok
15:20:28.0339 3324	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
15:20:28.0354 3324	bowser - ok
15:20:28.0379 3324	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
15:20:28.0396 3324	BrFiltLo - ok
15:20:28.0417 3324	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
15:20:28.0449 3324	BrFiltUp - ok
15:20:28.0570 3324	BridgeMP        (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
15:20:28.0602 3324	BridgeMP - ok
15:20:28.0671 3324	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:20:28.0709 3324	Brserid - ok
15:20:28.0753 3324	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:20:28.0783 3324	BrSerWdm - ok
15:20:28.0806 3324	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:20:28.0838 3324	BrUsbMdm - ok
15:20:28.0861 3324	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:20:28.0901 3324	BrUsbSer - ok
15:20:28.0935 3324	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
15:20:28.0952 3324	BTHMODEM - ok
15:20:29.0151 3324	catchme - ok
15:20:29.0277 3324	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:20:29.0309 3324	cdfs - ok
15:20:29.0402 3324	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
15:20:29.0418 3324	cdrom - ok
15:20:29.0474 3324	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
15:20:29.0514 3324	circlass - ok
15:20:29.0554 3324	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:20:29.0572 3324	CLFS - ok
15:20:29.0647 3324	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:20:29.0678 3324	CmBatt - ok
15:20:29.0711 3324	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
15:20:29.0723 3324	cmdide - ok
15:20:29.0775 3324	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
15:20:29.0802 3324	CNG - ok
15:20:29.0868 3324	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:20:29.0879 3324	Compbatt - ok
15:20:29.0939 3324	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:20:29.0956 3324	CompositeBus - ok
15:20:30.0006 3324	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
15:20:30.0018 3324	crcdisk - ok
15:20:30.0047 3324	CSC - ok
15:20:30.0129 3324	CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
15:20:30.0146 3324	CVirtA - ok
15:20:30.0273 3324	CVPNDRVA        (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys
15:20:30.0291 3324	CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
15:20:30.0291 3324	CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
15:20:30.0373 3324	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
15:20:30.0415 3324	DfsC - ok
15:20:30.0442 3324	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:20:30.0483 3324	discache - ok
15:20:30.0567 3324	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
15:20:30.0580 3324	Disk - ok
15:20:30.0631 3324	dmvsc           (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
15:20:30.0659 3324	dmvsc - ok
15:20:30.0738 3324	DNE             (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
15:20:30.0750 3324	DNE - ok
15:20:30.0812 3324	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:20:30.0829 3324	drmkaud - ok
15:20:30.0870 3324	dtsoftbus01     (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:20:30.0883 3324	dtsoftbus01 - ok
15:20:30.0930 3324	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
15:20:30.0954 3324	DXGKrnl - ok
15:20:31.0077 3324	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
15:20:31.0213 3324	ebdrv - ok
15:20:31.0313 3324	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
15:20:31.0337 3324	elxstor - ok
15:20:31.0361 3324	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
15:20:31.0390 3324	ErrDev - ok
15:20:31.0562 3324	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:20:31.0609 3324	exfat - ok
15:20:31.0645 3324	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:20:31.0695 3324	fastfat - ok
15:20:31.0764 3324	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
15:20:31.0793 3324	fdc - ok
15:20:31.0855 3324	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:20:31.0868 3324	FileInfo - ok
15:20:31.0895 3324	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:20:31.0929 3324	Filetrace - ok
15:20:31.0948 3324	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
15:20:31.0981 3324	flpydisk - ok
15:20:32.0016 3324	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:20:32.0030 3324	FltMgr - ok
15:20:32.0059 3324	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:20:32.0072 3324	FsDepends - ok
15:20:32.0093 3324	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
15:20:32.0105 3324	Fs_Rec - ok
15:20:32.0143 3324	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
15:20:32.0162 3324	fvevol - ok
15:20:32.0192 3324	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
15:20:32.0205 3324	gagp30kx - ok
15:20:32.0259 3324	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:20:32.0277 3324	hcw85cir - ok
15:20:32.0347 3324	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
15:20:32.0379 3324	HdAudAddService - ok
15:20:32.0442 3324	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:20:32.0459 3324	HDAudBus - ok
15:20:32.0473 3324	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
15:20:32.0488 3324	HidBatt - ok
15:20:32.0514 3324	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
15:20:32.0541 3324	HidBth - ok
15:20:32.0582 3324	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
15:20:32.0606 3324	HidIr - ok
15:20:32.0727 3324	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
15:20:32.0742 3324	HidUsb - ok
15:20:32.0823 3324	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
15:20:32.0837 3324	HpSAMD - ok
15:20:32.0876 3324	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
15:20:32.0923 3324	HTTP - ok
15:20:32.0963 3324	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
15:20:32.0974 3324	hwpolicy - ok
15:20:33.0006 3324	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
15:20:33.0022 3324	i8042prt - ok
15:20:33.0085 3324	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
15:20:33.0105 3324	iaStorV - ok
15:20:33.0149 3324	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
15:20:33.0162 3324	iirsp - ok
15:20:33.0205 3324	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
15:20:33.0217 3324	intelide - ok
15:20:33.0249 3324	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:20:33.0278 3324	intelppm - ok
15:20:33.0336 3324	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:20:33.0378 3324	IpFilterDriver - ok
15:20:33.0539 3324	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
15:20:33.0555 3324	IPMIDRV - ok
15:20:33.0576 3324	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:20:33.0624 3324	IPNAT - ok
15:20:33.0717 3324	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:20:33.0766 3324	IRENUM - ok
15:20:33.0801 3324	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
15:20:33.0813 3324	isapnp - ok
15:20:33.0844 3324	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
15:20:33.0861 3324	iScsiPrt - ok
15:20:33.0959 3324	ivusb           (994ebb45c4b438e1f6ea0b958ae9b9a3) C:\Windows\system32\DRIVERS\ivusb.sys
15:20:33.0968 3324	ivusb - ok
15:20:34.0052 3324	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:20:34.0064 3324	kbdclass - ok
15:20:34.0098 3324	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
15:20:34.0122 3324	kbdhid - ok
15:20:34.0165 3324	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
15:20:34.0178 3324	KSecDD - ok
15:20:34.0209 3324	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
15:20:34.0223 3324	KSecPkg - ok
15:20:34.0346 3324	lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
15:20:34.0356 3324	lirsgt - ok
15:20:34.0415 3324	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:20:34.0453 3324	lltdio - ok
15:20:34.0544 3324	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
15:20:34.0558 3324	LSI_FC - ok
15:20:34.0605 3324	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
15:20:34.0619 3324	LSI_SAS - ok
15:20:34.0681 3324	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
15:20:34.0695 3324	LSI_SAS2 - ok
15:20:34.0722 3324	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
15:20:34.0736 3324	LSI_SCSI - ok
15:20:34.0770 3324	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:20:34.0817 3324	luafv - ok
15:20:34.0905 3324	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
15:20:34.0914 3324	MBAMProtector - ok
15:20:34.0987 3324	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
15:20:34.0999 3324	megasas - ok
15:20:35.0060 3324	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
15:20:35.0077 3324	MegaSR - ok
15:20:35.0113 3324	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:20:35.0160 3324	Modem - ok
15:20:35.0226 3324	MODEMCSA        (25483f9d590d5f00bd951e1181453ec2) C:\Windows\system32\drivers\MODEMCSA.sys
15:20:35.0254 3324	MODEMCSA - ok
15:20:35.0315 3324	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:20:35.0348 3324	monitor - ok
15:20:35.0406 3324	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
15:20:35.0418 3324	mouclass - ok
15:20:35.0505 3324	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:20:35.0535 3324	mouhid - ok
15:20:35.0577 3324	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
15:20:35.0590 3324	mountmgr - ok
15:20:35.0645 3324	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
15:20:35.0659 3324	mpio - ok
15:20:35.0686 3324	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:20:35.0734 3324	mpsdrv - ok
15:20:35.0900 3324	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
15:20:35.0936 3324	MRxDAV - ok
15:20:36.0005 3324	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:20:36.0021 3324	mrxsmb - ok
15:20:36.0072 3324	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:20:36.0088 3324	mrxsmb10 - ok
15:20:36.0127 3324	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:20:36.0142 3324	mrxsmb20 - ok
15:20:36.0194 3324	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
15:20:36.0206 3324	msahci - ok
15:20:36.0238 3324	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
15:20:36.0252 3324	msdsm - ok
15:20:36.0306 3324	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:20:36.0337 3324	Msfs - ok
15:20:36.0379 3324	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:20:36.0426 3324	mshidkmdf - ok
15:20:36.0474 3324	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
15:20:36.0486 3324	msisadrv - ok
15:20:36.0518 3324	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:20:36.0549 3324	MSKSSRV - ok
15:20:36.0603 3324	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:20:36.0648 3324	MSPCLOCK - ok
15:20:36.0704 3324	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:20:36.0734 3324	MSPQM - ok
15:20:36.0769 3324	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:20:36.0784 3324	MsRPC - ok
15:20:36.0819 3324	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
15:20:36.0831 3324	mssmbios - ok
15:20:36.0867 3324	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:20:36.0898 3324	MSTEE - ok
15:20:36.0931 3324	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
15:20:36.0960 3324	MTConfig - ok
15:20:37.0014 3324	MTsensor        (bb16693616427eac1a436e106ea8d318) C:\Windows\system32\DRIVERS\ATKACPI.sys
15:20:37.0022 3324	MTsensor - ok
15:20:37.0058 3324	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:20:37.0071 3324	Mup - ok
15:20:37.0120 3324	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:20:37.0142 3324	NativeWifiP - ok
15:20:37.0200 3324	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
15:20:37.0242 3324	NDIS - ok
15:20:37.0301 3324	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:20:37.0345 3324	NdisCap - ok
15:20:37.0456 3324	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:20:37.0501 3324	NdisTapi - ok
15:20:37.0529 3324	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
15:20:37.0558 3324	Ndisuio - ok
15:20:37.0623 3324	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
15:20:37.0653 3324	NdisWan - ok
15:20:37.0687 3324	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
15:20:37.0717 3324	NDProxy - ok
15:20:37.0783 3324	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:20:37.0823 3324	NetBIOS - ok
15:20:37.0856 3324	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
15:20:37.0888 3324	NetBT - ok
15:20:38.0098 3324	netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
15:20:38.0272 3324	netw5v32 - ok
15:20:38.0336 3324	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
15:20:38.0349 3324	nfrd960 - ok
15:20:38.0441 3324	nmwcd           (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\Windows\system32\drivers\ccdcmb.sys
15:20:38.0473 3324	nmwcd - ok
15:20:38.0520 3324	nmwcdc          (8f2a94f991f8c73cec26b4b5620d1edc) C:\Windows\system32\drivers\ccdcmbo.sys
15:20:38.0550 3324	nmwcdc - ok
15:20:38.0611 3324	nmwcdnsu        (99145c5d4b6c4d6f5ce83ee6abffe294) C:\Windows\system32\drivers\nmwcdnsu.sys
15:20:38.0644 3324	nmwcdnsu - ok
15:20:38.0680 3324	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:20:38.0711 3324	Npfs - ok
15:20:38.0779 3324	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:20:38.0826 3324	nsiproxy - ok
15:20:38.0911 3324	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
15:20:38.0980 3324	Ntfs - ok
15:20:39.0018 3324	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:20:39.0059 3324	Null - ok
15:20:39.0513 3324	nvlddmkm        (5ce5b23855262acabaecce156f48dd88) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:20:39.0912 3324	nvlddmkm - ok
15:20:40.0032 3324	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
15:20:40.0047 3324	nvraid - ok
15:20:40.0075 3324	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
15:20:40.0090 3324	nvstor - ok
15:20:40.0138 3324	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
15:20:40.0152 3324	nv_agp - ok
15:20:40.0176 3324	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
15:20:40.0201 3324	ohci1394 - ok
15:20:40.0300 3324	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
15:20:40.0331 3324	Parport - ok
15:20:40.0377 3324	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
15:20:40.0390 3324	partmgr - ok
15:20:40.0411 3324	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
15:20:40.0448 3324	Parvdm - ok
15:20:40.0509 3324	pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
15:20:40.0528 3324	pccsmcfd - ok
15:20:40.0570 3324	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
15:20:40.0585 3324	pci - ok
15:20:40.0632 3324	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
15:20:40.0645 3324	pciide - ok
15:20:40.0670 3324	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
15:20:40.0686 3324	pcmcia - ok
15:20:40.0724 3324	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:20:40.0737 3324	pcw - ok
15:20:40.0790 3324	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:20:40.0835 3324	PEAUTH - ok
15:20:41.0012 3324	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:20:41.0045 3324	PptpMiniport - ok
15:20:41.0085 3324	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
15:20:41.0107 3324	Processor - ok
15:20:41.0177 3324	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:20:41.0210 3324	Psched - ok
15:20:41.0270 3324	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
15:20:41.0341 3324	ql2300 - ok
15:20:41.0389 3324	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
15:20:41.0403 3324	ql40xx - ok
15:20:41.0432 3324	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:20:41.0450 3324	QWAVEdrv - ok
15:20:41.0503 3324	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:20:41.0534 3324	RasAcd - ok
15:20:41.0587 3324	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:20:41.0617 3324	RasAgileVpn - ok
15:20:41.0657 3324	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:20:41.0689 3324	Rasl2tp - ok
15:20:41.0759 3324	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:20:41.0806 3324	RasPppoe - ok
15:20:41.0845 3324	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:20:41.0892 3324	RasSstp - ok
15:20:41.0955 3324	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
15:20:41.0985 3324	rdbss - ok
15:20:42.0006 3324	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:20:42.0022 3324	rdpbus - ok
15:20:42.0054 3324	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:20:42.0089 3324	RDPCDD - ok
15:20:42.0151 3324	RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
15:20:42.0176 3324	RDPDR - ok
15:20:42.0218 3324	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:20:42.0254 3324	RDPENCDD - ok
15:20:42.0285 3324	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:20:42.0327 3324	RDPREFMP - ok
15:20:42.0361 3324	RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
15:20:42.0394 3324	RDPWD - ok
15:20:42.0462 3324	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
15:20:42.0478 3324	rdyboost - ok
15:20:42.0527 3324	rismxdp         (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
15:20:42.0547 3324	rismxdp - ok
15:20:42.0608 3324	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:20:42.0654 3324	rspndr - ok
15:20:42.0698 3324	s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
15:20:42.0726 3324	s3cap - ok
15:20:42.0889 3324	SASDIFSV        (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:20:42.0898 3324	SASDIFSV - ok
15:20:42.0931 3324	SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:20:42.0941 3324	SASKUTIL - ok
15:20:43.0057 3324	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
15:20:43.0071 3324	sbp2port - ok
15:20:43.0102 3324	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
15:20:43.0131 3324	scfilter - ok
15:20:43.0206 3324	sdbus           (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\DRIVERS\sdbus.sys
15:20:43.0236 3324	sdbus - ok
15:20:43.0295 3324	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:20:43.0326 3324	secdrv - ok
15:20:43.0387 3324	Ser2pl          (cb3e852b818946f396e35a976ee6b552) C:\Windows\system32\DRIVERS\ser2pl.sys
15:20:43.0415 3324	Ser2pl - ok
15:20:43.0447 3324	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:20:43.0461 3324	Serenum - ok
15:20:43.0506 3324	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
15:20:43.0522 3324	Serial - ok
15:20:43.0554 3324	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
15:20:43.0569 3324	sermouse - ok
15:20:43.0639 3324	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
15:20:43.0671 3324	sffdisk - ok
15:20:43.0706 3324	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
15:20:43.0723 3324	sffp_mmc - ok
15:20:43.0748 3324	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:20:43.0764 3324	sffp_sd - ok
15:20:43.0795 3324	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
15:20:43.0811 3324	sfloppy - ok
15:20:43.0842 3324	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
15:20:43.0855 3324	sisagp - ok
15:20:43.0964 3324	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
15:20:43.0976 3324	SiSRaid2 - ok
15:20:44.0023 3324	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
15:20:44.0037 3324	SiSRaid4 - ok
15:20:44.0089 3324	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:20:44.0134 3324	Smb - ok
15:20:44.0214 3324	smserial        (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys
15:20:44.0265 3324	smserial - ok
15:20:44.0347 3324	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:20:44.0359 3324	spldr - ok
15:20:44.0425 3324	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
15:20:44.0442 3324	srv - ok
15:20:44.0497 3324	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
15:20:44.0524 3324	srv2 - ok
15:20:44.0554 3324	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
15:20:44.0570 3324	srvnet - ok
15:20:44.0640 3324	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
15:20:44.0652 3324	stexstor - ok
15:20:44.0694 3324	StillCam        (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
15:20:44.0722 3324	StillCam - ok
15:20:44.0774 3324	storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
15:20:44.0786 3324	storflt - ok
15:20:44.0824 3324	storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
15:20:44.0837 3324	storvsc - ok
15:20:44.0872 3324	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
15:20:44.0885 3324	swenum - ok
15:20:44.0968 3324	SynTP           (760e4f5a1e754bbe4a1bd2a0b54f6aa6) C:\Windows\system32\DRIVERS\SynTP.sys
15:20:44.0981 3324	SynTP - ok
15:20:45.0068 3324	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
15:20:45.0103 3324	Tcpip - ok
15:20:45.0190 3324	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
15:20:45.0225 3324	TCPIP6 - ok
15:20:45.0293 3324	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
15:20:45.0339 3324	tcpipreg - ok
15:20:45.0375 3324	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
15:20:45.0405 3324	TDPIPE - ok
15:20:45.0416 3324	TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
15:20:45.0461 3324	TDTCP - ok
15:20:45.0501 3324	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
15:20:45.0543 3324	tdx - ok
15:20:45.0611 3324	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
15:20:45.0624 3324	TermDD - ok
15:20:45.0740 3324	truecrypt       (be45dad1c73a3216edc8c485916f6594) C:\Windows\system32\drivers\truecrypt.sys
15:20:45.0755 3324	truecrypt - ok
15:20:45.0805 3324	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:20:45.0834 3324	tssecsrv - ok
15:20:45.0861 3324	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
15:20:45.0890 3324	TsUsbFlt - ok
15:20:45.0922 3324	TsUsbGD         (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
15:20:45.0944 3324	TsUsbGD - ok
15:20:45.0977 3324	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
15:20:46.0015 3324	tunnel - ok
15:20:46.0038 3324	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
15:20:46.0052 3324	uagp35 - ok
15:20:46.0075 3324	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
15:20:46.0125 3324	udfs - ok
15:20:46.0164 3324	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
15:20:46.0177 3324	uliagpkx - ok
15:20:46.0220 3324	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
15:20:46.0235 3324	umbus - ok
15:20:46.0271 3324	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
15:20:46.0286 3324	UmPass - ok
15:20:46.0349 3324	upperdev        (ec01da44b090d2651fc032c8b9257232) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
15:20:46.0379 3324	upperdev - ok
15:20:46.0414 3324	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
15:20:46.0429 3324	usbccgp - ok
15:20:46.0516 3324	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
15:20:46.0534 3324	usbcir - ok
15:20:46.0590 3324	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
15:20:46.0613 3324	usbehci - ok
15:20:46.0666 3324	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
15:20:46.0682 3324	usbhub - ok
15:20:46.0713 3324	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
15:20:46.0727 3324	usbohci - ok
15:20:46.0758 3324	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
15:20:46.0775 3324	usbprint - ok
15:20:46.0852 3324	usbser          (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys
15:20:46.0867 3324	usbser - ok
15:20:46.0901 3324	UsbserFilt      (4abd37cfbd710e64f01f9da8710c73f7) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
15:20:46.0931 3324	UsbserFilt - ok
15:20:46.0980 3324	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:20:46.0995 3324	USBSTOR - ok
15:20:47.0031 3324	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:20:47.0055 3324	usbuhci - ok
15:20:47.0102 3324	VBoxNetAdp      (226cd9e42be28a84ec56430fbb57224f) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
15:20:47.0114 3324	VBoxNetAdp - ok
15:20:47.0158 3324	VBoxNetFlt - ok
15:20:47.0216 3324	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
15:20:47.0229 3324	vdrvroot - ok
15:20:47.0266 3324	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:20:47.0296 3324	vga - ok
15:20:47.0328 3324	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:20:47.0380 3324	VgaSave - ok
15:20:47.0419 3324	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
15:20:47.0435 3324	vhdmp - ok
15:20:47.0469 3324	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
15:20:47.0482 3324	viaagp - ok
15:20:47.0497 3324	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
15:20:47.0524 3324	ViaC7 - ok
15:20:47.0567 3324	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
15:20:47.0579 3324	viaide - ok
15:20:47.0640 3324	vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
15:20:47.0656 3324	vmbus - ok
15:20:47.0675 3324	VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
15:20:47.0701 3324	VMBusHID - ok
15:20:47.0735 3324	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
15:20:47.0748 3324	volmgr - ok
15:20:47.0774 3324	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:20:47.0791 3324	volmgrx - ok
15:20:47.0818 3324	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
15:20:47.0833 3324	volsnap - ok
15:20:47.0880 3324	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
15:20:47.0896 3324	vsmraid - ok
15:20:47.0927 3324	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
15:20:47.0953 3324	vwifibus - ok
15:20:47.0983 3324	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
15:20:47.0998 3324	WacomPen - ok
15:20:48.0032 3324	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:20:48.0080 3324	WANARP - ok
15:20:48.0087 3324	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:20:48.0116 3324	Wanarpv6 - ok
15:20:48.0259 3324	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
15:20:48.0271 3324	Wd - ok
15:20:48.0303 3324	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:20:48.0322 3324	Wdf01000 - ok
15:20:48.0411 3324	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:20:48.0442 3324	WfpLwf - ok
15:20:48.0469 3324	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:20:48.0481 3324	WIMMount - ok
15:20:48.0705 3324	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
15:20:48.0736 3324	WinUsb - ok
15:20:48.0770 3324	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
15:20:48.0785 3324	WmiAcpi - ok
15:20:48.0826 3324	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:20:48.0867 3324	ws2ifsl - ok
15:20:49.0003 3324	WSDPrintDevice  (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
15:20:49.0033 3324	WSDPrintDevice - ok
15:20:49.0106 3324	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
15:20:49.0136 3324	WudfPf - ok
15:20:49.0205 3324	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:20:49.0245 3324	WUDFRd - ok
15:20:49.0304 3324	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:20:49.0413 3324	\Device\Harddisk0\DR0 - ok
15:20:49.0417 3324	Boot (0x1200)   (6f722d647c62bd1a6550cb1b8255117d) \Device\Harddisk0\DR0\Partition0
15:20:49.0418 3324	\Device\Harddisk0\DR0\Partition0 - ok
15:20:49.0452 3324	Boot (0x1200)   (c9000f98a9ac3aedb2b82fcdafc56a9c) \Device\Harddisk0\DR0\Partition1
15:20:49.0453 3324	\Device\Harddisk0\DR0\Partition1 - ok
15:20:49.0468 3324	Boot (0x1200)   (a496888bb4de0e29330cf14653365dde) \Device\Harddisk0\DR0\Partition2
15:20:49.0469 3324	\Device\Harddisk0\DR0\Partition2 - ok
15:20:49.0470 3324	============================================================
15:20:49.0470 3324	Scan finished
15:20:49.0470 3324	============================================================
15:20:49.0482 2068	Detected object count: 1
15:20:49.0482 2068	Actual detected object count: 1
15:20:59.0720 2068	CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:59.0720 2068	CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 29.02.2012, 15:57

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Matz · 29.02.2012, 19:45

Die OTL.txt:

Code:

ATTFilter

OTL logfile created on: 29.02.2012 19:32:50 - Run 1
OTL by OldTimer - Version 3.2.33.2     Folder = C:\Users\Matthias\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 67,14% Memory free
4,00 Gb Paging File | 3,26 Gb Available in Paging File | 81,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 49,90 Gb Total Space | 28,40 Gb Free Space | 56,91% Space Free | Partition Type: NTFS
Drive D: | 99,05 Gb Total Space | 71,29 Gb Free Space | 71,98% Space Free | Partition Type: NTFS
 
Computer Name: MATTHIAS-LAPTOP | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.29 19:31:01 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.06.17 20:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- D:\Programme\Cisco VPN\cvpnd.exe
PRC - [2009.10.26 13:46:54 | 001,458,176 | ---- | M] (Motorola Inc.) -- C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2007.04.19 10:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Programme\ATK Hotkey\HControl.exe
PRC - [2007.02.05 17:13:14 | 000,094,208 | ---- | M] () -- C:\Programme\ATK Hotkey\ASLDRSrv.exe
PRC - [2006.12.18 16:26:26 | 002,420,736 | ---- | M] () -- C:\Programme\ATK Hotkey\ATKOSD.exe
PRC - [2006.10.26 23:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.02.06 01:47:14 | 000,607,744 | ---- | M] () -- D:\Programme\TagTuner\TagTuner.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (zebrsce)
SRV - File not found [Auto | Stopped] --  -- (winpower)
SRV - File not found [Auto | Stopped] --  -- (wfxsvc)
SRV - File not found [On_Demand | Stopped] --  -- (VKPWI)
SRV - File not found [Auto | Stopped] --  -- (tifm)
SRV - File not found [Auto | Stopped] --  -- (SrvcTPIOMngr)
SRV - File not found [Auto | Stopped] --  -- (SISNICXP)
SRV - File not found [Auto | Stopped] --  -- (se44mdm)
SRV - File not found [Auto | Stopped] --  -- (s616nd5)
SRV - File not found [Auto | Stopped] --  -- (nimdbgk)
SRV - File not found [Auto | Stopped] --  -- (motmodem)
SRV - File not found [Auto | Stopped] --  -- (LHidKe)
SRV - File not found [Auto | Stopped] --  -- (iaimtv2)
SRV - File not found [Auto | Stopped] --  -- (hSONYPVh)
SRV - File not found [Auto | Stopped] --  -- (HPFECP20)
SRV - File not found [Auto | Stopped] --  -- (HIDSwvd)
SRV - File not found [Auto | Stopped] --  -- (gameenum)
SRV - File not found [Auto | Stopped] --  -- (Evian)
SRV - File not found [Auto | Stopped] --  -- (e1000)
SRV - File not found [Auto | Stopped] --  -- (btwusb)
SRV - File not found [Auto | Stopped] --  -- (btnetfilter)
SRV - File not found [Auto | Stopped] --  -- (bcm4sbxp)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.06.08 12:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- D:\Programme\Cisco VPN\cvpnd.exe -- (CVPND)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.02.05 17:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Programme\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.10.26 23:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.19 14:12:00 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.11.25 11:32:28 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.11.25 11:32:27 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.08.25 09:44:22 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.17 15:47:33 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.06.15 09:34:12 | 000,014,392 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2011.05.18 09:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.05.18 09:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.05.18 09:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.05.18 09:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011.05.18 09:09:48 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.07.29 00:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010.03.23 12:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009.10.26 14:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009.07.14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.13 23:02:46 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2009.07.01 23:59:00 | 009,786,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.11.16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.02.12 16:55:56 | 000,075,776 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.14 16:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-669107202-3843920512-883216293-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-669107202-3843920512-883216293-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF D2 14 FA 21 EC CC 01  [binary data]
IE - HKU\S-1-5-21-669107202-3843920512-883216293-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44026
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.3
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:1.1
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.044
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1
FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Programme\Adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Matthias\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Matthias\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.02.17 11:26:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012.01.11 20:04:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2011.09.09 16:42:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.08.26 19:49:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.02.17 11:26:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012.01.11 20:04:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2011.09.09 16:42:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins
 
[2012.02.23 17:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Extensions
[2012.02.21 20:45:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\sniwvhgw.default\extensions
[2011.06.13 17:00:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\sniwvhgw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.13 17:00:11 | 000,000,000 | ---D | M] ("UltraSurf Firefox Tool") -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\sniwvhgw.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2011.12.24 16:08:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\sniwvhgw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.02.21 20:45:11 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\sniwvhgw.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2011.11.23 13:24:15 | 000,000,000 | ---D | M] (Customizable Shortcuts) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\sniwvhgw.default\extensions\customizable-shortcuts@timtaubert.de
[2012.02.09 12:52:11 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\sniwvhgw.default\extensions\piclens@cooliris.com
[2011.07.14 14:45:39 | 000,002,007 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\sniwvhgw.default\searchplugins\amazon-de-search.xml
[2011.07.14 14:44:43 | 000,011,417 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\sniwvhgw.default\searchplugins\ebay-durchsuchen.xml
[2012.02.23 15:46:52 | 000,002,449 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\sniwvhgw.default\searchplugins\google-deutschland---auf-deutsch.xml
[2011.07.14 14:46:18 | 000,005,551 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\sniwvhgw.default\searchplugins\google-maps.xml
[2012.02.23 15:46:52 | 000,001,961 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\sniwvhgw.default\searchplugins\leo-de-en.xml
[2011.07.14 14:47:11 | 000,001,030 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\sniwvhgw.default\searchplugins\wikipedia-de.xml
[2011.07.14 14:48:11 | 000,002,057 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\sniwvhgw.default\searchplugins\youtube-videosuche.xml
() (No name found) -- C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SNIWVHGW.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
() (No name found) -- C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SNIWVHGW.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SNIWVHGW.DEFAULT\EXTENSIONS\{E10A6337-382E-4FE6-96DE-936ADC34DD04}.XPI
() (No name found) -- C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SNIWVHGW.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2012.02.27 10:15:00 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Matthias\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = D:\Programme\Java\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = D:\Programme\Java\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = D:\Programme\Adobe\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = D:\Programme\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Matthias\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Matthias\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Matthias\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google-Suche = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: General Crawler = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpihmmhdcobmllpcnpfbhnipmhamldje\2.0_0\
CHR - Extension: Google Mail = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.02.28 12:31:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [GrooveMonitor] D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKU\S-1-5-21-669107202-3843920512-883216293-1001..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-669107202-3843920512-883216293-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-669107202-3843920512-883216293-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Zeon Append to existing PDF - res://D:\Programme\DocuCom\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML File not found
O8 - Extra context menu item: Zeon Convert link target to DocuCom PDF - res://D:\Programme\DocuCom\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML File not found
O8 - Extra context menu item: Zeon Convert link target to existing PDF - res://D:\Programme\DocuCom\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML File not found
O8 - Extra context menu item: Zeon Convert selected links to DocuCom PDF - res://D:\Programme\DocuCom\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML File not found
O8 - Extra context menu item: Zeon Convert selected links to existing PDF - res://D:\Programme\DocuCom\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML File not found
O8 - Extra context menu item: Zeon Convert to DocuCom PDF - res://D:\Programme\DocuCom\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE286085-2B7A-4606-8830-BC9DEC05F891}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4B1773B-DBB2-4A31-9445-B2E05A16D078}: DhcpNameServer = 137.193.6.6 137.193.10.21
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: a016mdfl -  File not found
NetSvcs: HIDSwvd -  File not found
NetSvcs: nimdbgk -  File not found
NetSvcs: LHidKe -  File not found
NetSvcs: s616nd5 -  File not found
NetSvcs: btwusb -  File not found
NetSvcs: HPFECP20 -  File not found
NetSvcs: wfxsvc -  File not found
NetSvcs: motmodem -  File not found
NetSvcs: btnetfilter -  File not found
NetSvcs: e1000 -  File not found
NetSvcs: gameenum -  File not found
NetSvcs: iaimtv2 -  File not found
NetSvcs: winpower -  File not found
NetSvcs: SISNICXP -  File not found
NetSvcs: Evian -  File not found
NetSvcs: tifm -  File not found
NetSvcs: se44mdm -  File not found
NetSvcs: zebrsce -  File not found
NetSvcs: bcm4sbxp -  File not found
NetSvcs: SrvcTPIOMngr -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - C:\Windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico - ()
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Matthias\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
MsConfig - StartUpReg: SMSERIAL - hkey= - key= - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 2
 
SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: wave1 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.29 19:30:58 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
[2012.02.29 15:19:23 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Matthias\Desktop\tdsskiller.exe
[2012.02.29 09:36:09 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\SUPERAntiSpyware.com
[2012.02.29 09:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.02.29 09:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.02.29 09:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.02.28 17:29:12 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Matthias\Desktop\aswMBR.exe
[2012.02.28 17:23:20 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Desktop\OSAM
[2012.02.28 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Desktop\Versuch 5
[2012.02.28 15:48:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.02.28 12:18:05 | 000,000,000 | ---D | C] -- C:\tb
[2012.02.27 15:21:30 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\temp
[2012.02.27 15:07:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.02.27 15:07:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.02.27 15:07:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.02.27 13:38:32 | 004,420,481 | R--- | C] (Swearware) -- C:\Users\Matthias\Desktop\ComboFix.exe
[2012.02.27 13:23:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.02.27 13:21:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.02.27 10:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.02.27 10:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.02.24 12:42:21 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Malwarebytes
[2012.02.24 12:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.24 12:42:13 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.24 12:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.24 12:41:31 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Matthias\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.24 11:44:26 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Matthias\Desktop\dds.com
[2012.02.24 11:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2012.02.23 14:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Condor
[2012.02.22 17:52:53 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Media Finder
[2012.02.22 17:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
[2012.02.22 17:35:49 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile
[2012.02.22 14:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeeYou
[2012.02.07 16:36:22 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Documents\UseNeXT
[2012.02.07 15:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.29 19:31:01 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
[2012.02.29 19:30:01 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-669107202-3843920512-883216293-1001UA.job
[2012.02.29 19:29:54 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.29 19:29:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.29 19:29:34 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.29 15:45:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.29 15:19:31 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matthias\Desktop\tdsskiller.exe
[2012.02.29 14:30:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-669107202-3843920512-883216293-1001Core.job
[2012.02.29 09:40:07 | 000,021,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.29 09:40:07 | 000,021,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.29 09:35:47 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.02.28 18:00:45 | 000,006,013 | ---- | M] () -- C:\Users\Matthias\Desktop\Anhang2.zip
[2012.02.28 17:58:00 | 000,000,512 | ---- | M] () -- C:\Users\Matthias\Desktop\MBR.dat
[2012.02.28 17:29:52 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Matthias\Desktop\aswMBR.exe
[2012.02.28 12:31:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.02.27 14:00:55 | 000,000,000 | -HS- | M] () -- C:\Windows\muzuki.exc
[2012.02.27 13:38:34 | 004,420,481 | R--- | M] (Swearware) -- C:\Users\Matthias\Desktop\ComboFix.exe
[2012.02.24 12:42:15 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.24 12:41:31 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Matthias\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.24 12:25:44 | 000,008,094 | ---- | M] () -- C:\Users\Matthias\Desktop\Anhang.zip
[2012.02.24 11:47:43 | 000,302,592 | ---- | M] () -- C:\Users\Matthias\Desktop\9040o0p9.exe
[2012.02.24 11:44:27 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Matthias\Desktop\dds.com
[2012.02.24 11:42:06 | 000,000,000 | ---- | M] () -- C:\Users\Matthias\defogger_reenable
[2012.02.24 11:40:19 | 000,668,778 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.24 11:40:19 | 000,620,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.24 11:40:19 | 000,110,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.24 11:40:18 | 000,134,562 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.24 11:35:38 | 000,050,477 | ---- | M] () -- C:\Users\Matthias\Desktop\Defogger.exe
[2012.02.24 11:33:22 | 000,000,678 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2012.02.15 19:22:07 | 003,766,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.31 16:09:01 | 000,003,461 | ---- | M] () -- C:\Users\Matthias\.recently-used.xbel
 
========== Files Created - No Company Name ==========
 
[2012.02.29 09:35:47 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.02.28 18:00:45 | 000,006,013 | ---- | C] () -- C:\Users\Matthias\Desktop\Anhang2.zip
[2012.02.28 17:58:00 | 000,000,512 | ---- | C] () -- C:\Users\Matthias\Desktop\MBR.dat
[2012.02.27 15:07:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.02.27 15:07:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.02.27 15:07:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.02.27 15:07:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.02.27 15:07:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.02.27 13:23:52 | 000,000,000 | -HS- | C] () -- C:\Windows\muzuki.exc
[2012.02.24 12:42:15 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.24 12:25:44 | 000,008,094 | ---- | C] () -- C:\Users\Matthias\Desktop\Anhang.zip
[2012.02.24 11:47:42 | 000,302,592 | ---- | C] () -- C:\Users\Matthias\Desktop\9040o0p9.exe
[2012.02.24 11:42:06 | 000,000,000 | ---- | C] () -- C:\Users\Matthias\defogger_reenable
[2012.02.24 11:35:34 | 000,050,477 | ---- | C] () -- C:\Users\Matthias\Desktop\Defogger.exe
[2012.02.24 11:33:22 | 000,000,678 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2012.02.22 17:36:02 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2012.02.22 17:09:18 | 000,262,360 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\wahemiex.dll
[2012.01.31 16:09:01 | 000,003,461 | ---- | C] () -- C:\Users\Matthias\.recently-used.xbel
[2011.11.25 11:32:28 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.11.25 11:32:27 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.11.25 11:04:17 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2011.11.04 19:38:51 | 000,000,080 | ---- | C] () -- C:\Users\Matthias\AppData\Local\X-Plane Installer.prf
[2011.07.20 12:24:10 | 000,000,132 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.07.20 12:23:38 | 000,000,132 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.07.11 12:36:44 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.07.11 12:36:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.06.26 17:23:51 | 000,000,000 | ---- | C] () -- C:\Users\Matthias\AppData\Local\{88D9EF4C-BB61-4B08-A01C-3EB2006FA68D}
[2011.06.19 10:27:06 | 000,017,920 | ---- | C] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.19 10:26:39 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.06.15 19:35:42 | 000,013,030 | ---- | C] () -- C:\Users\Matthias\AppData\Local\PDOXUSRS.NET
[2011.06.14 20:50:33 | 000,225,451 | ---- | C] () -- C:\Windows\hpoins46.dat
[2010.11.21 01:46:14 | 000,668,778 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.11.21 01:46:14 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.11.21 01:46:14 | 000,134,562 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.11.21 01:46:14 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.11.20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.03.23 12:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
 
========== LOP Check ==========
 
[2011.07.09 11:50:02 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Amazon
[2011.08.07 19:55:29 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DAEMON Tools Lite
[2011.07.04 09:17:29 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\elsterformular
[2012.01.31 16:09:01 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\gtk-2.0
[2012.02.29 15:25:06 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ICQ
[2011.10.03 17:11:42 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Juniper Networks
[2012.02.22 17:54:10 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Media Finder
[2011.12.28 17:23:02 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Micro Line Windows 7 Patch Tool
[2011.08.26 20:03:45 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Nokia
[2011.08.26 20:03:46 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Nokia Ovi Suite
[2011.06.14 11:20:14 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\OCS
[2011.06.14 11:20:18 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Opera
[2011.08.26 20:03:34 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\PC Suite
[2011.07.12 11:55:03 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.11.25 11:42:39 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TagTuner
[2011.06.13 17:06:13 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Thunderbird
[2011.07.17 15:48:31 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TrueCrypt
[2011.12.22 11:16:26 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ubisoft
[2011.06.14 13:08:00 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Xerox
[2011.06.14 11:03:46 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Zeon
[2012.02.06 13:06:13 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.07.12 11:48:57 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Adobe
[2011.07.12 11:55:03 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Adobe Mini Bridge CS5
[2011.07.09 11:50:02 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Amazon
[2011.08.07 19:55:29 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DAEMON Tools Lite
[2011.07.04 09:17:29 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\elsterformular
[2012.01.31 16:09:01 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\gtk-2.0
[2011.06.14 21:05:57 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\HP
[2011.12.28 12:01:00 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\HpUpdate
[2012.02.29 15:25:06 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ICQ
[2011.06.13 16:45:05 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Identities
[2011.06.15 09:42:33 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\InstallShield
[2011.10.03 17:11:42 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Juniper Networks
[2011.06.13 17:25:48 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Macromedia
[2012.02.24 12:42:21 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Malwarebytes
[2011.08.25 10:05:58 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\MathWorks
[2010.11.21 01:55:01 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Media Center Programs
[2012.02.22 17:54:10 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Media Finder
[2011.12.28 17:23:02 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Micro Line Windows 7 Patch Tool
[2012.01.26 15:36:50 | 000,000,000 | --SD | M] -- C:\Users\Matthias\AppData\Roaming\Microsoft
[2011.06.13 16:59:05 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Mozilla
[2011.08.26 20:03:45 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Nokia
[2011.08.26 20:03:46 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Nokia Ovi Suite
[2011.06.14 11:20:14 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\OCS
[2011.06.14 11:20:18 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Opera
[2011.08.26 20:03:34 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\PC Suite
[2011.07.12 11:55:03 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.02.29 09:36:09 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\SUPERAntiSpyware.com
[2011.11.25 11:42:39 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TagTuner
[2011.06.13 17:06:13 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Thunderbird
[2011.07.17 15:48:31 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TrueCrypt
[2011.12.22 11:16:26 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ubisoft
[2011.06.15 11:33:06 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\vlc
[2011.06.14 13:08:00 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Xerox
[2011.06.14 11:03:46 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Zeon
 
< %APPDATA%\*.exe /s >
[2011.10.16 18:56:34 | 000,149,368 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Juniper Networks\Setup Client\dsmmf.exe
[2011.10.16 18:56:58 | 000,282,544 | ---- | M] (Juniper Networks, Inc.) -- C:\Users\Matthias\AppData\Roaming\Juniper Networks\Setup Client\JuniperCompMgrInstaller.exe
[2011.10.16 18:56:32 | 000,571,256 | ---- | M] (Juniper Networks, Inc.) -- C:\Users\Matthias\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
[2011.10.16 18:56:06 | 000,348,224 | ---- | M] (Juniper Networks, Inc.) -- C:\Users\Matthias\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe
[2011.10.16 18:49:44 | 000,236,576 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupXP.exe
[2011.10.16 18:56:58 | 000,056,952 | ---- | M] (Juniper Networks, Inc.) -- C:\Users\Matthias\AppData\Roaming\Juniper Networks\Setup Client\uninstall.exe
[2011.08.22 09:00:17 | 000,010,134 | R--- | M] () -- C:\Users\Matthias\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2012.02.06 13:07:28 | 000,425,984 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\sniwvhgw.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
[2012.02.06 13:07:28 | 000,545,792 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\sniwvhgw.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
[2011.06.14 11:20:14 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Matthias\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2011.06.14 11:20:14 | 000,040,960 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache\netlogon.dll
[2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache\scecli.dll
[2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\ERDNT\cache\user32.dll
[2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:C39AA0B1

< End of report >

cosinus · 01.03.2012, 12:00

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
SRV - File not found [Auto | Stopped] --  -- (hSONYPVh)
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
[2011.06.13 17:00:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\sniwvhgw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-669107202-3843920512-883216293-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-669107202-3843920512-883216293-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Zeon Append to existing PDF - res://D:\Programme\DocuCom\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML File not found
O8 - Extra context menu item: Zeon Convert link target to DocuCom PDF - res://D:\Programme\DocuCom\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML File not found
O8 - Extra context menu item: Zeon Convert link target to existing PDF - res://D:\Programme\DocuCom\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML File not found
O8 - Extra context menu item: Zeon Convert selected links to DocuCom PDF - res://D:\Programme\DocuCom\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML File not found
O8 - Extra context menu item: Zeon Convert selected links to existing PDF - res://D:\Programme\DocuCom\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML File not found
O8 - Extra context menu item: Zeon Convert to DocuCom PDF - res://D:\Programme\DocuCom\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:C39AA0B1
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Matz · 01.03.2012, 12:10

Nachdem OTL den Rechner neugetartet hat erschien folgendes Logfile:

Code:

ATTFilter

All processes killed
========== OTL ==========
Service hSONYPVh stopped successfully!
Service hSONYPVh deleted successfully!
Prefs.js: "localhost" removed from network.proxy.http
Prefs.js: 9666 removed from network.proxy.http_port
Prefs.js: "localhost" removed from network.proxy.socks
Prefs.js: 9050 removed from network.proxy.socks_port
Prefs.js: true removed from network.proxy.socks_remote_dns
Prefs.js: "localhost" removed from network.proxy.ssl
Prefs.js: 9666 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\sniwvhgw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\sniwvhgw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\sniwvhgw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\sniwvhgw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-669107202-3843920512-883216293-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-669107202-3843920512-883216293-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Zeon Append to existing PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Zeon Convert link target to DocuCom PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Zeon Convert link target to existing PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Zeon Convert selected links to DocuCom PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Zeon Convert selected links to existing PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Zeon Convert to DocuCom PDF\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
ADS C:\ProgramData\TEMP:C39AA0B1 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Matthias
->Temp folder emptied: 63807500 bytes
->Temporary Internet Files folder emptied: 80529548 bytes
->Java cache emptied: 6176157 bytes
->FireFox cache emptied: 49733046 bytes
->Google Chrome cache emptied: 180652307 bytes
->Flash cache emptied: 487 bytes
 
User: Nina
->Temp folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 339232 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 364,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.33.2 log created on 03012012_120452

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 01.03.2012, 18:04

Ok. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Matz · 02.03.2012, 12:13

Beide Scans durchgeführt.

Malwarebytes hat diesmal nicht mehr angeschlagen; hier das Logfile:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.02.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Matthias :: MATTHIAS-LAPTOP [Administrator]

Schutz: Deaktiviert

02.03.2012 10:16:58
mbam-log-2012-03-02 (10-16-58).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 440688
Laufzeit: 1 Stunde(n), 10 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Bei SUPERAntiSpyware gabs wieder ein paar Funde:
Einmal wieder Trojan.Agent/Gen-Krpytik in einer Datei des Programms StrePla (hatte ich ja schonmal oben beschrieben, was das für ein Programm ist).

Zitat:

StrePla ist ein Segelflug Streckenplanungs & Auswertungsprogramm. Das gibt es als Testversion im Netz zum download und nach 30 Tagen lässt sich das Programm nur noch mit einem Aktivierungsschlüssel öffnen. Die 30 Tage sind mittlerweile lange abgelaufen, ich habe es allerdings drauf gelassen, da es mich nicht stört. Soll ich das ganze Programm dann sicherheitshalber deinstallieren (es nützt mir ja leider ehh nichts mehr)?

Und dann wieder 43 Tracking Items. Was sagen mir die Funde, ist das noch kritisch? Können diese Dinge einfach mit dem "Remove Threats"-Button von SUPERAntiSpyware entfernt werden?
Hier das Logfile:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/02/2012 at 12:09 PM

Application Version : 5.0.1144

Core Rules Database Version : 8297
Trace Rules Database Version: 6109

Scan type       : Complete Scan
Total Scan Time : 00:37:22

Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 606
Memory threats detected   : 0
Registry items scanned    : 36219
Registry threats detected : 0
File items scanned        : 40709
File threats detected     : 44

Adware.Tracking Cookie
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\matthias@adx.chip[2].txt [ /adx.chip ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\matthias@content.yieldmanager[1].txt [ /content.yieldmanager ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\matthias@content.yieldmanager[3].txt [ /content.yieldmanager ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\matthias@invitemedia[1].txt [ /invitemedia ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\matthias@zanox[1].txt [ /zanox ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\N54ZXSJM.txt [ /ad.yieldmanager.com ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\AR1AJ1BX.txt [ /adfarm1.adition.com ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\3TZZ61BP.txt [ /imrworldwide.com ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\66JRM171.txt [ /mediaplex.com ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\WCQM1FE2.txt [ /tradedoubler.com ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\K803MD54.txt [ /ad2.adfarm1.adition.com ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\QGJWUWGX.txt [ /doubleclick.net ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\GFIWQ98M.txt [ /ad3.adfarm1.adition.com ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\MY2Z76IV.txt [ /atdmt.com ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\I5G3TWZZ.txt [ /forum.usenext.de ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\CT3W93S0.txt [ /serving-sys.com ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\ZGUK51ZH.txt [ /smartadserver.com ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\ZRT9HR9O.txt [ /ads.creative-serving.com ]
	C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\H6PUTYZ6.txt [ /apmebf.com ]
	C:\USERS\MATTHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\C9Y1CRAV.txt [ Cookie:matthias@bs.serving-sys.com/ ]
	C:\USERS\MATTHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\matthias@imrworldwide[2].txt [ Cookie:matthias@imrworldwide.com/cgi-bin ]
	C:\USERS\MATTHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\U0UB6WAF.txt [ Cookie:matthias@mediaplex.com/ ]
	C:\USERS\MATTHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\DT3MPYTB.txt [ Cookie:matthias@msnportal.112.2o7.net/ ]
	C:\USERS\MATTHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\LVQ705EB.txt [ Cookie:matthias@tradedoubler.com/ ]
	C:\USERS\MATTHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\U1TMCUQ3.txt [ Cookie:matthias@media6degrees.com/ ]
	C:\USERS\MATTHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\YO5O21ZB.txt [ Cookie:matthias@ad2.adfarm1.adition.com/ ]
	C:\USERS\MATTHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\matthias@2o7[1].txt [ Cookie:matthias@2o7.net/ ]
	C:\USERS\MATTHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\T4CF7JLT.txt [ Cookie:matthias@ad3.adfarm1.adition.com/ ]
	C:\USERS\MATTHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\PYX59TAR.txt [ Cookie:matthias@atdmt.com/ ]
	C:\USERS\MATTHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZD35M3IV.txt [ Cookie:matthias@apmebf.com/ ]
	C:\USERS\MATTHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\KM0ZB54T.txt [ Cookie:matthias@tracking.quisma.com/ ]
	C:\USERS\MATTHIAS\Cookies\N54ZXSJM.txt [ Cookie:matthias@ad.yieldmanager.com/ ]
	C:\USERS\MATTHIAS\Cookies\3TZZ61BP.txt [ Cookie:matthias@imrworldwide.com/cgi-bin ]
	C:\USERS\MATTHIAS\Cookies\66JRM171.txt [ Cookie:matthias@mediaplex.com/ ]
	C:\USERS\MATTHIAS\Cookies\WCQM1FE2.txt [ Cookie:matthias@tradedoubler.com/ ]
	C:\USERS\MATTHIAS\Cookies\matthias@content.yieldmanager[1].txt [ Cookie:matthias@content.yieldmanager.com/ ]
	C:\USERS\MATTHIAS\Cookies\K803MD54.txt [ Cookie:matthias@ad2.adfarm1.adition.com/ ]
	C:\USERS\MATTHIAS\Cookies\GFIWQ98M.txt [ Cookie:matthias@ad3.adfarm1.adition.com/ ]
	C:\USERS\MATTHIAS\Cookies\matthias@content.yieldmanager[3].txt [ Cookie:matthias@content.yieldmanager.com/ak/ ]
	C:\USERS\MATTHIAS\Cookies\MY2Z76IV.txt [ Cookie:matthias@atdmt.com/ ]
	C:\USERS\MATTHIAS\Cookies\H6PUTYZ6.txt [ Cookie:matthias@apmebf.com/ ]
	C:\USERS\MATTHIAS\Cookies\matthias@adx.chip[2].txt [ Cookie:matthias@adx.chip.de/ ]
	secure-uk.imrworldwide.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BDSCSXYS ]

Trojan.Agent/Gen-Krpytik
	D:\PROGRAMME\STREPLA6\BIN\AIRPAR32.EXE

cosinus · 02.03.2012, 14:03

Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Matz · 02.03.2012, 14:10

Sonst habe ich jetzt keine Funde mehr. Die Google Suche klappt auch wieder.

Wie schauts mit dem einen Fund von SuperAntiSpyware (Trojan.Agent) noch aus? Ist das ein "irrtümlicher" Fund oder ist das auch etwas ungefährliches.

Und dann sind jetzt in dem ganzen Bereinigungsprozess etliche Ordner auf C:\ hinzugekommen (bspw. Qoobox, der selbst erstellte Ordner tb, _OTL und viele mehr). Müssen diese noch manuell gelöscht werden, oder löschen die sich, wenn ich Malewarebytes deinstallieren (oder soll ich das Programm sicherheitshalber als Ergänzung installiert lassen)?

Vielen Dank schonmal für die umfangreiche Hilfe bis hierhin!

cosinus · 02.03.2012, 14:13

Hast du doch geschrieben was das ist, ich bin davon ausgegangen dass man dann nicht erwähnen muss dass es sich um einen Fehlalarm handelt

Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

28.02.2012, 20:52	#16
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Google Suchergebnisse werden weitergeleitet zu "abnow.com" Wieso als Anhang? War die Datei zu groß? Nach Möglichkeit immer in CODE-Tags! __________________ Logfiles bitte immer in CODE-Tags posten

28.02.2012, 22:37	#18
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Google Suchergebnisse werden weitergeleitet zu "abnow.com" Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ __________________

01.03.2012, 18:04	#26
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Google Suchergebnisse werden weitergeleitet zu "abnow.com" Ok. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Google Suchergebnisse werden weitergeleitet zu "abnow.com"

Plagegeister aller Art und deren Bekämpfung: Google Suchergebnisse werden weitergeleitet zu "abnow.com"