Windows aufgrund von massiven Sicherheitslücken gesperrt! 50€

Adora · 06.03.2012, 16:33

Hallo,

ich habe seit einigen Tagen das Problem, dass mein Computer plötzlich einen schwarzen Bildschirm mit einem großen roten Textfeld bekommt. Angeblich hätte Windows ein massives Sicherheitsproblem und für 50€ könne man das lösen.
Ich bin dann auf diese Seite hier gestoßen und habe schon ein mal ein wenig herum gestöbert wie man dieses Problem lösen könne. Wie in den meisten Threads beschrieben habe ich mir das Programm OTL von OldTimer herunter geladen und wie beschrieben durchlaufen lassen.

Hier die beiden Dateien die OTL ausgespuckt hat:

cosinus · 07.03.2012, 00:50

Nach Möglichkeit im normalen Modus machen, ansonsten im abgesicherten Modus mit Netzwerk:

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Adora · 07.03.2012, 14:12

So, alles wie beschrieben ausgeführt.

Hier der log.txt vom Malwarebytes

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.07.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Dadudu :: DADUDU-PC [Administrator]

07.03.2012 12:05:30
mbam-log-2012-03-07 (12-05-30).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 329296
Laufzeit: 1 Stunde(n), 2 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\Software\RavenBleuSA (Adware.Hotbar.RB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\RavenBleuSA (Adware.Hotbar.RB) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ffdwnd (Trojan.Agent) -> Daten: C:\Users\Dadudu\AppData\Local\Mozilla\Firefox\firefox.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Dadudu\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSACB.exe (Adware.HotBar.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dadudu\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSAHook.dll (Adware.HotBar.RB) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

und hier vom Eset-Scan

Code:

ATTFilter

 ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

cosinus · 07.03.2012, 14:51

Bei ESET hast du das hier missachtet => Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen

Bitte so ausführen wie es da auch steht

Adora · 07.03.2012, 15:58

Ohh, sorry.

Dann hier nochmal:

Code:

ATTFilter

 ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5a83f05768e8c542adf845ad44f3bf58
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-07 02:55:26
# local_time=2012-03-07 03:55:26 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 239822 239822 0 0
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 88597 168661738 0 0
# compatibility_mode=8192 67108863 100 0 10143 10143 0 0
# scanned=162787
# found=1
# cleaned=0
# scan_time=3116
D:\World of Warcraft\Interface\AddOns\Aquastop\wowpfb Lunchpad.exe	Win32/Packed.Autoit.E.Gen application (unable to clean)	00000000000000000000000000000000	I

cosinus · 07.03.2012, 16:04

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Adora · 07.03.2012, 16:20

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 07.03.2012 16:09:53 - Run 2
OTL by OldTimer - Version 3.2.35.1     Folder = C:\Users\Dadudu\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 60,52% Memory free
6,71 Gb Paging File | 5,62 Gb Available in Paging File | 83,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 453,76 Gb Total Space | 343,53 Gb Free Space | 75,71% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 400,20 Gb Free Space | 85,92% Space Free | Partition Type: NTFS
Drive K: | 999,70 Mb Total Space | 764,11 Mb Free Space | 76,43% Space Free | Partition Type: FAT
 
Computer Name: DADUDU-PC | User Name: Dadudu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.06 15:04:08 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Dadudu\Desktop\OTL.exe
PRC - [2012.01.31 08:56:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.01.31 08:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.08.03 09:05:54 | 000,358,472 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2010.08.03 09:03:46 | 003,649,096 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2009.12.03 00:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.02.04 11:13:36 | 001,038,136 | ---- | M] (Packard Bell BV) -- C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.01.18 13:03:10 | 000,099,896 | ---- | M] (Packard Bell BV) -- C:\Program Files\Packard Bell\FIJI\AOSD.exe
PRC - [2007.01.18 13:03:00 | 000,079,416 | ---- | M] (Packard Bell BV) -- C:\Program Files\Packard Bell\FIJI\ABoard.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (UPnPService)
SRV - File not found [On_Demand | Stopped] --  -- (stllssvr)
SRV - File not found [On_Demand | Stopped] --  -- (Sony Ericsson PCCompanion)
SRV - File not found [On_Demand | Stopped] --  -- (LBTServ)
SRV - File not found [On_Demand | Stopped] --  -- (IDriverT)
SRV - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (SSMO3v2Filter)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (azxjx851)
DRV - [2012.01.31 08:56:33 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.01.31 08:56:33 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.29 11:24:15 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.06.29 11:24:15 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2010.11.25 06:59:16 | 000,541,800 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009.11.23 16:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009.11.23 16:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.30 21:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009.03.27 23:03:00 | 007,738,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.10.04 20:04:08 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.02.29 02:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008.02.29 02:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008.02.29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.02.29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008.02.29 02:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007.11.08 00:52:10 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2007.09.11 14:19:20 | 000,123,424 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.09.11 14:19:16 | 000,114,208 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.09.10 19:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.09.04 18:08:24 | 000,286,208 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2007.07.07 14:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.packardbell.com/?id=9262
IE - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PBEA
IE - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: NPDyyno@dyyno.com:1.0.0.26
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Dadudu\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.07 14:59:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2008.09.27 21:02:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dadudu\AppData\Roaming\mozilla\Extensions
[2012.02.11 18:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions
[2012.01.05 13:14:56 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.06 00:53:20 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\welcome@toolmin.com
[2012.01.25 23:55:46 | 000,000,933 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\11-suche.xml
[2012.01.25 23:55:46 | 000,002,419 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\englische-ergebnisse.xml
[2012.01.25 23:55:46 | 000,010,525 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\gmx-suche.xml
[2012.03.07 15:01:44 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-1.xml
[2011.07.18 11:35:15 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-2.xml
[2011.08.24 08:04:29 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-3.xml
[2011.10.05 19:02:42 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-4.xml
[2011.11.08 18:38:22 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-5.xml
[2011.11.15 23:24:34 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-6.xml
[2011.11.29 15:34:30 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-7.xml
[2011.12.10 21:23:01 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-8.xml
[2012.03.07 14:59:34 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-9.xml
[2011.07.04 07:07:47 | 000,001,056 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin.xml
[2012.01.25 23:55:46 | 000,002,457 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\lastminute.xml
[2012.01.25 23:55:46 | 000,005,508 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\webde-suche.xml
[2012.03.07 14:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.02.16 15:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 11:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Dadudu\AppData\Roaming\toolplugin\toolbar.dll File not found
O4 - HKLM..\Run: [ACTIVBOARD] C:\Program Files\Packard Bell\FIJI\aboard.exe (Packard Bell BV)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000..\Run: [BLASC] "C:\Program Files\buffed\BLASC.exe" silent File not found
O4 - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000..\Run: [EPSON BX305 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGJE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background File not found
O7 - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36C3D9FD-44CE-4997-8272-C0314F3AE469}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Packard Bell\Wallpaper\Wallpaper Galactic_1900x1440.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Packard Bell\Wallpaper\Wallpaper Galactic_1900x1440.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9fad5383-a220-11e0-beb0-a521a5e966e0}\Shell - "" = AutoRun
O33 - MountPoints2\{9fad5383-a220-11e0-beb0-a521a5e966e0}\Shell\AutoRun\command - "" = L:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.07 15:02:10 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Dadudu\Desktop\esetsmartinstaller_enu.exe
[2012.03.07 14:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.03.07 13:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.07 12:04:50 | 000,000,000 | ---D | C] -- C:\Users\Dadudu\AppData\Roaming\Malwarebytes
[2012.03.07 12:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.07 12:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.07 12:04:08 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.07 12:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.07 11:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012.03.06 17:16:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.03.06 15:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.03.06 15:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.03.06 15:15:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.03.06 15:14:21 | 000,000,000 | ---D | C] -- C:\Users\Dadudu\Desktop\text
[2012.03.06 15:14:14 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Dadudu\Desktop\OTL.exe
[2012.03.06 14:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012.03.06 14:33:14 | 000,000,000 | R--D | C] -- C:\Users\Dadudu\Favorites
[2012.03.05 10:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\RIFT Game
[2012.03.04 21:27:12 | 000,000,000 | ---D | C] -- C:\Users\Dadudu\AppData\Roaming\Avira
[2012.03.04 21:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.03.04 21:26:29 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.03.04 21:26:29 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.03.04 21:26:29 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.03.04 21:26:29 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.03.04 21:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.03.04 21:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.03.04 20:34:32 | 000,000,000 | ---D | C] -- C:\Users\Dadudu\Tracing
[2012.03.04 20:34:12 | 000,000,000 | R--D | C] -- C:\Users\Dadudu\Desktop
[2012.02.07 01:21:27 | 000,000,000 | ---D | C] -- C:\Users\Dadudu\AppData\Local\Babylon
[2012.02.07 01:21:25 | 000,000,000 | ---D | C] -- C:\Users\Dadudu\AppData\Roaming\Babylon
[2012.02.07 01:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.02.07 01:21:12 | 000,000,000 | ---D | C] -- C:\Users\Dadudu\AppData\Local\RavenBleuSA
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.07 16:00:01 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator-Dadudu.job
[2012.03.07 16:00:01 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie-Dadudu.job
[2012.03.07 15:10:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.07 15:10:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.07 15:02:13 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Dadudu\Desktop\esetsmartinstaller_enu.exe
[2012.03.07 14:59:16 | 000,000,849 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.07 13:17:05 | 000,670,924 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.07 13:17:05 | 000,631,654 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.07 13:17:05 | 000,144,092 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.07 13:17:05 | 000,118,280 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.07 13:10:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.07 12:04:11 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.07 12:00:27 | 000,313,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.07 11:56:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012.03.06 15:34:29 | 000,000,839 | ---- | M] () -- C:\Users\Dadudu\Desktop\riftpatchlive - Verknüpfung.lnk
[2012.03.06 15:31:56 | 000,000,680 | ---- | M] () -- C:\Users\Dadudu\AppData\Local\d3d9caps.dat
[2012.03.06 15:04:08 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Dadudu\Desktop\OTL.exe
[2012.03.04 21:26:36 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.03.04 21:21:32 | 087,227,952 | ---- | M] () -- C:\Users\Dadudu\Desktop\avira_free_antivirus_898de.exe
[2012.02.29 15:03:27 | 000,007,168 | ---- | M] () -- C:\Users\Dadudu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2012.03.07 14:59:16 | 000,000,849 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.07 12:04:11 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.07 11:56:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012.03.06 15:34:29 | 000,000,839 | ---- | C] () -- C:\Users\Dadudu\Desktop\riftpatchlive - Verknüpfung.lnk
[2012.03.06 15:31:56 | 000,000,680 | ---- | C] () -- C:\Users\Dadudu\AppData\Local\d3d9caps.dat
[2012.03.04 21:26:36 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.03.04 21:25:47 | 087,227,952 | ---- | C] () -- C:\Users\Dadudu\Desktop\avira_free_antivirus_898de.exe
[2011.08.24 17:15:08 | 000,007,168 | ---- | C] () -- C:\Users\Dadudu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.26 22:21:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.14 19:35:19 | 000,000,760 | ---- | C] () -- C:\Users\Dadudu\AppData\Roaming\setup_ldm.iss
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
 
========== LOP Check ==========
 
[2009.01.16 23:33:20 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Acreon
[2012.02.07 01:21:25 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Babylon
[2008.10.04 20:03:38 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\DAEMON Tools
[2011.11.23 11:27:33 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Epson
[2011.11.08 23:46:25 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\FOG Downloader
[2008.10.10 13:06:24 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Leadertech
[2009.05.19 08:29:28 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\MAGIX
[2010.01.28 18:24:49 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Mumble
[2010.05.13 19:25:23 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\ooVoo Details
[2008.10.29 09:14:57 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\OpenOffice.org
[2011.03.30 17:05:41 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\RayV
[2011.08.10 23:26:50 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\RIFT
[2012.03.06 14:35:51 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\SteelSeries
[2011.11.16 00:27:02 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Thunderbird
[2012.03.04 22:52:39 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\toolplugin
[2011.11.22 18:02:09 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\TS3Client
[2012.03.07 16:00:01 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\Erweiterte Garantie-Dadudu.job
[2012.03.07 16:00:01 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\Recovery DVD Creator-Dadudu.job
[2012.03.07 13:08:46 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.01.16 23:33:20 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Acreon
[2008.11.27 17:21:27 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Adobe
[2012.03.04 21:27:12 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Avira
[2012.02.07 01:21:25 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Babylon
[2008.10.04 20:03:38 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\DAEMON Tools
[2011.09.14 03:24:56 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\DivX
[2011.11.23 11:27:33 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Epson
[2011.11.08 23:46:25 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\FOG Downloader
[2008.09.28 03:30:36 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Google
[2008.09.27 20:45:49 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Identities
[2008.10.10 13:04:34 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\InstallShield
[2008.12.03 21:02:31 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Ipswitch
[2008.10.10 13:06:24 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Leadertech
[2008.10.10 13:07:00 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Logitech
[2008.09.27 20:49:51 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Macromedia
[2009.05.19 08:29:28 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\MAGIX
[2012.03.07 12:04:50 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Media Center Programs
[2011.07.05 17:53:47 | 000,000,000 | --SD | M] -- C:\Users\Dadudu\AppData\Roaming\Microsoft
[2010.04.24 21:01:52 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Move Networks
[2008.09.27 21:02:01 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Mozilla
[2010.01.28 18:24:49 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Mumble
[2010.05.13 19:25:23 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\ooVoo Details
[2008.10.29 09:14:57 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\OpenOffice.org
[2011.03.30 17:05:41 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\RayV
[2011.08.10 23:26:50 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\RIFT
[2008.10.05 07:20:32 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Roxio
[2012.03.06 14:32:51 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Skype
[2011.05.26 22:20:49 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\skypePM
[2012.03.06 14:35:51 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\SteelSeries
[2010.03.02 21:28:30 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\teamspeak2
[2011.11.16 00:27:02 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Thunderbird
[2012.03.04 22:52:39 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\toolplugin
[2011.11.22 18:02:09 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\TS3Client
[2009.08.08 10:52:38 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Ventrilo
[2008.12.07 16:34:28 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\vlc
[2008.10.05 16:22:47 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\WinRAR
[2008.12.16 17:42:23 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2009.01.16 23:33:23 | 000,272,384 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Acreon\WowMatrix\Modules\curl.exe
[2010.04.24 21:01:52 | 000,144,053 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Move Networks\uninstall.exe
[2010.02.11 20:31:38 | 000,097,216 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2007.09.11 14:19:16 | 000,114,208 | ---- | M] (NVIDIA Corporation) MD5=8FFB327669B980549BD318D939A34F9B -- C:\drivers\MOBO\CHIPSET\IDE\WinVista\sata_ide\nvstor32.sys
[2007.09.11 14:19:16 | 000,114,208 | ---- | M] (NVIDIA Corporation) MD5=8FFB327669B980549BD318D939A34F9B -- C:\Windows\System32\drivers\nvstor32.sys
[2007.09.11 14:19:16 | 000,114,208 | ---- | M] (NVIDIA Corporation) MD5=8FFB327669B980549BD318D939A34F9B -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_4b699c67\nvstor32.sys
[2007.09.11 14:19:18 | 000,114,208 | ---- | M] (NVIDIA Corporation) MD5=AFD01721DC3297E6715C5F472DD8BCCD -- C:\drivers\MOBO\CHIPSET\IDE\WinVista\sataraid\nvstor32.sys
[2007.09.11 14:19:18 | 000,114,208 | ---- | M] (NVIDIA Corporation) MD5=AFD01721DC3297E6715C5F472DD8BCCD -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_8225a48e\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008.10.04 20:04:08 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

--- --- ---
[/code]

cosinus · 07.03.2012, 20:42

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (azxjx851)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.packardbell.com/?id=9262
IE - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PBEA
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
[2012.01.05 13:14:56 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.06 00:53:20 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\welcome@toolmin.com
[2012.01.25 23:55:46 | 000,000,933 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\11-suche.xml
[2012.01.25 23:55:46 | 000,002,419 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\englische-ergebnisse.xml
[2012.01.25 23:55:46 | 000,010,525 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\gmx-suche.xml
[2012.03.07 15:01:44 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-1.xml
[2011.07.18 11:35:15 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-2.xml
[2011.08.24 08:04:29 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-3.xml
[2011.10.05 19:02:42 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-4.xml
[2011.11.08 18:38:22 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-5.xml
[2011.11.15 23:24:34 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-6.xml
[2011.11.29 15:34:30 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-7.xml
[2011.12.10 21:23:01 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-8.xml
[2012.03.07 14:59:34 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-9.xml
[2011.07.04 07:07:47 | 000,001,056 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin.xml
[2012.01.25 23:55:46 | 000,002,457 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\lastminute.xml
[2012.01.25 23:55:46 | 000,005,508 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\webde-suche.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000..\Run: [BLASC] "C:\Program Files\buffed\BLASC.exe" silent File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9fad5383-a220-11e0-beb0-a521a5e966e0}\Shell - "" = AutoRun
O33 - MountPoints2\{9fad5383-a220-11e0-beb0-a521a5e966e0}\Shell\AutoRun\command - "" = L:\Startme.exe
[2012.03.04 20:34:12 | 000,000,000 | R--D | C] -- C:\Users\Dadudu\Desktop
[2012.02.07 01:21:27 | 000,000,000 | ---D | C] -- C:\Users\Dadudu\AppData\Local\Babylon
[2012.02.07 01:21:25 | 000,000,000 | ---D | C] -- C:\Users\Dadudu\AppData\Roaming\Babylon
[2012.02.07 01:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.02.07 01:21:12 | 000,000,000 | ---D | C] -- C:\Users\Dadudu\AppData\Local\RavenBleuSA
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Adora · 07.03.2012, 20:52

Code:

ATTFilter

 All processes killed
========== OTL ==========
Error: No service named azxjx851 was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\azxjx851 deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKEY_USERS\S-1-5-21-2528158178-3138933754-1184238012-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2528158178-3138933754-1184238012-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2528158178-3138933754-1184238012-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Prefs.js: "Search the web" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" removed from browser.search.defaulturl
Prefs.js: "Search the web" removed from browser.search.order.1
Prefs.js: "Search the web" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage
Prefs.js: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
C:\Users\Dadudu\AppData\Roaming\Mozilla\FireFox\Profiles\4z5896wz.default\user.js moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\welcome@toolmin.com\chrome\content folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\welcome@toolmin.com\chrome folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\welcome@toolmin.com folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\11-suche.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\englische-ergebnisse.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\gmx-suche.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\lastminute.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\webde-suche.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-2528158178-3138933754-1184238012-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BLASC deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fad5383-a220-11e0-beb0-a521a5e966e0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9fad5383-a220-11e0-beb0-a521a5e966e0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fad5383-a220-11e0-beb0-a521a5e966e0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9fad5383-a220-11e0-beb0-a521a5e966e0}\ not found.
File L:\Startme.exe not found.
C:\Users\Dadudu\Desktop folder moved successfully.
C:\Users\Dadudu\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Users\Dadudu\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\Dadudu\AppData\Local\Babylon folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
C:\Users\Dadudu\AppData\Local\RavenBleuSA\data folder moved successfully.
C:\Users\Dadudu\AppData\Local\RavenBleuSA\bin\1.0.11.0 folder moved successfully.
C:\Users\Dadudu\AppData\Local\RavenBleuSA\bin folder moved successfully.
C:\Users\Dadudu\AppData\Local\RavenBleuSA folder moved successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Dadudu
->Temp folder emptied: 3045 bytes
->Temporary Internet Files folder emptied: 39378971 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 50883185 bytes
->Flash cache emptied: 456 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37200968 bytes
RecycleBin emptied: 169172 bytes
 
Total Files Cleaned = 122,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.35.1 log created on 03072012_204642

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 07.03.2012, 23:25

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Adora · 08.03.2012, 00:39

Code:

ATTFilter

 00:36:36.0159 2688	TDSS rootkit removing tool 2.7.19.0 Mar  5 2012 11:23:39
00:36:36.0393 2688	============================================================
00:36:36.0393 2688	Current date / time: 2012/03/08 00:36:36.0393
00:36:36.0393 2688	SystemInfo:
00:36:36.0393 2688	
00:36:36.0393 2688	OS Version: 6.0.6002 ServicePack: 2.0
00:36:36.0393 2688	Product type: Workstation
00:36:36.0393 2688	ComputerName: DADUDU-PC
00:36:36.0393 2688	UserName: Dadudu
00:36:36.0393 2688	Windows directory: C:\Windows
00:36:36.0393 2688	System windows directory: C:\Windows
00:36:36.0393 2688	Processor architecture: Intel x86
00:36:36.0393 2688	Number of processors: 4
00:36:36.0393 2688	Page size: 0x1000
00:36:36.0393 2688	Boot type: Normal boot
00:36:36.0393 2688	============================================================
00:36:36.0737 2688	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:36:36.0752 2688	Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:36:36.0799 2688	\Device\Harddisk0\DR0:
00:36:36.0799 2688	MBR used
00:36:36.0799 2688	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x38B838D1
00:36:36.0799 2688	\Device\Harddisk1\DR1:
00:36:36.0815 2688	MBR used
00:36:36.0815 2688	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
00:36:36.0908 2688	Initialize success
00:36:36.0908 2688	============================================================
00:36:42.0337 0744	============================================================
00:36:42.0337 0744	Scan started
00:36:42.0337 0744	Mode: Manual; SigCheck; TDLFS; 
00:36:42.0337 0744	============================================================
00:36:42.0992 0744	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
00:36:43.0101 0744	ACPI - ok
00:36:43.0413 0744	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
00:36:43.0507 0744	adp94xx - ok
00:36:43.0601 0744	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
00:36:43.0616 0744	adpahci - ok
00:36:43.0694 0744	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
00:36:43.0710 0744	adpu160m - ok
00:36:43.0819 0744	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
00:36:43.0835 0744	adpu320 - ok
00:36:43.0928 0744	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
00:36:43.0991 0744	AFD - ok
00:36:44.0318 0744	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
00:36:44.0318 0744	agp440 - ok
00:36:44.0583 0744	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
00:36:44.0599 0744	aic78xx - ok
00:36:44.0677 0744	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
00:36:44.0693 0744	aliide - ok
00:36:44.0755 0744	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
00:36:44.0755 0744	amdagp - ok
00:36:44.0989 0744	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
00:36:45.0005 0744	amdide - ok
00:36:45.0051 0744	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
00:36:45.0176 0744	AmdK7 - ok
00:36:45.0410 0744	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
00:36:45.0457 0744	AmdK8 - ok
00:36:45.0535 0744	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
00:36:45.0535 0744	arc - ok
00:36:45.0597 0744	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
00:36:45.0613 0744	arcsas - ok
00:36:45.0691 0744	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
00:36:45.0753 0744	AsyncMac - ok
00:36:45.0972 0744	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
00:36:45.0987 0744	atapi - ok
00:36:46.0050 0744	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
00:36:46.0097 0744	avgntflt - ok
00:36:46.0315 0744	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
00:36:46.0331 0744	avipbb - ok
00:36:46.0377 0744	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
00:36:46.0393 0744	avkmgr - ok
00:36:46.0471 0744	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
00:36:46.0518 0744	Beep - ok
00:36:46.0580 0744	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
00:36:46.0627 0744	blbdrive - ok
00:36:46.0705 0744	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
00:36:46.0767 0744	bowser - ok
00:36:46.0830 0744	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
00:36:46.0877 0744	BrFiltLo - ok
00:36:46.0923 0744	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
00:36:46.0970 0744	BrFiltUp - ok
00:36:47.0033 0744	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
00:36:47.0173 0744	Brserid - ok
00:36:47.0235 0744	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
00:36:47.0313 0744	BrSerWdm - ok
00:36:47.0454 0744	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
00:36:47.0547 0744	BrUsbMdm - ok
00:36:47.0797 0744	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
00:36:47.0891 0744	BrUsbSer - ok
00:36:48.0171 0744	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
00:36:48.0218 0744	BTHMODEM - ok
00:36:48.0281 0744	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
00:36:48.0343 0744	cdfs - ok
00:36:48.0390 0744	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
00:36:48.0421 0744	cdrom - ok
00:36:48.0468 0744	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
00:36:48.0515 0744	circlass - ok
00:36:48.0827 0744	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
00:36:48.0842 0744	CLFS - ok
00:36:49.0014 0744	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
00:36:49.0029 0744	cmdide - ok
00:36:49.0217 0744	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
00:36:49.0232 0744	Compbatt - ok
00:36:49.0482 0744	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
00:36:49.0482 0744	crcdisk - ok
00:36:49.0685 0744	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
00:36:49.0731 0744	Crusoe - ok
00:36:50.0137 0744	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
00:36:50.0184 0744	DfsC - ok
00:36:50.0262 0744	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
00:36:50.0277 0744	disk - ok
00:36:50.0324 0744	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
00:36:50.0355 0744	drmkaud - ok
00:36:50.0543 0744	DXGKrnl         (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
00:36:50.0636 0744	DXGKrnl - ok
00:36:50.0823 0744	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
00:36:50.0886 0744	E1G60 - ok
00:36:51.0260 0744	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
00:36:51.0276 0744	Ecache - ok
00:36:51.0432 0744	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
00:36:51.0463 0744	elxstor - ok
00:36:51.0588 0744	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
00:36:51.0635 0744	ErrDev - ok
00:36:51.0713 0744	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
00:36:51.0744 0744	exfat - ok
00:36:51.0791 0744	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
00:36:51.0853 0744	fastfat - ok
00:36:51.0978 0744	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
00:36:52.0040 0744	fdc - ok
00:36:52.0087 0744	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
00:36:52.0087 0744	FileInfo - ok
00:36:52.0337 0744	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
00:36:52.0383 0744	Filetrace - ok
00:36:52.0539 0744	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
00:36:52.0602 0744	flpydisk - ok
00:36:52.0945 0744	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
00:36:52.0961 0744	FltMgr - ok
00:36:53.0039 0744	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
00:36:53.0070 0744	Fs_Rec - ok
00:36:53.0117 0744	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
00:36:53.0132 0744	gagp30kx - ok
00:36:53.0195 0744	ggflt           (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
00:36:53.0195 0744	ggflt - ok
00:36:53.0257 0744	ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
00:36:53.0257 0744	ggsemc - ok
00:36:53.0319 0744	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
00:36:53.0382 0744	HdAudAddService - ok
00:36:53.0429 0744	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:36:53.0491 0744	HDAudBus - ok
00:36:53.0522 0744	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
00:36:53.0585 0744	HidBth - ok
00:36:53.0725 0744	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
00:36:53.0787 0744	HidIr - ok
00:36:53.0881 0744	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
00:36:53.0928 0744	HidUsb - ok
00:36:54.0177 0744	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
00:36:54.0193 0744	HpCISSs - ok
00:36:54.0287 0744	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
00:36:54.0349 0744	HTTP - ok
00:36:54.0443 0744	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
00:36:54.0458 0744	i2omp - ok
00:36:54.0599 0744	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
00:36:54.0661 0744	i8042prt - ok
00:36:54.0708 0744	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
00:36:54.0723 0744	iaStorV - ok
00:36:54.0786 0744	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
00:36:54.0801 0744	iirsp - ok
00:36:55.0347 0744	IntcAzAudAddService (34b8b4a442046e3d5fdd0b17926cf3f1) C:\Windows\system32\drivers\RTKVHDA.sys
00:36:55.0410 0744	IntcAzAudAddService - ok
00:36:55.0535 0744	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
00:36:55.0535 0744	intelide - ok
00:36:55.0644 0744	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
00:36:55.0691 0744	intelppm - ok
00:36:55.0753 0744	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:36:55.0800 0744	IpFilterDriver - ok
00:36:55.0956 0744	IpInIp - ok
00:36:56.0159 0744	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
00:36:56.0205 0744	IPMIDRV - ok
00:36:56.0283 0744	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
00:36:56.0330 0744	IPNAT - ok
00:36:56.0549 0744	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
00:36:56.0595 0744	IRENUM - ok
00:36:56.0705 0744	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
00:36:56.0705 0744	isapnp - ok
00:36:56.0767 0744	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
00:36:56.0783 0744	iScsiPrt - ok
00:36:57.0001 0744	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
00:36:57.0001 0744	iteatapi - ok
00:36:57.0235 0744	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
00:36:57.0251 0744	iteraid - ok
00:36:57.0531 0744	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:36:57.0547 0744	kbdclass - ok
00:36:57.0999 0744	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
00:36:58.0046 0744	kbdhid - ok
00:36:58.0499 0744	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
00:36:58.0530 0744	KSecDD - ok
00:36:58.0655 0744	L8042mou        (d6fc755ff505d99e6cc73e83492310df) C:\Windows\system32\DRIVERS\L8042mou.Sys
00:36:58.0670 0744	L8042mou - ok
00:36:58.0811 0744	LGBusEnum       (170e7093a77ad586f3a012a3db651d94) C:\Windows\system32\drivers\LGBusEnum.sys
00:36:58.0826 0744	LGBusEnum - ok
00:36:58.0873 0744	LGVirHid        (d2dd04d1c8df65eecd1f2c7fb947d43e) C:\Windows\system32\drivers\LGVirHid.sys
00:36:58.0889 0744	LGVirHid - ok
00:36:58.0951 0744	LHidFilt        (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys
00:36:58.0967 0744	LHidFilt - ok
00:36:59.0357 0744	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
00:36:59.0403 0744	lltdio - ok
00:36:59.0715 0744	LMouFilt        (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys
00:36:59.0731 0744	LMouFilt - ok
00:36:59.0762 0744	LMouKE          (c149bdad13194df16ea33f9f601ed7bf) C:\Windows\system32\DRIVERS\LMouKE.Sys
00:36:59.0778 0744	LMouKE - ok
00:36:59.0825 0744	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
00:36:59.0840 0744	LSI_FC - ok
00:37:00.0027 0744	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
00:37:00.0043 0744	LSI_SAS - ok
00:37:00.0339 0744	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
00:37:00.0355 0744	LSI_SCSI - ok
00:37:00.0683 0744	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
00:37:00.0714 0744	luafv - ok
00:37:00.0839 0744	LUsbFilt        (144011d14bd35f4e36136ae057b1aadd) C:\Windows\system32\Drivers\LUsbFilt.Sys
00:37:00.0839 0744	LUsbFilt - ok
00:37:00.0917 0744	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
00:37:00.0917 0744	megasas - ok
00:37:01.0166 0744	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
00:37:01.0213 0744	MegaSR - ok
00:37:01.0603 0744	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
00:37:01.0665 0744	Modem - ok
00:37:01.0806 0744	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
00:37:01.0853 0744	monitor - ok
00:37:01.0868 0744	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
00:37:01.0884 0744	mouclass - ok
00:37:02.0289 0744	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
00:37:02.0352 0744	mouhid - ok
00:37:02.0679 0744	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
00:37:02.0695 0744	MountMgr - ok
00:37:03.0163 0744	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
00:37:03.0163 0744	mpio - ok
00:37:03.0459 0744	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
00:37:03.0506 0744	mpsdrv - ok
00:37:03.0912 0744	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
00:37:03.0927 0744	Mraid35x - ok
00:37:04.0239 0744	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
00:37:04.0302 0744	MRxDAV - ok
00:37:04.0333 0744	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:37:04.0395 0744	mrxsmb - ok
00:37:04.0676 0744	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:37:04.0723 0744	mrxsmb10 - ok
00:37:04.0879 0744	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:37:04.0910 0744	mrxsmb20 - ok
00:37:05.0207 0744	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
00:37:05.0222 0744	msahci - ok
00:37:05.0472 0744	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
00:37:05.0487 0744	msdsm - ok
00:37:05.0690 0744	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
00:37:05.0737 0744	Msfs - ok
00:37:05.0799 0744	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
00:37:05.0815 0744	msisadrv - ok
00:37:05.0893 0744	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
00:37:05.0940 0744	MSKSSRV - ok
00:37:06.0049 0744	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
00:37:06.0080 0744	MSPCLOCK - ok
00:37:06.0221 0744	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
00:37:06.0267 0744	MSPQM - ok
00:37:06.0330 0744	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
00:37:06.0345 0744	MsRPC - ok
00:37:06.0486 0744	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
00:37:06.0501 0744	mssmbios - ok
00:37:06.0579 0744	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
00:37:06.0626 0744	MSTEE - ok
00:37:06.0767 0744	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
00:37:06.0782 0744	Mup - ok
00:37:06.0876 0744	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
00:37:06.0907 0744	NativeWifiP - ok
00:37:07.0079 0744	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
00:37:07.0094 0744	NDIS - ok
00:37:07.0157 0744	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
00:37:07.0188 0744	NdisTapi - ok
00:37:07.0266 0744	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
00:37:07.0297 0744	Ndisuio - ok
00:37:07.0469 0744	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:37:07.0515 0744	NdisWan - ok
00:37:07.0593 0744	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
00:37:07.0640 0744	NDProxy - ok
00:37:07.0703 0744	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
00:37:07.0749 0744	NetBIOS - ok
00:37:07.0827 0744	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
00:37:07.0859 0744	netbt - ok
00:37:08.0030 0744	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
00:37:08.0046 0744	nfrd960 - ok
00:37:08.0217 0744	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
00:37:08.0264 0744	Npfs - ok
00:37:08.0498 0744	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
00:37:08.0561 0744	nsiproxy - ok
00:37:08.0919 0744	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
00:37:08.0966 0744	Ntfs - ok
00:37:09.0044 0744	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
00:37:09.0122 0744	ntrigdigi - ok
00:37:09.0341 0744	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
00:37:09.0387 0744	Null - ok
00:37:09.0684 0744	NVENETFD        (b896fb556b4dc1e1d2943559ea79c5c5) C:\Windows\system32\DRIVERS\nvmfdx32.sys
00:37:09.0715 0744	NVENETFD - ok
00:37:10.0448 0744	nvlddmkm        (484844c0d892b42ecc5e6b063d072a38) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:37:10.0698 0744	nvlddmkm - ok
00:37:10.0776 0744	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
00:37:10.0791 0744	nvraid - ok
00:37:10.0916 0744	nvrd32          (f2abab0c99237ce4e97478af2e0438a0) C:\Windows\system32\drivers\nvrd32.sys
00:37:10.0932 0744	nvrd32 - ok
00:37:10.0963 0744	nvsmu           (7ec12a73067baca25a8e3e2a58ae83d8) C:\Windows\system32\drivers\nvsmu.sys
00:37:10.0979 0744	nvsmu - ok
00:37:10.0994 0744	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
00:37:11.0010 0744	nvstor - ok
00:37:11.0041 0744	nvstor32        (8ffb327669b980549bd318d939a34f9b) C:\Windows\system32\drivers\nvstor32.sys
00:37:11.0057 0744	nvstor32 - ok
00:37:11.0135 0744	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
00:37:11.0150 0744	nv_agp - ok
00:37:11.0213 0744	NwlnkFlt - ok
00:37:11.0306 0744	NwlnkFwd - ok
00:37:11.0369 0744	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
00:37:11.0431 0744	ohci1394 - ok
00:37:11.0493 0744	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
00:37:11.0571 0744	Parport - ok
00:37:11.0774 0744	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
00:37:11.0790 0744	partmgr - ok
00:37:11.0837 0744	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
00:37:11.0899 0744	Parvdm - ok
00:37:12.0149 0744	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
00:37:12.0164 0744	pci - ok
00:37:12.0227 0744	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
00:37:12.0242 0744	pciide - ok
00:37:12.0305 0744	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
00:37:12.0320 0744	pcmcia - ok
00:37:12.0398 0744	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
00:37:12.0507 0744	PEAUTH - ok
00:37:13.0038 0744	PID_PEPI        (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\Windows\system32\DRIVERS\LV302V32.SYS
00:37:13.0303 0744	PID_PEPI - ok
00:37:13.0521 0744	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
00:37:13.0553 0744	PptpMiniport - ok
00:37:13.0662 0744	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
00:37:13.0709 0744	Processor - ok
00:37:13.0802 0744	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
00:37:13.0849 0744	PSched - ok
00:37:13.0911 0744	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
00:37:13.0927 0744	PxHelp20 - ok
00:37:14.0052 0744	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
00:37:14.0145 0744	ql2300 - ok
00:37:14.0192 0744	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
00:37:14.0192 0744	ql40xx - ok
00:37:14.0255 0744	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
00:37:14.0286 0744	QWAVEdrv - ok
00:37:14.0348 0744	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
00:37:14.0395 0744	RasAcd - ok
00:37:14.0426 0744	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:37:14.0489 0744	Rasl2tp - ok
00:37:14.0598 0744	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
00:37:14.0629 0744	RasPppoe - ok
00:37:14.0769 0744	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
00:37:14.0785 0744	RasSstp - ok
00:37:14.0957 0744	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
00:37:15.0003 0744	rdbss - ok
00:37:15.0066 0744	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:37:15.0113 0744	RDPCDD - ok
00:37:15.0269 0744	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
00:37:15.0300 0744	rdpdr - ok
00:37:15.0456 0744	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
00:37:15.0487 0744	RDPENCDD - ok
00:37:15.0643 0744	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
00:37:15.0690 0744	RDPWD - ok
00:37:15.0877 0744	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
00:37:15.0908 0744	rspndr - ok
00:37:16.0080 0744	RTL8187B        (900c2b5f473eba0f1997f7d2d80e2ad5) C:\Windows\system32\DRIVERS\RTL8187B.sys
00:37:16.0127 0744	RTL8187B - ok
00:37:16.0283 0744	RTL8192su       (0797877413d3225700d94488f06273a8) C:\Windows\system32\DRIVERS\RTL8192su.sys
00:37:16.0314 0744	RTL8192su - ok
00:37:16.0657 0744	RxFilter        (9235d02fabbd1deee6b7adb0a0a23300) C:\Windows\system32\DRIVERS\RxFilter.sys
00:37:16.0673 0744	RxFilter - ok
00:37:16.0860 0744	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
00:37:16.0875 0744	sbp2port - ok
00:37:16.0969 0744	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:37:17.0047 0744	secdrv - ok
00:37:17.0094 0744	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
00:37:17.0172 0744	Serenum - ok
00:37:17.0421 0744	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
00:37:17.0499 0744	Serial - ok
00:37:17.0687 0744	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
00:37:17.0749 0744	sermouse - ok
00:37:17.0858 0744	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
00:37:17.0874 0744	sffdisk - ok
00:37:17.0999 0744	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
00:37:18.0030 0744	sffp_mmc - ok
00:37:18.0045 0744	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
00:37:18.0077 0744	sffp_sd - ok
00:37:18.0264 0744	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
00:37:18.0326 0744	sfloppy - ok
00:37:18.0560 0744	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
00:37:18.0576 0744	sisagp - ok
00:37:18.0794 0744	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
00:37:18.0810 0744	SiSRaid2 - ok
00:37:19.0044 0744	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
00:37:19.0059 0744	SiSRaid4 - ok
00:37:19.0325 0744	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
00:37:19.0371 0744	Smb - ok
00:37:19.0512 0744	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
00:37:19.0527 0744	spldr - ok
00:37:19.0699 0744	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
00:37:19.0746 0744	srv - ok
00:37:19.0839 0744	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
00:37:19.0886 0744	srv2 - ok
00:37:19.0917 0744	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
00:37:19.0949 0744	srvnet - ok
00:37:19.0980 0744	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
00:37:19.0995 0744	ssmdrv - ok
00:37:20.0027 0744	SSMO3v2Filter - ok
00:37:20.0105 0744	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
00:37:20.0120 0744	swenum - ok
00:37:20.0354 0744	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
00:37:20.0370 0744	Symc8xx - ok
00:37:20.0604 0744	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
00:37:20.0619 0744	Sym_hi - ok
00:37:20.0869 0744	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
00:37:20.0885 0744	Sym_u3 - ok
00:37:21.0477 0744	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
00:37:21.0555 0744	Tcpip - ok
00:37:21.0914 0744	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
00:37:21.0945 0744	Tcpip6 - ok
00:37:22.0179 0744	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
00:37:22.0226 0744	tcpipreg - ok
00:37:22.0491 0744	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
00:37:22.0554 0744	TDPIPE - ok
00:37:22.0757 0744	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
00:37:22.0788 0744	TDTCP - ok
00:37:23.0084 0744	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
00:37:23.0131 0744	tdx - ok
00:37:23.0521 0744	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
00:37:23.0537 0744	TermDD - ok
00:37:23.0880 0744	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:37:23.0942 0744	tssecsrv - ok
00:37:24.0192 0744	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
00:37:24.0254 0744	tunmp - ok
00:37:24.0301 0744	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
00:37:24.0348 0744	tunnel - ok
00:37:24.0379 0744	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
00:37:24.0395 0744	uagp35 - ok
00:37:24.0691 0744	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
00:37:24.0707 0744	udfs - ok
00:37:25.0097 0744	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
00:37:25.0112 0744	uliagpkx - ok
00:37:25.0455 0744	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
00:37:25.0471 0744	uliahci - ok
00:37:25.0955 0744	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
00:37:25.0970 0744	UlSata - ok
00:37:26.0126 0744	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
00:37:26.0142 0744	ulsata2 - ok
00:37:26.0407 0744	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
00:37:26.0469 0744	umbus - ok
00:37:26.0672 0744	usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
00:37:26.0735 0744	usbaudio - ok
00:37:26.0953 0744	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
00:37:27.0000 0744	usbccgp - ok
00:37:27.0031 0744	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
00:37:27.0109 0744	usbcir - ok
00:37:27.0171 0744	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
00:37:27.0218 0744	usbehci - ok
00:37:27.0265 0744	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
00:37:27.0312 0744	usbhub - ok
00:37:27.0499 0744	usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
00:37:27.0546 0744	usbohci - ok
00:37:27.0951 0744	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
00:37:27.0998 0744	usbprint - ok
00:37:28.0139 0744	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
00:37:28.0170 0744	usbscan - ok
00:37:28.0466 0744	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:37:28.0529 0744	USBSTOR - ok
00:37:28.0794 0744	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
00:37:28.0856 0744	usbuhci - ok
00:37:29.0121 0744	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
00:37:29.0137 0744	vga - ok
00:37:29.0449 0744	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
00:37:29.0480 0744	VgaSave - ok
00:37:29.0667 0744	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
00:37:29.0683 0744	viaagp - ok
00:37:29.0808 0744	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
00:37:29.0870 0744	ViaC7 - ok
00:37:30.0042 0744	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
00:37:30.0057 0744	viaide - ok
00:37:30.0151 0744	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
00:37:30.0167 0744	volmgr - ok
00:37:30.0385 0744	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
00:37:30.0401 0744	volmgrx - ok
00:37:30.0759 0744	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
00:37:30.0775 0744	volsnap - ok
00:37:30.0884 0744	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
00:37:30.0900 0744	vsmraid - ok
00:37:31.0134 0744	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
00:37:31.0227 0744	WacomPen - ok
00:37:31.0415 0744	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:37:31.0446 0744	Wanarp - ok
00:37:31.0477 0744	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:37:31.0493 0744	Wanarpv6 - ok
00:37:31.0711 0744	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
00:37:31.0727 0744	Wd - ok
00:37:31.0992 0744	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
00:37:32.0007 0744	Wdf01000 - ok
00:37:32.0101 0744	WinUSB          (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
00:37:32.0117 0744	WinUSB - ok
00:37:32.0195 0744	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:37:32.0257 0744	WmiAcpi - ok
00:37:32.0585 0744	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
00:37:32.0647 0744	ws2ifsl - ok
00:37:32.0975 0744	WUDFRd          (c250a1232459fb20191fe3bd1162b339) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:37:33.0006 0744	WUDFRd ( UnsignedFile.Multi.Generic ) - warning
00:37:33.0006 0744	WUDFRd - detected UnsignedFile.Multi.Generic (1)
00:37:33.0037 0744	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
00:37:33.0240 0744	\Device\Harddisk0\DR0 - ok
00:37:33.0255 0744	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
00:37:33.0318 0744	\Device\Harddisk1\DR1 - ok
00:37:33.0333 0744	Boot (0x1200)   (63ac2c6b9b1f697647dc0a6686ff0af9) \Device\Harddisk0\DR0\Partition0
00:37:33.0365 0744	\Device\Harddisk0\DR0\Partition0 - ok
00:37:33.0380 0744	Boot (0x1200)   (ff19b52dad85f57f05f3ccd643160715) \Device\Harddisk1\DR1\Partition0
00:37:33.0380 0744	\Device\Harddisk1\DR1\Partition0 - ok
00:37:33.0380 0744	============================================================
00:37:33.0380 0744	Scan finished
00:37:33.0380 0744	============================================================
00:37:33.0396 1192	Detected object count: 1
00:37:33.0396 1192	Actual detected object count: 1
00:37:38.0793 1192	WUDFRd ( UnsignedFile.Multi.Generic ) - skipped by user
00:37:38.0793 1192	WUDFRd ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 08.03.2012, 10:32

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Adora · 08.03.2012, 11:39

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-03-08.01 - Dadudu 08.03.2012  11:29:48.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3325.2116 [GMT 1:00]
ausgeführt von:: c:\_otl\MovedFiles\03072012_204642\C_Users\Dadudu\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dadudu\AppData\Local\._Revolution_
c:\users\Dadudu\AppData\Local\assembly\tmp
c:\windows\Fonts\DejaVuMonoSans.ttf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-08 bis 2012-03-08  ))))))))))))))))))))))))))))))
.
.
2012-03-08 10:35 . 2012-03-08 10:35	--------	d-----w-	c:\users\Dadudu\AppData\Local\temp
2012-03-08 10:35 . 2012-03-08 10:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-07 23:30 . 2012-03-07 23:30	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-03-07 20:03 . 2012-03-07 20:03	--------	d-----w-	c:\program files\TeamSpeak 3 Client
2012-03-07 12:14 . 2012-03-07 12:14	--------	d-----w-	c:\program files\ESET
2012-03-07 11:05 . 2009-10-23 17:10	714240	----a-w-	c:\windows\system32\timedate.cpl
2012-03-07 11:04 . 2012-03-07 11:04	--------	d-----w-	c:\users\Dadudu\AppData\Roaming\Malwarebytes
2012-03-07 11:04 . 2012-03-07 11:04	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-07 11:04 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-07 11:04 . 2012-03-07 11:04	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-03-07 10:57 . 2012-03-07 10:57	--------	d-----w-	c:\program files\Windows Portable Devices
2012-03-06 16:17 . 2009-09-10 02:00	92672	----a-w-	c:\windows\system32\UIAnimation.dll
2012-03-06 16:17 . 2009-09-10 02:01	3023360	----a-w-	c:\windows\system32\UIRibbon.dll
2012-03-06 16:17 . 2009-09-10 02:00	1164800	----a-w-	c:\windows\system32\UIRibbonRes.dll
2012-03-06 16:17 . 2009-09-25 01:33	369664	----a-w-	c:\windows\system32\WMPhoto.dll
2012-03-06 16:17 . 2009-09-25 02:10	974848	----a-w-	c:\windows\system32\WindowsCodecs.dll
2012-03-06 16:17 . 2009-09-25 02:07	189440	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2012-03-06 16:17 . 2009-09-25 02:04	321024	----a-w-	c:\windows\system32\PhotoMetadataHandler.dll
2012-03-06 16:17 . 2009-09-25 01:33	195584	----a-w-	c:\windows\system32\dxdiagn.dll
2012-03-06 16:17 . 2009-09-25 01:32	252928	----a-w-	c:\windows\system32\dxdiag.exe
2012-03-06 16:17 . 2009-09-25 01:31	519680	----a-w-	c:\windows\system32\d3d11.dll
2012-03-06 14:32 . 2012-03-06 14:32	--------	d-----w-	c:\program files\Common Files\Java
2012-03-06 14:31 . 2011-11-18 17:47	66560	----a-w-	c:\windows\system32\packager.dll
2012-03-06 14:31 . 2011-11-25 15:59	376320	----a-w-	c:\windows\system32\winsrv.dll
2012-03-06 14:31 . 2010-08-26 16:34	1696256	----a-w-	c:\windows\system32\gameux.dll
2012-03-06 14:31 . 2011-03-03 15:40	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2012-03-06 14:31 . 2011-03-03 13:35	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2012-03-06 14:28 . 2011-11-16 16:23	72704	----a-w-	c:\windows\system32\secur32.dll
2012-03-06 14:28 . 2011-11-16 14:12	9728	----a-w-	c:\windows\system32\lsass.exe
2012-03-06 14:28 . 2012-03-06 14:28	--------	d-----w-	c:\program files\Java
2012-03-06 14:28 . 2011-11-08 14:42	2048	----a-w-	c:\windows\system32\tzres.dll
2012-03-06 14:27 . 2011-12-20 10:56	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-03-06 14:26 . 2012-03-01 12:34	6552120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A5FEA63-23C7-470D-9545-2CC390A70EE6}\mpengine.dll
2012-03-06 14:26 . 2011-09-30 15:57	707584	----a-w-	c:\program files\Common Files\System\wab32.dll
2012-03-06 14:25 . 2009-09-10 14:58	1418752	----a-w-	c:\program files\Windows Media Player\setup_wm.exe
2012-03-06 14:25 . 2009-09-10 14:58	310784	----a-w-	c:\windows\system32\unregmp2.exe
2012-03-06 14:15 . 2012-03-06 14:15	--------	d-----w-	C:\_OTL
2012-03-06 13:51 . 2012-03-06 13:51	--------	d-----w-	c:\program files\DIFX
2012-03-06 13:50 . 2007-09-04 17:08	286208	----a-w-	c:\windows\system32\drivers\RTL8187B.sys
2012-03-05 09:09 . 2012-03-07 20:04	--------	d-----w-	c:\program files\RIFT Game
2012-03-04 20:27 . 2012-03-04 20:27	--------	d-----w-	c:\users\Dadudu\AppData\Roaming\Avira
2012-03-04 20:26 . 2012-01-31 07:56	74640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-03-04 20:26 . 2012-01-31 07:56	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-03-04 20:26 . 2011-09-16 15:08	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-03-04 20:26 . 2012-03-04 20:26	--------	d-----w-	c:\programdata\Avira
2012-03-04 20:26 . 2012-03-04 20:26	--------	d-----w-	c:\program files\Avira
2012-03-04 19:34 . 2012-03-08 10:23	--------	d-----w-	c:\users\Dadudu\Tracing
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 14:29 . 2011-06-29 10:22	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-02-23 08:18 . 2009-10-05 17:55	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-16 14:55 . 2012-03-07 13:59	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2008-02-04 1038136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"ACTIVBOARD"="c:\program files\Packard Bell\FIJI\aboard.exe" [2007-01-18 79416]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 3649096]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-02 847872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-08 c:\windows\Tasks\Erweiterte Garantie-Dadudu.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-05-26 10:13]
.
2012-03-08 c:\windows\Tasks\Recovery DVD Creator-Dadudu.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-05-26 10:13]
.
.
------- Zusätzlicher Suchlauf -------
.
mLocal Page = 
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Sony Ericsson PC Companion - c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
SafeBoot-29920042.sys
AddRemove-Mozilla Thunderbird (8.0) - c:\program files\Mozilla Thunderbird\uninstall\helper.exe
AddRemove-NSS - c:\program files\Norton Security Scan\Engine\3.5.1.10\InstWrap.exe
AddRemove-SEMC OMSI Module - c:\program files\Sony Ericsson\Update Engine\uninst.exe
AddRemove-Update Engine - c:\program files\Sony Ericsson\Update Engine\uninst.exe
AddRemove-{A2F166A0-F031-4E27-A057-C69733219434}_is1 - c:\program files\Runes of Magic\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-08 11:35
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-08  11:38:20
ComboFix-quarantined-files.txt  2012-03-08 10:38
.
Vor Suchlauf: 10 Verzeichnis(se), 369.343.361.024 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 369.008.082.944 Bytes frei
.
- - End Of File - - BB7C2FC1B8EEF8B40C53CC579DC5A990

--- --- ---

cosinus · 08.03.2012, 11:43

Zitat:

2012-03-07 23:30 . 2012-03-07 23:30 -------- d-----w- C:\TDSSKiller_Quarantine

Was hast du mit dem TDSS-Killer gefixt/gelöscht? Du solltest doch alle nur skippen!

Adora · 08.03.2012, 11:57

Hab eigentlich alles geskiped so wie gesagt. Hab nur aus Versehen beim ersten mal nicht alle settings so gemacht wie beschrieben, dann aber alles so gemacht.

Hab die Datei aber gefunden, soll ich dir irgendwas davon posten oder die wiederherstellen?

Sorry für die "Überstunden"... Frauen und Technik

07.03.2012, 14:51	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows aufgrund von massiven Sicherheitslücken gesperrt! 50€ Bei ESET hast du das hier missachtet => Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen Bitte so ausführen wie es da auch steht __________________ Logfiles bitte immer in CODE-Tags posten

Windows aufgrund von massiven Sicherheitslücken gesperrt! 50€

Log-Analyse und Auswertung: Windows aufgrund von massiven Sicherheitslücken gesperrt! 50€