Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert

offliNe. · 14.03.2012, 14:54

Hallo erstmal,

ich habe mir (mal wieder) einen Virus eingefangen. Nun bin ich auf der Suche nach einer passenden Lösung.

Der Virus sieht wie folgt aus: Also es kommt nach dem hochfahren des Rechners diese Meldung mit roter Schrift auf schwarzem Hintergrund: "Achtung. Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." Dann noch dass ich 50€ bezahlen soll via Psc oder Ukash.

Ich habe nun erstmal im den Pc im abgesicherten Modus gestartet um hier überhaupt schreiben zu können. Mein Betriebssystem ist Windows Vista 64bit.

Ich hoffe mir kann geholfen werden.

cosinus · 14.03.2012, 16:16

Zitat:

Ich habe nun erstmal im den Pc im abgesicherten Modus gestartet um hier überhaupt schreiben zu können.

na wenn der Modus geht wirst du erstmal MBAM/ESET probieren können:

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

offliNe. · 14.03.2012, 19:55

hier erstmal die ESET log.txt

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ac2372413e9caa46a2c17190cd9e1f0d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-14 06:38:36
# local_time=2012-03-14 07:38:36 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776638 100 45 130865622 169270909 0 0
# compatibility_mode=8192 67108863 100 0 4486 4486 0 0
# scanned=223241
# found=10
# cleaned=0
# scan_time=3312
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll	Win32/Toolbar.SearchSuite application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll	a variant of Win32/Toolbar.SearchSuite application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe	a variant of Win32/Toolbar.SearchSuite application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll	probably a variant of Win32/Toolbar.SearchSuite application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll	probably a variant of Win32/Toolbar.SearchSuite application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll	Win64/Toolbar.SearchSuite application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Admin\AppData\Local\Temp\jar_cache1077859733756267571.tmp	probably a variant of Win32/Injector.JQT trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Admin\AppData\Local\Temp\jar_cache5321912148313292530.tmp	probably a variant of Win32/Injector.JQT trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Admin\AppData\Local\Temp\SetupDataMngr_Searchqu.exe	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\c34764d-3da8a48b	Java/Exploit.CVE-2011-3544.AD trojan (unable to clean)	00000000000000000000000000000000	I

dann die log datei von MBAM

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.14.03

Windows Vista Service Pack 2 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.6001.19190
Admin :: ADMIN-PC [Administrator]

14.03.2012 17:35:45
mbam-log-2012-03-14 (17-35-45).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 398652
Laufzeit: 44 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SkypeM (Trojan.Ransom) -> Daten: C:\Users\Admin\AppData\Local\Skype\Skype.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt.
C:\Users\Admin\AppData\Local\Temp\jar_cache1622050061188263646.tmp (Trojan.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Admin\AppData\Local\Temp\RhfRjDS2.dll.part (Malware.UPX.Mod) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Steam\SteamApps\azzmodious\counter-strike source\cstrike\addons\Name_Enabler.dll (Malware.UPX.Mod) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Steam\SteamApps\louevil00\counter-strike source\cstrike\addons\Name_Enabler.dll (Malware.UPX.Mod) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Admin\AppData\Local\Skype\Skype.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

hier noch eine ältere MBAM log datei

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6674

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

25.05.2011 18:10:52
mbam-log-2011-05-25 (18-10-52).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 161629
Laufzeit: 3 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kJoCBjsHlcALP (Trojan.FakeMS.Gen) -> Value: kJoCBjsHlcALP -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\cleansweep.exe (Trojan.Agent) -> Value: cleansweep.exe -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\kjocbjshlcalp.exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\programdata\44556024.exe (Rogue.WindowsRecoveryConsole) -> Quarantined and deleted successfully.
c:\Users\Admin\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Admin\AppData\Local\Temp\ldr7095.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

cosinus · 14.03.2012, 21:23

Funktioniert der normale Modus wieder?

offliNe. · 14.03.2012, 21:45

Der normale Modus funktioniert wieder einwandfrei.
Vielen Dank!

Mal ne andere Frage.
Seit einem Virus der schon etwas länger her ist (Windows Vista Recovery),
ist mein Taskmanager verschwunden. Also bei der Tastenkombi Strg+Alt+Entf ist kein Taskmanager aufzufinden.

Weiß du da eine Lösung?
Google spuckt nur komplizierte Sachen aus..vielleicht gibts da ne einfache Lösung den wiederherzustellen?!

mfg

cosinus · 14.03.2012, 22:11

Wir sind noch nicht fertig
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

offliNe. · 14.03.2012, 22:37

hier die OTl logfile

Code:

ATTFilter

OTL logfile created on: 14.03.2012 22:24:42 - Run 2
OTL by OldTimer - Version 3.2.37.0     Folder = C:\Users\Admin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 66,56% Memory free
8,23 Gb Paging File | 6,85 Gb Available in Paging File | 83,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 500,00 Gb Total Space | 455,83 Gb Free Space | 91,17% Space Free | Partition Type: NTFS
Drive D: | 331,50 Gb Total Space | 314,95 Gb Free Space | 95,01% Space Free | Partition Type: NTFS
Drive E: | 100,01 Gb Total Space | 97,69 Gb Free Space | 97,69% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\ASUS\Six Engine\SixEngine.exe ()
PRC - E:\RocketDock\RocketDock.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\ASUS\Six Engine\SixEngine.exe ()
MOD - C:\Programme\ASUS\Six Engine\AsSpindownTimeout.dll ()
MOD - C:\Program Files (x86)\WinRAR\rarext.dll ()
MOD - E:\RocketDock\RocketDock.exe ()
MOD - E:\RocketDock\RocketDock.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Programme\ASUS\Six Engine\pngio.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\SysNative\DRIVERS\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ESLvnic1) -- C:\Windows\SysNative\DRIVERS\ESLvnic.sys (Turtle Entertainment GmbH)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\DRIVERS\mv61xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys (EnTech Taiwan)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://www.searchqu.com//web?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{957C9674-ED70-466D-A2E6-7140364531CD}: "URL" = hxxp://www.searchqu.com//web?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-428930013-155050764-3272862090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-428930013-155050764-3272862090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-428930013-155050764-3272862090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-428930013-155050764-3272862090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 B4 B6 84 9C DF C9 01  [binary data]
IE - HKU\S-1-5-21-428930013-155050764-3272862090-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-428930013-155050764-3272862090-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKU\S-1-5-21-428930013-155050764-3272862090-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-428930013-155050764-3272862090-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=D58D91AE-B874-4BF4-9443-4EB5001579D7&apn_sauid=6B4BAA98-EDDC-424E-89BF-5A24FDC04746
IE - HKU\S-1-5-21-428930013-155050764-3272862090-1000\..\SearchScopes\{24B5B0B2-CEED-4734-9822-0BAD2BDC4713}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-428930013-155050764-3272862090-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-428930013-155050764-3272862090-1000\..\SearchScopes\{957C9674-ED70-466D-A2E6-7140364531CD}: "URL" = hxxp://www.searchqu.com//web?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-428930013-155050764-3272862090-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=71dfcf48-f7fe-11e0-915b-00248c363f16&q={searchTerms}
IE - HKU\S-1-5-21-428930013-155050764-3272862090-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-428930013-155050764-3272862090-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "t-online.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {D9A7CBEC-DE1A-444f-A092-844461596C4D}:4.5
FF - prefs.js..keyword.URL: "hxxp://www.searchqu.com//web?src=ffb&appid=0&systemid=410&sr=0&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.18 13:13:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.14 21:38:13 | 000,000,000 | ---D | M]
 
[2012.03.14 21:38:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2012.03.14 21:38:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5idar8fo.default\extensions
[2011.10.16 14:38:26 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5idar8fo.default\extensions\firefox@tvunetworks.com
[2011.02.04 20:09:20 | 000,002,396 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\askcom.xml
[2012.03.13 17:54:32 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-1.xml
[2010.02.19 15:56:59 | 000,000,961 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-10.xml
[2010.03.18 22:19:54 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-11.xml
[2010.03.23 21:28:08 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-12.xml
[2010.04.04 14:48:57 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-13.xml
[2010.06.14 21:39:30 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-14.xml
[2010.06.28 10:47:58 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-15.xml
[2010.07.15 10:38:44 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-16.xml
[2010.07.25 13:27:15 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-17.xml
[2010.09.09 18:31:44 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-18.xml
[2010.09.17 13:45:10 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-19.xml
[2009.06.14 16:16:32 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-2.xml
[2010.10.20 19:49:35 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-20.xml
[2010.10.28 20:57:06 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-21.xml
[2010.12.12 14:02:54 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-22.xml
[2011.02.04 20:09:17 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-23.xml
[2009.07.13 17:26:48 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-3.xml
[2009.07.23 22:30:40 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-4.xml
[2009.08.04 17:32:24 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-5.xml
[2009.09.13 17:06:48 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-6.xml
[2009.10.29 16:41:20 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-7.xml
[2009.12.18 13:45:58 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-8.xml
[2010.01.06 21:55:13 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-9.xml
[2010.05.12 17:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin.xml
[2011.09.18 17:21:47 | 000,002,503 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\SearchResults.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\startsear.xml
[2012.03.14 21:38:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5IDAR8FO.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5IDAR8FO.DEFAULT\EXTENSIONS\NOSQUINT@URANDOM.CA.XPI
[2012.02.18 13:13:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.04 19:32:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.04 19:32:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.04 19:32:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.04 19:32:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.18 17:21:47 | 000,002,503 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012.02.04 19:32:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.04 19:32:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI9130~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI9130~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-428930013-155050764-3272862090-1000\..\Toolbar\WebBrowser: (no name) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found.
O3 - HKU\S-1-5-21-428930013-155050764-3272862090-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PDFPrint] E:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-428930013-155050764-3272862090-1000..\Run: [gAyJREx7j] "C:\Users\Admin\AppData\Roaming\OVX0S.bat" File not found
O4 - HKU\S-1-5-21-428930013-155050764-3272862090-1000..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-428930013-155050764-3272862090-1000..\Run: [RocketDock] E:\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-428930013-155050764-3272862090-1000..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-428930013-155050764-3272862090-1000..\Run: [winsysdefenderwin32] C:\Windows\updater96x.exe File not found
O4 - HKU\S-1-5-21-428930013-155050764-3272862090-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{170BB71F-CEF1-4473-ABE6-8EDB5165DEBB}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{56b503cb-a460-11de-abc7-00248c363f16}\Shell\AutoRun\command - "" = G:\avira.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4EF43EB7-A466-1E61-DC8C-CCC3523C078F} - Java (Sun)
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {MSS11V86-0888-5L5J-R8MI-0BFND3256I0Y} - C:\Windows\updater96x.exe Restart
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\SysWow64\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.scg726 - C:\Windows\SysWow64\Scg726.acm (SHARP Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\SysWow64\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\Windows\SysWow64\mcdvd_32.dll (MainConcept)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.mp42 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.14 22:16:41 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012.03.14 22:06:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.03.14 18:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.14 17:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.11 18:41:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\4.0
[2012.03.11 18:41:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\.tfo4
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.14 22:16:40 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012.03.14 21:41:07 | 001,445,546 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.14 21:41:07 | 000,628,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.14 21:41:07 | 000,596,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.14 21:41:07 | 000,126,486 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.14 21:41:07 | 000,104,110 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.14 21:34:31 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.14 21:34:31 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.14 21:33:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.14 13:43:31 | 002,308,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.04 15:32:55 | 000,018,646 | ---- | M] () -- C:\Users\Admin\Desktop\englisch.odt
 
========== Files Created - No Company Name ==========
 
[2012.03.04 15:32:55 | 000,018,646 | ---- | C] () -- C:\Users\Admin\Desktop\englisch.odt
[2011.12.23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.12.23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.12.23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.12.23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.09.23 17:42:31 | 000,140,448 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.09.18 17:21:46 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010.09.17 13:32:06 | 000,007,052 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2010.09.11 19:52:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ableton
[2009.05.28 14:37:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ashampoo
[2009.05.30 12:35:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Fisher-Price
[2011.09.18 17:21:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FreeAudioPack
[2011.09.18 17:22:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FreeCDRipper
[2009.08.14 17:33:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0
[2009.12.10 19:11:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mumble
[2009.08.07 18:35:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Octoshape
[2009.05.28 14:59:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2012.01.11 11:05:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Samsung
[2009.05.29 16:30:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ScanSoft
[2011.04.08 12:30:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer
[2011.09.14 15:26:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Teeworlds
[2012.01.07 17:05:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client
[2011.08.01 22:49:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Sidebar Styler
[2012.03.14 14:15:42 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.09.11 19:52:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ableton
[2012.02.11 22:06:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe
[2011.09.23 17:22:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Apple Computer
[2009.05.28 14:37:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ashampoo
[2009.05.28 14:42:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ATI
[2009.06.08 19:34:57 | 000,000,000 | R--D | M] -- C:\Users\Admin\AppData\Roaming\Brother
[2010.07.19 19:14:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DivX
[2009.05.30 12:35:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Fisher-Price
[2011.09.18 17:21:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FreeAudioPack
[2011.09.18 17:22:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FreeCDRipper
[2009.08.14 17:33:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0
[2009.05.28 13:09:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Identities
[2009.05.29 08:30:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\InstallShield
[2009.05.28 14:32:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2011.05.25 17:04:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2006.11.02 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2012.01.11 11:13:15 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2009.08.07 18:35:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2009.12.10 19:11:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mumble
[2009.08.07 18:35:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Octoshape
[2009.05.28 14:59:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2012.01.11 11:05:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Samsung
[2009.05.29 16:30:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ScanSoft
[2010.05.30 14:37:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\teamspeak2
[2011.04.08 12:30:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer
[2011.09.14 15:26:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Teeworlds
[2012.01.07 17:05:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client
[2011.12.27 18:05:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\vlc
[2011.08.01 22:49:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Sidebar Styler
[2009.05.29 16:49:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2009.09.29 19:39:57 | 001,924,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2009.05.28 14:20:41 | 000,010,134 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{4411E4C3-C60F-B094-0E1F-C6E73311A9EA}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.10 23:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.10 23:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.10 23:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.10 23:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.10 23:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.10 23:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.10 22:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.10 22:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.10 23:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.10 23:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Admin\AppData\Local\Temp\RarSFX0\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Admin\AppData\Local\Temp\RarSFX1\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.10 23:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.10 23:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Admin\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Admin\AppData\Local\Temp\RarSFX1\winlogon.exe
[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

btw der taskmanager ist wieder da

cosinus · 14.03.2012, 23:07

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://www.searchqu.com//web?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{957C9674-ED70-466D-A2E6-7140364531CD}: "URL" = http://www.searchqu.com//web?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-428930013-155050764-3272862090-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-428930013-155050764-3272862090-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKU\S-1-5-21-428930013-155050764-3272862090-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-428930013-155050764-3272862090-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=D58D91AE-B874-4BF4-9443-4EB5001579D7&apn_sauid=6B4BAA98-EDDC-424E-89BF-5A24FDC04746
IE - HKU\S-1-5-21-428930013-155050764-3272862090-1000\..\SearchScopes\{24B5B0B2-CEED-4734-9822-0BAD2BDC4713}: "URL" = http://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-428930013-155050764-3272862090-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-428930013-155050764-3272862090-1000\..\SearchScopes\{957C9674-ED70-466D-A2E6-7140364531CD}: "URL" = http://www.searchqu.com//web?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-428930013-155050764-3272862090-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=71dfcf48-f7fe-11e0-915b-00248c363f16&q={searchTerms}
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..keyword.URL: "http://www.searchqu.com//web?src=ffb&appid=0&systemid=410&sr=0&q="
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
[2011.02.04 20:09:20 | 000,002,396 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\askcom.xml
[2012.03.13 17:54:32 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-1.xml
[2010.02.19 15:56:59 | 000,000,961 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-10.xml
[2010.03.18 22:19:54 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-11.xml
[2010.03.23 21:28:08 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-12.xml
[2010.04.04 14:48:57 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-13.xml
[2010.06.14 21:39:30 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-14.xml
[2010.06.28 10:47:58 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-15.xml
[2010.07.15 10:38:44 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-16.xml
[2010.07.25 13:27:15 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-17.xml
[2010.09.09 18:31:44 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-18.xml
[2010.09.17 13:45:10 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-19.xml
[2009.06.14 16:16:32 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-2.xml
[2010.10.20 19:49:35 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-20.xml
[2010.10.28 20:57:06 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-21.xml
[2010.12.12 14:02:54 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-22.xml
[2011.02.04 20:09:17 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-23.xml
[2009.07.13 17:26:48 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-3.xml
[2009.07.23 22:30:40 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-4.xml
[2009.08.04 17:32:24 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-5.xml
[2009.09.13 17:06:48 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-6.xml
[2009.10.29 16:41:20 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-7.xml
[2009.12.18 13:45:58 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-8.xml
[2010.01.06 21:55:13 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-9.xml
[2010.05.12 17:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin.xml
[2011.09.18 17:21:47 | 000,002,503 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\SearchResults.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\startsear.xml
[2012.02.04 19:32:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.18 17:21:47 | 000,002,503 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI9130~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI9130~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-428930013-155050764-3272862090-1000\..\Toolbar\WebBrowser: (no name) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found.
O3 - HKU\S-1-5-21-428930013-155050764-3272862090-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKU\S-1-5-21-428930013-155050764-3272862090-1000..\Run: [gAyJREx7j] "C:\Users\Admin\AppData\Roaming\OVX0S.bat" File not found
O4 - HKU\S-1-5-21-428930013-155050764-3272862090-1000..\Run: [winsysdefenderwin32] C:\Windows\updater96x.exe File not found
O4 - HKU\S-1-5-21-428930013-155050764-3272862090-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{56b503cb-a460-11de-abc7-00248c363f16}\Shell\AutoRun\command - "" = G:\avira.exe
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

offliNe. · 14.03.2012, 23:32

Alles so wie beschrieben durchgeführt.

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{957C9674-ED70-466D-A2E6-7140364531CD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{957C9674-ED70-466D-A2E6-7140364531CD}\ not found.
Registry value HKEY_USERS\S-1-5-21-428930013-155050764-3272862090-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-428930013-155050764-3272862090-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-428930013-155050764-3272862090-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-428930013-155050764-3272862090-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-428930013-155050764-3272862090-1000\Software\Microsoft\Internet Explorer\SearchScopes\{24B5B0B2-CEED-4734-9822-0BAD2BDC4713}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24B5B0B2-CEED-4734-9822-0BAD2BDC4713}\ not found.
Registry key HKEY_USERS\S-1-5-21-428930013-155050764-3272862090-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-428930013-155050764-3272862090-1000\Software\Microsoft\Internet Explorer\SearchScopes\{957C9674-ED70-466D-A2E6-7140364531CD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{957C9674-ED70-466D-A2E6-7140364531CD}\ not found.
Registry key HKEY_USERS\S-1-5-21-428930013-155050764-3272862090-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found.
Prefs.js: "Web Search" removed from browser.search.defaultengine
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: "hxxp://www.searchqu.com//web?src=ffb&appid=0&systemid=410&sr=0&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0\ deleted successfully.
C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0\ deleted successfully.
C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\askcom.xml moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-16.xml moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-17.xml moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-18.xml moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-19.xml moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-20.xml moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-21.xml moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-22.xml moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-23.xml moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\SearchResults.xml moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\searchplugins\startsear.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-428930013-155050764-3272862090-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}\ not found.
Registry value HKEY_USERS\S-1-5-21-428930013-155050764-3272862090-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-428930013-155050764-3272862090-1000\Software\Microsoft\Windows\CurrentVersion\Run\\gAyJREx7j deleted successfully.
Registry value HKEY_USERS\S-1-5-21-428930013-155050764-3272862090-1000\Software\Microsoft\Windows\CurrentVersion\Run\\winsysdefenderwin32 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-428930013-155050764-3272862090-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ not found.
C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{56b503cb-a460-11de-abc7-00248c363f16}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56b503cb-a460-11de-abc7-00248c363f16}\ not found.
File G:\avira.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 1377889376 bytes
->Temporary Internet Files folder emptied: 412919368 bytes
->Java cache emptied: 17805229 bytes
->FireFox cache emptied: 53897730 bytes
->Google Chrome cache emptied: 6346927 bytes
->Flash cache emptied: 2168206 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 153621623 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.931,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.37.0 log created on 03142012_232153

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus · 15.03.2012, 04:23

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

offliNe. · 15.03.2012, 11:34

hier das TDSS-Killer Log

Code:

ATTFilter

11:29:14.0876 3532	TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
11:29:15.0063 3532	============================================================
11:29:15.0063 3532	Current date / time: 2012/03/15 11:29:15.0063
11:29:15.0063 3532	SystemInfo:
11:29:15.0063 3532	
11:29:15.0063 3532	OS Version: 6.0.6002 ServicePack: 2.0
11:29:15.0063 3532	Product type: Workstation
11:29:15.0063 3532	ComputerName: ADMIN-PC
11:29:15.0063 3532	UserName: Admin
11:29:15.0063 3532	Windows directory: C:\Windows
11:29:15.0063 3532	System windows directory: C:\Windows
11:29:15.0063 3532	Running under WOW64
11:29:15.0063 3532	Processor architecture: Intel x64
11:29:15.0063 3532	Number of processors: 4
11:29:15.0063 3532	Page size: 0x1000
11:29:15.0063 3532	Boot type: Normal boot
11:29:15.0063 3532	============================================================
11:29:15.0360 3532	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:29:15.0438 3532	\Device\Harddisk0\DR0:
11:29:15.0453 3532	MBR used
11:29:15.0469 3532	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3E800A76, BlocksNum 0xC803400
11:29:15.0500 3532	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4B003EB5, BlocksNum 0x29701B0C
11:29:15.0500 3532	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3E8009F8
11:29:15.0703 3532	Initialize success
11:29:15.0703 3532	============================================================
11:30:31.0222 0452	============================================================
11:30:31.0222 0452	Scan started
11:30:31.0222 0452	Mode: Manual; SigCheck; TDLFS; 
11:30:31.0222 0452	============================================================
11:30:31.0488 0452	ACPI            (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
11:30:31.0581 0452	ACPI - ok
11:30:31.0628 0452	adp94xx         (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
11:30:31.0644 0452	adp94xx - ok
11:30:31.0675 0452	adpahci         (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
11:30:31.0706 0452	adpahci - ok
11:30:31.0722 0452	adpu160m        (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
11:30:31.0737 0452	adpu160m - ok
11:30:31.0753 0452	adpu320         (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
11:30:31.0768 0452	adpu320 - ok
11:30:31.0815 0452	AFD             (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
11:30:31.0893 0452	AFD - ok
11:30:31.0924 0452	agp440          (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
11:30:31.0940 0452	agp440 - ok
11:30:31.0971 0452	aic78xx         (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
11:30:31.0987 0452	aic78xx - ok
11:30:32.0002 0452	aliide          (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
11:30:32.0018 0452	aliide - ok
11:30:32.0034 0452	amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
11:30:32.0049 0452	amdide - ok
11:30:32.0065 0452	AmdK8           (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
11:30:32.0174 0452	AmdK8 - ok
11:30:32.0190 0452	arc             (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
11:30:32.0190 0452	arc - ok
11:30:32.0205 0452	arcsas          (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
11:30:32.0221 0452	arcsas - ok
11:30:32.0221 0452	AsIO - ok
11:30:32.0252 0452	AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
11:30:32.0299 0452	AsyncMac - ok
11:30:32.0314 0452	atapi           (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
11:30:32.0330 0452	atapi - ok
11:30:32.0346 0452	AtiHdmiService  (08fa104f07b243508ecd8d59007d2b2f) C:\Windows\system32\drivers\AtiHdmi.sys
11:30:32.0361 0452	AtiHdmiService - ok
11:30:32.0470 0452	atikmdag        (715e84b2fa3a78127345659815ebbedd) C:\Windows\system32\DRIVERS\atikmdag.sys
11:30:32.0626 0452	atikmdag - ok
11:30:32.0658 0452	blbdrive        (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
11:30:32.0704 0452	blbdrive - ok
11:30:32.0736 0452	bowser          (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
11:30:32.0767 0452	bowser - ok
11:30:32.0798 0452	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
11:30:32.0845 0452	BrFiltLo - ok
11:30:32.0860 0452	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
11:30:32.0907 0452	BrFiltUp - ok
11:30:32.0923 0452	Brserid         (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
11:30:32.0970 0452	Brserid - ok
11:30:33.0001 0452	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
11:30:33.0063 0452	BrSerWdm - ok
11:30:33.0079 0452	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
11:30:33.0126 0452	BrUsbMdm - ok
11:30:33.0157 0452	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
11:30:33.0204 0452	BrUsbSer - ok
11:30:33.0219 0452	BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
11:30:33.0282 0452	BTHMODEM - ok
11:30:33.0297 0452	cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
11:30:33.0328 0452	cdfs - ok
11:30:33.0344 0452	cdrom           (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
11:30:33.0375 0452	cdrom - ok
11:30:33.0391 0452	circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
11:30:33.0438 0452	circlass - ok
11:30:33.0469 0452	CLFS            (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
11:30:33.0484 0452	CLFS - ok
11:30:33.0531 0452	cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
11:30:33.0531 0452	cmdide - ok
11:30:33.0562 0452	Compbatt        (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
11:30:33.0562 0452	Compbatt - ok
11:30:33.0578 0452	crcdisk         (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
11:30:33.0594 0452	crcdisk - ok
11:30:33.0609 0452	DfsC            (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
11:30:33.0640 0452	DfsC - ok
11:30:33.0672 0452	dg_ssudbus      (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys
11:30:37.0088 0452	dg_ssudbus - ok
11:30:37.0135 0452	disk            (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
11:30:37.0150 0452	disk - ok
11:30:37.0182 0452	drmkaud         (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
11:30:37.0244 0452	drmkaud - ok
11:30:37.0306 0452	dump_wmimmc - ok
11:30:37.0353 0452	DXGKrnl         (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
11:30:37.0369 0452	DXGKrnl - ok
11:30:37.0416 0452	E1G60           (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
11:30:37.0462 0452	E1G60 - ok
11:30:37.0494 0452	Ecache          (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
11:30:37.0509 0452	Ecache - ok
11:30:37.0525 0452	elxstor         (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
11:30:37.0540 0452	elxstor - ok
11:30:37.0587 0452	ENTECH64        (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
11:30:37.0587 0452	ENTECH64 - ok
11:30:37.0618 0452	ErrDev          (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
11:30:37.0665 0452	ErrDev - ok
11:30:37.0696 0452	ESLvnic1        (c33acb897af927d1c1bd84f211fae75b) C:\Windows\system32\DRIVERS\ESLvnic.sys
11:30:37.0696 0452	ESLvnic1 - ok
11:30:37.0728 0452	exfat           (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
11:30:37.0743 0452	exfat - ok
11:30:37.0759 0452	fastfat         (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
11:30:37.0806 0452	fastfat - ok
11:30:37.0821 0452	fdc             (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
11:30:37.0868 0452	fdc - ok
11:30:37.0868 0452	FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
11:30:37.0884 0452	FileInfo - ok
11:30:37.0884 0452	Filetrace       (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
11:30:37.0930 0452	Filetrace - ok
11:30:37.0977 0452	flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
11:30:38.0008 0452	flpydisk - ok
11:30:38.0024 0452	FltMgr          (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
11:30:38.0040 0452	FltMgr - ok
11:30:38.0071 0452	Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
11:30:38.0102 0452	Fs_Rec - ok
11:30:38.0118 0452	gagp30kx        (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
11:30:38.0133 0452	gagp30kx - ok
11:30:38.0164 0452	HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
11:30:38.0242 0452	HdAudAddService - ok
11:30:38.0274 0452	HDAudBus        (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:30:38.0336 0452	HDAudBus - ok
11:30:38.0352 0452	HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
11:30:38.0414 0452	HidBth - ok
11:30:38.0430 0452	HidIr           (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
11:30:38.0476 0452	HidIr - ok
11:30:38.0508 0452	HidUsb          (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
11:30:38.0554 0452	HidUsb - ok
11:30:38.0586 0452	HpCISSs         (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
11:30:38.0586 0452	HpCISSs - ok
11:30:38.0632 0452	HTTP            (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
11:30:38.0664 0452	HTTP - ok
11:30:38.0695 0452	i2omp           (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
11:30:38.0710 0452	i2omp - ok
11:30:38.0726 0452	i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
11:30:38.0757 0452	i8042prt - ok
11:30:38.0773 0452	iaStorV         (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
11:30:38.0788 0452	iaStorV - ok
11:30:38.0804 0452	iirsp           (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
11:30:38.0804 0452	iirsp - ok
11:30:38.0866 0452	IntcAzAudAddService (d1bc3c39de5e02708a99aefd6f9be855) C:\Windows\system32\drivers\RTKVHD64.sys
11:30:38.0898 0452	IntcAzAudAddService - ok
11:30:38.0929 0452	intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
11:30:38.0944 0452	intelide - ok
11:30:38.0960 0452	intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
11:30:38.0991 0452	intelppm - ok
11:30:39.0007 0452	IpFilterDriver  (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:30:39.0054 0452	IpFilterDriver - ok
11:30:39.0069 0452	IpInIp - ok
11:30:39.0085 0452	IPMIDRV         (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
11:30:39.0116 0452	IPMIDRV - ok
11:30:39.0132 0452	IPNAT           (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
11:30:39.0163 0452	IPNAT - ok
11:30:39.0178 0452	IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
11:30:39.0225 0452	IRENUM - ok
11:30:39.0241 0452	isapnp          (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
11:30:39.0256 0452	isapnp - ok
11:30:39.0288 0452	iScsiPrt        (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
11:30:39.0303 0452	iScsiPrt - ok
11:30:39.0319 0452	iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
11:30:39.0334 0452	iteatapi - ok
11:30:39.0350 0452	iteraid         (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
11:30:39.0366 0452	iteraid - ok
11:30:39.0381 0452	kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
11:30:39.0397 0452	kbdclass - ok
11:30:39.0428 0452	kbdhid          (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
11:30:39.0459 0452	kbdhid - ok
11:30:39.0490 0452	KSecDD          (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
11:30:39.0522 0452	KSecDD - ok
11:30:39.0553 0452	ksthunk         (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
11:30:39.0584 0452	ksthunk - ok
11:30:39.0631 0452	L1E             (3e3d1d8dcb2ca53463d34252e99465d3) C:\Windows\system32\DRIVERS\L1E60x64.sys
11:30:39.0646 0452	L1E - ok
11:30:39.0678 0452	lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
11:30:39.0724 0452	lltdio - ok
11:30:39.0740 0452	LSI_FC          (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
11:30:39.0756 0452	LSI_FC - ok
11:30:39.0787 0452	LSI_SAS         (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
11:30:39.0787 0452	LSI_SAS - ok
11:30:39.0818 0452	LSI_SCSI        (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
11:30:39.0818 0452	LSI_SCSI - ok
11:30:39.0834 0452	luafv           (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
11:30:39.0880 0452	luafv - ok
11:30:39.0896 0452	megasas         (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
11:30:39.0912 0452	megasas - ok
11:30:39.0943 0452	MegaSR          (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
11:30:39.0958 0452	MegaSR - ok
11:30:39.0974 0452	Modem           (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
11:30:40.0005 0452	Modem - ok
11:30:40.0021 0452	monitor         (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
11:30:40.0052 0452	monitor - ok
11:30:40.0083 0452	mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
11:30:40.0083 0452	mouclass - ok
11:30:40.0114 0452	mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
11:30:40.0146 0452	mouhid - ok
11:30:40.0161 0452	MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
11:30:40.0161 0452	MountMgr - ok
11:30:40.0192 0452	mpio            (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
11:30:40.0208 0452	mpio - ok
11:30:40.0224 0452	mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
11:30:40.0239 0452	mpsdrv - ok
11:30:40.0270 0452	Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
11:30:40.0270 0452	Mraid35x - ok
11:30:40.0302 0452	MRxDAV          (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
11:30:40.0333 0452	MRxDAV - ok
11:30:40.0364 0452	mrxsmb          (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:30:40.0395 0452	mrxsmb - ok
11:30:40.0442 0452	mrxsmb10        (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:30:40.0458 0452	mrxsmb10 - ok
11:30:40.0458 0452	mrxsmb20        (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:30:40.0473 0452	mrxsmb20 - ok
11:30:40.0489 0452	msahci          (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
11:30:40.0489 0452	msahci - ok
11:30:40.0520 0452	msdsm           (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
11:30:40.0536 0452	msdsm - ok
11:30:40.0567 0452	Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
11:30:40.0598 0452	Msfs - ok
11:30:40.0614 0452	msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
11:30:40.0629 0452	msisadrv - ok
11:30:40.0645 0452	MSKSSRV         (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
11:30:40.0676 0452	MSKSSRV - ok
11:30:40.0692 0452	MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
11:30:40.0723 0452	MSPCLOCK - ok
11:30:40.0738 0452	MSPQM           (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
11:30:40.0785 0452	MSPQM - ok
11:30:40.0801 0452	MsRPC           (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
11:30:40.0816 0452	MsRPC - ok
11:30:40.0832 0452	mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
11:30:40.0832 0452	mssmbios - ok
11:30:40.0848 0452	MSTEE           (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
11:30:40.0879 0452	MSTEE - ok
11:30:40.0910 0452	MTsensor        (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
11:30:40.0926 0452	MTsensor - ok
11:30:40.0941 0452	Mup             (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
11:30:40.0957 0452	Mup - ok
11:30:40.0972 0452	mv61xx          (ddde02cf363d4a202df6b82777ee5f45) C:\Windows\system32\DRIVERS\mv61xx.sys
11:30:40.0972 0452	mv61xx - ok
11:30:41.0004 0452	NativeWifiP     (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
11:30:41.0019 0452	NativeWifiP - ok
11:30:41.0066 0452	NDIS            (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
11:30:41.0097 0452	NDIS - ok
11:30:41.0113 0452	NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
11:30:41.0144 0452	NdisTapi - ok
11:30:41.0175 0452	Ndisuio         (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
11:30:41.0206 0452	Ndisuio - ok
11:30:41.0238 0452	NdisWan         (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
11:30:41.0269 0452	NdisWan - ok
11:30:41.0284 0452	NDProxy         (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
11:30:41.0316 0452	NDProxy - ok
11:30:41.0331 0452	NetBIOS         (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
11:30:41.0378 0452	NetBIOS - ok
11:30:41.0409 0452	netbt           (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
11:30:41.0425 0452	netbt - ok
11:30:41.0456 0452	nfrd960         (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
11:30:41.0456 0452	nfrd960 - ok
11:30:41.0472 0452	Npfs            (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
11:30:41.0503 0452	Npfs - ok
11:30:41.0518 0452	NPPTNT2 - ok
11:30:41.0534 0452	nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
11:30:41.0581 0452	nsiproxy - ok
11:30:41.0628 0452	Ntfs            (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
11:30:41.0659 0452	Ntfs - ok
11:30:41.0674 0452	Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
11:30:41.0721 0452	Null - ok
11:30:41.0737 0452	nvraid          (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
11:30:41.0752 0452	nvraid - ok
11:30:41.0768 0452	nvstor          (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
11:30:41.0784 0452	nvstor - ok
11:30:41.0799 0452	nv_agp          (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
11:30:41.0815 0452	nv_agp - ok
11:30:41.0830 0452	NwlnkFlt - ok
11:30:41.0830 0452	NwlnkFwd - ok
11:30:41.0862 0452	ohci1394        (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
11:30:41.0893 0452	ohci1394 - ok
11:30:41.0924 0452	Parport         (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
11:30:41.0971 0452	Parport - ok
11:30:42.0002 0452	partmgr         (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
11:30:42.0002 0452	partmgr - ok
11:30:42.0018 0452	pci             (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
11:30:42.0033 0452	pci - ok
11:30:42.0064 0452	pciide          (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
11:30:42.0080 0452	pciide - ok
11:30:42.0080 0452	pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
11:30:42.0096 0452	pcmcia - ok
11:30:42.0127 0452	PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
11:30:42.0205 0452	PEAUTH - ok
11:30:42.0252 0452	PptpMiniport    (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
11:30:42.0283 0452	PptpMiniport - ok
11:30:42.0298 0452	Processor       (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
11:30:42.0330 0452	Processor - ok
11:30:42.0345 0452	PSched          (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
11:30:42.0376 0452	PSched - ok
11:30:42.0408 0452	ql2300          (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
11:30:42.0454 0452	ql2300 - ok
11:30:42.0470 0452	ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
11:30:42.0470 0452	ql40xx - ok
11:30:42.0501 0452	QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
11:30:42.0517 0452	QWAVEdrv - ok
11:30:42.0532 0452	RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
11:30:42.0579 0452	RasAcd - ok
11:30:42.0595 0452	Rasl2tp         (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:30:42.0626 0452	Rasl2tp - ok
11:30:42.0642 0452	RasPppoe        (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
11:30:42.0673 0452	RasPppoe - ok
11:30:42.0688 0452	RasSstp         (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
11:30:42.0704 0452	RasSstp - ok
11:30:42.0720 0452	rdbss           (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
11:30:42.0751 0452	rdbss - ok
11:30:42.0782 0452	RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:30:42.0813 0452	RDPCDD - ok
11:30:42.0829 0452	rdpdr           (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
11:30:42.0876 0452	rdpdr - ok
11:30:42.0907 0452	RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
11:30:42.0938 0452	RDPENCDD - ok
11:30:42.0969 0452	RDPWD           (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
11:30:43.0000 0452	RDPWD - ok
11:30:43.0047 0452	rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
11:30:43.0078 0452	rspndr - ok
11:30:43.0094 0452	sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
11:30:43.0094 0452	sbp2port - ok
11:30:43.0125 0452	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:30:43.0172 0452	secdrv - ok
11:30:43.0203 0452	Serenum         (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
11:30:43.0250 0452	Serenum - ok
11:30:43.0281 0452	Serial          (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
11:30:43.0328 0452	Serial - ok
11:30:43.0344 0452	sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
11:30:43.0375 0452	sermouse - ok
11:30:43.0406 0452	sffdisk         (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
11:30:43.0453 0452	sffdisk - ok
11:30:43.0484 0452	sffp_mmc        (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
11:30:43.0515 0452	sffp_mmc - ok
11:30:43.0531 0452	sffp_sd         (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
11:30:43.0578 0452	sffp_sd - ok
11:30:43.0593 0452	sfloppy         (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
11:30:43.0640 0452	sfloppy - ok
11:30:43.0656 0452	SiSRaid2        (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
11:30:43.0671 0452	SiSRaid2 - ok
11:30:43.0687 0452	SiSRaid4        (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
11:30:43.0702 0452	SiSRaid4 - ok
11:30:43.0718 0452	Smb             (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
11:30:43.0749 0452	Smb - ok
11:30:43.0780 0452	spldr           (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
11:30:43.0796 0452	spldr - ok
11:30:43.0843 0452	srv             (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
11:30:43.0890 0452	srv - ok
11:30:43.0921 0452	srv2            (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
11:30:43.0936 0452	srv2 - ok
11:30:43.0952 0452	srvnet          (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
11:30:43.0968 0452	srvnet - ok
11:30:44.0014 0452	ssudmdm         (ad42ca614e086bcadbd53fffc404ac24) C:\Windows\system32\DRIVERS\ssudmdm.sys
11:30:44.0030 0452	ssudmdm - ok
11:30:44.0046 0452	swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
11:30:44.0046 0452	swenum - ok
11:30:44.0077 0452	Symc8xx         (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
11:30:44.0077 0452	Symc8xx - ok
11:30:44.0108 0452	Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
11:30:44.0108 0452	Sym_hi - ok
11:30:44.0124 0452	Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
11:30:44.0139 0452	Sym_u3 - ok
11:30:44.0202 0452	Tcpip           (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
11:30:44.0248 0452	Tcpip - ok
11:30:44.0264 0452	Tcpip6          (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
11:30:44.0342 0452	Tcpip6 - ok
11:30:44.0436 0452	tcpipreg        (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
11:30:44.0482 0452	tcpipreg - ok
11:30:44.0498 0452	TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
11:30:44.0545 0452	TDPIPE - ok
11:30:44.0560 0452	TDTCP           (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
11:30:44.0607 0452	TDTCP - ok
11:30:44.0623 0452	tdx             (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
11:30:44.0654 0452	tdx - ok
11:30:44.0685 0452	TermDD          (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
11:30:44.0701 0452	TermDD - ok
11:30:44.0872 0452	tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:30:44.0919 0452	tssecsrv - ok
11:30:44.0935 0452	tunmp           (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
11:30:44.0966 0452	tunmp - ok
11:30:44.0997 0452	tunnel          (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
11:30:45.0013 0452	tunnel - ok
11:30:45.0028 0452	uagp35          (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
11:30:45.0044 0452	uagp35 - ok
11:30:45.0075 0452	udfs            (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
11:30:45.0106 0452	udfs - ok
11:30:45.0138 0452	uliagpkx        (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
11:30:45.0153 0452	uliagpkx - ok
11:30:45.0169 0452	uliahci         (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
11:30:45.0184 0452	uliahci - ok
11:30:45.0200 0452	UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
11:30:45.0216 0452	UlSata - ok
11:30:45.0247 0452	ulsata2         (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
11:30:45.0262 0452	ulsata2 - ok
11:30:45.0278 0452	umbus           (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
11:30:45.0309 0452	umbus - ok
11:30:45.0325 0452	USBAAPL64 - ok
11:30:45.0340 0452	usbccgp         (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
11:30:45.0372 0452	usbccgp - ok
11:30:45.0387 0452	usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
11:30:45.0450 0452	usbcir - ok
11:30:45.0465 0452	usbehci         (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
11:30:45.0496 0452	usbehci - ok
11:30:45.0528 0452	usbhub          (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
11:30:45.0559 0452	usbhub - ok
11:30:45.0574 0452	usbohci         (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
11:30:45.0637 0452	usbohci - ok
11:30:45.0652 0452	usbprint        (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
11:30:45.0699 0452	usbprint - ok
11:30:45.0715 0452	usbscan         (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
11:30:45.0746 0452	usbscan - ok
11:30:45.0762 0452	USBSTOR         (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:30:45.0793 0452	USBSTOR - ok
11:30:45.0808 0452	usbuhci         (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
11:30:45.0840 0452	usbuhci - ok
11:30:45.0871 0452	vga             (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
11:30:45.0918 0452	vga - ok
11:30:45.0949 0452	VgaSave         (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
11:30:45.0980 0452	VgaSave - ok
11:30:45.0996 0452	viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
11:30:45.0996 0452	viaide - ok
11:30:46.0027 0452	volmgr          (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
11:30:46.0042 0452	volmgr - ok
11:30:46.0074 0452	volmgrx         (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
11:30:46.0089 0452	volmgrx - ok
11:30:46.0120 0452	volsnap         (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
11:30:46.0136 0452	volsnap - ok
11:30:46.0152 0452	vsmraid         (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
11:30:46.0167 0452	vsmraid - ok
11:30:46.0183 0452	WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
11:30:46.0261 0452	WacomPen - ok
11:30:46.0276 0452	Wanarp          (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
11:30:46.0308 0452	Wanarp - ok
11:30:46.0308 0452	Wanarpv6        (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
11:30:46.0323 0452	Wanarpv6 - ok
11:30:46.0386 0452	WBio - ok
11:30:46.0417 0452	Wd              (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
11:30:46.0417 0452	Wd - ok
11:30:46.0448 0452	Wdf01000        (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
11:30:46.0479 0452	Wdf01000 - ok
11:30:46.0526 0452	WmiAcpi         (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
11:30:46.0542 0452	WmiAcpi - ok
11:30:46.0588 0452	WpdUsb          (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
11:30:46.0620 0452	WpdUsb - ok
11:30:46.0635 0452	ws2ifsl         (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
11:30:46.0682 0452	ws2ifsl - ok
11:30:46.0713 0452	WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:30:46.0744 0452	WUDFRd - ok
11:30:46.0760 0452	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:30:46.0838 0452	\Device\Harddisk0\DR0 - ok
11:30:46.0838 0452	Boot (0x1200)   (f90bd6e568c3c3c7b5903e0d3b67c99c) \Device\Harddisk0\DR0\Partition0
11:30:46.0838 0452	\Device\Harddisk0\DR0\Partition0 - ok
11:30:46.0854 0452	Boot (0x1200)   (2d5927f15b2e2b4870654265a38e5a1f) \Device\Harddisk0\DR0\Partition1
11:30:46.0854 0452	\Device\Harddisk0\DR0\Partition1 - ok
11:30:46.0854 0452	Boot (0x1200)   (6f56aa00c090f72970f0b8affaeb52a6) \Device\Harddisk0\DR0\Partition2
11:30:46.0854 0452	\Device\Harddisk0\DR0\Partition2 - ok
11:30:46.0854 0452	============================================================
11:30:46.0854 0452	Scan finished
11:30:46.0854 0452	============================================================
11:30:46.0869 3424	Detected object count: 0
11:30:46.0869 3424	Actual detected object count: 0

cosinus · 15.03.2012, 22:26

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

offliNe. · 16.03.2012, 11:29

Inhalt der ComboFixlog

Code:

ATTFilter

ComboFix 12-03-16.03 - Admin 16.03.2012  11:14:44.1.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.4094.2845 [GMT 1:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\xp-AntiSpy
c:\program files (x86)\xp-AntiSpy\Uninstall.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url
c:\users\Admin\4.0
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-16 bis 2012-03-16  ))))))))))))))))))))))))))))))
.
.
2012-03-14 22:21 . 2012-03-14 22:21	--------	d-----w-	C:\_OTL
2012-03-14 10:13 . 2012-01-09 16:16	708096	----a-w-	c:\windows\system32\rdpencom.dll
2012-03-14 10:13 . 2012-01-09 15:54	613376	----a-w-	c:\windows\SysWow64\rdpencom.dll
2012-03-14 10:13 . 2012-01-09 14:27	209920	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-11 17:41 . 2012-03-11 17:41	--------	d-----w-	c:\users\Admin\.tfo4
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-23 19:58 . 2012-01-11 10:03	4659712	----a-w-	c:\windows\SysWow64\Redemption.dll
2011-12-23 19:58 . 2011-12-23 19:58	974848	----a-w-	c:\windows\SysWow64\cis-2.4.dll
2011-12-23 19:58 . 2011-12-23 19:58	81920	----a-w-	c:\windows\SysWow64\issacapi_bs-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58	65536	----a-w-	c:\windows\SysWow64\issacapi_pe-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58	57344	----a-w-	c:\windows\SysWow64\MTXSYNCICON.dll
2011-12-23 19:58 . 2011-12-23 19:58	57344	----a-w-	c:\windows\SysWow64\MK_Lyric.dll
2011-12-23 19:58 . 2011-12-23 19:58	57344	----a-w-	c:\windows\SysWow64\issacapi_se-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58	569344	----a-w-	c:\windows\SysWow64\muzdecode.ax
2011-12-23 19:58 . 2011-12-23 19:58	491520	----a-w-	c:\windows\SysWow64\muzapp.dll
2011-12-23 19:58 . 2011-12-23 19:58	49152	----a-w-	c:\windows\SysWow64\MaJGUILib.dll
2011-12-23 19:58 . 2011-12-23 19:58	45056	----a-w-	c:\windows\SysWow64\MaXMLProto.dll
2011-12-23 19:58 . 2011-12-23 19:58	45056	----a-w-	c:\windows\SysWow64\MACXMLProto.dll
2011-12-23 19:58 . 2011-12-23 19:58	40960	----a-w-	c:\windows\SysWow64\MTTELECHIP.dll
2011-12-23 19:58 . 2011-12-23 19:58	40960	----a-w-	c:\windows\SysWow64\MAMACExtract.dll
2011-12-23 19:58 . 2011-12-23 19:58	352256	----a-w-	c:\windows\SysWow64\MSLUR71.dll
2011-12-23 19:58 . 2011-12-23 19:58	258048	----a-w-	c:\windows\SysWow64\muzoggsp.ax
2011-12-23 19:58 . 2011-12-23 19:58	245760	----a-w-	c:\windows\SysWow64\MSCLib.dll
2011-12-23 19:58 . 2011-12-23 19:58	24576	----a-w-	c:\windows\SysWow64\MASetupCleaner.exe
2011-12-23 19:58 . 2011-12-23 19:58	200704	----a-w-	c:\windows\SysWow64\muzwmts.dll
2011-12-23 19:58 . 2011-12-23 19:58	155648	----a-w-	c:\windows\SysWow64\MSFLib.dll
2011-12-23 19:58 . 2011-12-23 19:58	143360	----a-w-	c:\windows\SysWow64\3DAudio.ax
2011-12-23 19:58 . 2011-12-23 19:58	135168	----a-w-	c:\windows\SysWow64\muzaf1.dll
2011-12-23 19:58 . 2011-12-23 19:58	131072	----a-w-	c:\windows\SysWow64\muzmpgsp.ax
2011-12-23 19:58 . 2011-12-23 19:58	122880	----a-w-	c:\windows\SysWow64\muzeffect.ax
2011-12-23 19:58 . 2011-12-23 19:58	118784	----a-w-	c:\windows\SysWow64\MaDRM.dll
2011-12-23 19:58 . 2011-12-23 19:58	110592	----a-w-	c:\windows\SysWow64\muzmp4sp.ax
2011-12-18 12:36 . 2011-06-08 19:29	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\steam\steam.exe" [2011-08-02 1242448]
"RocketDock"="e:\rocketdock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"PDFPrint"="e:\program files (x86)\PDF24\pdf24.exe" [2011-12-16 220744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-08-29 6477344]
"Skytel"="Skytel.exe" [2008-08-29 1833504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = 
mLocal Page = 
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5idar8fo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - t-online.de
pref(dom.disable_open_during_load, true);FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Malwarebytes' Anti-Malware_is1 - d:\malwarebytes' anti-malware\unins000.exe
AddRemove-PokerStars - c:\program files (x86)\PokerStars\PokerStarsUninstall.exe
AddRemove-PokerStars.net - c:\program files (x86)\PokerStars.NET\PokerStarsUninstall.exe
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\ASUS\Six Engine\SixEngine.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-16  11:25:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-16 10:25
.
Vor Suchlauf: 12 Verzeichnis(se), 485.377.572.864 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 485.032.534.016 Bytes frei
.
- - End Of File - - B21A6B4D030E3AF9E8B823A568EF9C1D

cosinus · 16.03.2012, 16:58

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

offliNe. · 16.03.2012, 21:54

hier die log

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-16 21:40:22
-----------------------------
21:40:22.881    OS Version: Windows x64 6.0.6002 Service Pack 2
21:40:22.881    Number of processors: 4 586 0x170A
21:40:22.882    ComputerName: ADMIN-PC  UserName: Admin
21:40:24.192    Initialize success
21:41:46.075    AVAST engine defs: 12031600
21:42:36.359    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:42:36.361    Disk 0 Vendor: SAMSUNG_HD103UJ 1AA01118 Size: 953869MB BusType: 3
21:42:36.370    Disk 0 MBR read successfully
21:42:36.372    Disk 0 MBR scan
21:42:36.375    Disk 0 Windows VISTA default MBR code
21:42:36.377    Disk 0 Partition - 00     0F Extended LBA            441865 MB offset 1048578615
21:42:36.380    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       512001 MB offset 63
21:42:36.399    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       102406 MB offset 1048578678
21:42:36.402    Disk 0 Partition - 00     05     Extended            339459 MB offset 1258307190
21:42:36.413    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       339459 MB offset 1258307253
21:42:36.439    Disk 0 scanning C:\Windows\system32\drivers
21:42:41.016    Service scanning
21:42:52.435    Modules scanning
21:42:52.441    Disk 0 trace - called modules:
21:42:52.450    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
21:42:52.454    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80058ca790]
21:42:52.457    3 CLASSPNP.SYS[fffffa6000bb1c33] -> nt!IofCallDriver -> [0xfffffa8003b90520]
21:42:52.461    5 acpi.sys[fffffa60008f7fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003b77060]
21:42:53.716    AVAST engine scan C:\Windows
21:42:57.042    AVAST engine scan C:\Windows\system32
21:45:24.767    AVAST engine scan C:\Windows\system32\drivers
21:45:35.975    AVAST engine scan C:\Users\Admin
21:48:56.370    AVAST engine scan C:\ProgramData
21:49:59.991    Scan finished successfully
21:52:41.174    Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
21:52:41.178    The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"

14.03.2012, 21:23	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert Funktioniert der normale Modus wieder? __________________ Logfiles bitte immer in CODE-Tags posten

Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert

Plagegeister aller Art und deren Bekämpfung: Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert