Fehlerhafte Darstellung von Internetseiten & selbstständige Füllung der C-Festplattenpartition

sheryO · 27.05.2012, 21:21

Hallo zusammen,

ich wende mich an euch mit folgendem Problem: Seid wenigen Tagen kommt es auf verschiedensten Internetseiten zu fehlerhaften Darstellungen.
Darüber hinaus wird mir ständig angezeigt, dass zu wenig Speicherplatz auf System(C

verfügbar sei. Was mich daran stutzig macht, ist, dass nachdem ich Programme mit einer Größe von ca. 1,5 Gigabyte von System(C

gelöscht hatte, kurze Zeit später wieder kein Speicherplatz verfügbar war. Es scheint, als würden ständig neue Daten heruntergeladen, die die C-Partition füllen.

Ich frage mich nun, woran das liegen könnte. Da das Problem, wie schon erwähnt, erst seid kurzem besteht und auch nicht mit Veränderungen von meiner Seite aus am Computer einherging, kam mir ein eventueller Zusammenhang mit Malware in den Sinn.

Schonmal vielen Dank für eure Hilfe.

MfG
sheryO

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-05-27 19:49:02
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 ST3160023AS rev.3.00
Running: nb7c7458.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pxldiuod.sys


---- System - GMER 1.0.15 ----

SSDT            BA70320E                                                                                                                                                               ZwCreateKey
SSDT            BA703204                                                                                                                                                               ZwCreateThread
SSDT            BA703213                                                                                                                                                               ZwDeleteKey
SSDT            BA70321D                                                                                                                                                               ZwDeleteValueKey
SSDT            BA703222                                                                                                                                                               ZwLoadKey
SSDT            BA7031F0                                                                                                                                                               ZwOpenProcess
SSDT            BA7031F5                                                                                                                                                               ZwOpenThread
SSDT            BA70322C                                                                                                                                                               ZwReplaceKey
SSDT            BA703227                                                                                                                                                               ZwRestoreKey
SSDT            BA703218                                                                                                                                                               ZwSetValueKey
SSDT            \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)                                                              ZwTerminateProcess [0xA8549620]

---- Kernel code sections - GMER 1.0.15 ----

?               C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mbr.sys                                                                                                                             Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                                               fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\redist\Miles\mssdsp.flt                          1
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\redist\Miles\msseax.flt                          1
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\redist\Miles\mssmp3.asi                          1
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Balance_of_Chaos.scn        1
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Blood_on_the_Snow.scn       1
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Castle_of_the_Gods.scn      1
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\General_Conflict.scn        1
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Killing_Fields.scn          1
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Range.scn                   1
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Refill_Conflict.scn         1
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Reinforcement_Conflict.scn  1
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Village_in_Squeeze.scn      1

---- EOF - GMER 1.0.15 ----

Code:

ATTFilter

.DDS Logfile:

	Code: 

 ATTFilter

  
	DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_21
Run by Administrator at 22:07:21 on 2012-05-27
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2046.1332 [GMT 2:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Eraser\Eraser.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
EB: &Recherchieren: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [SUPERAntiSpyware] c:\programme\superantispyware\SUPERAntiSpyware.exe
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime
StartupFolder: c:\dokume~1\admini~1\startm~1\progra~1\autost~1\dropbox.lnk - c:\dokumente und einstellungen\administrator\anwendungsdaten\dropbox\bin\Dropbox.exe
IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\programme\icq7.2\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: kaspersky.com\www
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{0B316D96-1017-4617-B52A-C617BD9C68B8} : NameServer = 192.168.100.1
TCP: Interfaces\{242BB936-621A-480D-8324-497D6BCE33DA} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4EA54FBD-BD02-4751-8F66-1F53BAA8A94F} : DhcpNameServer = 192.168.2.1 192.168.2.1
Notify: !SASWinLogon - c:\programme\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\programme\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokumente und einstellungen\administrator\anwendungsdaten\mozilla\firefox\profiles\9oes8frx.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\programme\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\microsoft\office live\npOLW.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\programme\avira\antivir desktop\avgio.sys [2010-7-15 11608]
R1 SASDIFSV;SASDIFSV;c:\programme\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\programme\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-15 60936]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\avira\antivir desktop\sched.exe [2010-7-15 135336]
S2 AntiVirService;Avira AntiVir Guard;c:\programme\avira\antivir desktop\avguard.exe [2010-7-15 267432]
S3 GarenaPEngine;GarenaPEngine;\??\c:\dokume~1\admini~1\lokale~1\temp\ylo5.tmp --> c:\dokume~1\admini~1\lokale~1\temp\YLO5.tmp [?]
.
=============== Created Last 30 ================
.
2012-05-06 16:48:41	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M  ====================
.
2012-05-06 16:48:41	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:51:24	2029056	------w-	c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51:18	2150912	------w-	c:\windows\system32\ntoskrnl.exe
2012-04-11 13:51:18	1862400	----a-w-	c:\windows\system32\win32k.sys
2012-04-04 13:56:40	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-01 11:00:09	916992	----a-w-	c:\windows\system32\wininet.dll
2012-03-01 11:00:08	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-03-01 11:00:08	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2012-02-29 14:09:48	177664	----a-w-	c:\windows\system32\wintrust.dll
2012-02-29 14:09:48	148480	----a-w-	c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40	385024	----a-w-	c:\windows\system32\html.iec
.
============= FINISH: 22:07:36,10 ===============

--- --- ---

Code:

ATTFilter

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 28.06.2006 11:42:48
System Uptime: 27.05.2012 13:46:10 (9 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD |  | MS-7187
Processor:               Intel(R) Pentium(R) D CPU 2.80GHz | Socket 775 | 2799/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 29 GiB total, 0 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 97,101 GiB free.
E: is FIXED (NTFS) - 120 GiB total, 119,555 GiB free.
F: is Removable
G: is Removable
H: is Removable
J: is Removable
O: is CDROM ()
U: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
6
.
==== End Of File ===========================

cosinus · 29.05.2012, 15:44

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

sheryO · 31.05.2012, 18:40

Code:

ATTFilter

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.19.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: PC-xxx [Administrator]

25.04.2012 16:02:11
mbam-log-2012-04-25 (16-02-11).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 265140
Laufzeit: 28 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.23.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: PC-xxx [Administrator]

23.05.2012 15:51:48
mbam-log-2012-05-23 (15-51-48).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 272535
Laufzeit: 38 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.31.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: PC-xxx [Administrator]

31.05.2012 14:15:45
mbam-log-2012-05-31 (14-15-45).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 272495
Laufzeit: 1 Stunde(n), 36 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d5267768293ad945a4bcd1cb38665ae1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-31 05:35:52
# local_time=2012-05-31 07:35:52 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 127253509 127253509 0 0
# compatibility_mode=8192 67108863 100 0 23854131 23854131 0 0
# scanned=79349
# found=0
# cleaned=0
# scan_time=6200

cosinus · 31.05.2012, 19:41

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

sheryO · 31.05.2012, 20:18

Code:

ATTFilter

OTL logfile created on: 31.05.2012 20:48:44 - Run 4
OTL by OldTimer - Version 3.2.44.0     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 68,31% Memory free
3,35 Gb Paging File | 2,83 Gb Available in Paging File | 84,62% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29,29 Gb Total Space | 0,13 Gb Free Space | 0,46% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 96,91 Gb Free Space | 65,02% Space Free | Partition Type: NTFS
Drive E: | 119,75 Gb Total Space | 119,56 Gb Free Space | 99,84% Space Free | Partition Type: NTFS
Drive G: | 3,79 Gb Total Space | 3,79 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive I: | 7,45 Gb Total Space | 5,42 Gb Free Space | 72,68% Space Free | Partition Type: FAT32
 
Computer Name: PC-LUENDORF | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.31 20:46:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe
PRC - [2010.10.28 17:01:04 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010.04.10 08:45:46 | 000,979,344 | ---- | M] (The Eraser Project) -- C:\Programme\Eraser\Eraser.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.13 20:32:48 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b49dd780ba8e3501b0adcf108b431e7b\Microsoft.VisualBasic.ni.dll
MOD - [2012.05.10 22:57:54 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.10 22:57:43 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll
MOD - [2012.05.10 22:57:22 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll
MOD - [2012.05.10 22:56:42 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
MOD - [2012.05.10 22:55:16 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.10 22:54:56 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2010.07.18 13:51:46 | 000,063,488 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2010.07.18 13:51:40 | 000,117,760 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2010.07.17 13:07:02 | 000,052,224 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.04.14 07:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2002.12.01 20:10:36 | 000,026,008 | ---- | M] () -- C:\WINDOWS\system32\WIN2PDFM.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.14 07:52:56 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008.04.14 07:52:56 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008.04.14 07:52:18 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008.04.14 07:52:16 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008.04.14 07:52:08 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2002.12.31 14:00:00 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\YLO5.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.04.14 07:32:18 | 000,120,576 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008.04.14 07:28:14 | 000,800,384 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008.04.14 00:02:38 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2006.06.07 23:08:56 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.05.03 03:49:57 | 000,166,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2005.10.25 04:45:54 | 000,173,568 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ftsata2.sys -- (ftsata2)
DRV - [2005.10.19 08:20:30 | 000,357,792 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (PRISM_A02)
DRV - [2005.03.14 07:01:38 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2004.03.17 16:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2002.12.31 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2002.12.31 14:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2002.05.02 13:52:22 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\URLSearchHook:  - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-746137067-1177238915-725345543-500\..\SearchScopes,DefaultScope = {2863C1E5-CF75-4945-933E-90E4AA60B606}
IE - HKU\S-1-5-21-746137067-1177238915-725345543-500\..\SearchScopes\{2863C1E5-CF75-4945-933E-90E4AA60B606}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de
IE - HKU\S-1-5-21-746137067-1177238915-725345543-500\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-746137067-1177238915-725345543-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-746137067-1177238915-725345543-500\..\SearchScopes\{AC854C16-CA1E-43f1-8513-0D2F36C726ED}: "URL" = hxxp://www.offos.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=8QYAJ5lM
IE - HKU\S-1-5-21-746137067-1177238915-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: ""
FF - prefs.js..browser.search.param.yahoo-type: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.18
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.4.0.0
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.13 13:13:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.18 15:58:01 | 000,000,000 | ---D | M]
 
[2008.12.04 16:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2012.04.06 11:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions
[2012.04.06 11:55:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.04.06 11:55:27 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.03.06 12:59:34 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2012.03.06 12:59:30 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\searchplugins\sweetim.xml
[2012.04.06 11:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.18 15:58:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.18 15:57:46 | 000,423,656 | ---- | M] (Oracle) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.13 13:13:53 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.13 13:13:53 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.13 13:13:53 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.13 13:13:53 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.13 13:13:53 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.08.29 00:19:53 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-746137067-1177238915-725345543-500\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4 - HKU\S-1-5-21-746137067-1177238915-725345543-500..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe File not found
O15 - HKU\S-1-5-21-746137067-1177238915-725345543-500\..Trusted Domains: kaspersky.com ([www] * in Vertrauenswürdige Sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B316D96-1017-4617-B52A-C617BD9C68B8}: NameServer = 192.168.100.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{242BB936-621A-480D-8324-497D6BCE33DA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EA54FBD-BD02-4751-8F66-1F53BAA8A94F}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^cgs8h0.exe.lnk -  - File not found
MsConfig - StartUpReg: rSkVSbFvavfCaY.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: S75srfkXRfxEhp - hkey= - key= -  File not found
MsConfig - StartUpReg: Upgrade - hkey= - key= -  File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: 57890767.sys - Driver
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: 57890767.sys - Driver
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Sicherheitsupdate für Windows XP (KB913433)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.3iv2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.31 20:46:00 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2012.05.31 17:08:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012.05.29 16:18:42 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2012.05.27 19:35:30 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Verwaltung
[2012.05.10 22:52:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.31 20:46:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2012.05.31 18:38:05 | 000,001,125 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2012.05.31 14:04:47 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2012.05.31 14:03:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.05.31 10:53:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.05.29 14:54:34 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Word 2003.lnk
[2012.05.27 19:34:41 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2012.05.27 17:47:00 | 000,009,216 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.11 15:01:26 | 000,197,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.05.10 22:54:06 | 000,456,314 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.05.10 22:54:06 | 000,438,478 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.05.10 22:54:06 | 000,083,408 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.05.10 22:54:06 | 000,070,216 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2012.05.27 19:34:41 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2012.02.17 17:00:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.09.10 21:21:06 | 000,009,216 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.15 15:08:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.07.15 15:08:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.07.15 15:08:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.07.15 15:08:03 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.07.15 15:08:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.07.12 14:18:55 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
 
========== LOP Check ==========
 
[2010.07.27 13:05:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Blender Foundation
[2012.05.31 18:06:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox
[2012.03.27 17:55:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Foky
[2012.04.02 13:12:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gtk-2.0
[2010.10.31 15:50:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQ
[2009.05.15 17:00:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kingston
[2010.01.03 15:14:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech
[2010.07.19 12:21:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SumatraPDF
[2010.01.19 19:51:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer
[2012.05.28 17:58:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WEB.DE
[2012.03.24 13:26:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ylox
[2009.07.21 12:35:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft
[2012.05.31 14:04:47 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2010.02.09 16:56:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\Office Genuine Advantage
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.04.01 15:07:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe
[2007.12.20 09:45:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AdobeUM
[2010.05.30 12:31:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Avira
[2010.07.27 13:05:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Blender Foundation
[2012.05.31 18:06:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox
[2012.03.27 17:55:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Foky
[2012.03.29 17:56:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Google
[2012.04.02 13:12:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gtk-2.0
[2010.10.31 15:50:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQ
[2006.06.28 11:40:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Identities
[2009.05.15 17:00:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kingston
[2010.01.03 15:14:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech
[2010.07.16 13:55:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia
[2009.08.21 18:52:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2011.09.10 22:47:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Media Player Classic
[2011.04.20 13:43:12 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
[2008.12.04 16:14:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
[2011.06.15 13:36:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Realxml
[2010.07.29 19:57:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype
[2010.07.29 19:48:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skypePM
[2010.07.19 12:21:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SumatraPDF
[2006.11.20 17:25:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun
[2010.07.17 13:06:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com
[2010.01.19 19:51:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer
[2011.09.10 21:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
[2012.05.28 17:58:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WEB.DE
[2010.07.15 23:31:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WinRAR
[2010.07.31 18:12:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Yahoo!
[2012.03.24 13:26:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ylox
 
< %APPDATA%\*.exe /s >
[2007.12.17 16:53:55 | 023,813,608 | ---- | M] (                            ) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr709_de_DE.exe
[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe
[2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Uninstall.exe
[2008.09.19 01:19:30 | 000,937,465 | ---- | M] (                                                            ) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kingston\SecureTraveler.exe
[2008.09.18 15:32:22 | 001,839,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kingston\SecureTravelerA.exe
[2008.09.19 01:05:36 | 003,231,744 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kingston\SecureTravelerB.exe
[2008.07.18 13:31:28 | 000,143,360 | ---- | M] (Kingston) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kingston\SecureTravelerDaemon.exe
[2008.09.18 15:32:22 | 001,839,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kingston\tmp\SecureTravelerA.exe
[2008.09.19 01:05:36 | 003,231,744 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kingston\tmp\SecureTravelerB.exe
[2008.07.18 13:31:28 | 000,143,360 | ---- | M] (Kingston) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kingston\tmp\SecureTravelerDaemon.exe
[2012.01.23 22:35:49 | 003,800,224 | ---- | M] (Adobe Systems, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2006.06.28 11:46:34 | 000,027,670 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{8DD42AE0-5F59-4AA7-8DCB-B6CC7C1C08EB}\ARPPRODUCTICON.exe
[2006.06.28 11:46:34 | 000,008,854 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{8DD42AE0-5F59-4AA7-8DCB-B6CC7C1C08EB}\GEAR.jpg_8DD42AE05F594AA78DCBB6CC7C1C08EB.exe
[2006.06.28 11:46:34 | 000,008,854 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{8DD42AE0-5F59-4AA7-8DCB-B6CC7C1C08EB}\GEAR.NFO_8DD42AE05F594AA78DCBB6CC7C1C08EB.exe
[2006.06.28 11:46:35 | 000,008,854 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{8DD42AE0-5F59-4AA7-8DCB-B6CC7C1C08EB}\ReadMe.txt_8DD42AE05F594AA78DCBB6CC7C1C08EB.exe
[2006.06.28 11:46:34 | 000,008,854 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{8DD42AE0-5F59-4AA7-8DCB-B6CC7C1C08EB}\__GoldEsel___visit_u_8DD42AE05F594AA78DCBB6CC7C1C08EB.exe
[2006.06.28 11:46:34 | 000,008,854 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{8DD42AE0-5F59-4AA7-8DCB-B6CC7C1C08EB}\__Wichtig___Lesen____8DD42AE05F594AA78DCBB6CC7C1C08EB.exe
 
< %SYSTEMDRIVE%\*.exe >
[2011.07.13 04:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
 
< MD5 for: AGP440.SYS  >
[2002.12.31 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2002.12.31 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2002.12.31 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2002.12.31 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2002.12.31 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2002.12.31 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2002.12.31 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2002.12.31 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2002.12.31 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.06.28 13:27:27 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006.06.28 13:27:27 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.06.28 13:27:27 | 000,446,464 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

cosinus · 31.05.2012, 20:53

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
[2012.04.06 11:55:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.03.06 12:59:34 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2012.03.06 12:59:30 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\searchplugins\sweetim.xml
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-746137067-1177238915-725345543-500\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe File not found
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^cgs8h0.exe.lnk -  - File not found
MsConfig - StartUpReg: rSkVSbFvavfCaY.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: S75srfkXRfxEhp - hkey= - key= -  File not found
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

sheryO · 31.05.2012, 21:23

Code:

ATTFilter

All processes killed
========== OTL ==========
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\nl-NL folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\it-IT folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\fr-FR folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\es-ES folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\en-US folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\de-DE folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\searchplugins\sweetim.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-746137067-1177238915-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMHelp deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-21-746137067-1177238915-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_USERS\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^cgs8h0.exe.lnk\ deleted successfully.
C:\WINDOWS\pss\cgs8h0.exe.lnkStartup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\rSkVSbFvavfCaY.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\S75srfkXRfxEhp\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 2502397 bytes
->Temporary Internet Files folder emptied: 2986101 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3202055 bytes
->Flash cache emptied: 3803597 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 12,00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.44.0 log created on 05312012_221801

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 01.06.2012, 11:18

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

sheryO · 01.06.2012, 18:38

Code:

ATTFilter

19:34:28.0171 2232	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
19:34:28.0343 2232	============================================================
19:34:28.0343 2232	Current date / time: 2012/06/01 19:34:28.0343
19:34:28.0343 2232	SystemInfo:
19:34:28.0343 2232	
19:34:28.0343 2232	OS Version: 5.1.2600 ServicePack: 3.0
19:34:28.0343 2232	Product type: Workstation
19:34:28.0343 2232	ComputerName: PC-xxx
19:34:28.0343 2232	UserName: Administrator
19:34:28.0343 2232	Windows directory: C:\WINDOWS
19:34:28.0343 2232	System windows directory: C:\WINDOWS
19:34:28.0343 2232	Processor architecture: Intel x86
19:34:28.0343 2232	Number of processors: 2
19:34:28.0343 2232	Page size: 0x1000
19:34:28.0343 2232	Boot type: Normal boot
19:34:28.0343 2232	============================================================
19:34:29.0921 2232	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:34:29.0937 2232	Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:34:29.0953 2232	Drive \Device\Harddisk5\DR8 - Size: 0xF3000000 (3.80 Gb), SectorSize: 0x200, Cylinders: 0x1EF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:34:29.0953 2232	Drive \Device\Harddisk6\DR9 - Size: 0x1DDD00000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:34:29.0953 2232	============================================================
19:34:29.0953 2232	\Device\Harddisk0\DR0:
19:34:29.0953 2232	MBR partitions:
19:34:29.0953 2232	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1
19:34:29.0968 2232	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A9632F, BlocksNum 0xEF7E8D1
19:34:29.0968 2232	\Device\Harddisk1\DR1:
19:34:29.0968 2232	MBR partitions:
19:34:29.0968 2232	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
19:34:29.0968 2232	\Device\Harddisk5\DR8:
19:34:29.0968 2232	MBR partitions:
19:34:29.0968 2232	\Device\Harddisk5\DR8\Partition0: MBR, Type 0xC, StartLBA 0x30, BlocksNum 0x797FD0
19:34:29.0968 2232	\Device\Harddisk6\DR9:
19:34:29.0968 2232	MBR partitions:
19:34:29.0968 2232	============================================================
19:34:30.0000 2232	C: <-> \Device\Harddisk0\DR0\Partition0
19:34:30.0031 2232	D: <-> \Device\Harddisk1\DR1\Partition0
19:34:30.0187 2232	E: <-> \Device\Harddisk0\DR0\Partition1
19:34:30.0187 2232	============================================================
19:34:30.0187 2232	Initialize success
19:34:30.0187 2232	============================================================
19:34:42.0046 2416	============================================================
19:34:42.0046 2416	Scan started
19:34:42.0046 2416	Mode: Manual; SigCheck; TDLFS; 
19:34:42.0046 2416	============================================================
19:34:42.0281 2416	Abiosdsk - ok
19:34:42.0281 2416	abp480n5 - ok
19:34:42.0312 2416	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:34:43.0718 2416	ACPI - ok
19:34:43.0734 2416	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:34:43.0875 2416	ACPIEC - ok
19:34:43.0890 2416	adpu160m - ok
19:34:43.0906 2416	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:34:44.0062 2416	aec - ok
19:34:44.0078 2416	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:34:44.0125 2416	AFD - ok
19:34:44.0125 2416	Aha154x - ok
19:34:44.0140 2416	aic78u2 - ok
19:34:44.0140 2416	aic78xx - ok
19:34:44.0171 2416	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
19:34:44.0296 2416	Alerter - ok
19:34:44.0312 2416	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
19:34:44.0437 2416	ALG - ok
19:34:44.0437 2416	AliIde - ok
19:34:44.0453 2416	amsint - ok
19:34:44.0515 2416	AntiVirSchedulerService (9828ffe47fbeb08b509a7717e4f77cc7) C:\Programme\Avira\AntiVir Desktop\sched.exe
19:34:44.0531 2416	AntiVirSchedulerService - ok
19:34:44.0562 2416	AntiVirService  (bbc02905032d453c0e18d5110f841902) C:\Programme\Avira\AntiVir Desktop\avguard.exe
19:34:44.0578 2416	AntiVirService - ok
19:34:44.0609 2416	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
19:34:44.0750 2416	AppMgmt - ok
19:34:44.0781 2416	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:34:44.0906 2416	Arp1394 - ok
19:34:44.0906 2416	asc - ok
19:34:44.0921 2416	asc3350p - ok
19:34:44.0921 2416	asc3550 - ok
19:34:45.0000 2416	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:34:45.0015 2416	aspnet_state - ok
19:34:45.0031 2416	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:34:45.0171 2416	AsyncMac - ok
19:34:45.0187 2416	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:34:45.0328 2416	atapi - ok
19:34:45.0328 2416	Atdisk - ok
19:34:45.0375 2416	Ati HotKey Poller (c23082b890f21267037ca6111c385ff3) C:\WINDOWS\system32\Ati2evxx.exe
19:34:45.0468 2416	Ati HotKey Poller - ok
19:34:45.0531 2416	ati2mtag        (f5fc6ac1e7bc776871361d463fc86be2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:34:45.0625 2416	ati2mtag - ok
19:34:45.0687 2416	ATIAVAIW        (632fd762fa5183fabc01687a4cd357b8) C:\WINDOWS\system32\DRIVERS\atinavt2.sys
19:34:45.0718 2416	ATIAVAIW - ok
19:34:45.0750 2416	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:34:45.0890 2416	Atmarpc - ok
19:34:45.0906 2416	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
19:34:46.0046 2416	AudioSrv - ok
19:34:46.0062 2416	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:34:46.0203 2416	audstub - ok
19:34:46.0265 2416	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
19:34:46.0265 2416	avgio - ok
19:34:46.0296 2416	avgntflt        (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:34:46.0421 2416	avgntflt - ok
19:34:46.0437 2416	avipbb          (524b9e78e396c00968c5629ed5bbfab0) C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:34:46.0453 2416	avipbb - ok
19:34:46.0484 2416	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:34:46.0609 2416	Beep - ok
19:34:46.0640 2416	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
19:34:46.0812 2416	BITS - ok
19:34:46.0843 2416	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
19:34:46.0984 2416	Browser - ok
19:34:47.0046 2416	catchme - ok
19:34:47.0078 2416	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:34:47.0218 2416	cbidf2k - ok
19:34:47.0250 2416	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:34:47.0390 2416	CCDECODE - ok
19:34:47.0390 2416	cd20xrnt - ok
19:34:47.0406 2416	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:34:47.0546 2416	Cdaudio - ok
19:34:47.0562 2416	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:34:47.0703 2416	Cdfs - ok
19:34:47.0734 2416	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:34:47.0875 2416	Cdrom - ok
19:34:47.0875 2416	Changer - ok
19:34:47.0906 2416	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
19:34:48.0046 2416	CiSvc - ok
19:34:48.0062 2416	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
19:34:48.0203 2416	ClipSrv - ok
19:34:48.0265 2416	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:34:48.0281 2416	clr_optimization_v2.0.50727_32 - ok
19:34:48.0281 2416	CmdIde - ok
19:34:48.0296 2416	COMSysApp - ok
19:34:48.0296 2416	Cpqarray - ok
19:34:48.0328 2416	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
19:34:48.0468 2416	CryptSvc - ok
19:34:48.0468 2416	dac2w2k - ok
19:34:48.0468 2416	dac960nt - ok
19:34:48.0515 2416	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
19:34:48.0578 2416	DcomLaunch - ok
19:34:48.0593 2416	DgiVecp         (a5034f77b278f07e224fe07cf98a8b76) C:\WINDOWS\system32\Drivers\DgiVecp.sys
19:34:48.0609 2416	DgiVecp ( UnsignedFile.Multi.Generic ) - warning
19:34:48.0609 2416	DgiVecp - detected UnsignedFile.Multi.Generic (1)
19:34:48.0640 2416	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
19:34:48.0781 2416	Dhcp - ok
19:34:48.0796 2416	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:34:48.0937 2416	Disk - ok
19:34:48.0937 2416	dmadmin - ok
19:34:48.0984 2416	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
19:34:49.0156 2416	dmboot - ok
19:34:49.0187 2416	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
19:34:49.0343 2416	dmio - ok
19:34:49.0343 2416	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:34:49.0484 2416	dmload - ok
19:34:49.0500 2416	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
19:34:49.0640 2416	dmserver - ok
19:34:49.0656 2416	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:34:49.0796 2416	DMusic - ok
19:34:49.0812 2416	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
19:34:49.0875 2416	Dnscache - ok
19:34:49.0906 2416	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
19:34:50.0046 2416	Dot3svc - ok
19:34:50.0046 2416	dpti2o - ok
19:34:50.0062 2416	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:34:50.0203 2416	drmkaud - ok
19:34:50.0218 2416	E100B           (83403675cab29e7a4b885b11e7c855d8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:34:50.0281 2416	E100B - ok
19:34:50.0281 2416	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
19:34:50.0421 2416	EapHost - ok
19:34:50.0453 2416	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
19:34:50.0593 2416	ERSvc - ok
19:34:50.0625 2416	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
19:34:50.0640 2416	Eventlog - ok
19:34:50.0671 2416	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
19:34:50.0718 2416	EventSystem - ok
19:34:50.0734 2416	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:34:50.0859 2416	Fastfat - ok
19:34:50.0890 2416	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
19:34:50.0937 2416	FastUserSwitchingCompatibility - ok
19:34:50.0953 2416	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:34:51.0093 2416	Fdc - ok
19:34:51.0109 2416	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
19:34:51.0234 2416	Fips - ok
19:34:51.0250 2416	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:34:51.0390 2416	Flpydisk - ok
19:34:51.0421 2416	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:34:51.0546 2416	FltMgr - ok
19:34:51.0625 2416	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:34:51.0640 2416	FontCache3.0.0.0 - ok
19:34:51.0656 2416	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:34:51.0781 2416	Fs_Rec - ok
19:34:51.0812 2416	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:34:51.0937 2416	Ftdisk - ok
19:34:51.0968 2416	ftsata2         (65b50b303ff74a5517117ba3d25dbe7f) C:\WINDOWS\system32\drivers\ftsata2.sys
19:34:51.0984 2416	ftsata2 ( UnsignedFile.Multi.Generic ) - warning
19:34:51.0984 2416	ftsata2 - detected UnsignedFile.Multi.Generic (1)
19:34:52.0046 2416	GarenaPEngine - ok
19:34:52.0078 2416	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:34:52.0218 2416	Gpc - ok
19:34:52.0234 2416	HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) C:\WINDOWS\system32\drivers\HdAudio.sys
19:34:52.0265 2416	HdAudAddService - ok
19:34:52.0296 2416	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:34:52.0421 2416	HDAudBus - ok
19:34:52.0468 2416	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:34:52.0593 2416	helpsvc - ok
19:34:52.0593 2416	HidServ - ok
19:34:52.0609 2416	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:34:52.0750 2416	HidUsb - ok
19:34:52.0765 2416	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
19:34:52.0890 2416	hkmsvc - ok
19:34:52.0890 2416	hpn - ok
19:34:52.0921 2416	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:34:52.0968 2416	HTTP - ok
19:34:52.0984 2416	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
19:34:53.0125 2416	HTTPFilter - ok
19:34:53.0125 2416	i2omgmt - ok
19:34:53.0125 2416	i2omp - ok
19:34:53.0156 2416	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:34:53.0296 2416	i8042prt - ok
19:34:53.0343 2416	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:34:53.0406 2416	idsvc - ok
19:34:53.0421 2416	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:34:53.0546 2416	Imapi - ok
19:34:53.0578 2416	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
19:34:53.0718 2416	ImapiService - ok
19:34:53.0734 2416	ini910u - ok
19:34:53.0734 2416	IntelIde - ok
19:34:53.0765 2416	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:34:53.0890 2416	intelppm - ok
19:34:53.0906 2416	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:34:54.0031 2416	Ip6Fw - ok
19:34:54.0062 2416	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:34:54.0187 2416	IpFilterDriver - ok
19:34:54.0203 2416	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:34:54.0328 2416	IpInIp - ok
19:34:54.0359 2416	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:34:54.0484 2416	IpNat - ok
19:34:54.0515 2416	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:34:54.0640 2416	IPSec - ok
19:34:54.0656 2416	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:34:54.0765 2416	IRENUM - ok
19:34:54.0781 2416	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:34:54.0921 2416	isapnp - ok
19:34:55.0000 2416	JavaQuickStarterService (e4ae0cbc0b55a5faa6996e38ce6c981b) C:\Programme\Java\jre6\bin\jqs.exe
19:34:55.0015 2416	JavaQuickStarterService - ok
19:34:55.0031 2416	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:34:55.0171 2416	Kbdclass - ok
19:34:55.0187 2416	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:34:55.0343 2416	kmixer - ok
19:34:55.0359 2416	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:34:55.0421 2416	KSecDD - ok
19:34:55.0453 2416	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
19:34:55.0484 2416	lanmanserver - ok
19:34:55.0515 2416	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
19:34:55.0562 2416	lanmanworkstation - ok
19:34:55.0562 2416	lbrtfdc - ok
19:34:55.0609 2416	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
19:34:55.0750 2416	LmHosts - ok
19:34:55.0765 2416	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
19:34:55.0890 2416	Messenger - ok
19:34:55.0906 2416	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:34:56.0031 2416	mnmdd - ok
19:34:56.0046 2416	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
19:34:56.0187 2416	mnmsrvc - ok
19:34:56.0203 2416	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
19:34:56.0343 2416	Modem - ok
19:34:56.0359 2416	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:34:56.0500 2416	Mouclass - ok
19:34:56.0515 2416	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:34:56.0640 2416	mouhid - ok
19:34:56.0656 2416	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:34:56.0781 2416	MountMgr - ok
19:34:56.0796 2416	MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
19:34:56.0937 2416	MPE - ok
19:34:56.0937 2416	mraid35x - ok
19:34:56.0953 2416	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:34:57.0093 2416	MRxDAV - ok
19:34:57.0140 2416	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:34:57.0187 2416	MRxSmb - ok
19:34:57.0218 2416	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
19:34:57.0343 2416	MSDTC - ok
19:34:57.0359 2416	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:34:57.0484 2416	Msfs - ok
19:34:57.0484 2416	MSIServer - ok
19:34:57.0500 2416	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:34:57.0625 2416	MSKSSRV - ok
19:34:57.0640 2416	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:34:57.0765 2416	MSPCLOCK - ok
19:34:57.0781 2416	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:34:57.0921 2416	MSPQM - ok
19:34:57.0937 2416	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:34:58.0046 2416	mssmbios - ok
19:34:58.0062 2416	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:34:58.0203 2416	MSTEE - ok
19:34:58.0234 2416	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:34:58.0265 2416	Mup - ok
19:34:58.0281 2416	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:34:58.0421 2416	NABTSFEC - ok
19:34:58.0453 2416	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
19:34:58.0593 2416	napagent - ok
19:34:58.0609 2416	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:34:58.0750 2416	NDIS - ok
19:34:58.0765 2416	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:34:58.0890 2416	NdisIP - ok
19:34:58.0921 2416	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:34:58.0937 2416	NdisTapi - ok
19:34:58.0953 2416	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:34:59.0078 2416	Ndisuio - ok
19:34:59.0093 2416	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:34:59.0234 2416	NdisWan - ok
19:34:59.0250 2416	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:34:59.0281 2416	NDProxy - ok
19:34:59.0312 2416	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:34:59.0437 2416	NetBIOS - ok
19:34:59.0453 2416	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:34:59.0593 2416	NetBT - ok
19:34:59.0625 2416	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
19:34:59.0765 2416	NetDDE - ok
19:34:59.0765 2416	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
19:34:59.0875 2416	NetDDEdsdm - ok
19:34:59.0906 2416	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
19:35:00.0031 2416	Netlogon - ok
19:35:00.0046 2416	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
19:35:00.0187 2416	Netman - ok
19:35:00.0281 2416	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:35:00.0296 2416	NetTcpPortSharing - ok
19:35:00.0312 2416	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:35:00.0437 2416	NIC1394 - ok
19:35:00.0484 2416	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
19:35:00.0515 2416	Nla - ok
19:35:00.0531 2416	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:35:00.0656 2416	Npfs - ok
19:35:00.0687 2416	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:35:00.0812 2416	Ntfs - ok
19:35:00.0828 2416	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
19:35:00.0953 2416	NtLmSsp - ok
19:35:00.0984 2416	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
19:35:01.0140 2416	NtmsSvc - ok
19:35:01.0156 2416	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:35:01.0296 2416	Null - ok
19:35:01.0328 2416	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:35:01.0453 2416	NwlnkFlt - ok
19:35:01.0468 2416	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:35:01.0593 2416	NwlnkFwd - ok
19:35:01.0609 2416	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:35:01.0734 2416	ohci1394 - ok
19:35:01.0781 2416	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
19:35:01.0812 2416	ose - ok
19:35:01.0828 2416	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
19:35:01.0953 2416	Parport - ok
19:35:01.0968 2416	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:35:02.0093 2416	PartMgr - ok
19:35:02.0109 2416	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
19:35:02.0234 2416	ParVdm - ok
19:35:02.0265 2416	PCANDIS5        (2f9806b52cb3748b1e49222744b28e3c) C:\WINDOWS\system32\PCANDIS5.SYS
19:35:02.0265 2416	PCANDIS5 ( UnsignedFile.Multi.Generic ) - warning
19:35:02.0265 2416	PCANDIS5 - detected UnsignedFile.Multi.Generic (1)
19:35:02.0281 2416	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
19:35:02.0421 2416	PCI - ok
19:35:02.0421 2416	PCIDump - ok
19:35:02.0437 2416	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:35:02.0562 2416	PCIIde - ok
19:35:02.0593 2416	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:35:02.0734 2416	Pcmcia - ok
19:35:02.0734 2416	PDCOMP - ok
19:35:02.0734 2416	PDFRAME - ok
19:35:02.0734 2416	PDRELI - ok
19:35:02.0750 2416	PDRFRAME - ok
19:35:02.0750 2416	perc2 - ok
19:35:02.0750 2416	perc2hib - ok
19:35:02.0796 2416	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
19:35:02.0812 2416	PlugPlay - ok
19:35:02.0828 2416	PnkBstrA        (831883b107684301f48ace752c963984) C:\WINDOWS\system32\PnkBstrA.exe
19:35:02.0843 2416	PnkBstrA - ok
19:35:02.0859 2416	PnkBstrB        (e24106a5eaecddff00b25497049dd65f) C:\WINDOWS\system32\PnkBstrB.exe
19:35:02.0875 2416	PnkBstrB - ok
19:35:02.0906 2416	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
19:35:03.0015 2416	PolicyAgent - ok
19:35:03.0031 2416	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:35:03.0156 2416	PptpMiniport - ok
19:35:03.0187 2416	PRISM_A02       (7796947d857d87491c78afad014a855a) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
19:35:03.0218 2416	PRISM_A02 ( UnsignedFile.Multi.Generic ) - warning
19:35:03.0218 2416	PRISM_A02 - detected UnsignedFile.Multi.Generic (1)
19:35:03.0218 2416	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
19:35:03.0343 2416	ProtectedStorage - ok
19:35:03.0375 2416	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:35:03.0500 2416	Ptilink - ok
19:35:03.0515 2416	ql1080 - ok
19:35:03.0515 2416	Ql10wnt - ok
19:35:03.0515 2416	ql12160 - ok
19:35:03.0531 2416	ql1240 - ok
19:35:03.0531 2416	ql1280 - ok
19:35:03.0562 2416	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:35:03.0687 2416	RasAcd - ok
19:35:03.0703 2416	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
19:35:03.0843 2416	RasAuto - ok
19:35:03.0875 2416	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:35:04.0000 2416	Rasl2tp - ok
19:35:04.0015 2416	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
19:35:04.0156 2416	RasMan - ok
19:35:04.0171 2416	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:35:04.0296 2416	RasPppoe - ok
19:35:04.0312 2416	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:35:04.0437 2416	Raspti - ok
19:35:04.0468 2416	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:35:04.0593 2416	Rdbss - ok
19:35:04.0609 2416	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:35:04.0718 2416	RDPCDD - ok
19:35:04.0765 2416	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:35:04.0906 2416	rdpdr - ok
19:35:04.0937 2416	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
19:35:04.0968 2416	RDPWD - ok
19:35:04.0984 2416	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
19:35:05.0125 2416	RDSessMgr - ok
19:35:05.0156 2416	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:35:05.0281 2416	redbook - ok
19:35:05.0296 2416	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
19:35:05.0421 2416	RemoteAccess - ok
19:35:05.0453 2416	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
19:35:05.0578 2416	RemoteRegistry - ok
19:35:05.0593 2416	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
19:35:05.0718 2416	RpcLocator - ok
19:35:05.0765 2416	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll
19:35:05.0796 2416	RpcSs - ok
19:35:05.0812 2416	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
19:35:05.0937 2416	RSVP - ok
19:35:05.0968 2416	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
19:35:06.0078 2416	SamSs - ok
19:35:06.0140 2416	SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
19:35:06.0156 2416	SASDIFSV - ok
19:35:06.0171 2416	SASKUTIL        (61db0d0756a99506207fd724e3692b25) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
19:35:06.0171 2416	SASKUTIL - ok
19:35:06.0203 2416	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
19:35:06.0328 2416	SCardSvr - ok
19:35:06.0359 2416	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
19:35:06.0500 2416	Schedule - ok
19:35:06.0515 2416	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:35:06.0625 2416	Secdrv - ok
19:35:06.0656 2416	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
19:35:06.0781 2416	seclogon - ok
19:35:06.0796 2416	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
19:35:06.0921 2416	SENS - ok
19:35:06.0937 2416	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:35:07.0062 2416	serenum - ok
19:35:07.0062 2416	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
19:35:07.0187 2416	Serial - ok
19:35:07.0218 2416	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:35:07.0328 2416	Sfloppy - ok
19:35:07.0375 2416	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
19:35:07.0515 2416	SharedAccess - ok
19:35:07.0546 2416	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
19:35:07.0562 2416	ShellHWDetection - ok
19:35:07.0562 2416	Simbad - ok
19:35:07.0578 2416	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:35:07.0703 2416	SLIP - ok
19:35:07.0718 2416	Sparrow - ok
19:35:07.0734 2416	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:35:07.0859 2416	splitter - ok
19:35:07.0890 2416	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:35:07.0921 2416	Spooler - ok
19:35:07.0937 2416	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
19:35:08.0062 2416	sr - ok
19:35:08.0078 2416	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
19:35:08.0218 2416	srservice - ok
19:35:08.0265 2416	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:35:08.0296 2416	Srv - ok
19:35:08.0312 2416	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
19:35:08.0437 2416	SSDPSRV - ok
19:35:08.0453 2416	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:35:08.0468 2416	ssmdrv - ok
19:35:08.0500 2416	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
19:35:08.0656 2416	stisvc - ok
19:35:08.0687 2416	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:35:08.0812 2416	streamip - ok
19:35:08.0828 2416	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:35:08.0953 2416	swenum - ok
19:35:08.0968 2416	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:35:09.0093 2416	swmidi - ok
19:35:09.0093 2416	SwPrv - ok
19:35:09.0109 2416	symc810 - ok
19:35:09.0109 2416	symc8xx - ok
19:35:09.0109 2416	sym_hi - ok
19:35:09.0125 2416	sym_u3 - ok
19:35:09.0140 2416	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:35:09.0265 2416	sysaudio - ok
19:35:09.0296 2416	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
19:35:09.0421 2416	SysmonLog - ok
19:35:09.0453 2416	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
19:35:09.0578 2416	TapiSrv - ok
19:35:09.0609 2416	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:35:09.0640 2416	Tcpip - ok
19:35:09.0656 2416	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:35:09.0781 2416	TDPIPE - ok
19:35:09.0796 2416	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:35:09.0906 2416	TDTCP - ok
19:35:09.0937 2416	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:35:10.0062 2416	TermDD - ok
19:35:10.0093 2416	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
19:35:10.0250 2416	TermService - ok
19:35:10.0281 2416	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
19:35:10.0296 2416	Themes - ok
19:35:10.0312 2416	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
19:35:10.0453 2416	TlntSvr - ok
19:35:10.0453 2416	TosIde - ok
19:35:10.0468 2416	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
19:35:10.0609 2416	TrkWks - ok
19:35:10.0640 2416	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:35:10.0750 2416	Udfs - ok
19:35:10.0765 2416	ultra - ok
19:35:10.0796 2416	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:35:10.0953 2416	Update - ok
19:35:10.0968 2416	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
19:35:11.0109 2416	upnphost - ok
19:35:11.0125 2416	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
19:35:11.0250 2416	UPS - ok
19:35:11.0265 2416	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:35:11.0390 2416	usbccgp - ok
19:35:11.0406 2416	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:35:11.0531 2416	usbehci - ok
19:35:11.0546 2416	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:35:11.0671 2416	usbhub - ok
19:35:11.0687 2416	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:35:11.0812 2416	usbprint - ok
19:35:11.0828 2416	usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:35:11.0937 2416	usbstor - ok
19:35:11.0953 2416	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:35:12.0062 2416	usbuhci - ok
19:35:12.0093 2416	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:35:12.0218 2416	VgaSave - ok
19:35:12.0218 2416	ViaIde - ok
19:35:12.0234 2416	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
19:35:12.0359 2416	VolSnap - ok
19:35:12.0390 2416	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
19:35:12.0531 2416	VSS - ok
19:35:12.0562 2416	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
19:35:12.0687 2416	W32Time - ok
19:35:12.0703 2416	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:35:12.0843 2416	Wanarp - ok
19:35:12.0843 2416	WDICA - ok
19:35:12.0859 2416	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:35:13.0000 2416	wdmaud - ok
19:35:13.0015 2416	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
19:35:13.0140 2416	WebClient - ok
19:35:13.0187 2416	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:35:13.0312 2416	winmgmt - ok
19:35:13.0343 2416	WmdmPmSN        (6e18978b749f0696a774de3f2cb142dd) C:\WINDOWS\system32\mspmsnsv.dll
19:35:13.0468 2416	WmdmPmSN - ok
19:35:13.0531 2416	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
19:35:13.0578 2416	Wmi - ok
19:35:13.0609 2416	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:35:13.0734 2416	WmiApSrv - ok
19:35:13.0765 2416	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
19:35:13.0906 2416	wscsvc - ok
19:35:13.0921 2416	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:35:14.0046 2416	WSTCODEC - ok
19:35:14.0062 2416	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
19:35:14.0187 2416	wuauserv - ok
19:35:14.0234 2416	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
19:35:14.0375 2416	WZCSVC - ok
19:35:14.0390 2416	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
19:35:14.0562 2416	xmlprov - ok
19:35:14.0593 2416	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:35:15.0015 2416	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:35:15.0015 2416	\Device\Harddisk0\DR0 - detected TDSS File System (1)
19:35:15.0031 2416	MBR (0x1B8)     (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk1\DR1
19:35:15.0078 2416	\Device\Harddisk1\DR1 - ok
19:35:15.0078 2416	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR8
19:35:18.0437 2416	\Device\Harddisk5\DR8 - ok
19:35:18.0437 2416	MBR (0x1B8)     (b8ca217c4021c23ac709d6e6bcbb9e20) \Device\Harddisk6\DR9
19:35:18.0625 2416	\Device\Harddisk6\DR9 - ok
19:35:18.0625 2416	Boot (0x1200)   (31117e3f4421da04e2209c1d80988f85) \Device\Harddisk0\DR0\Partition0
19:35:18.0625 2416	\Device\Harddisk0\DR0\Partition0 - ok
19:35:18.0640 2416	Boot (0x1200)   (f48f14286da8b8c7be68936e9087a8e0) \Device\Harddisk0\DR0\Partition1
19:35:18.0640 2416	\Device\Harddisk0\DR0\Partition1 - ok
19:35:18.0640 2416	Boot (0x1200)   (4eb6a976af183366c444a09981d648e4) \Device\Harddisk1\DR1\Partition0
19:35:18.0640 2416	\Device\Harddisk1\DR1\Partition0 - ok
19:35:18.0656 2416	Boot (0x1200)   (87a0eb4ead04758e9eef1ae99037f53c) \Device\Harddisk5\DR8\Partition0
19:35:18.0656 2416	\Device\Harddisk5\DR8\Partition0 - ok
19:35:18.0656 2416	============================================================
19:35:18.0656 2416	Scan finished
19:35:18.0656 2416	============================================================
19:35:18.0765 3224	Detected object count: 5
19:35:18.0765 3224	Actual detected object count: 5
19:35:36.0046 3224	DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:36.0046 3224	DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:35:36.0046 3224	ftsata2 ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:36.0046 3224	ftsata2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:35:36.0046 3224	PCANDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:36.0046 3224	PCANDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:35:36.0046 3224	PRISM_A02 ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:36.0046 3224	PRISM_A02 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:35:36.0046 3224	\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:35:36.0046 3224	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

cosinus · 02.06.2012, 17:15

Zitat:

\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

Das TDSS File System bitte mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.

sheryO · 06.06.2012, 14:30

Code:

ATTFilter

15:16:02.0125 3548	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
15:16:02.0328 3548	============================================================
15:16:02.0328 3548	Current date / time: 2012/06/06 15:16:02.0328
15:16:02.0328 3548	SystemInfo:
15:16:02.0328 3548	
15:16:02.0328 3548	OS Version: 5.1.2600 ServicePack: 3.0
15:16:02.0328 3548	Product type: Workstation
15:16:02.0328 3548	ComputerName: PC-LUENDORF
15:16:02.0328 3548	UserName: Administrator
15:16:02.0328 3548	Windows directory: C:\WINDOWS
15:16:02.0328 3548	System windows directory: C:\WINDOWS
15:16:02.0328 3548	Processor architecture: Intel x86
15:16:02.0328 3548	Number of processors: 2
15:16:02.0328 3548	Page size: 0x1000
15:16:02.0328 3548	Boot type: Normal boot
15:16:02.0328 3548	============================================================
15:16:04.0265 3548	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:16:04.0281 3548	Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:16:04.0296 3548	Drive \Device\Harddisk5\DR8 - Size: 0xF3000000 (3.80 Gb), SectorSize: 0x200, Cylinders: 0x1EF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:16:04.0296 3548	============================================================
15:16:04.0296 3548	\Device\Harddisk0\DR0:
15:16:04.0296 3548	MBR partitions:
15:16:04.0296 3548	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1
15:16:04.0312 3548	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A9632F, BlocksNum 0xEF7E8D1
15:16:04.0312 3548	\Device\Harddisk1\DR1:
15:16:04.0312 3548	MBR partitions:
15:16:04.0312 3548	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
15:16:04.0312 3548	\Device\Harddisk5\DR8:
15:16:04.0312 3548	MBR partitions:
15:16:04.0312 3548	\Device\Harddisk5\DR8\Partition0: MBR, Type 0xC, StartLBA 0x30, BlocksNum 0x797FD0
15:16:04.0312 3548	============================================================
15:16:04.0343 3548	C: <-> \Device\Harddisk0\DR0\Partition0
15:16:04.0359 3548	D: <-> \Device\Harddisk1\DR1\Partition0
15:16:04.0390 3548	E: <-> \Device\Harddisk0\DR0\Partition1
15:16:04.0390 3548	============================================================
15:16:04.0390 3548	Initialize success
15:16:04.0390 3548	============================================================
15:16:12.0140 3448	============================================================
15:16:12.0140 3448	Scan started
15:16:12.0140 3448	Mode: Manual; SigCheck; TDLFS; 
15:16:12.0140 3448	============================================================
15:16:14.0359 3448	Abiosdsk - ok
15:16:14.0359 3448	abp480n5 - ok
15:16:14.0390 3448	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:16:15.0796 3448	ACPI - ok
15:16:15.0812 3448	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:16:15.0953 3448	ACPIEC - ok
15:16:15.0968 3448	adpu160m - ok
15:16:15.0984 3448	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:16:16.0140 3448	aec - ok
15:16:16.0171 3448	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:16:16.0218 3448	AFD - ok
15:16:16.0218 3448	Aha154x - ok
15:16:16.0218 3448	aic78u2 - ok
15:16:16.0218 3448	aic78xx - ok
15:16:16.0250 3448	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
15:16:16.0390 3448	Alerter - ok
15:16:16.0406 3448	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
15:16:16.0531 3448	ALG - ok
15:16:16.0531 3448	AliIde - ok
15:16:16.0531 3448	amsint - ok
15:16:16.0609 3448	AntiVirSchedulerService (9828ffe47fbeb08b509a7717e4f77cc7) C:\Programme\Avira\AntiVir Desktop\sched.exe
15:16:16.0625 3448	AntiVirSchedulerService - ok
15:16:16.0640 3448	AntiVirService  (bbc02905032d453c0e18d5110f841902) C:\Programme\Avira\AntiVir Desktop\avguard.exe
15:16:16.0656 3448	AntiVirService - ok
15:16:16.0687 3448	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
15:16:16.0828 3448	AppMgmt - ok
15:16:16.0843 3448	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:16:16.0984 3448	Arp1394 - ok
15:16:16.0984 3448	asc - ok
15:16:16.0984 3448	asc3350p - ok
15:16:17.0000 3448	asc3550 - ok
15:16:17.0078 3448	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:16:17.0093 3448	aspnet_state - ok
15:16:17.0109 3448	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:16:17.0234 3448	AsyncMac - ok
15:16:17.0250 3448	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:16:17.0390 3448	atapi - ok
15:16:17.0390 3448	Atdisk - ok
15:16:17.0437 3448	Ati HotKey Poller (c23082b890f21267037ca6111c385ff3) C:\WINDOWS\system32\Ati2evxx.exe
15:16:17.0500 3448	Ati HotKey Poller - ok
15:16:17.0578 3448	ati2mtag        (f5fc6ac1e7bc776871361d463fc86be2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:16:17.0656 3448	ati2mtag - ok
15:16:17.0718 3448	ATIAVAIW        (632fd762fa5183fabc01687a4cd357b8) C:\WINDOWS\system32\DRIVERS\atinavt2.sys
15:16:17.0750 3448	ATIAVAIW - ok
15:16:17.0781 3448	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:16:17.0921 3448	Atmarpc - ok
15:16:17.0937 3448	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
15:16:18.0078 3448	AudioSrv - ok
15:16:18.0093 3448	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:16:18.0234 3448	audstub - ok
15:16:18.0296 3448	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
15:16:18.0312 3448	avgio - ok
15:16:18.0343 3448	avgntflt        (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:16:18.0453 3448	avgntflt - ok
15:16:18.0484 3448	avipbb          (524b9e78e396c00968c5629ed5bbfab0) C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:16:18.0500 3448	avipbb - ok
15:16:18.0515 3448	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:16:18.0656 3448	Beep - ok
15:16:18.0687 3448	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
15:16:18.0859 3448	BITS - ok
15:16:18.0890 3448	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
15:16:19.0031 3448	Browser - ok
15:16:19.0093 3448	catchme - ok
15:16:19.0109 3448	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:16:19.0250 3448	cbidf2k - ok
15:16:19.0265 3448	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:16:19.0406 3448	CCDECODE - ok
15:16:19.0406 3448	cd20xrnt - ok
15:16:19.0421 3448	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:16:19.0562 3448	Cdaudio - ok
15:16:19.0578 3448	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:16:19.0734 3448	Cdfs - ok
15:16:19.0750 3448	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:16:19.0890 3448	Cdrom - ok
15:16:19.0890 3448	Changer - ok
15:16:19.0921 3448	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
15:16:20.0078 3448	CiSvc - ok
15:16:20.0078 3448	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
15:16:20.0218 3448	ClipSrv - ok
15:16:20.0281 3448	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:16:20.0296 3448	clr_optimization_v2.0.50727_32 - ok
15:16:20.0296 3448	CmdIde - ok
15:16:20.0296 3448	COMSysApp - ok
15:16:20.0312 3448	Cpqarray - ok
15:16:20.0343 3448	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
15:16:20.0484 3448	CryptSvc - ok
15:16:20.0484 3448	dac2w2k - ok
15:16:20.0484 3448	dac960nt - ok
15:16:20.0531 3448	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
15:16:20.0593 3448	DcomLaunch - ok
15:16:20.0625 3448	DgiVecp         (a5034f77b278f07e224fe07cf98a8b76) C:\WINDOWS\system32\Drivers\DgiVecp.sys
15:16:20.0640 3448	DgiVecp ( UnsignedFile.Multi.Generic ) - warning
15:16:20.0640 3448	DgiVecp - detected UnsignedFile.Multi.Generic (1)
15:16:20.0656 3448	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
15:16:20.0796 3448	Dhcp - ok
15:16:20.0828 3448	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:16:20.0953 3448	Disk - ok
15:16:20.0953 3448	dmadmin - ok
15:16:21.0000 3448	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
15:16:21.0171 3448	dmboot - ok
15:16:21.0203 3448	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
15:16:21.0359 3448	dmio - ok
15:16:21.0359 3448	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:16:21.0484 3448	dmload - ok
15:16:21.0500 3448	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
15:16:21.0640 3448	dmserver - ok
15:16:21.0671 3448	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:16:21.0796 3448	DMusic - ok
15:16:21.0828 3448	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
15:16:21.0875 3448	Dnscache - ok
15:16:21.0906 3448	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
15:16:22.0046 3448	Dot3svc - ok
15:16:22.0046 3448	dpti2o - ok
15:16:22.0062 3448	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:16:22.0203 3448	drmkaud - ok
15:16:22.0218 3448	E100B           (83403675cab29e7a4b885b11e7c855d8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:16:22.0281 3448	E100B - ok
15:16:22.0296 3448	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
15:16:22.0421 3448	EapHost - ok
15:16:22.0437 3448	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
15:16:22.0593 3448	ERSvc - ok
15:16:22.0609 3448	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
15:16:22.0640 3448	Eventlog - ok
15:16:22.0671 3448	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
15:16:22.0703 3448	EventSystem - ok
15:16:22.0734 3448	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:16:22.0859 3448	Fastfat - ok
15:16:22.0890 3448	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
15:16:22.0937 3448	FastUserSwitchingCompatibility - ok
15:16:22.0953 3448	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:16:23.0078 3448	Fdc - ok
15:16:23.0093 3448	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
15:16:23.0218 3448	Fips - ok
15:16:23.0234 3448	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:16:23.0359 3448	Flpydisk - ok
15:16:23.0375 3448	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:16:23.0500 3448	FltMgr - ok
15:16:23.0578 3448	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:16:23.0593 3448	FontCache3.0.0.0 - ok
15:16:23.0609 3448	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:16:23.0734 3448	Fs_Rec - ok
15:16:23.0750 3448	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:16:23.0890 3448	Ftdisk - ok
15:16:23.0921 3448	ftsata2         (65b50b303ff74a5517117ba3d25dbe7f) C:\WINDOWS\system32\drivers\ftsata2.sys
15:16:23.0953 3448	ftsata2 ( UnsignedFile.Multi.Generic ) - warning
15:16:23.0953 3448	ftsata2 - detected UnsignedFile.Multi.Generic (1)
15:16:24.0000 3448	GarenaPEngine - ok
15:16:24.0031 3448	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:16:24.0156 3448	Gpc - ok
15:16:24.0187 3448	HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) C:\WINDOWS\system32\drivers\HdAudio.sys
15:16:24.0218 3448	HdAudAddService - ok
15:16:24.0250 3448	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:16:24.0375 3448	HDAudBus - ok
15:16:24.0421 3448	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:16:24.0546 3448	helpsvc - ok
15:16:24.0546 3448	HidServ - ok
15:16:24.0562 3448	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:16:24.0687 3448	HidUsb - ok
15:16:24.0718 3448	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
15:16:24.0843 3448	hkmsvc - ok
15:16:24.0843 3448	hpn - ok
15:16:24.0875 3448	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:16:24.0921 3448	HTTP - ok
15:16:24.0937 3448	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
15:16:25.0078 3448	HTTPFilter - ok
15:16:25.0078 3448	i2omgmt - ok
15:16:25.0078 3448	i2omp - ok
15:16:25.0109 3448	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:16:25.0250 3448	i8042prt - ok
15:16:25.0296 3448	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:16:25.0359 3448	idsvc - ok
15:16:25.0390 3448	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:16:25.0515 3448	Imapi - ok
15:16:25.0546 3448	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
15:16:25.0671 3448	ImapiService - ok
15:16:25.0687 3448	ini910u - ok
15:16:25.0687 3448	IntelIde - ok
15:16:25.0718 3448	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:16:25.0859 3448	intelppm - ok
15:16:25.0875 3448	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:16:25.0984 3448	Ip6Fw - ok
15:16:26.0015 3448	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:16:26.0140 3448	IpFilterDriver - ok
15:16:26.0156 3448	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:16:26.0281 3448	IpInIp - ok
15:16:26.0312 3448	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:16:26.0453 3448	IpNat - ok
15:16:26.0484 3448	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:16:26.0609 3448	IPSec - ok
15:16:26.0625 3448	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:16:26.0750 3448	IRENUM - ok
15:16:26.0765 3448	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:16:26.0890 3448	isapnp - ok
15:16:26.0968 3448	JavaQuickStarterService (e4ae0cbc0b55a5faa6996e38ce6c981b) C:\Programme\Java\jre6\bin\jqs.exe
15:16:26.0984 3448	JavaQuickStarterService - ok
15:16:27.0000 3448	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:16:27.0140 3448	Kbdclass - ok
15:16:27.0156 3448	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:16:27.0312 3448	kmixer - ok
15:16:27.0328 3448	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:16:27.0390 3448	KSecDD - ok
15:16:27.0421 3448	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
15:16:27.0468 3448	lanmanserver - ok
15:16:27.0500 3448	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
15:16:27.0546 3448	lanmanworkstation - ok
15:16:27.0546 3448	lbrtfdc - ok
15:16:27.0593 3448	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
15:16:27.0718 3448	LmHosts - ok
15:16:27.0734 3448	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
15:16:27.0859 3448	Messenger - ok
15:16:27.0890 3448	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:16:28.0000 3448	mnmdd - ok
15:16:28.0031 3448	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
15:16:28.0171 3448	mnmsrvc - ok
15:16:28.0171 3448	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
15:16:28.0312 3448	Modem - ok
15:16:28.0328 3448	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:16:28.0453 3448	Mouclass - ok
15:16:28.0484 3448	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:16:28.0609 3448	mouhid - ok
15:16:28.0625 3448	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:16:28.0734 3448	MountMgr - ok
15:16:28.0750 3448	MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
15:16:28.0890 3448	MPE - ok
15:16:28.0890 3448	mraid35x - ok
15:16:28.0906 3448	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:16:29.0046 3448	MRxDAV - ok
15:16:29.0093 3448	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:16:29.0140 3448	MRxSmb - ok
15:16:29.0171 3448	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
15:16:29.0281 3448	MSDTC - ok
15:16:29.0296 3448	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:16:29.0421 3448	Msfs - ok
15:16:29.0421 3448	MSIServer - ok
15:16:29.0453 3448	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:16:29.0578 3448	MSKSSRV - ok
15:16:29.0593 3448	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:16:29.0718 3448	MSPCLOCK - ok
15:16:29.0734 3448	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:16:29.0859 3448	MSPQM - ok
15:16:29.0875 3448	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:16:30.0000 3448	mssmbios - ok
15:16:30.0015 3448	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:16:30.0140 3448	MSTEE - ok
15:16:30.0171 3448	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:16:30.0218 3448	Mup - ok
15:16:30.0234 3448	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:16:30.0375 3448	NABTSFEC - ok
15:16:30.0406 3448	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
15:16:30.0546 3448	napagent - ok
15:16:30.0562 3448	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:16:30.0703 3448	NDIS - ok
15:16:30.0718 3448	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:16:30.0843 3448	NdisIP - ok
15:16:30.0875 3448	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:16:30.0921 3448	NdisTapi - ok
15:16:30.0937 3448	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:16:31.0062 3448	Ndisuio - ok
15:16:31.0078 3448	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:16:31.0203 3448	NdisWan - ok
15:16:31.0234 3448	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:16:31.0265 3448	NDProxy - ok
15:16:31.0296 3448	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:16:31.0421 3448	NetBIOS - ok
15:16:31.0453 3448	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:16:31.0578 3448	NetBT - ok
15:16:31.0609 3448	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
15:16:31.0750 3448	NetDDE - ok
15:16:31.0750 3448	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
15:16:31.0875 3448	NetDDEdsdm - ok
15:16:31.0890 3448	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
15:16:32.0015 3448	Netlogon - ok
15:16:32.0046 3448	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
15:16:32.0171 3448	Netman - ok
15:16:32.0281 3448	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:16:32.0296 3448	NetTcpPortSharing - ok
15:16:32.0312 3448	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:16:32.0437 3448	NIC1394 - ok
15:16:32.0468 3448	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
15:16:32.0500 3448	Nla - ok
15:16:32.0531 3448	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:16:32.0656 3448	Npfs - ok
15:16:32.0687 3448	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:16:32.0828 3448	Ntfs - ok
15:16:32.0828 3448	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
15:16:32.0953 3448	NtLmSsp - ok
15:16:33.0000 3448	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
15:16:33.0156 3448	NtmsSvc - ok
15:16:33.0171 3448	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:16:33.0281 3448	Null - ok
15:16:33.0312 3448	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:16:33.0437 3448	NwlnkFlt - ok
15:16:33.0453 3448	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:16:33.0578 3448	NwlnkFwd - ok
15:16:33.0593 3448	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:16:33.0718 3448	ohci1394 - ok
15:16:33.0765 3448	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
15:16:33.0781 3448	ose - ok
15:16:33.0812 3448	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
15:16:33.0937 3448	Parport - ok
15:16:33.0937 3448	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:16:34.0062 3448	PartMgr - ok
15:16:34.0078 3448	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
15:16:34.0218 3448	ParVdm - ok
15:16:34.0234 3448	PCANDIS5        (2f9806b52cb3748b1e49222744b28e3c) C:\WINDOWS\system32\PCANDIS5.SYS
15:16:34.0250 3448	PCANDIS5 ( UnsignedFile.Multi.Generic ) - warning
15:16:34.0250 3448	PCANDIS5 - detected UnsignedFile.Multi.Generic (1)
15:16:34.0281 3448	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
15:16:34.0390 3448	PCI - ok
15:16:34.0406 3448	PCIDump - ok
15:16:34.0406 3448	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:16:34.0531 3448	PCIIde - ok
15:16:34.0562 3448	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:16:34.0703 3448	Pcmcia - ok
15:16:34.0703 3448	PDCOMP - ok
15:16:34.0703 3448	PDFRAME - ok
15:16:34.0718 3448	PDRELI - ok
15:16:34.0718 3448	PDRFRAME - ok
15:16:34.0718 3448	perc2 - ok
15:16:34.0734 3448	perc2hib - ok
15:16:34.0765 3448	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
15:16:34.0781 3448	PlugPlay - ok
15:16:34.0812 3448	PnkBstrA        (831883b107684301f48ace752c963984) C:\WINDOWS\system32\PnkBstrA.exe
15:16:34.0828 3448	PnkBstrA - ok
15:16:34.0843 3448	PnkBstrB        (e24106a5eaecddff00b25497049dd65f) C:\WINDOWS\system32\PnkBstrB.exe
15:16:34.0859 3448	PnkBstrB - ok
15:16:34.0875 3448	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
15:16:34.0984 3448	PolicyAgent - ok
15:16:35.0000 3448	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:16:35.0125 3448	PptpMiniport - ok
15:16:35.0156 3448	PRISM_A02       (7796947d857d87491c78afad014a855a) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
15:16:35.0187 3448	PRISM_A02 ( UnsignedFile.Multi.Generic ) - warning
15:16:35.0187 3448	PRISM_A02 - detected UnsignedFile.Multi.Generic (1)
15:16:35.0187 3448	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
15:16:35.0296 3448	ProtectedStorage - ok
15:16:35.0328 3448	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:16:35.0453 3448	Ptilink - ok
15:16:35.0453 3448	ql1080 - ok
15:16:35.0453 3448	Ql10wnt - ok
15:16:35.0468 3448	ql12160 - ok
15:16:35.0468 3448	ql1240 - ok
15:16:35.0468 3448	ql1280 - ok
15:16:35.0500 3448	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:16:35.0625 3448	RasAcd - ok
15:16:35.0640 3448	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
15:16:35.0781 3448	RasAuto - ok
15:16:35.0796 3448	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:16:35.0921 3448	Rasl2tp - ok
15:16:35.0953 3448	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
15:16:36.0078 3448	RasMan - ok
15:16:36.0093 3448	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:16:36.0218 3448	RasPppoe - ok
15:16:36.0234 3448	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:16:36.0359 3448	Raspti - ok
15:16:36.0390 3448	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:16:36.0515 3448	Rdbss - ok
15:16:36.0531 3448	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:16:36.0640 3448	RDPCDD - ok
15:16:36.0671 3448	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:16:36.0796 3448	rdpdr - ok
15:16:36.0843 3448	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
15:16:36.0890 3448	RDPWD - ok
15:16:36.0906 3448	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
15:16:37.0046 3448	RDSessMgr - ok
15:16:37.0078 3448	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:16:37.0203 3448	redbook - ok
15:16:37.0218 3448	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
15:16:37.0343 3448	RemoteAccess - ok
15:16:37.0375 3448	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
15:16:37.0500 3448	RemoteRegistry - ok
15:16:37.0515 3448	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
15:16:37.0640 3448	RpcLocator - ok
15:16:37.0687 3448	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll
15:16:37.0718 3448	RpcSs - ok
15:16:37.0734 3448	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
15:16:37.0859 3448	RSVP - ok
15:16:37.0890 3448	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
15:16:38.0015 3448	SamSs - ok
15:16:38.0078 3448	SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
15:16:38.0093 3448	SASDIFSV - ok
15:16:38.0109 3448	SASKUTIL        (61db0d0756a99506207fd724e3692b25) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
15:16:38.0109 3448	SASKUTIL - ok
15:16:38.0140 3448	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
15:16:38.0265 3448	SCardSvr - ok
15:16:38.0296 3448	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
15:16:38.0421 3448	Schedule - ok
15:16:38.0468 3448	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:16:38.0578 3448	Secdrv - ok
15:16:38.0593 3448	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
15:16:38.0718 3448	seclogon - ok
15:16:38.0734 3448	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
15:16:38.0875 3448	SENS - ok
15:16:38.0890 3448	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:16:39.0000 3448	serenum - ok
15:16:39.0015 3448	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
15:16:39.0140 3448	Serial - ok
15:16:39.0156 3448	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:16:39.0281 3448	Sfloppy - ok
15:16:39.0312 3448	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
15:16:39.0453 3448	SharedAccess - ok
15:16:39.0484 3448	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
15:16:39.0500 3448	ShellHWDetection - ok
15:16:39.0500 3448	Simbad - ok
15:16:39.0515 3448	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:16:39.0640 3448	SLIP - ok
15:16:39.0640 3448	Sparrow - ok
15:16:39.0671 3448	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:16:39.0796 3448	splitter - ok
15:16:39.0812 3448	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:16:39.0859 3448	Spooler - ok
15:16:39.0875 3448	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
15:16:40.0000 3448	sr - ok
15:16:40.0015 3448	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
15:16:40.0156 3448	srservice - ok
15:16:40.0203 3448	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:16:40.0234 3448	Srv - ok
15:16:40.0250 3448	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
15:16:40.0390 3448	SSDPSRV - ok
15:16:40.0406 3448	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:16:40.0406 3448	ssmdrv - ok
15:16:40.0437 3448	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
15:16:40.0593 3448	stisvc - ok
15:16:40.0609 3448	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:16:40.0734 3448	streamip - ok
15:16:40.0750 3448	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:16:40.0875 3448	swenum - ok
15:16:40.0890 3448	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:16:41.0015 3448	swmidi - ok
15:16:41.0015 3448	SwPrv - ok
15:16:41.0015 3448	symc810 - ok
15:16:41.0031 3448	symc8xx - ok
15:16:41.0031 3448	sym_hi - ok
15:16:41.0031 3448	sym_u3 - ok
15:16:41.0046 3448	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:16:41.0187 3448	sysaudio - ok
15:16:41.0203 3448	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
15:16:41.0328 3448	SysmonLog - ok
15:16:41.0359 3448	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
15:16:41.0484 3448	TapiSrv - ok
15:16:41.0531 3448	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:16:41.0562 3448	Tcpip - ok
15:16:41.0578 3448	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:16:41.0703 3448	TDPIPE - ok
15:16:41.0703 3448	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:16:41.0828 3448	TDTCP - ok
15:16:41.0843 3448	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:16:41.0953 3448	TermDD - ok
15:16:42.0000 3448	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
15:16:42.0140 3448	TermService - ok
15:16:42.0156 3448	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
15:16:42.0171 3448	Themes - ok
15:16:42.0203 3448	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
15:16:42.0328 3448	TlntSvr - ok
15:16:42.0328 3448	TosIde - ok
15:16:42.0343 3448	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
15:16:42.0484 3448	TrkWks - ok
15:16:42.0500 3448	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:16:42.0625 3448	Udfs - ok
15:16:42.0640 3448	ultra - ok
15:16:42.0671 3448	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:16:42.0812 3448	Update - ok
15:16:42.0843 3448	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
15:16:42.0968 3448	upnphost - ok
15:16:42.0984 3448	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
15:16:43.0109 3448	UPS - ok
15:16:43.0140 3448	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:16:43.0250 3448	usbccgp - ok
15:16:43.0265 3448	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:16:43.0390 3448	usbehci - ok
15:16:43.0406 3448	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:16:43.0531 3448	usbhub - ok
15:16:43.0546 3448	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:16:43.0671 3448	usbprint - ok
15:16:43.0687 3448	usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:16:43.0796 3448	usbstor - ok
15:16:43.0812 3448	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:16:43.0921 3448	usbuhci - ok
15:16:43.0953 3448	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:16:44.0078 3448	VgaSave - ok
15:16:44.0078 3448	ViaIde - ok
15:16:44.0093 3448	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
15:16:44.0218 3448	VolSnap - ok
15:16:44.0250 3448	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
15:16:44.0390 3448	VSS - ok
15:16:44.0406 3448	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
15:16:44.0546 3448	W32Time - ok
15:16:44.0562 3448	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:16:44.0687 3448	Wanarp - ok
15:16:44.0703 3448	WDICA - ok
15:16:44.0718 3448	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:16:44.0843 3448	wdmaud - ok
15:16:44.0859 3448	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
15:16:45.0000 3448	WebClient - ok
15:16:45.0046 3448	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:16:45.0171 3448	winmgmt - ok
15:16:45.0203 3448	WmdmPmSN        (6e18978b749f0696a774de3f2cb142dd) C:\WINDOWS\system32\mspmsnsv.dll
15:16:45.0328 3448	WmdmPmSN - ok
15:16:45.0375 3448	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
15:16:45.0421 3448	Wmi - ok
15:16:45.0484 3448	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:16:45.0593 3448	WmiApSrv - ok
15:16:45.0625 3448	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
15:16:45.0765 3448	wscsvc - ok
15:16:45.0781 3448	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:16:45.0906 3448	WSTCODEC - ok
15:16:45.0921 3448	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
15:16:46.0046 3448	wuauserv - ok
15:16:46.0078 3448	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
15:16:46.0218 3448	WZCSVC - ok
15:16:46.0234 3448	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
15:16:46.0406 3448	xmlprov - ok
15:16:46.0437 3448	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:16:46.0937 3448	\Device\Harddisk0\DR0 - ok
15:16:46.0953 3448	MBR (0x1B8)     (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk1\DR1
15:16:47.0000 3448	\Device\Harddisk1\DR1 - ok
15:16:47.0000 3448	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR8
15:16:50.0390 3448	\Device\Harddisk5\DR8 - ok
15:16:50.0406 3448	Boot (0x1200)   (31117e3f4421da04e2209c1d80988f85) \Device\Harddisk0\DR0\Partition0
15:16:50.0406 3448	\Device\Harddisk0\DR0\Partition0 - ok
15:16:50.0406 3448	Boot (0x1200)   (f48f14286da8b8c7be68936e9087a8e0) \Device\Harddisk0\DR0\Partition1
15:16:50.0406 3448	\Device\Harddisk0\DR0\Partition1 - ok
15:16:50.0421 3448	Boot (0x1200)   (4eb6a976af183366c444a09981d648e4) \Device\Harddisk1\DR1\Partition0
15:16:50.0421 3448	\Device\Harddisk1\DR1\Partition0 - ok
15:16:50.0421 3448	Boot (0x1200)   (87a0eb4ead04758e9eef1ae99037f53c) \Device\Harddisk5\DR8\Partition0
15:16:50.0421 3448	\Device\Harddisk5\DR8\Partition0 - ok
15:16:50.0421 3448	============================================================
15:16:50.0421 3448	Scan finished
15:16:50.0421 3448	============================================================
15:16:50.0531 3576	Detected object count: 4
15:16:50.0531 3576	Actual detected object count: 4
15:29:36.0812 3576	DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:36.0812 3576	DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:29:36.0812 3576	ftsata2 ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:36.0812 3576	ftsata2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:29:36.0812 3576	PCANDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:36.0812 3576	PCANDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:29:36.0812 3576	PRISM_A02 ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:36.0812 3576	PRISM_A02 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 06.06.2012, 15:15

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

sheryO · 07.06.2012, 18:33

Code:

ATTFilter

ComboFix 12-06-07.03 - Administrator 07.06.2012  18:16:43.6.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2046.1599 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Administrator\4.0
c:\programme\xp-AntiSpy
c:\programme\xp-AntiSpy\Uninstall.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.chm
c:\programme\xp-AntiSpy\xp-AntiSpy.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.url
c:\programme\xp-AntiSpy\xp-AntiSpy_3.9.3.exe
c:\windows\e.bat
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\s.bat
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\empty.exe
c:\windows\system32\remover.exe
c:\windows\system32\tooldownloadreadme.htm
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-07 bis 2012-06-07  ))))))))))))))))))))))))))))))
.
.
2012-06-03 12:37 . 2012-06-03 12:37	--------	d-----w-	c:\programme\Dropbox
2012-06-03 12:26 . 2012-06-03 12:26	--------	d-----w-	C:\TDSSKiller_Quarantine
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2002-12-31 12:00	604160	----a-w-	c:\windows\system32\crypt32.dll
2012-05-06 16:48 . 2012-05-06 16:48	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-06 16:48 . 2011-08-24 11:40	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:51 . 2004-08-04 00:50	2029056	------w-	c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51 . 2002-12-31 12:00	2150912	------w-	c:\windows\system32\ntoskrnl.exe
2012-04-11 13:51 . 2002-12-31 12:00	1862400	----a-w-	c:\windows\system32\win32k.sys
2012-04-04 13:56 . 2009-08-20 13:43	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-28 2424560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-04-10 979344]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2006-06-28 98304]
.
c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\
Dropbox.lnk - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21	548352	----a-w-	c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\The Creative Assembly\\Rome - Total War\\RomeTW.exe"=
"c:\\Programme\\The Creative Assembly\\Rome - Total War\\RomeTW-BI.exe"=
"c:\\Dokumente und Einstellungen\\Administrator\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Dokumente und Einstellungen\\Administrator\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 20:41 67656]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [15.07.2010 23:20 135336]
S3 GarenaPEngine;GarenaPEngine;\??\c:\dokume~1\ADMINI~1\LOKALE~1\Temp\YLO5.tmp --> c:\dokume~1\ADMINI~1\LOKALE~1\Temp\YLO5.tmp [?]
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-07 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: kaspersky.com\www
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{0B316D96-1017-4617-B52A-C617BD9C68B8}: NameServer = 192.168.100.1
FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-57890767.sys
MSConfigStartUp-Upgrade - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Google Inc.\{2EBC3A8B-7B80-4F71-A899-18741E4D3207}\Upgrade.exe
AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-07 18:20
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]
"ImagePath"="\??\c:\dokume~1\ADMINI~1\LOKALE~1\Temp\YLO5.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-746137067-1177238915-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,51,b8,e4,82,d1,15,49,be,7e,73,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,09,3d,96,18,26,c8,4d,95,4c,14,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,51,b8,e4,82,d1,15,49,be,7e,73,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(516)
c:\programme\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2012-06-07  18:22:23
ComboFix-quarantined-files.txt  2012-06-07 16:22
ComboFix2.txt  2010-07-15 13:22
.
Vor Suchlauf: 3.812.515.840 Bytes frei
Nach Suchlauf: 4.012.691.456 Bytes frei
.
- - End Of File - - 1C9E43BC2C120C8E9139A19E01FA21D1

cosinus · 07.06.2012, 21:02

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

sheryO · 07.06.2012, 23:29

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-07 23:10:05
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 ST3160023AS rev.3.00
Running: t71w1xty.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pxldiuod.sys


---- System - GMER 1.0.15 ----

SSDT            BA76072E                                                                                                   ZwCreateKey
SSDT            BA760724                                                                                                   ZwCreateThread
SSDT            BA760733                                                                                                   ZwDeleteKey
SSDT            BA76073D                                                                                                   ZwDeleteValueKey
SSDT            BA760742                                                                                                   ZwLoadKey
SSDT            BA760710                                                                                                   ZwOpenProcess
SSDT            BA760715                                                                                                   ZwOpenThread
SSDT            BA76074C                                                                                                   ZwReplaceKey
SSDT            BA760747                                                                                                   ZwRestoreKey
SSDT            BA760738                                                                                                   ZwSetValueKey
SSDT            \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)  ZwTerminateProcess [0xA958C620]

Code            \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys                                                         pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

?               C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                 Das System kann die angegebene Datei nicht finden. !
?               C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys                                                             Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                   fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 00:29:11 on 08.06.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"OGALogon.job" - ? - C:\WINDOWS\system32\OGAEXEC.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"cttune.cpl" - ? - C:\WINDOWS\system32\cttune.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Oracle" - C:\WINDOWS\system32\javacpl.cpl
"NeroBurnRights.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\NeroBurnRights.cpl
"QuickTime.cpl" - "Apple Computer, Inc." - C:\WINDOWS\system32\QuickTime.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir Personal – Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"ftsata2" (ftsata2) - "Promise Technology, Inc." - C:\WINDOWS\system32\drivers\ftsata2.sys
"GarenaPEngine" (GarenaPEngine) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\YLO5.tmp  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"PCANDIS5 NDIS Protocol Driver" (PCANDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\PCANDIS5.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"pxldiuod" (pxldiuod) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pxldiuod.sys  (Hidden registry entry, rootkit activity | File not found)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
"Sinus 154 stick" (PRISM_A02) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\PRISMA02.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"Team MFP Comm Driver" (DgiVecp) - "DeviceGuys, Inc." - C:\WINDOWS\System32\Drivers\DgiVecp.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "{7D4D6379-F301-4311-BEBA-E26EB0561882}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{87D62D94-71B3-4b9a-9489-5FE6850DC73E} "Avi Properties Handler" - ? -   (File not found | COM-object registry key not found)
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{B28C18DB-6816-4F31-9630-397683E3C2C3} "FilZip Shell Extension" - "Philipp Engel" - C:\Programme\FilZip\fzshext.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler" - ? -   (File not found | COM-object registry key not found)
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler" - ? -   (File not found | COM-object registry key not found)
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
Eraser Shell Extension "{BC9B776A-90D7-4476-A791-79D835F30650}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "&Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle" - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Oracle" - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Eraser" - "The Eraser Project" - "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
"QuickTime Task" - "Apple Computer, Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"Win2PDF Port" - ? - C:\WINDOWS\system32\win2pdfm.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Java Quick Starter" (JavaQuickStarterService) - "Oracle" - C:\Programme\Java\jre6\bin\jqs.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"PnkBstrB" (PnkBstrB) - ? - C:\WINDOWS\system32\PnkBstrB.exe  (File found, but it contains no detailed information)
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-07 23:17:41
-----------------------------
23:17:41.762    OS Version: Windows 5.1.2600 Service Pack 3
23:17:41.762    Number of processors: 2 586 0x404
23:17:41.762    ComputerName: PC-LUENDORF  UserName: 
23:17:42.043    Initialize success
23:18:43.355    AVAST engine defs: 12060700
23:19:14.980    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
23:19:14.980    Disk 0 Vendor: ST3160023AS 3.00 Size: 152627MB BusType: 3
23:19:14.980    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-22
23:19:14.980    Disk 1 Vendor: ST3160023AS 3.00 Size: 152627MB BusType: 3
23:19:14.980    Disk 0 MBR read successfully
23:19:14.980    Disk 0 MBR scan
23:19:15.027    Disk 0 Windows XP default MBR code
23:19:15.027    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        29996 MB offset 63
23:19:15.027    Disk 0 Partition - 00     0F Extended LBA            122621 MB offset 61432560
23:19:15.059    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       122621 MB offset 61432623
23:19:15.090    Disk 0 scanning sectors +312560640
23:19:15.246    Disk 0 scanning C:\WINDOWS\system32\drivers
23:19:54.809    Service scanning
23:20:03.902    Modules scanning
23:20:45.152    Disk 0 trace - called modules:
23:20:45.199    ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
23:20:45.199    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a364ab8]
23:20:45.199    3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000068[0x8a36d9e8]
23:20:45.199    5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8a3aa940]
23:20:45.652    AVAST engine scan C:\WINDOWS
23:21:08.809    AVAST engine scan C:\WINDOWS\system32
23:30:49.949    AVAST engine scan C:\WINDOWS\system32\drivers
23:31:43.777    AVAST engine scan C:\Dokumente und Einstellungen\Administrator
23:38:30.996    AVAST engine scan C:\Dokumente und Einstellungen\All Users
23:40:12.027    Scan finished successfully
00:26:57.340    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat"
00:26:57.340    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.txt"

Fehlerhafte Darstellung von Internetseiten & selbstständige Füllung der C-Festplattenpartition

Plagegeister aller Art und deren Bekämpfung: Fehlerhafte Darstellung von Internetseiten & selbstständige Füllung der C-Festplattenpartition