Trojaner-Board - http://www.searchqu.com/406

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - http://www.searchqu.com/406 (https://www.trojaner-board.de/107253-http-www-searchqu-com-406-a.html)

http://www.searchqu.com/406

Hallo liebe Helfer,

ich habe ein Problem mit hxxp://www.searchqu.com/406. Diese Toolbar schiebt sich immer vor meine Startseite (ich benutze Internetexplorer). In dem Forum habe ich gelesen, dass dieses Problem bereits bei anderen Personen auftrat, dass jedoch jeder eine eigene Herangehensweise benötigt, daher also mein eigener thread.

Folgende Schritte habe ich bereits unternommen:

Scans mit - Antivir (hat nichts ergeben)
- Malwarebytes (hat nichts ergeben)
- ESET online scanner (hat die Toolbar zweimal als Virus erkannt)

(Leider weiß ich nicht wo ich die Logfiles von ESET finden kann..)

Ich würde mich sehr freuen, wenn mir jemand helfen kann und bedanke mich schonmal an dieser Stelle!
Marie

Hier nun die Logfiles: OTL.txt / Extras.txt / Gmer.txt

Zitat:

OTL logfile created on: 30.12.2011 11:43:10 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\r2d2\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,87 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 52,34% Memory free
3,75 Gb Paging File | 2,48 Gb Available in Paging File | 66,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34,18 Gb Total Space | 6,09 Gb Free Space | 17,81% Space Free | Partition Type: NTFS
Drive D: | 114,87 Gb Total Space | 39,72 Gb Free Space | 34,58% Space Free | Partition Type: NTFS

Computer Name: R2D2-PC | User Name: r2d2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\r2d2\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\r2d2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\ielowutil.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBEE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Ecosia\ecosia.dll ()

========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (vflt) -- C:\Windows\System32\drivers\vfilter.sys (Shrew Soft Inc)
DRV - (vnet) -- C:\Windows\System32\drivers\virtualnet.sys (Shrew Soft Inc)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Programme\Device_Doctor\tbDev2.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/406
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 73 C9 1E 39 AE CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Programme\Device_Doctor\tbDev2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

[2011.04.27 21:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\r2d2\AppData\Roaming\mozilla\Extensions
[2011.05.25 17:07:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\r2d2\AppData\Roaming\mozilla\Firefox\Profiles\caajkjnv.default\extensions
[2011.05.25 17:07:40 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Users\r2d2\AppData\Roaming\mozilla\Firefox\Profiles\caajkjnv.default\extensions\toolbar@web.de
[2011.04.27 21:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\r2d2\AppData\Roaming\mozilla\Firefox\Profiles\z7c24n61.default\extensions

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Ecosia Class) - {7E783154-F54B-4af6-8C01-0A3E744B5DC8} - C:\Programme\Ecosia\ecosia.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Device Doctor Toolbar) - {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Programme\Device_Doctor\tbDev2.dll (Conduit Ltd.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Device Doctor Toolbar) - {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Programme\Device_Doctor\tbDev2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ecosia Search) - {C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} - C:\Programme\Ecosia\ecosia.dll ()
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Device Doctor Toolbar) - {BB6D9528-45F5-4C75-91C9-93290710EC4C} - C:\Programme\Device_Doctor\tbDev2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [EPSON Stylus DX4000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\r2d2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\r2d2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\r2d2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{137F667C-F7D2-4666-A9CB-99049F78250D}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{85dcc1a1-5dc2-11df-a7e3-001b247c126f}\Shell - "" = AutoRun
O33 - MountPoints2\{85dcc1a1-5dc2-11df-a7e3-001b247c126f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.12.30 11:41:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\r2d2\Desktop\OTL.exe
[2011.12.28 18:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.12.20 15:29:39 | 000,000,000 | ---D | C] -- C:\Users\r2d2\Desktop\Neuer Ordner (6)
[2011.12.19 14:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb
[2011.12.19 14:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\1und1Softwareaktualisierung
[2011.12.19 14:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE Toolbar
[2011.12.17 21:56:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.17 21:56:56 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.12.17 21:56:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.17 21:56:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.17 21:56:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.17 21:56:52 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.17 21:28:11 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.17 21:28:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.17 21:27:52 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.17 21:27:49 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.17 21:27:48 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.17 21:27:47 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.15 01:11:17 | 000,000,000 | ---D | C] -- C:\Users\r2d2\AppData\Roaming\Malwarebytes
[2011.12.15 01:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.15 01:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.15 01:11:05 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.15 01:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.14 14:59:23 | 000,000,000 | ---D | C] -- C:\Users\r2d2\AppData\Local\Ilivid Player
[2011.12.14 14:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2011.12.14 14:58:01 | 000,000,000 | ---D | C] -- C:\Users\r2d2\AppData\Local\PackageAware
[2011.12.04 00:10:34 | 000,000,000 | ---D | C] -- C:\Users\r2d2\AppData\Local\Apple Computer
[2011.12.04 00:10:33 | 000,000,000 | ---D | C] -- C:\Users\r2d2\AppData\Roaming\Apple Computer
[2011.12.04 00:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.12.04 00:10:16 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011.12.04 00:10:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011.12.04 00:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.12.04 00:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.12.04 00:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.12.04 00:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.12.04 00:08:18 | 000,000,000 | ---D | C] -- C:\Users\r2d2\AppData\Local\Apple
[2011.12.04 00:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011.12.04 00:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.12.04 00:07:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011.12.04 00:07:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011.12.03 23:45:13 | 000,000,000 | ---D | C] -- C:\Users\r2d2\AppData\Local\Audible
[2011.12.03 23:45:07 | 000,255,352 | ---- | C] (Audible, Inc.) -- C:\Windows\System32\awrdscdc.ax
[2011.12.03 23:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
[2011.12.03 23:44:43 | 000,000,000 | ---D | C] -- D:\Users\r2d2\Documents\Audible
[2011.12.03 23:44:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Audible
[2011.12.03 23:44:43 | 000,000,000 | ---D | C] -- C:\Program Files\Audible
[2007.01.28 02:08:40 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.12.30 11:41:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\r2d2\Desktop\OTL.exe
[2011.12.30 11:38:53 | 000,050,477 | ---- | M] () -- C:\Users\r2d2\Desktop\Defogger.exe
[2011.12.30 11:35:02 | 000,000,000 | ---- | M] () -- C:\Users\r2d2\defogger_reenable
[2011.12.30 11:22:06 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.30 11:22:06 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.30 11:16:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.30 11:16:45 | 1509,101,568 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.20 15:29:44 | 000,272,352 | ---- | M] () -- C:\Users\r2d2\Desktop\001.jpg
[2011.12.18 01:16:35 | 000,418,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.13 11:28:19 | 000,748,454 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.13 11:28:19 | 000,710,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.13 11:28:19 | 000,165,922 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.13 11:28:19 | 000,142,304 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.13 11:24:25 | 000,437,332 | ---- | M] () -- C:\Users\r2d2\Desktop\RLONZG.pdf
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.09 00:00:09 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.08 16:58:56 | 000,000,993 | ---- | M] () -- C:\Users\r2d2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.12.04 13:48:32 | 064,901,746 | ---- | M] () -- C:\Users\r2d2\Desktop\IstdaseinWitz_ep7_amerta.b.aax
[2011.12.03 23:45:07 | 000,255,352 | ---- | M] (Audible, Inc.) -- C:\Windows\System32\awrdscdc.ax
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.12.30 11:38:53 | 000,050,477 | ---- | C] () -- C:\Users\r2d2\Desktop\Defogger.exe
[2011.12.30 11:35:02 | 000,000,000 | ---- | C] () -- C:\Users\r2d2\defogger_reenable
[2011.12.20 15:29:44 | 000,272,352 | ---- | C] () -- C:\Users\r2d2\Desktop\001.jpg
[2011.12.13 11:24:25 | 000,437,332 | ---- | C] () -- C:\Users\r2d2\Desktop\RLONZG.pdf
[2011.12.04 13:25:44 | 064,901,746 | ---- | C] () -- C:\Users\r2d2\Desktop\IstdaseinWitz_ep7_amerta.b.aax
[2011.12.04 00:08:15 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.07.04 13:46:47 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.07.04 13:43:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.05 13:39:03 | 000,994,622 | ---- | C] () -- C:\Users\r2d2\AppData\Local\Inspiration.chm
[2010.11.08 22:39:28 | 000,000,008 | ---- | C] () -- C:\Windows\wilex.ini
[2010.08.22 22:31:22 | 000,003,584 | ---- | C] () -- C:\Users\r2d2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.08 19:49:10 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS79.DLL
[2010.06.29 23:39:12 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010.04.21 18:24:51 | 000,000,000 | ---- | C] () -- C:\Windows\PCFriend.INI
[2010.04.07 16:24:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.23 13:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.14 09:47:43 | 000,748,454 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,165,922 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,418,968 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,710,296 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,142,304 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1998.10.10 23:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll

========== LOP Check ==========

[2010.10.19 11:12:30 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\across
[2010.04.06 16:28:57 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\DeviceDoctorSoftware
[2011.12.30 11:18:05 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Dropbox
[2011.05.22 13:20:57 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Inspiration Software
[2011.11.30 23:36:27 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Zitat:

OTL Extras logfile created on: 30.12.2011 11:43:10 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\r2d2\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,87 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 52,34% Memory free
3,75 Gb Paging File | 2,48 Gb Available in Paging File | 66,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34,18 Gb Total Space | 6,09 Gb Free Space | 17,81% Space Free | Partition Type: NTFS
Drive D: | 114,87 Gb Total Space | 39,72 Gb Free Space | 34,58% Space Free | Partition Type: NTFS

Computer Name: R2D2-PC | User Name: r2d2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21D9DC24-7826-4007-B245-5FB80ED0F682}_is1" = Ecosia Plugin 1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACROSS)
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3C38D421-BC10-4C08-92AB-6C0C8D834275}" = Across Personal Edition
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{498B4BF1-AD73-4AA8-99EB-18D400E42482}" = Novo Dicionário Aurélio
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8137862f-0249-4b87-8999-bec386a70cc9}" = Nero 9 Lite
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D575FBAA-D6D6-4221-A2C4-67541DB7AB5E}_is1" = Device Doctor 1.0.0.1
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1" = PDF-XChange 4
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"AvantBrowser" = Avant Browser (remove only)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon Setup Utility 2.0" = Canon Setup Utility 2.0
"CANONBJ_Deinstall_CNMCP79.DLL" = Canon iP5200
"Device_Doctor Toolbar" = Device_Doctor Toolbar
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Easy-WebPrint" = Easy-WebPrint
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESET Online Scanner" = ESET Online Scanner v3
"Inspiration 8" = Inspiration 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09.12.2011 11:37:36 | Computer Name = R2D2-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5445

Error - 09.12.2011 11:37:36 | Computer Name = R2D2-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5445

Error - 09.12.2011 11:37:37 | Computer Name = R2D2-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 09.12.2011 11:37:37 | Computer Name = R2D2-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6474

Error - 09.12.2011 11:37:37 | Computer Name = R2D2-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6474

Error - 14.12.2011 20:21:50 | Computer Name = r2d2-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 14.12.2011 20:21:53 | Computer Name = r2d2-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 28.12.2011 11:33:06 | Computer Name = r2d2-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.51.0.1118, Zeitstempel:
0x4e5e8e67 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0x10a8 Startzeit der fehlerhaften Anwendung: 0x01ccc575f8c417e0 Pfad der fehlerhaften
Anwendung: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 3c6b36e0-3169-11e1-8e13-001b247c126f

Error - 28.12.2011 11:45:28 | Computer Name = r2d2-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 28.12.2011 13:36:18 | Computer Name = r2d2-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

[ OSession Events ]
Error - 22.05.2011 08:19:10 | Computer Name = r2d2-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1279
seconds with 780 seconds of active time. This session ended with a crash.

Error - 26.11.2011 23:21:36 | Computer Name = r2d2-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 20.12.2011 17:53:24 | Computer Name = r2d2-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 0 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.

Error - 21.12.2011 17:26:28 | Computer Name = r2d2-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
vflt

Error - 21.12.2011 17:26:34 | Computer Name = r2d2-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.

Error - 21.12.2011 17:26:34 | Computer Name = r2d2-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 0 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.

Error - 28.12.2011 08:52:13 | Computer Name = r2d2-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
vflt

Error - 28.12.2011 08:53:02 | Computer Name = r2d2-PC | Source = DCOM | ID = 10010
Description =

Error - 28.12.2011 15:56:23 | Computer Name = r2d2-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.

Error - 30.12.2011 06:17:18 | Computer Name = r2d2-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
vflt

Error - 30.12.2011 06:17:22 | Computer Name = r2d2-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.

Error - 30.12.2011 06:17:22 | Computer Name = r2d2-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 0 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.

< End of report >

Zitat:

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-30 12:07:06
Windows 6.1.7601 Service Pack 1
Running: kh9mwn0g.exe; Driver: C:\Users\r2d2\AppData\Local\Temp\kxldrpob.sys

---- System - GMER 1.0.15 ----

SSDT 8E428FC6 ZwCreateSection
SSDT 8E428FD0 ZwRequestWaitReplyPort
SSDT 8E428FCB ZwSetContextThread
SSDT 8E428FD5 ZwSetSecurityObject
SSDT 8E428FDA ZwSystemDebugControl
SSDT 8E428F67 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C7D369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB6D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82CBDEAC 4 Bytes [C6, 8F, 42, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82CBE208 4 Bytes [D0, 8F, 42, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82CBE24C 4 Bytes [CB, 8F, 42, 8E] {RETF ; POP DWORD [EDX-0x72]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82CBE2C8 4 Bytes [D5, 8F, 42, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82CBE31C 4 Bytes [DA, 8F, 42, 8E]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8EE24340, 0x3EE217, 0xE8000020]

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000054 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Zitat:

- Malwarebytes (hat nichts ergeben)

Bitte routinemäßig einen neuen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Vielen Dank fuer die Antwort!!

Ich habe einen Vollscan mit Malwarebytes durchgeführt, hier die neueste Logdatei:

Code:

 Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org
 

Datenbank Version: v2012.01.05.01
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

r2d2 :: R2D2-PC [Administrator]
 

05.01.2012 10:02:40

mbam-log-2012-01-05 (10-02-40).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 259391

Laufzeit: 1 Stunde(n), 56 Minute(n), 31 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

und zwei weitere (ältere) Logdateien:

Code:

 Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org
 

Datenbank Version: v2011.12.28.03
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

r2d2 :: R2D2-PC [Administrator]
 

28.12.2011 16:35:35

mbam-log-2011-12-28 (16-35-35).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 257879

Laufzeit: 1 Stunde(n), 13 Minute(n), 22 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

 Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org
 

Datenbank Version: 8373
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421
 

15.12.2011 01:21:56

mbam-log-2011-12-15 (01-21-55).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Durchsuchte Objekte: 50225

Laufzeit: 9 Minute(n), 46 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

und hier die Log.txt vom Scan mit ESET (Ich bin mir nicht ganz sicher, ob ich da alles richtig gemacht habe, da nach dem Scan eine Meldung kam, ESET wäre möglicherweise nicht richtig installiert...)

Code:

 ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=9bd535041426c447911b66374135d0c1

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-05 12:44:32

# local_time=2012-01-05 01:44:32 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1792 16777215 100 0 7060651 7060651 0 0

# compatibility_mode=5893 16776574 100 94 671197 77393045 0 0

# compatibility_mode=8192 67108863 100 0 671677 671677 0 0

# scanned=107130

# found=0

# cleaned=0

# scan_time=5618

Vielen Dank!!
Marie

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

hier der Inhalt aus OTL.txt

OTL Logfile:

Code:

OTL logfile created on: 05.01.2012 23:47:25 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\r2d2\Desktop

 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,87 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 65,58% Memory free

3,75 Gb Paging File | 2,73 Gb Available in Paging File | 72,73% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 34,18 Gb Total Space | 6,55 Gb Free Space | 19,16% Space Free | Partition Type: NTFS

Drive D: | 114,87 Gb Total Space | 39,72 Gb Free Space | 34,58% Space Free | Partition Type: NTFS

 

Computer Name: R2D2-PC | User Name: r2d2 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\r2d2\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Users\r2d2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

PRC - C:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)

PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)

PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBEE.EXE (SEIKO EPSON CORPORATION)

PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()

MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)

DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (vflt) -- C:\Windows\System32\drivers\vfilter.sys (Shrew Soft Inc)

DRV - (vnet) -- C:\Windows\System32\drivers\virtualnet.sys (Shrew Soft Inc)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)

DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )

DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)

DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)

DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\URLSearchHook: {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Programme\Device_Doctor\tbDev2.dll (Conduit Ltd.)

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/406

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 73 C9 1E 39 AE CA 01  [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKCU\..\URLSearchHook: {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Programme\Device_Doctor\tbDev2.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..network.proxy.type: 0

 

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

 

[2011.04.27 21:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\r2d2\AppData\Roaming\mozilla\Extensions

[2011.05.25 17:07:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\r2d2\AppData\Roaming\mozilla\Firefox\Profiles\caajkjnv.default\extensions

[2011.05.25 17:07:40 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Users\r2d2\AppData\Roaming\mozilla\Firefox\Profiles\caajkjnv.default\extensions\toolbar@web.de

[2011.04.27 21:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\r2d2\AppData\Roaming\mozilla\Firefox\Profiles\z7c24n61.default\extensions

 

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Ecosia Class) - {7E783154-F54B-4af6-8C01-0A3E744B5DC8} - C:\Programme\Ecosia\ecosia.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (Device Doctor Toolbar) - {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Programme\Device_Doctor\tbDev2.dll (Conduit Ltd.)

O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()

O3 - HKLM\..\Toolbar: (Device Doctor Toolbar) - {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Programme\Device_Doctor\tbDev2.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Ecosia Search) - {C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} - C:\Programme\Ecosia\ecosia.dll ()

O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Device Doctor Toolbar) - {BB6D9528-45F5-4C75-91C9-93290710EC4C} - C:\Programme\Device_Doctor\tbDev2.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKCU..\Run: [EPSON Stylus DX4000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found

O4 - Startup: C:\Users\r2d2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\r2d2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\r2d2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()

O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()

O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()

O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{137F667C-F7D2-4666-A9CB-99049F78250D}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{85dcc1a1-5dc2-11df-a7e3-001b247c126f}\Shell - "" = AutoRun

O33 - MountPoints2\{85dcc1a1-5dc2-11df-a7e3-001b247c126f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.12.30 11:41:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\r2d2\Desktop\OTL.exe

[2011.12.28 18:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011.12.20 15:29:39 | 000,000,000 | ---D | C] -- C:\Users\r2d2\Desktop\Neuer Ordner (6)

[2011.12.19 14:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb

[2011.12.19 14:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\1und1Softwareaktualisierung

[2011.12.19 14:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE Toolbar

[2011.12.15 01:11:17 | 000,000,000 | ---D | C] -- C:\Users\r2d2\AppData\Roaming\Malwarebytes

[2011.12.15 01:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.12.15 01:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.12.15 01:11:05 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.12.15 01:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.12.14 14:59:23 | 000,000,000 | ---D | C] -- C:\Users\r2d2\AppData\Local\Ilivid Player

[2011.12.14 14:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid

[2011.12.14 14:58:01 | 000,000,000 | ---D | C] -- C:\Users\r2d2\AppData\Local\PackageAware

[2007.01.28 02:08:40 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.01.05 23:45:16 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.01.05 23:45:16 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.01.05 23:40:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.01.05 23:39:57 | 1509,101,568 | -HS- | M] () -- C:\hiberfil.sys

[2011.12.30 11:55:25 | 000,302,592 | ---- | M] () -- C:\Users\r2d2\Desktop\kh9mwn0g.exe

[2011.12.30 11:41:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\r2d2\Desktop\OTL.exe

[2011.12.30 11:38:53 | 000,050,477 | ---- | M] () -- C:\Users\r2d2\Desktop\Defogger.exe

[2011.12.30 11:35:02 | 000,000,000 | ---- | M] () -- C:\Users\r2d2\defogger_reenable

[2011.12.20 15:29:44 | 000,272,352 | ---- | M] () -- C:\Users\r2d2\Desktop\001.jpg

[2011.12.18 01:16:35 | 000,418,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.12.13 11:28:19 | 000,748,454 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.12.13 11:28:19 | 000,710,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.12.13 11:28:19 | 000,165,922 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.12.13 11:28:19 | 000,142,304 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.12.13 11:24:25 | 000,437,332 | ---- | M] () -- C:\Users\r2d2\Desktop\RLONZG.pdf

[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.12.09 00:00:09 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011.12.08 16:58:56 | 000,000,993 | ---- | M] () -- C:\Users\r2d2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.12.30 11:55:25 | 000,302,592 | ---- | C] () -- C:\Users\r2d2\Desktop\kh9mwn0g.exe

[2011.12.30 11:38:53 | 000,050,477 | ---- | C] () -- C:\Users\r2d2\Desktop\Defogger.exe

[2011.12.30 11:35:02 | 000,000,000 | ---- | C] () -- C:\Users\r2d2\defogger_reenable

[2011.12.20 15:29:44 | 000,272,352 | ---- | C] () -- C:\Users\r2d2\Desktop\001.jpg

[2011.12.13 11:24:25 | 000,437,332 | ---- | C] () -- C:\Users\r2d2\Desktop\RLONZG.pdf

[2011.07.04 13:46:47 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2011.07.04 13:43:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011.05.05 13:39:03 | 000,994,622 | ---- | C] () -- C:\Users\r2d2\AppData\Local\Inspiration.chm

[2010.11.08 22:39:28 | 000,000,008 | ---- | C] () -- C:\Windows\wilex.ini

[2010.08.22 22:31:22 | 000,003,584 | ---- | C] () -- C:\Users\r2d2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.07.08 19:49:10 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS79.DLL

[2010.06.29 23:39:12 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI

[2010.04.21 18:24:51 | 000,000,000 | ---- | C] () -- C:\Windows\PCFriend.INI

[2010.04.07 16:24:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.03.23 13:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll

[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2009.07.14 09:47:43 | 000,748,454 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2009.07.14 09:47:43 | 000,165,922 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 05:33:53 | 000,418,968 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009.07.14 03:05:48 | 000,710,296 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009.07.14 03:05:48 | 000,142,304 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[1998.10.10 23:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll

 
 ========== LOP Check ==========

 

[2010.10.19 11:12:30 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\across

[2010.04.06 16:28:57 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\DeviceDoctorSoftware

[2012.01.05 23:41:01 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Dropbox

[2011.05.22 13:20:57 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Inspiration Software

[2011.11.30 23:36:27 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.10.19 11:12:30 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\across

[2011.08.30 14:20:10 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Adobe

[2011.12.04 13:16:21 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Apple Computer

[2010.04.06 16:02:14 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Avant Profiles

[2011.10.15 18:54:28 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Avira

[2010.04.06 16:28:57 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\DeviceDoctorSoftware

[2012.01.05 23:41:01 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Dropbox

[2010.04.06 23:22:21 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Google

[2010.04.06 16:28:57 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\hpqLog

[2010.04.06 16:28:57 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Identities

[2011.05.22 13:20:57 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Inspiration Software

[2010.04.06 16:28:57 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Macromedia

[2011.12.15 01:11:17 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Malwarebytes

[2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Media Center Programs

[2011.07.18 14:42:28 | 000,000,000 | --SD | M] -- C:\Users\r2d2\AppData\Roaming\Microsoft

[2011.04.27 21:00:13 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Mozilla

[2010.05.10 20:55:06 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Nero

[2011.11.17 23:00:36 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Skype

[2011.11.17 16:18:48 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\skypePM

 
 < %APPDATA%\*.exe /s >

[2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\r2d2\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2011.12.05 20:18:12 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\r2d2\AppData\Roaming\Dropbox\bin\Uninstall.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys

[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys

[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys

[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys

[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys

[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys

[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

 
 < MD5 for: NVSTOR32.SYS  >

[2009.08.04 16:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=269DE658DEAF032564E8B6430B5BD170 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\Win7\sataraid\nvstor32.sys

[2009.08.04 16:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=269DE658DEAF032564E8B6430B5BD170 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\WinVista\sataraid\nvstor32.sys

[2009.08.04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\Win7\sata_ide\nvstor32.sys

[2009.08.04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\WinVista\sata_ide\nvstor32.sys

 
 < MD5 for: SCECLI.DLL  >

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll

[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll

[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

 
 <           >
 

< End of report >

--- --- ---
[/code]

und weiterhin vielen Dank!!

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\..\URLSearchHook: {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Programme\Device_Doctor\tbDev2.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 73 C9 1E 39 AE CA 01  [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Programme\Device_Doctor\tbDev2.dll (Conduit Ltd.)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Ecosia Class) - {7E783154-F54B-4af6-8C01-0A3E744B5DC8} - C:\Programme\Ecosia\ecosia.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (Device Doctor Toolbar) - {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Programme\Device_Doctor\tbDev2.dll (Conduit Ltd.)

O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()

O3 - HKLM\..\Toolbar: (Device Doctor Toolbar) - {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Programme\Device_Doctor\tbDev2.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Ecosia Search) - {C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} - C:\Programme\Ecosia\ecosia.dll ()

O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Device Doctor Toolbar) - {BB6D9528-45F5-4C75-91C9-93290710EC4C} - C:\Programme\Device_Doctor\tbDev2.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{85dcc1a1-5dc2-11df-a7e3-001b247c126f}\Shell - "" = AutoRun

O33 - MountPoints2\{85dcc1a1-5dc2-11df-a7e3-001b247c126f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

:Files

C:\Programme\ConduitEngine

C:\Programme\Ask*

C:\Programme\Ecosia

C:\Program Files\WEB.DE Toolbar

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

hier das gewünschte Logfile:

Code:

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bb6d9528-45f5-4c75-91c9-93290710ec4c} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb6d9528-45f5-4c75-91c9-93290710ec4c}\ deleted successfully.

C:\Programme\Device_Doctor\tbDev2.dll moved successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bb6d9528-45f5-4c75-91c9-93290710ec4c} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb6d9528-45f5-4c75-91c9-93290710ec4c}\ not found.

File C:\Programme\Device_Doctor\tbDev2.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

C:\Programme\ConduitEngine\ConduitEngine.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.

C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E783154-F54B-4af6-8C01-0A3E744B5DC8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E783154-F54B-4af6-8C01-0A3E744B5DC8}\ deleted successfully.

C:\Programme\Ecosia\ecosia.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.

C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb6d9528-45f5-4c75-91c9-93290710ec4c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb6d9528-45f5-4c75-91c9-93290710ec4c}\ not found.

File C:\Programme\Device_Doctor\tbDev2.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{327C2873-E90D-4c37-AA9D-10AC9BABA46C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{327C2873-E90D-4c37-AA9D-10AC9BABA46C}\ deleted successfully.

File WebPrint\Toolband.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bb6d9528-45f5-4c75-91c9-93290710ec4c} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb6d9528-45f5-4c75-91c9-93290710ec4c}\ not found.

File C:\Programme\Device_Doctor\tbDev2.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8F48FC8-3CA1-42B9-8609-F75D7C8B4493}\ deleted successfully.

File C:\Programme\Ecosia\ecosia.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Programme\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BB6D9528-45F5-4C75-91C9-93290710EC4C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB6D9528-45F5-4C75-91C9-93290710EC4C}\ not found.

File C:\Programme\Device_Doctor\tbDev2.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Programme\Ask.com\GenericAskToolbar.dll not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85dcc1a1-5dc2-11df-a7e3-001b247c126f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85dcc1a1-5dc2-11df-a7e3-001b247c126f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85dcc1a1-5dc2-11df-a7e3-001b247c126f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85dcc1a1-5dc2-11df-a7e3-001b247c126f}\ not found.

File F:\LaunchU3.exe -a not found.

========== FILES ==========

File\Folder C:\Programme\ConduitEngine not found.

File\Folder C:\Programme\Ask* not found.

File\Folder C:\Programme\Ecosia not found.

C:\Program Files\WEB.DE Toolbar\IE\Resources folder moved successfully.

C:\Program Files\WEB.DE Toolbar\IE folder moved successfully.

C:\Program Files\WEB.DE Toolbar folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Default

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Public

 

User: r2d2

->Temp folder emptied: 102093239 bytes

->Temporary Internet Files folder emptied: 1435362308 bytes

->FireFox cache emptied: 19090418 bytes

->Flash cache emptied: 123682 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 66393981 bytes

RecycleBin emptied: 634669 bytes

 

Total Files Cleaned = 1.549,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 01062012_184641
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Wenn ich jetzt den Internetexplorer starte, öffnet sich MSN (hxxp://de.msn.com/?ocid=iehp) als Startseite.

Immernoch herzlichen Dank natürlich :)

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

hier nun das Logfile von TDSS-Killer:

Code:

20:10:55.0800 1868        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

20:10:55.0956 1868        ============================================================

20:10:55.0956 1868        Current date / time: 2012/01/06 20:10:55.0956

20:10:55.0956 1868        SystemInfo:

20:10:55.0956 1868        

20:10:55.0956 1868        OS Version: 6.1.7601 ServicePack: 1.0

20:10:55.0956 1868        Product type: Workstation

20:10:55.0956 1868        ComputerName: R2D2-PC

20:10:55.0956 1868        UserName: r2d2

20:10:55.0956 1868        Windows directory: C:\Windows

20:10:55.0956 1868        System windows directory: C:\Windows

20:10:55.0956 1868        Processor architecture: Intel x86

20:10:55.0956 1868        Number of processors: 2

20:10:55.0956 1868        Page size: 0x1000

20:10:55.0956 1868        Boot type: Normal boot

20:10:55.0956 1868        ============================================================

20:10:57.0377 1868        Initialize success

20:11:40.0495 3108        ============================================================

20:11:40.0495 3108        Scan started

20:11:40.0495 3108        Mode: Manual; SigCheck; TDLFS; 

20:11:40.0495 3108        ============================================================

20:11:41.0462 3108        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

20:11:41.0556 3108        1394ohci - ok

20:11:41.0618 3108        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

20:11:41.0649 3108        ACPI - ok

20:11:41.0759 3108        AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

20:11:41.0852 3108        AcpiPmi - ok

20:11:41.0915 3108        adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

20:11:41.0961 3108        adp94xx - ok

20:11:42.0055 3108        adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

20:11:42.0086 3108        adpahci - ok

20:11:42.0117 3108        adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

20:11:42.0133 3108        adpu320 - ok

20:11:42.0211 3108        AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

20:11:42.0273 3108        AFD - ok

20:11:42.0383 3108        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

20:11:42.0429 3108        agp440 - ok

20:11:42.0461 3108        aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

20:11:42.0492 3108        aic78xx - ok

20:11:42.0539 3108        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

20:11:42.0554 3108        aliide - ok

20:11:42.0648 3108        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

20:11:42.0663 3108        amdagp - ok

20:11:42.0695 3108        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

20:11:42.0710 3108        amdide - ok

20:11:42.0757 3108        AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

20:11:42.0804 3108        AmdK8 - ok

20:11:42.0929 3108        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

20:11:42.0991 3108        AmdPPM - ok

20:11:43.0038 3108        amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

20:11:43.0069 3108        amdsata - ok

20:11:43.0116 3108        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

20:11:43.0147 3108        amdsbs - ok

20:11:43.0225 3108        amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

20:11:43.0241 3108        amdxata - ok

20:11:43.0350 3108        AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

20:11:43.0506 3108        AppID - ok

20:11:43.0677 3108        arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

20:11:43.0693 3108        arc - ok

20:11:43.0740 3108        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

20:11:43.0755 3108        arcsas - ok

20:11:43.0818 3108        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

20:11:43.0927 3108        AsyncMac - ok

20:11:44.0036 3108        atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

20:11:44.0067 3108        atapi - ok

20:11:44.0145 3108        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys

20:11:44.0208 3108        avgntflt - ok

20:11:44.0317 3108        avipbb          (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys

20:11:44.0348 3108        avipbb - ok

20:11:44.0411 3108        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys

20:11:44.0457 3108        avkmgr - ok

20:11:44.0520 3108        b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

20:11:44.0598 3108        b06bdrv - ok

20:11:44.0691 3108        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

20:11:44.0723 3108        b57nd60x - ok

20:11:44.0801 3108        BCM43XX         (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys

20:11:44.0863 3108        BCM43XX - ok

20:11:45.0050 3108        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

20:11:45.0097 3108        Beep - ok

20:11:45.0144 3108        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

20:11:45.0159 3108        blbdrive - ok

20:11:45.0284 3108        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

20:11:45.0331 3108        bowser - ok

20:11:45.0362 3108        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

20:11:45.0393 3108        BrFiltLo - ok

20:11:45.0425 3108        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

20:11:45.0456 3108        BrFiltUp - ok

20:11:45.0581 3108        Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

20:11:45.0674 3108        Brserid - ok

20:11:45.0705 3108        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

20:11:45.0737 3108        BrSerWdm - ok

20:11:45.0830 3108        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

20:11:45.0861 3108        BrUsbMdm - ok

20:11:45.0893 3108        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

20:11:45.0924 3108        BrUsbSer - ok

20:11:45.0971 3108        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

20:11:46.0017 3108        BTHMODEM - ok

20:11:46.0127 3108        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

20:11:46.0189 3108        cdfs - ok

20:11:46.0236 3108        cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

20:11:46.0283 3108        cdrom - ok

20:11:46.0392 3108        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

20:11:46.0470 3108        circlass - ok

20:11:46.0517 3108        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

20:11:46.0532 3108        CLFS - ok

20:11:46.0673 3108        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

20:11:46.0704 3108        CmBatt - ok

20:11:46.0735 3108        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

20:11:46.0751 3108        cmdide - ok

20:11:46.0782 3108        CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

20:11:46.0829 3108        CNG - ok

20:11:46.0860 3108        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

20:11:46.0891 3108        Compbatt - ok

20:11:47.0000 3108        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

20:11:47.0031 3108        CompositeBus - ok

20:11:47.0094 3108        crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

20:11:47.0109 3108        crcdisk - ok

20:11:47.0250 3108        CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

20:11:47.0343 3108        CSC - ok

20:11:47.0406 3108        CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys

20:11:47.0437 3108        CVirtA - ok

20:11:47.0562 3108        CVPNDRVA        (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys

20:11:47.0609 3108        CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning

20:11:47.0609 3108        CVPNDRVA - detected UnsignedFile.Multi.Generic (1)

20:11:47.0671 3108        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

20:11:47.0733 3108        DfsC - ok

20:11:47.0843 3108        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

20:11:47.0921 3108        discache - ok

20:11:47.0967 3108        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

20:11:47.0983 3108        Disk - ok

20:11:48.0045 3108        DNE             (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys

20:11:48.0061 3108        DNE - ok

20:11:48.0155 3108        drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

20:11:48.0186 3108        drmkaud - ok

20:11:48.0233 3108        DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

20:11:48.0295 3108        DXGKrnl - ok

20:11:48.0342 3108        E1G60           (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys

20:11:48.0373 3108        E1G60 - ok

20:11:48.0638 3108        ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

20:11:48.0747 3108        ebdrv - ok

20:11:48.0935 3108        elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

20:11:49.0013 3108        elxstor - ok

20:11:49.0075 3108        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

20:11:49.0106 3108        ErrDev - ok

20:11:49.0310 3108        exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

20:11:49.0419 3108        exfat - ok

20:11:49.0450 3108        fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

20:11:49.0513 3108        fastfat - ok

20:11:49.0622 3108        fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

20:11:49.0653 3108        fdc - ok

20:11:49.0700 3108        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

20:11:49.0716 3108        FileInfo - ok

20:11:49.0747 3108        Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

20:11:49.0809 3108        Filetrace - ok

20:11:49.0856 3108        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

20:11:49.0903 3108        flpydisk - ok

20:11:49.0981 3108        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

20:11:50.0012 3108        FltMgr - ok

20:11:50.0059 3108        FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

20:11:50.0090 3108        FsDepends - ok

20:11:50.0247 3108        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

20:11:50.0263 3108        Fs_Rec - ok

20:11:50.0356 3108        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

20:11:50.0387 3108        fvevol - ok

20:11:50.0481 3108        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

20:11:50.0497 3108        gagp30kx - ok

20:11:50.0543 3108        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:11:50.0559 3108        GEARAspiWDM - ok

20:11:50.0653 3108        HBtnKey         (7dad592a4d28092d584cfb4deef1373d) C:\Windows\system32\DRIVERS\cpqbttn.sys

20:11:50.0684 3108        HBtnKey - ok

20:11:50.0746 3108        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

20:11:50.0793 3108        hcw85cir - ok

20:11:50.0918 3108        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

20:11:50.0980 3108        HdAudAddService - ok

20:11:51.0027 3108        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

20:11:51.0058 3108        HDAudBus - ok

20:11:51.0105 3108        HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

20:11:51.0136 3108        HidBatt - ok

20:11:51.0199 3108        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

20:11:51.0245 3108        HidBth - ok

20:11:51.0292 3108        HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

20:11:51.0323 3108        HidIr - ok

20:11:51.0401 3108        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys

20:11:51.0433 3108        HidUsb - ok

20:11:51.0526 3108        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

20:11:51.0542 3108        HpSAMD - ok

20:11:51.0620 3108        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

20:11:51.0698 3108        HTTP - ok

20:11:51.0760 3108        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

20:11:51.0776 3108        hwpolicy - ok

20:11:51.0838 3108        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

20:11:51.0901 3108        i8042prt - ok

20:11:51.0947 3108        iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

20:11:51.0994 3108        iaStorV - ok

20:11:52.0057 3108        iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

20:11:52.0072 3108        iirsp - ok

20:11:52.0166 3108        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

20:11:52.0197 3108        intelide - ok

20:11:52.0244 3108        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

20:11:52.0275 3108        intelppm - ok

20:11:52.0291 3108        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:11:52.0353 3108        IpFilterDriver - ok

20:11:52.0415 3108        IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

20:11:52.0525 3108        IPMIDRV - ok

20:11:52.0618 3108        IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

20:11:52.0681 3108        IPNAT - ok

20:11:52.0727 3108        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

20:11:52.0805 3108        IRENUM - ok

20:11:52.0930 3108        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

20:11:52.0961 3108        isapnp - ok

20:11:53.0008 3108        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

20:11:53.0039 3108        iScsiPrt - ok

20:11:53.0071 3108        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

20:11:53.0102 3108        kbdclass - ok

20:11:53.0117 3108        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

20:11:53.0149 3108        kbdhid - ok

20:11:53.0258 3108        kbfiltr         (cc2a86d7bbf14977340dca61bbcba771) C:\Windows\system32\DRIVERS\kbfiltr.sys

20:11:53.0289 3108        kbfiltr - ok

20:11:53.0336 3108        KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

20:11:53.0367 3108        KSecDD - ok

20:11:53.0398 3108        KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

20:11:53.0429 3108        KSecPkg - ok

20:11:53.0539 3108        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

20:11:53.0601 3108        lltdio - ok

20:11:53.0648 3108        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

20:11:53.0679 3108        LSI_FC - ok

20:11:53.0710 3108        LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

20:11:53.0726 3108        LSI_SAS - ok

20:11:53.0773 3108        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

20:11:53.0804 3108        LSI_SAS2 - ok

20:11:53.0882 3108        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

20:11:53.0897 3108        LSI_SCSI - ok

20:11:53.0944 3108        luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

20:11:54.0053 3108        luafv - ok

20:11:54.0100 3108        megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

20:11:54.0131 3108        megasas - ok

20:11:54.0319 3108        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

20:11:54.0365 3108        MegaSR - ok

20:11:54.0412 3108        Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

20:11:54.0459 3108        Modem - ok

20:11:54.0506 3108        monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

20:11:54.0537 3108        monitor - ok

20:11:54.0646 3108        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys

20:11:54.0677 3108        mouclass - ok

20:11:54.0724 3108        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

20:11:54.0755 3108        mouhid - ok

20:11:54.0802 3108        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

20:11:54.0818 3108        mountmgr - ok

20:11:54.0927 3108        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

20:11:54.0958 3108        mpio - ok

20:11:54.0989 3108        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

20:11:55.0052 3108        mpsdrv - ok

20:11:55.0114 3108        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

20:11:55.0145 3108        MRxDAV - ok

20:11:55.0255 3108        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:11:55.0318 3108        mrxsmb - ok

20:11:55.0443 3108        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:11:55.0490 3108        mrxsmb10 - ok

20:11:55.0599 3108        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:11:55.0661 3108        mrxsmb20 - ok

20:11:55.0708 3108        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

20:11:55.0739 3108        msahci - ok

20:11:55.0786 3108        msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

20:11:55.0802 3108        msdsm - ok

20:11:55.0926 3108        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

20:11:55.0958 3108        Msfs - ok

20:11:55.0989 3108        mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

20:11:56.0036 3108        mshidkmdf - ok

20:11:56.0082 3108        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

20:11:56.0098 3108        msisadrv - ok

20:11:56.0349 3108        MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

20:11:56.0427 3108        MSKSSRV - ok

20:11:56.0551 3108        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

20:11:56.0614 3108        MSPCLOCK - ok

20:11:56.0661 3108        MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

20:11:56.0692 3108        MSPQM - ok

20:11:56.0723 3108        MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

20:11:56.0770 3108        MsRPC - ok

20:11:56.0988 3108        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

20:11:57.0019 3108        mssmbios - ok

20:11:57.0300 3108        MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

20:11:57.0394 3108        MSTEE - ok

20:11:57.0612 3108        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

20:11:57.0659 3108        MTConfig - ok

20:11:57.0690 3108        Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

20:11:57.0721 3108        Mup - ok

20:11:57.0877 3108        NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

20:11:57.0924 3108        NativeWifiP - ok

20:11:57.0987 3108        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

20:11:58.0018 3108        NDIS - ok

20:11:58.0127 3108        NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

20:11:58.0174 3108        NdisCap - ok

20:11:58.0189 3108        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

20:11:58.0236 3108        NdisTapi - ok

20:11:58.0299 3108        Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

20:11:58.0377 3108        Ndisuio - ok

20:11:58.0470 3108        NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

20:11:58.0517 3108        NdisWan - ok

20:11:58.0579 3108        NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

20:11:58.0626 3108        NDProxy - ok

20:11:58.0720 3108        NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

20:11:58.0813 3108        NetBIOS - ok

20:11:58.0845 3108        NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

20:11:58.0923 3108        NetBT - ok

20:11:59.0063 3108        nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

20:11:59.0079 3108        nfrd960 - ok

20:11:59.0110 3108        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

20:11:59.0157 3108        Npfs - ok

20:11:59.0188 3108        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

20:11:59.0250 3108        nsiproxy - ok

20:11:59.0328 3108        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

20:11:59.0437 3108        Ntfs - ok

20:11:59.0531 3108        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

20:11:59.0593 3108        Null - ok

20:11:59.0656 3108        NVENETFD        (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys

20:11:59.0687 3108        NVENETFD - ok

20:12:00.0061 3108        nvlddmkm        (05b288b25c2ebd9a4e9e5114ae790876) C:\Windows\system32\DRIVERS\nvlddmkm.sys

20:12:00.0732 3108        nvlddmkm - ok

20:12:00.0888 3108        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

20:12:00.0919 3108        nvraid - ok

20:12:00.0966 3108        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

20:12:00.0997 3108        nvstor - ok

20:12:01.0029 3108        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

20:12:01.0060 3108        nv_agp - ok

20:12:01.0185 3108        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

20:12:01.0231 3108        ohci1394 - ok

20:12:01.0325 3108        Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

20:12:01.0404 3108        Parport - ok

20:12:01.0513 3108        partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

20:12:01.0560 3108        partmgr - ok

20:12:01.0607 3108        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

20:12:01.0622 3108        Parvdm - ok

20:12:01.0654 3108        pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

20:12:01.0685 3108        pci - ok

20:12:01.0716 3108        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

20:12:01.0732 3108        pciide - ok

20:12:01.0778 3108        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

20:12:01.0810 3108        pcmcia - ok

20:12:01.0872 3108        pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

20:12:01.0903 3108        pcw - ok

20:12:01.0950 3108        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

20:12:02.0028 3108        PEAUTH - ok

20:12:02.0340 3108        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

20:12:02.0449 3108        PptpMiniport - ok

20:12:02.0621 3108        Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

20:12:02.0683 3108        Processor - ok

20:12:02.0917 3108        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

20:12:03.0026 3108        Psched - ok

20:12:03.0432 3108        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

20:12:03.0510 3108        ql2300 - ok

20:12:03.0682 3108        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

20:12:03.0713 3108        ql40xx - ok

20:12:03.0760 3108        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

20:12:03.0775 3108        QWAVEdrv - ok

20:12:03.0806 3108        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

20:12:03.0853 3108        RasAcd - ok

20:12:03.0962 3108        RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

20:12:04.0025 3108        RasAgileVpn - ok

20:12:04.0056 3108        Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:12:04.0103 3108        Rasl2tp - ok

20:12:04.0274 3108        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

20:12:04.0337 3108        RasPppoe - ok

20:12:04.0384 3108        RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

20:12:04.0430 3108        RasSstp - ok

20:12:04.0493 3108        rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

20:12:04.0555 3108        rdbss - ok

20:12:04.0711 3108        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

20:12:04.0789 3108        rdpbus - ok

20:12:04.0852 3108        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:12:04.0898 3108        RDPCDD - ok

20:12:05.0054 3108        RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

20:12:05.0132 3108        RDPDR - ok

20:12:05.0195 3108        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

20:12:05.0273 3108        RDPENCDD - ok

20:12:05.0413 3108        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

20:12:05.0444 3108        RDPREFMP - ok

20:12:05.0507 3108        RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys

20:12:05.0554 3108        RdpVideoMiniport - ok

20:12:05.0678 3108        RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

20:12:05.0756 3108        RDPWD - ok

20:12:05.0834 3108        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

20:12:05.0866 3108        rdyboost - ok

20:12:05.0975 3108        rimmptsk        (c35ca13d3627ebd9dd12a23ce781bc3d) C:\Windows\system32\DRIVERS\rimmptsk.sys

20:12:06.0006 3108        rimmptsk - ok

20:12:06.0037 3108        rimsptsk        (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys

20:12:06.0084 3108        rimsptsk - ok

20:12:06.0115 3108        rismxdp         (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys

20:12:06.0178 3108        rismxdp - ok

20:12:06.0287 3108        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

20:12:06.0396 3108        rspndr - ok

20:12:06.0583 3108        s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

20:12:06.0630 3108        s3cap - ok

20:12:06.0864 3108        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

20:12:06.0895 3108        sbp2port - ok

20:12:06.0958 3108        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

20:12:07.0004 3108        scfilter - ok

20:12:07.0145 3108        sdbus           (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys

20:12:07.0192 3108        sdbus - ok

20:12:07.0254 3108        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

20:12:07.0316 3108        secdrv - ok

20:12:07.0426 3108        Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

20:12:07.0457 3108        Serenum - ok

20:12:07.0488 3108        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

20:12:07.0519 3108        Serial - ok

20:12:07.0597 3108        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

20:12:07.0628 3108        sermouse - ok

20:12:07.0816 3108        sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

20:12:07.0909 3108        sffdisk - ok

20:12:08.0003 3108        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

20:12:08.0034 3108        sffp_mmc - ok

20:12:08.0096 3108        sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys

20:12:08.0143 3108        sffp_sd - ok

20:12:08.0174 3108        sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

20:12:08.0221 3108        sfloppy - ok

20:12:08.0315 3108        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

20:12:08.0330 3108        sisagp - ok

20:12:08.0362 3108        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

20:12:08.0393 3108        SiSRaid2 - ok

20:12:08.0424 3108        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

20:12:08.0471 3108        SiSRaid4 - ok

20:12:08.0611 3108        Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

20:12:08.0705 3108        Smb - ok

20:12:08.0830 3108        spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

20:12:08.0861 3108        spldr - ok

20:12:09.0142 3108        srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

20:12:09.0220 3108        srv - ok

20:12:09.0266 3108        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

20:12:09.0298 3108        srv2 - ok

20:12:09.0438 3108        SrvHsfHDA       (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

20:12:09.0485 3108        SrvHsfHDA - ok

20:12:09.0547 3108        SrvHsfV92       (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

20:12:09.0625 3108        SrvHsfV92 - ok

20:12:09.0968 3108        SrvHsfWinac     (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

20:12:10.0015 3108        SrvHsfWinac - ok

20:12:10.0156 3108        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

20:12:10.0202 3108        srvnet - ok

20:12:10.0280 3108        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

20:12:10.0296 3108        ssmdrv - ok

20:12:10.0343 3108        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

20:12:10.0358 3108        stexstor - ok

20:12:10.0577 3108        storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

20:12:10.0639 3108        storflt - ok

20:12:10.0686 3108        storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

20:12:10.0717 3108        storvsc - ok

20:12:10.0967 3108        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

20:12:10.0998 3108        swenum - ok

20:12:11.0170 3108        Synth3dVsc - ok

20:12:11.0466 3108        Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys

20:12:11.0544 3108        Tcpip - ok

20:12:11.0950 3108        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys

20:12:11.0981 3108        TCPIP6 - ok

20:12:12.0215 3108        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

20:12:12.0324 3108        tcpipreg - ok

20:12:12.0527 3108        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

20:12:12.0574 3108        TDPIPE - ok

20:12:12.0605 3108        TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

20:12:12.0698 3108        TDTCP - ok

20:12:12.0901 3108        tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

20:12:12.0964 3108        tdx - ok

20:12:12.0995 3108        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

20:12:13.0010 3108        TermDD - ok

20:12:13.0135 3108        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:12:13.0182 3108        tssecsrv - ok

20:12:13.0244 3108        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

20:12:13.0322 3108        TsUsbFlt - ok

20:12:13.0400 3108        tsusbhub - ok

20:12:13.0478 3108        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

20:12:13.0525 3108        tunnel - ok

20:12:13.0572 3108        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

20:12:13.0588 3108        uagp35 - ok

20:12:13.0697 3108        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

20:12:13.0775 3108        udfs - ok

20:12:13.0837 3108        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

20:12:13.0853 3108        uliagpkx - ok

20:12:13.0962 3108        umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

20:12:13.0993 3108        umbus - ok

20:12:14.0040 3108        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

20:12:14.0056 3108        UmPass - ok

20:12:14.0102 3108        usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

20:12:14.0149 3108        usbccgp - ok

20:12:14.0243 3108        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

20:12:14.0290 3108        usbcir - ok

20:12:14.0336 3108        usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

20:12:14.0383 3108        usbehci - ok

20:12:14.0430 3108        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

20:12:14.0477 3108        usbhub - ok

20:12:14.0570 3108        usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys

20:12:14.0633 3108        usbohci - ok

20:12:14.0711 3108        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

20:12:14.0742 3108        usbprint - ok

20:12:14.0851 3108        usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

20:12:14.0898 3108        usbscan - ok

20:12:14.0929 3108        USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:12:14.0976 3108        USBSTOR - ok

20:12:15.0007 3108        usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys

20:12:15.0038 3108        usbuhci - ok

20:12:15.0148 3108        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys

20:12:15.0226 3108        usbvideo - ok

20:12:15.0304 3108        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

20:12:15.0319 3108        vdrvroot - ok

20:12:15.0428 3108        vflt            (b149fc750a51d272a25e0adc7f52dbfd) C:\Windows\system32\DRIVERS\vfilter.sys

20:12:15.0444 3108        vflt ( UnsignedFile.Multi.Generic ) - warning

20:12:15.0444 3108        vflt - detected UnsignedFile.Multi.Generic (1)

20:12:15.0491 3108        vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

20:12:15.0522 3108        vga - ok

20:12:15.0569 3108        VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

20:12:15.0600 3108        VgaSave - ok

20:12:15.0694 3108        VGPU - ok

20:12:15.0756 3108        vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

20:12:15.0787 3108        vhdmp - ok

20:12:15.0818 3108        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

20:12:15.0850 3108        viaagp - ok

20:12:15.0896 3108        ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

20:12:15.0928 3108        ViaC7 - ok

20:12:16.0021 3108        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

20:12:16.0037 3108        viaide - ok

20:12:16.0068 3108        vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

20:12:16.0099 3108        vmbus - ok

20:12:16.0146 3108        VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

20:12:16.0177 3108        VMBusHID - ok

20:12:16.0271 3108        vnet            (1b13a6a5253e7f046728980ccb59c0b7) C:\Windows\system32\DRIVERS\virtualnet.sys

20:12:16.0302 3108        vnet ( UnsignedFile.Multi.Generic ) - warning

20:12:16.0302 3108        vnet - detected UnsignedFile.Multi.Generic (1)

20:12:16.0364 3108        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

20:12:16.0396 3108        volmgr - ok

20:12:16.0442 3108        volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

20:12:16.0474 3108        volmgrx - ok

20:12:16.0583 3108        volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

20:12:16.0614 3108        volsnap - ok

20:12:16.0676 3108        vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

20:12:16.0708 3108        vsmraid - ok

20:12:16.0754 3108        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

20:12:16.0786 3108        vwifibus - ok

20:12:16.0879 3108        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

20:12:16.0926 3108        vwififlt - ok

20:12:16.0973 3108        vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys

20:12:17.0004 3108        vwifimp - ok

20:12:17.0035 3108        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

20:12:17.0066 3108        WacomPen - ok

20:12:17.0176 3108        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

20:12:17.0207 3108        WANARP - ok

20:12:17.0222 3108        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

20:12:17.0254 3108        Wanarpv6 - ok

20:12:17.0347 3108        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

20:12:17.0363 3108        Wd - ok

20:12:17.0394 3108        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

20:12:17.0441 3108        Wdf01000 - ok

20:12:17.0550 3108        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

20:12:17.0612 3108        WfpLwf - ok

20:12:17.0659 3108        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

20:12:17.0675 3108        WIMMount - ok

20:12:17.0768 3108        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

20:12:17.0800 3108        WinUsb - ok

20:12:17.0909 3108        WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

20:12:17.0940 3108        WmiAcpi - ok

20:12:18.0018 3108        ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

20:12:18.0080 3108        ws2ifsl - ok

20:12:18.0143 3108        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

20:12:18.0190 3108        WudfPf - ok

20:12:18.0299 3108        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:12:18.0377 3108        WUDFRd - ok

20:12:18.0455 3108        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

20:12:18.0548 3108        \Device\Harddisk0\DR0 - ok

20:12:18.0548 3108        Boot (0x1200)   (4640129a2970f0da9582022052d59212) \Device\Harddisk0\DR0\Partition0

20:12:18.0564 3108        \Device\Harddisk0\DR0\Partition0 - ok

20:12:18.0595 3108        Boot (0x1200)   (bf6eeca050e8f1a7a5bddcb6d936d0da) \Device\Harddisk0\DR0\Partition1

20:12:18.0595 3108        \Device\Harddisk0\DR0\Partition1 - ok

20:12:18.0595 3108        ============================================================

20:12:18.0595 3108        Scan finished

20:12:18.0595 3108        ============================================================

20:12:18.0611 5204        Detected object count: 3

20:12:18.0611 5204        Actual detected object count: 3

20:12:33.0743 5204        CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user

20:12:33.0743 5204        CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:12:33.0743 5204        vflt ( UnsignedFile.Multi.Generic ) - skipped by user

20:12:33.0743 5204        vflt ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:12:33.0743 5204        vnet ( UnsignedFile.Multi.Generic ) - skipped by user

20:12:33.0743 5204        vnet ( UnsignedFile.Multi.Generic ) - User select action: Skip

Vielen Dank und Gruß!

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

hier das Logfile von ComboFix:

Code:

ComboFix 12-01-06.01 - r2d2 06.01.2012  20:42:40.1.2 - x86

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.1919.1006 [GMT 1:00]

ausgeführt von:: c:\users\r2d2\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\IsUn0407.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-12-06 bis 2012-01-06  ))))))))))))))))))))))))))))))

.

.

2012-01-06 19:02 . 2012-01-06 19:02        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0AE9A23-C556-49B2-9479-C3F2539B62D6}\offreg.dll

2012-01-06 17:46 . 2012-01-06 17:46        --------        d-----w-        C:\_OTL

2012-01-06 17:42 . 2011-11-21 10:47        6823496        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0AE9A23-C556-49B2-9479-C3F2539B62D6}\mpengine.dll

2011-12-28 17:36 . 2011-12-28 17:36        --------        d-----w-        c:\program files\ESET

2011-12-19 13:34 . 2011-12-28 12:50        --------        d-----w-        c:\program files\1und1Softwareaktualisierung

2011-12-19 13:34 . 2011-12-19 13:34        --------        d-----w-        c:\programdata\UUdb

2011-12-17 20:28 . 2011-11-24 04:25        2342912        ----a-w-        c:\windows\system32\win32k.sys

2011-12-17 20:28 . 2011-11-05 04:26        2048        ----a-w-        c:\windows\system32\tzres.dll

2011-12-17 20:27 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\system32\EncDec.dll

2011-12-17 20:27 . 2011-10-26 04:28        38912        ----a-w-        c:\windows\system32\csrsrv.dll

2011-12-17 20:27 . 2011-10-26 04:47        3912560        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-12-17 20:27 . 2011-10-26 04:47        3967856        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2011-12-15 00:11 . 2011-12-15 00:11        --------        d-----w-        c:\users\r2d2\AppData\Roaming\Malwarebytes

2011-12-15 00:11 . 2011-12-15 00:11        --------        d-----w-        c:\programdata\Malwarebytes

2011-12-15 00:11 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-12-15 00:11 . 2011-12-28 15:34        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-12-14 13:59 . 2011-12-14 13:59        --------        d-----w-        c:\users\r2d2\AppData\Local\Ilivid Player

2011-12-14 13:58 . 2011-12-14 23:49        --------        d-----w-        c:\program files\iLivid

2011-12-14 13:58 . 2011-12-14 13:58        --------        d-----w-        c:\users\r2d2\AppData\Local\PackageAware

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-08 23:00 . 2011-10-15 17:53        134856        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-12-03 22:45 . 2011-12-03 22:45        255352        ----a-w-        c:\windows\system32\awrdscdc.ax

2011-11-15 13:29 . 2009-10-14 02:21        222080        ------w-        c:\windows\system32\MpSigStub.exe

2011-10-13 16:12 . 2011-05-21 11:25        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-11 13:00 . 2011-10-15 17:53        74640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-10-11 13:00 . 2011-10-15 17:53        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36        94208        ----a-w-        c:\users\r2d2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36        94208        ----a-w-        c:\users\r2d2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36        94208        ----a-w-        c:\users\r2d2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]

.

c:\users\r2d2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\r2d2\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]

OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-11-10 6144]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 17920]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 13824]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-10 1343400]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]

S2 MSSQL$ACROSS;SQL Server (ACROSS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 45336635

*Deregistered* - 45336635

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

uDefault_Search_URL = 

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = 

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Easy-WebPrint - Drucken - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

IE: Easy-WebPrint - Schnelldruck - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint - Vorschau - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.178.1

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKCU-Run-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

AddRemove-Easy-WebPrint - c:\windows\IsUn0407.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-01-06  21:01:06

ComboFix-quarantined-files.txt  2012-01-06 20:01

.

Vor Suchlauf: 7.319.490.560 Bytes frei

Nach Suchlauf: 7.225.589.760 Bytes frei

.

- - End Of File - - CE30FEB233B865CBBE5249A84EE4F27D

Gruß und Dank!

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

File::

c:\windows\system32\drivers\rdvgkmd.sys
 

Driver::

VGPU

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

hier das Logfile:

Code:

ComboFix 12-01-06.01 - r2d2 07.01.2012   6:30.2.2 - x86

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.1919.1132 [GMT 1:00]

ausgeführt von:: c:\users\r2d2\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\users\r2d2\Desktop\CFScript.txt

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\drivers\rdvgkmd.sys"

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_VGPU

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-12-07 bis 2012-01-07  ))))))))))))))))))))))))))))))

.

.

2012-01-06 17:46 . 2012-01-06 17:46        --------        d-----w-        C:\_OTL

2012-01-06 17:42 . 2011-11-21 10:47        6823496        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0AE9A23-C556-49B2-9479-C3F2539B62D6}\mpengine.dll

2011-12-28 17:36 . 2011-12-28 17:36        --------        d-----w-        c:\program files\ESET

2011-12-19 13:34 . 2011-12-28 12:50        --------        d-----w-        c:\program files\1und1Softwareaktualisierung

2011-12-19 13:34 . 2011-12-19 13:34        --------        d-----w-        c:\programdata\UUdb

2011-12-17 20:28 . 2011-11-24 04:25        2342912        ----a-w-        c:\windows\system32\win32k.sys

2011-12-17 20:28 . 2011-11-05 04:26        2048        ----a-w-        c:\windows\system32\tzres.dll

2011-12-17 20:27 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\system32\EncDec.dll

2011-12-17 20:27 . 2011-10-26 04:28        38912        ----a-w-        c:\windows\system32\csrsrv.dll

2011-12-17 20:27 . 2011-10-26 04:47        3912560        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-12-17 20:27 . 2011-10-26 04:47        3967856        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2011-12-15 00:11 . 2011-12-15 00:11        --------        d-----w-        c:\users\r2d2\AppData\Roaming\Malwarebytes

2011-12-15 00:11 . 2011-12-15 00:11        --------        d-----w-        c:\programdata\Malwarebytes

2011-12-15 00:11 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-12-15 00:11 . 2011-12-28 15:34        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-12-14 13:59 . 2011-12-14 13:59        --------        d-----w-        c:\users\r2d2\AppData\Local\Ilivid Player

2011-12-14 13:58 . 2011-12-14 23:49        --------        d-----w-        c:\program files\iLivid

2011-12-14 13:58 . 2011-12-14 13:58        --------        d-----w-        c:\users\r2d2\AppData\Local\PackageAware

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-08 23:00 . 2011-10-15 17:53        134856        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-12-03 22:45 . 2011-12-03 22:45        255352        ----a-w-        c:\windows\system32\awrdscdc.ax

2011-11-15 13:29 . 2009-10-14 02:21        222080        ------w-        c:\windows\system32\MpSigStub.exe

2011-10-13 16:12 . 2011-05-21 11:25        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-11 13:00 . 2011-10-15 17:53        74640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-10-11 13:00 . 2011-10-15 17:53        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

.

.

(((((((((((((((((((((((((((((   SnapShot@2012-01-06_19.52.19   )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-02-15 12:14 . 2012-01-07 05:16        44636              c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:55 . 2012-01-07 05:43        46694              c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-02-15 11:01 . 2012-01-06 20:10        16104              c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1466394205-3318947197-1888764071-1000_UserData.bin

- 2010-02-15 11:01 . 2012-01-06 19:02        16104              c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1466394205-3318947197-1888764071-1000_UserData.bin

- 2012-01-06 19:00 . 2012-01-06 19:00        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-01-07 05:14 . 2012-01-07 05:41        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-01-06 19:00 . 2012-01-06 19:00        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-01-07 05:14 . 2012-01-07 05:41        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 04:47 . 2012-01-06 18:11        397516              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 04:47 . 2012-01-06 20:14        397516              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-04-27 20:19 . 2012-01-06 20:07        1363964              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1466394205-3318947197-1888764071-1000-12288.dat

- 2011-04-27 20:19 . 2011-12-19 13:47        1363964              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1466394205-3318947197-1888764071-1000-12288.dat

+ 2011-04-27 20:07 . 2012-01-06 20:14        35866369              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1466394205-3318947197-1888764071-1000-4096.dat

- 2011-04-27 20:07 . 2012-01-06 18:11        35866369              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1466394205-3318947197-1888764071-1000-4096.dat

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36        94208        ----a-w-        c:\users\r2d2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36        94208        ----a-w-        c:\users\r2d2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36        94208        ----a-w-        c:\users\r2d2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]

.

c:\users\r2d2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\r2d2\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]

OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-11-10 6144]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 17920]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 13824]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-10 1343400]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]

S2 MSSQL$ACROSS;SQL Server (ACROSS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

uDefault_Search_URL = 

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = 

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Easy-WebPrint - Drucken - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

IE: Easy-WebPrint - Schnelldruck - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint - Vorschau - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.178.1

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(240)

c:\users\r2d2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\program files\Audible\Bin\AAXSDKWin.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\rundll32.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE

c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\windows\system32\taskhost.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\conhost.exe

c:\windows\System32\rundll32.exe

c:\windows\system32\conhost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-01-07  06:51:47 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-01-07 05:51

ComboFix2.txt  2012-01-06 20:01

.

Vor Suchlauf: 7.261.306.880 Bytes frei

Nach Suchlauf: 7.065.235.456 Bytes frei

.

- - End Of File - - 0D2F0CF4D7E5890174AFAF98E6A51905

Wünsche schönen Tag!!

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

hier nun die Logs von GMER und OSAM (ich hoffe, dass ich da alles richtig durchgeführt habe):

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-01-07 20:23:44

Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 TOSHIBA_MK1637GSX rev.DL032C

Running: 6rkqgmz6.exe; Driver: C:\Users\r2d2\AppData\Local\Temp\kxldrpob.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            90748CAE                                                                                                 ZwCreateSection

SSDT            90748CB8                                                                                                 ZwRequestWaitReplyPort

SSDT            90748CB3                                                                                                 ZwSetContextThread

SSDT            90748CBD                                                                                                 ZwSetSecurityObject

SSDT            90748CC2                                                                                                 ZwSystemDebugControl

SSDT            90748C4F                                                                                                 ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!ZwSaveKey + 13D1                                                                            82C4E369 1 Byte  [06]

.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                   82C87D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                      82C8EEAC 4 Bytes  [AE, 8C, 74, 90]

.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                      82C8F24C 4 Bytes  [B3, 8C, 74, 90] {MOV BL, 0x8c; JZ 0xffffffffffffff94}

.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                      82C8F2C8 4 Bytes  [BD, 8C, 74, 90]

.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                      82C8F31C 4 Bytes  [C2, 8C, 74, 90] {RET 0x748c; NOP }

.text           ntkrnlpa.exe!KeRemoveQueueEx + 166F                                                                      82C8F324 4 Bytes  [4F, 8C, 74, 90]

.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                 section is writeable [0x9141D340, 0x3EE217, 0xE8000020]

.text           autochk.exe                                                                                              004111D1 3 Bytes  [44, 12, 41]

.text           autochk.exe                                                                                              004111D5 2 Bytes  [8D, 49]

.text           autochk.exe                                                                                              004111D8 3 Bytes  [3B, 12, 41] {CMP EDX, [EDX]; INC ECX}

.text           autochk.exe                                                                                              004111DC 3 Bytes  [28, 12, 41] {SUB [EDX], DL; INC ECX}

.text           autochk.exe                                                                                              004111E0 3 Bytes  [20, 12, 41] {AND [EDX], DL; INC ECX}

.text           ...                                                                                                      
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\Windows\system32\rundll32.exe[1180] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [759CFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Windows\system32\rundll32.exe[1180] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [759CFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Windows\system32\rundll32.exe[1180] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [759CFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Windows\system32\rundll32.exe[1180] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [759CFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                          [74722437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                     [74705600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                    [747056BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                           [747224B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                 [74718514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                   [74714CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                  [7471506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                 [74715144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]        [74716671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                  [7471826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]             [747187BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]           [7471901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                 [7471E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                     [74714BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\System32\rundll32.exe[3188] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [759CFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Windows\System32\rundll32.exe[3188] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [759CFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Windows\System32\rundll32.exe[3188] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [759CFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Windows\System32\rundll32.exe[3188] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [759CFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Windows\System32\rundll32.exe[3484] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [759CFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Windows\System32\rundll32.exe[3484] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [759CFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Windows\System32\rundll32.exe[3484] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [759CFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Windows\System32\rundll32.exe[3484] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [759CFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
 

---- Devices - GMER 1.0.15 ----
 

Device          \Driver\ACPI_HAL \Device\00000056                                                                        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                   rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                   rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
 

---- EOF - GMER 1.0.15 ----

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 21:31:41 on 08.01.2012
 

OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 32-bit

Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub) - ? - C:\Windows\System32\drivers\tsusbhub.sys  (File not found)

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys

"catchme" (catchme) - ? - C:\Users\r2d2\AppData\Local\Temp\catchme.sys  (File not found)

"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys

"Shrew Soft Lightweight Filter" (vflt) - "Shrew Soft Inc" - C:\Windows\System32\DRIVERS\vfilter.sys

"Shrew Soft Virtual Adapter" (vnet) - "Shrew Soft Inc" - C:\Windows\System32\DRIVERS\virtualnet.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

"Synth3dVsc" (Synth3dVsc) - ? - C:\Windows\System32\drivers\synth3dvsc.sys  (File not found)
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll

{DE147C25-5683-49A7-B9BB-FB6B9E00B0C9} "CrossShellExMain Class" - "Across Systems GmbH" - C:\Program Files\Common Files\Across\crossShellEx.dll

{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll  (File not found)

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll  (File not found)

{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll  (File not found)

{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll  (File not found)

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll  (File not found)

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll  (File not found)

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - ? -   (File not found | COM-object registry key not found)

{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll  (File not found)

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll  (File not found)

{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll  (File not found)

{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll  (File not found)

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab

{67DABFBF-D0AB-41FA-9C46-CC0F21721616} "{67DABFBF-D0AB-41FA-9C46-CC0F21721616}" - ? -   (File not found | COM-object registry key not found) / hxxp://download.divx.com/player/DivXBrowserPlugin.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)

"desktop.ini" - ? - C:\Users\r2d2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\r2d2\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe  (Shortcut exists | File exists)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"

"WirelessAssistant" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"PDF-XChange4" - "Tracker Software Products Ltd." - C:\Windows\system32\pxc40pm.dll

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe

"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll

"SQL Server (ACROSS)" (MSSQL$ACROSS) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

"SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe

"SQL Server Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

und die aswMBR.txt

Code:

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software

Run date: 2012-01-08 21:40:40

-----------------------------

21:40:40.225    OS Version: Windows 6.1.7601 Service Pack 1

21:40:40.225    Number of processors: 2 586 0x4802

21:40:40.225    ComputerName: R2D2-PC  UserName: r2d2

21:40:51.317    Initialize success

21:46:45.184    AVAST engine defs: 12010801

21:47:07.492    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3

21:47:07.492    Disk 0 Vendor: TOSHIBA_MK1637GSX DL032C Size: 152627MB BusType: 3

21:47:07.507    Disk 0 MBR read successfully

21:47:07.523    Disk 0 MBR scan

21:47:07.538    Disk 0 Windows 7 default MBR code

21:47:07.554    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        35000 MB offset 63

21:47:07.554    Disk 0 Partition - 00     0F Extended LBA            117624 MB offset 71682030

21:47:07.585    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       117624 MB offset 71682093

21:47:07.601    Disk 0 scanning sectors +312576705

21:47:07.679    Disk 0 scanning C:\Windows\system32\drivers

21:47:23.653    Service scanning

21:47:28.255    Modules scanning

21:47:40.298    Disk 0 trace - called modules:

21:47:40.314    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 

21:47:40.330    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859865e0]

21:47:40.330    3 CLASSPNP.SYS[8897759e] -> nt!IofCallDriver -> [0x854fa918]

21:47:40.345    5 ACPI.sys[833bf3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x854fd030]

21:47:41.344    AVAST engine scan C:\Windows

21:47:46.398    File: C:\Windows\PEV.exe  **INFECTED** Win32:Rootkit-gen [Rtk]

21:47:48.223    AVAST engine scan C:\Windows\system32

21:51:23.476    AVAST engine scan C:\Windows\system32\drivers

21:51:37.236    AVAST engine scan C:\Users\r2d2

21:56:37.368    AVAST engine scan C:\ProgramData

21:58:00.579    Scan finished successfully

21:59:00.655    Disk 0 MBR has been saved successfully to "C:\Users\r2d2\Desktop\MBR.dat"

21:59:00.670    The log file has been saved successfully to "C:\Users\r2d2\Desktop\aswMBR.txt"

vielen Dank und einen schönen Abend!