Trojaner-Board - 50 Euro Virus - Windows wird blockiert

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - 50 Euro Virus - Windows wird blockiert (https://www.trojaner-board.de/108481-50-euro-virus-windows-blockiert.html)

und mein eset scan, ich hoff das war der richtige

Code:

 ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=740bdccd8a42f5438b9d4ef418638ffb

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-23 05:57:44

# local_time=2012-01-23 06:57:44 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.1.7600 NT 

# compatibility_mode=1280 16777215 100 0 85868 85868 0 0

# compatibility_mode=1797 16775166 100 94 255850 63875154 8942 0

# compatibility_mode=5893 16776573 100 94 8662 78969489 0 0

# compatibility_mode=8192 67108863 100 0 6367 6367 0 0

# scanned=148356

# found=9

# cleaned=9

# scan_time=3165

C:\Program Files\Application Updater\ApplicationUpdater.exe        möglicherweise Variante von Win32/Adware.Toolbar.Dealio Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)        00000000000000000000000000000000        C

C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe        Variante von Win32/Adware.Toolbar.Dealio Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)        00000000000000000000000000000000        C

C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll        Variante von Win32/Adware.Toolbar.Dealio Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)        00000000000000000000000000000000        C

C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10        Variante von Win32/Adware.Toolbar.Dealio Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)        00000000000000000000000000000000        C

C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5        Variante von Win32/Adware.Toolbar.Dealio Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)        00000000000000000000000000000000        C

C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6        Variante von Win32/Adware.Toolbar.Dealio Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)        00000000000000000000000000000000        C

C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7        Variante von Win32/Adware.Toolbar.Dealio Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)        00000000000000000000000000000000        C

C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8        Variante von Win32/Adware.Toolbar.Dealio Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)        00000000000000000000000000000000        C

C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9        Variante von Win32/Adware.Toolbar.Dealio Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)        00000000000000000000000000000000        C

Mach bitte ein neues OTL-Log. Ich hab in der Zwischenzeit den OTL-Baustein erneuert.
Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

OTL Logfile:

Code:

OTL logfile created on: 2/22/2012 5:46:10 PM - Run 7

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Markus\Desktop

 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2.87 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 72.29% Memory free

5.73 Gb Paging File | 4.56 Gb Available in Paging File | 79.54% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 424.66 Gb Total Space | 348.63 Gb Free Space | 82.10% Space Free | Partition Type: NTFS

Drive D: | 40.00 Gb Total Space | 21.60 Gb Free Space | 53.99% Space Free | Partition Type: NTFS

 

Computer Name: MARKUS-PC | User Name: Markus | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Markus\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)

PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Program Files\Launch Manager\WButton.exe (Wistron Corp.)

PRC - C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)

PRC - C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)

PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (UNS) Intel(R) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) Intel(R) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (RSUSBSTOR) -- C:\Windows\System32\Drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)

DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )

DRV - (Impcd) -- C:\Windows\system32\DRIVERS\Impcd.sys (Intel Corporation)

DRV - (IntcDAud) Intel(R) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)

DRV - (HECI) Intel(R) -- C:\Windows\system32\DRIVERS\HECI.sys (Intel Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)

DRV - (APL531) -- C:\Windows\System32\drivers\ov550i.sys (Omnivision Technologies, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com

IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]

IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]

IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/

IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)

IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Web Search..."

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://de.msn.com/"

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51

FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 5

FF - prefs.js..extensions.enabledItems: 3

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.12

FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.9

FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.9

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126

FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="

FF - prefs.js..network.proxy.type: 4

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Markus\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Markus\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/06 16:00:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/04 22:53:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/22 12:22:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/22 18:37:00 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/06 16:00:29 | 000,000,000 | ---D | M]

 

[2010/09/02 15:58:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\Extensions

[2012/02/14 16:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\7f1ybd9t.default\extensions

[2012/02/14 16:00:10 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\7f1ybd9t.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2011/01/22 15:11:54 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\7f1ybd9t.default\extensions\firefox@tvunetworks.com

[2011/01/19 19:04:04 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\7f1ybd9t.default\extensions\vshare@toolbar

[2010/11/23 12:14:58 | 000,000,929 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\conduit.xml

[2012/02/21 18:41:02 | 000,000,950 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin-1.xml

[2010/10/22 10:23:09 | 000,000,950 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin-2.xml

[2010/11/03 10:02:29 | 000,000,950 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin-3.xml

[2010/12/19 10:42:58 | 000,000,950 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin-4.xml

[2010/09/17 08:25:51 | 000,001,056 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin.xml

[2011/01/19 19:04:25 | 000,001,583 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\web-search.xml

[2012/02/22 12:22:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2011/12/30 19:06:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\pdfforge@mybrowserbar.com

[2011/12/30 19:06:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\wtxpcom@mybrowserbar.com

[2012/02/16 15:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/02/16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010/12/19 10:36:50 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

[2012/02/16 11:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/02/16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012/02/16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012/02/16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012/02/16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Markus\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Markus\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Markus\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll

CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.3_0\BabylonChromePI.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Markus\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Babylon Translator = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.3_0\

CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\

 

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)

O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found

O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{010B9879-A692-401A-AE4C-02616152CCA3}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0347E98D-D06B-4AEF-B230-C68157063A19}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)

O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\Shell - "" = AutoRun

O33 - MountPoints2\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\Shell\AutoRun\command - "" = G:\SETUP.EXE

O33 - MountPoints2\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\Shell\configure\command - "" = G:\SETUP.EXE

O33 - MountPoints2\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\Shell\install\command - "" = G:\SETUP.EXE

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe - (Hewlett-Packard Co.)

MsConfig - StartUpFolder: C:^Users^Markus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE - ()

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)

MsConfig - State: "startup" - 2

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: BsScanner - Service

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: BsScanner - Service

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)

Drivers32: VIDC.I420 - msh263.drv File not found

Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012/02/17 15:08:41 | 000,000,000 | R--D | C] -- C:\Users\Markus\Saved Games

[2012/02/17 15:08:41 | 000,000,000 | R--D | C] -- C:\Users\Markus\Links

[2012/01/23 17:51:43 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Markus\Desktop\esetsmartinstaller_deu.exe

[2010/06/28 14:06:07 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

[2007/10/14 19:35:00 | 000,040,960 | ---- | C] ( ) -- C:\Windows\OMNIUNS.EXE

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012/02/22 17:21:00 | 000,657,676 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012/02/22 17:21:00 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/02/22 17:21:00 | 000,131,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012/02/22 17:21:00 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/02/22 17:18:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3449834995-2028289882-1275101535-1000UA.job

[2012/02/22 17:17:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/02/22 12:22:21 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/02/22 12:21:35 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/02/22 12:21:35 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/02/22 12:12:40 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/22 11:00:20 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3449834995-2028289882-1275101535-1000Core.job

[2012/02/21 18:46:12 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/17 15:06:12 | 000,458,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/02/17 12:53:27 | 000,002,411 | ---- | M] () -- C:\Users\Markus\Desktop\Google Chrome.lnk

[2012/01/23 17:54:07 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Markus\Desktop\esetsmartinstaller_deu.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012/01/22 19:16:17 | 000,017,408 | ---- | C] () -- C:\Users\Markus\AppData\Local\WebpageIcons.db

[2011/11/30 13:00:42 | 001,064,960 | ---- | C] () -- C:\Windows\System32\h5krnl32.dll

[2011/11/30 13:00:42 | 000,188,928 | ---- | C] () -- C:\Windows\System32\h5icon32.dll

[2011/11/30 13:00:42 | 000,175,616 | ---- | C] () -- C:\Windows\System32\h5menu32.dll

[2011/11/30 13:00:42 | 000,095,744 | ---- | C] () -- C:\Windows\System32\h5rtf32.dll

[2011/11/30 13:00:42 | 000,051,200 | ---- | C] () -- C:\Windows\System32\h5tool32.dll

[2011/03/17 17:27:06 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

[2010/10/06 15:54:07 | 000,266,059 | ---- | C] () -- C:\Windows\hpwins23.dat

[2010/06/29 00:38:29 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe

[2010/06/29 00:28:10 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

[2010/06/28 14:06:08 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll

[2010/06/28 14:06:08 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll

[2010/06/28 14:06:07 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin

[2010/06/28 14:06:07 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin

[2010/06/28 14:06:06 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin

[2010/06/28 14:06:06 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

[2010/05/25 19:43:14 | 003,099,136 | ---- | C] () -- C:\Program Files\openofficeorg32.msi

[2010/05/25 19:41:42 | 000,460,088 | ---- | C] () -- C:\Program Files\setup.exe

[2010/05/25 19:40:04 | 145,988,770 | ---- | C] () -- C:\Program Files\openofficeorg1.cab

[2010/05/25 18:46:20 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini

[2010/05/18 07:50:33 | 000,657,676 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2010/05/18 07:50:33 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2010/05/18 07:50:33 | 000,131,016 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2010/05/18 07:50:33 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2009/11/06 10:17:18 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat

[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/14 05:33:53 | 000,458,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009/07/14 03:05:48 | 000,618,912 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009/07/14 03:05:48 | 000,107,232 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

 
 ========== LOP Check ==========

 

[2010/12/13 13:52:23 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\DAEMON Tools Lite

[2010/10/18 13:06:52 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\elsterformular

[2011/11/08 18:54:42 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\ICQ

[2010/09/29 18:15:14 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\OpenOffice.org

[2012/01/04 11:15:46 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\SAP

[2010/12/13 14:01:35 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\SoftGrid Client

[2010/09/27 20:41:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TP

[2011/09/09 12:21:02 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010/09/05 20:28:15 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Adobe

[2010/12/03 11:10:43 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\ArcSoft

[2010/09/02 16:21:27 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Avira

[2010/09/02 10:36:13 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\CyberLink

[2010/12/13 13:52:23 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\DAEMON Tools Lite

[2011/09/04 23:22:23 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\DivX

[2010/10/18 13:06:52 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\elsterformular

[2010/10/18 17:14:08 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\HP

[2011/11/08 18:54:42 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\ICQ

[2010/09/02 10:22:43 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Identities

[2010/09/02 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Macromedia

[2012/01/23 17:01:21 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Malwarebytes

[2009/07/14 08:48:18 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Media Center Programs

[2011/12/27 14:17:10 | 000,000,000 | --SD | M] -- C:\Users\Markus\AppData\Roaming\Microsoft

[2010/09/02 15:58:55 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Mozilla

[2010/09/29 18:15:14 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\OpenOffice.org

[2012/01/04 11:15:46 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\SAP

[2010/12/13 14:01:35 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\SoftGrid Client

[2010/09/27 20:41:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TP

[2011/07/31 19:37:05 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\vlc

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: EVENTLOG.DLL  >

[2008/06/06 22:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

 
 < MD5 for: IASTOR.SYS  >

[2010/03/04 03:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys

[2010/03/04 03:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys

[2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys

[2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys

[2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys

[2011/03/11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys

[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys

[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2011/03/11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll

[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys

[2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys

[2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys

[2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys

[2011/03/11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys

[2011/03/11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys

[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys

[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll

[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll

[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe

[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010/05/18 09:45:00 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe

[2010/05/18 09:45:00 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2010/05/18 09:45:00 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

[2010/12/13 13:43:36 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2009/07/14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll

[2009/07/14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll

[2009/07/14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com

IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com [binary data]

IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://medion.msn.com [binary data]

IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.msn.com/

IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)

FF - prefs.js..browser.search.defaultenginename: "Web Search..."

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://de.msn.com/"

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51

FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2

FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.9

FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.9

FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="

FF - prefs.js..network.proxy.type: 4

[2011/01/19 19:04:04 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\7f1ybd9t.default\extensions\vshare@toolbar

[2010/11/23 12:14:58 | 000,000,929 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\conduit.xml

[2012/02/21 18:41:02 | 000,000,950 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin-1.xml

[2010/10/22 10:23:09 | 000,000,950 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin-2.xml

[2010/11/03 10:02:29 | 000,000,950 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin-3.xml

[2010/12/19 10:42:58 | 000,000,950 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin-4.xml

[2010/09/17 08:25:51 | 000,001,056 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin.xml

[2011/01/19 19:04:25 | 000,001,583 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\web-search.xml

[2012/02/22 12:22:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2011/12/30 19:06:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\pdfforge@mybrowserbar.com

[2011/12/30 19:06:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\wtxpcom@mybrowserbar.com

[2010/12/19 10:36:50 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

CHR - Extension: Babylon Translator = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.3_0\

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\Shell - "" = AutoRun

O33 - MountPoints2\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\Shell\AutoRun\command - "" = G:\SETUP.EXE

O33 - MountPoints2\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\Shell\configure\command - "" = G:\SETUP.EXE

O33 - MountPoints2\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\Shell\install\command - "" = G:\SETUP.EXE

:Files

C:\Program Files\pdfforge Toolbar

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Und nochwas:

Zitat:

O2 - BHO: (DivX Plus Web Player HTML5 <video>)

Sagmal, gehörst du auch zur der Fraktion, die sich Serien und Kinofilme über dubiose Portale anschauen?
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten!

ja dazu habe ich auch gehört, dort habe ich mir auch diesen virus eingefangen. aus fehlern muss man halt lernen.
Hier das logfile:

Code:

 All processes killed

========== OTL ==========

HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!

HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!

HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!

HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-3449834995-2028289882-1275101535-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-3449834995-2028289882-1275101535-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.

C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll moved successfully.

Prefs.js: "Web Search..." removed from browser.search.defaultenginename

Prefs.js: true removed from browser.search.useDBForOrder

Prefs.js: "hxxp://de.msn.com/" removed from browser.startup.homepage

Prefs.js: smartwebprinting@hp.com:4.51 removed from extensions.enabledItems

Prefs.js: vshare@toolbar:1.0.2 removed from extensions.enabledItems

Prefs.js: pdfforge@mybrowserbar.com:4.9 removed from extensions.enabledItems

Prefs.js: wtxpcom@mybrowserbar.com:4.9 removed from extensions.enabledItems

Prefs.js: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" removed from keyword.URL

Prefs.js: 4 removed from network.proxy.type

C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\7f1ybd9t.default\extensions\vshare@toolbar\modules folder moved successfully.

C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\7f1ybd9t.default\extensions\vshare@toolbar\locale\en-US folder moved successfully.

C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\7f1ybd9t.default\extensions\vshare@toolbar\locale folder moved successfully.

C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\7f1ybd9t.default\extensions\vshare@toolbar\components folder moved successfully.

C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\7f1ybd9t.default\extensions\vshare@toolbar\chrome folder moved successfully.

C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\7f1ybd9t.default\extensions\vshare@toolbar folder moved successfully.

C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\conduit.xml moved successfully.

C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin-1.xml moved successfully.

C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin-2.xml moved successfully.

C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin-3.xml moved successfully.

C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin-4.xml moved successfully.

C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin.xml moved successfully.

C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\web-search.xml moved successfully.

C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.

C:\Program Files\mozilla firefox\extensions\wtxpcom@mybrowserbar.com folder moved successfully.

C:\Program Files\mozilla firefox\extensions\pdfforge@mybrowserbar.com folder moved successfully.

C:\Program Files\mozilla firefox\extensions folder moved successfully.

Folder C:\Program Files\mozilla firefox\extensions\pdfforge@mybrowserbar.com\ not found.

Folder C:\Program Files\mozilla firefox\extensions\wtxpcom@mybrowserbar.com\ not found.

C:\Program Files\mozilla firefox\searchplugins\babylon.xml moved successfully.

C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.3_0 folder moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.

C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.

File C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.

File C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll not found.

Registry value HKEY_USERS\S-1-5-21-3449834995-2028289882-1275101535-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.

Registry value HKEY_USERS\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\ not found.

File G:\SETUP.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\ not found.

File G:\SETUP.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\ not found.

File G:\SETUP.EXE not found.

========== FILES ==========

C:\Program Files\pdfforge Toolbar\Res\Lang folder moved successfully.

C:\Program Files\pdfforge Toolbar\Res folder moved successfully.

C:\Program Files\pdfforge Toolbar\IE\4.9 folder moved successfully.

C:\Program Files\pdfforge Toolbar\IE folder moved successfully.

C:\Program Files\pdfforge Toolbar\FF\chrome\skin folder moved successfully.

C:\Program Files\pdfforge Toolbar\FF\chrome\locale\EN-US folder moved successfully.

C:\Program Files\pdfforge Toolbar\FF\chrome\locale folder moved successfully.

C:\Program Files\pdfforge Toolbar\FF\chrome\content folder moved successfully.

C:\Program Files\pdfforge Toolbar\FF\chrome folder moved successfully.

C:\Program Files\pdfforge Toolbar\FF folder moved successfully.

C:\Program Files\pdfforge Toolbar folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Markus

->Temp folder emptied: 8271580 bytes

->Temporary Internet Files folder emptied: 3235144 bytes

->Java cache emptied: 37729775 bytes

->FireFox cache emptied: 226463119 bytes

->Google Chrome cache emptied: 55727384 bytes

->Flash cache emptied: 4610 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 577737 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 317.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 02232012_130433
 

Files\Folders moved on Reboot...

File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.

C:\Users\Markus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OKQX6E8N\bg_site_f3[1].png moved successfully.
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

ich habe den tdss durchlaufen lassen, unten der log. es besteht jetzt noch die möglichkeit die gefundenen sachen zu löchen oder in quaratäne zu schicken. Was soll ich tun?

Code:

 14:52:49.0829 6076        TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

14:52:49.0850 6076        ============================================================

14:52:49.0850 6076        Current date / time: 2012/02/23 14:52:49.0850

14:52:49.0850 6076        SystemInfo:

14:52:49.0850 6076        

14:52:49.0850 6076        OS Version: 6.1.7600 ServicePack: 0.0

14:52:49.0850 6076        Product type: Workstation

14:52:49.0850 6076        ComputerName: MARKUS-PC

14:52:49.0851 6076        UserName: Markus

14:52:49.0851 6076        Windows directory: C:\Windows

14:52:49.0851 6076        System windows directory: C:\Windows

14:52:49.0851 6076        Processor architecture: Intel x86

14:52:49.0851 6076        Number of processors: 4

14:52:49.0851 6076        Page size: 0x1000

14:52:49.0851 6076        Boot type: Normal boot

14:52:49.0851 6076        ============================================================

14:52:50.0262 6076        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

14:52:50.0264 6076        \Device\Harddisk0\DR0:

14:52:50.0264 6076        MBR used

14:52:50.0264 6076        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

14:52:50.0264 6076        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x35152000

14:52:50.0264 6076        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x35184800, BlocksNum 0x5000000

14:52:50.0360 6076        Initialize success

14:52:50.0360 6076        ============================================================

14:53:50.0262 5364        ============================================================

14:53:50.0262 5364        Scan started

14:53:50.0262 5364        Mode: Manual; SigCheck; TDLFS; 

14:53:50.0262 5364        ============================================================

14:53:50.0511 5364        1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

14:53:50.0595 5364        1394ohci - ok

14:53:50.0640 5364        ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

14:53:50.0672 5364        ACPI - ok

14:53:50.0769 5364        AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

14:53:50.0796 5364        AcpiPmi - ok

14:53:50.0866 5364        adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

14:53:50.0887 5364        adp94xx - ok

14:53:51.0017 5364        adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

14:53:51.0043 5364        adpahci - ok

14:53:51.0175 5364        adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

14:53:51.0201 5364        adpu320 - ok

14:53:51.0340 5364        Afc             (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys

14:53:51.0382 5364        Afc - ok

14:53:51.0431 5364        AFD             (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys

14:53:51.0455 5364        AFD - ok

14:53:51.0538 5364        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

14:53:51.0560 5364        agp440 - ok

14:53:51.0669 5364        aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

14:53:51.0690 5364        aic78xx - ok

14:53:51.0814 5364        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

14:53:51.0834 5364        aliide - ok

14:53:51.0893 5364        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

14:53:51.0915 5364        amdagp - ok

14:53:52.0027 5364        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

14:53:52.0045 5364        amdide - ok

14:53:52.0089 5364        AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

14:53:52.0111 5364        AmdK8 - ok

14:53:52.0132 5364        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

14:53:52.0147 5364        AmdPPM - ok

14:53:52.0187 5364        amdsata         (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys

14:53:52.0209 5364        amdsata - ok

14:53:52.0239 5364        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

14:53:52.0253 5364        amdsbs - ok

14:53:52.0286 5364        amdxata         (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys

14:53:52.0298 5364        amdxata - ok

14:53:52.0465 5364        APL531          (1fc8a7e5c3aed31f00940c6ab2fd9b49) C:\Windows\system32\Drivers\ov550i.sys

14:53:52.0489 5364        APL531 ( UnsignedFile.Multi.Generic ) - warning

14:53:52.0489 5364        APL531 - detected UnsignedFile.Multi.Generic (1)

14:53:52.0542 5364        AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

14:53:52.0562 5364        AppID - ok

14:53:52.0679 5364        arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

14:53:52.0701 5364        arc - ok

14:53:52.0730 5364        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

14:53:52.0744 5364        arcsas - ok

14:53:52.0792 5364        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

14:53:52.0839 5364        AsyncMac - ok

14:53:52.0956 5364        atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

14:53:52.0975 5364        atapi - ok

14:53:53.0037 5364        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys

14:53:53.0053 5364        avgntflt - ok

14:53:53.0073 5364        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys

14:53:53.0088 5364        avipbb - ok

14:53:53.0202 5364        b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

14:53:53.0232 5364        b06bdrv - ok

14:53:53.0277 5364        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

14:53:53.0294 5364        b57nd60x - ok

14:53:53.0411 5364        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

14:53:53.0458 5364        Beep - ok

14:53:53.0496 5364        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

14:53:53.0510 5364        blbdrive - ok

14:53:53.0539 5364        bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

14:53:53.0553 5364        bowser - ok

14:53:53.0591 5364        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

14:53:53.0609 5364        BrFiltLo - ok

14:53:53.0623 5364        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

14:53:53.0639 5364        BrFiltUp - ok

14:53:53.0772 5364        Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

14:53:53.0795 5364        Brserid - ok

14:53:53.0810 5364        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

14:53:53.0826 5364        BrSerWdm - ok

14:53:53.0852 5364        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

14:53:53.0869 5364        BrUsbMdm - ok

14:53:53.0897 5364        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

14:53:53.0912 5364        BrUsbSer - ok

14:53:53.0938 5364        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

14:53:53.0955 5364        BTHMODEM - ok

14:53:54.0057 5364        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

14:53:54.0096 5364        cdfs - ok

14:53:54.0184 5364        cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

14:53:54.0211 5364        cdrom - ok

14:53:54.0318 5364        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

14:53:54.0342 5364        circlass - ok

14:53:54.0398 5364        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

14:53:54.0422 5364        CLFS - ok

14:53:54.0463 5364        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

14:53:54.0479 5364        CmBatt - ok

14:53:54.0507 5364        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

14:53:54.0520 5364        cmdide - ok

14:53:54.0564 5364        CNG             (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys

14:53:54.0590 5364        CNG - ok

14:53:54.0628 5364        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

14:53:54.0641 5364        Compbatt - ok

14:53:54.0743 5364        CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

14:53:54.0769 5364        CompositeBus - ok

14:53:54.0808 5364        crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

14:53:54.0819 5364        crcdisk - ok

14:53:54.0921 5364        DfsC            (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys

14:53:54.0942 5364        DfsC - ok

14:53:54.0991 5364        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

14:53:55.0024 5364        discache - ok

14:53:55.0124 5364        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

14:53:55.0143 5364        Disk - ok

14:53:55.0268 5364        Dot4            (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys

14:53:55.0298 5364        Dot4 - ok

14:53:55.0325 5364        Dot4Print       (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys

14:53:55.0342 5364        Dot4Print - ok

14:53:55.0373 5364        dot4usb         (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys

14:53:55.0390 5364        dot4usb - ok

14:53:55.0432 5364        drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

14:53:55.0460 5364        drmkaud - ok

14:53:55.0504 5364        DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

14:53:55.0526 5364        DXGKrnl - ok

14:53:55.0657 5364        ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

14:53:55.0711 5364        ebdrv - ok

14:53:55.0772 5364        elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

14:53:55.0791 5364        elxstor - ok

14:53:55.0929 5364        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

14:53:55.0951 5364        ErrDev - ok

14:53:56.0110 5364        exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

14:53:56.0156 5364        exfat - ok

14:53:56.0177 5364        fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

14:53:56.0209 5364        fastfat - ok

14:53:56.0243 5364        fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

14:53:56.0256 5364        fdc - ok

14:53:56.0303 5364        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

14:53:56.0315 5364        FileInfo - ok

14:53:56.0328 5364        Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

14:53:56.0362 5364        Filetrace - ok

14:53:56.0393 5364        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

14:53:56.0407 5364        flpydisk - ok

14:53:56.0458 5364        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

14:53:56.0473 5364        FltMgr - ok

14:53:56.0590 5364        FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

14:53:56.0610 5364        FsDepends - ok

14:53:56.0639 5364        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

14:53:56.0654 5364        Fs_Rec - ok

14:53:56.0728 5364        fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

14:53:56.0758 5364        fvevol - ok

14:53:56.0813 5364        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

14:53:56.0830 5364        gagp30kx - ok

14:53:56.0865 5364        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

14:53:56.0888 5364        hcw85cir - ok

14:53:56.0947 5364        HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

14:53:56.0969 5364        HdAudAddService - ok

14:53:57.0085 5364        HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

14:53:57.0115 5364        HDAudBus - ok

14:53:57.0216 5364        HECI            (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys

14:53:57.0238 5364        HECI - ok

14:53:57.0253 5364        HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

14:53:57.0269 5364        HidBatt - ok

14:53:57.0302 5364        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

14:53:57.0319 5364        HidBth - ok

14:53:57.0371 5364        HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

14:53:57.0389 5364        HidIr - ok

14:53:57.0500 5364        HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

14:53:57.0527 5364        HidUsb - ok

14:53:57.0650 5364        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

14:53:57.0668 5364        HpSAMD - ok

14:53:57.0798 5364        HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

14:53:57.0849 5364        HTTP - ok

14:53:57.0864 5364        hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

14:53:57.0874 5364        hwpolicy - ok

14:53:57.0991 5364        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

14:53:58.0014 5364        i8042prt - ok

14:53:58.0061 5364        iaStor          (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys

14:53:58.0085 5364        iaStor - ok

14:53:58.0190 5364        iaStorV         (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys

14:53:58.0222 5364        iaStorV - ok

14:53:58.0454 5364        igfx            (8e9da2e49347af49901526dcd4d0f397) C:\Windows\system32\DRIVERS\igdkmd32.sys

14:53:58.0572 5364        igfx - ok

14:53:58.0689 5364        iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

14:53:58.0708 5364        iirsp - ok

14:53:58.0828 5364        Impcd           (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys

14:53:58.0848 5364        Impcd - ok

14:53:59.0036 5364        IntcAzAudAddService (5f9882ba31b7755341bc7773cb1ead62) C:\Windows\system32\drivers\RTKVHDA.sys

14:53:59.0107 5364        IntcAzAudAddService - ok

14:53:59.0209 5364        IntcDAud        (bf31740828a26ab451803e3b35432651) C:\Windows\system32\DRIVERS\IntcDAud.sys

14:53:59.0236 5364        IntcDAud - ok

14:53:59.0269 5364        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

14:53:59.0280 5364        intelide - ok

14:53:59.0322 5364        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

14:53:59.0338 5364        intelppm - ok

14:53:59.0389 5364        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:53:59.0435 5364        IpFilterDriver - ok

14:53:59.0469 5364        IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

14:53:59.0483 5364        IPMIDRV - ok

14:53:59.0525 5364        IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

14:53:59.0560 5364        IPNAT - ok

14:53:59.0597 5364        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

14:53:59.0629 5364        IRENUM - ok

14:53:59.0670 5364        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

14:53:59.0692 5364        isapnp - ok

14:53:59.0736 5364        iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

14:53:59.0754 5364        iScsiPrt - ok

14:53:59.0819 5364        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

14:53:59.0842 5364        kbdclass - ok

14:53:59.0877 5364        kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

14:53:59.0898 5364        kbdhid - ok

14:53:59.0963 5364        KSecDD          (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys

14:53:59.0986 5364        KSecDD - ok

14:54:00.0013 5364        KSecPkg         (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys

14:54:00.0025 5364        KSecPkg - ok

14:54:00.0125 5364        L1C             (4566fd5f4416e7fef3600e4b30d086c3) C:\Windows\system32\DRIVERS\L1C62x86.sys

14:54:00.0143 5364        L1C - ok

14:54:00.0260 5364        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

14:54:00.0309 5364        lltdio - ok

14:54:00.0409 5364        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

14:54:00.0429 5364        LSI_FC - ok

14:54:00.0473 5364        LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

14:54:00.0497 5364        LSI_SAS - ok

14:54:00.0534 5364        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

14:54:00.0546 5364        LSI_SAS2 - ok

14:54:00.0572 5364        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

14:54:00.0585 5364        LSI_SCSI - ok

14:54:00.0631 5364        luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

14:54:00.0682 5364        luafv - ok

14:54:00.0745 5364        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

14:54:00.0764 5364        MBAMProtector - ok

14:54:00.0812 5364        megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

14:54:00.0832 5364        megasas - ok

14:54:00.0882 5364        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

14:54:00.0899 5364        MegaSR - ok

14:54:00.0964 5364        Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

14:54:01.0002 5364        Modem - ok

14:54:01.0038 5364        monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

14:54:01.0070 5364        monitor - ok

14:54:01.0179 5364        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

14:54:01.0199 5364        mouclass - ok

14:54:01.0223 5364        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

14:54:01.0238 5364        mouhid - ok

14:54:01.0333 5364        mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

14:54:01.0354 5364        mountmgr - ok

14:54:01.0391 5364        mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

14:54:01.0410 5364        mpio - ok

14:54:01.0448 5364        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

14:54:01.0492 5364        mpsdrv - ok

14:54:01.0515 5364        MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

14:54:01.0533 5364        MRxDAV - ok

14:54:01.0568 5364        mrxsmb          (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:54:01.0584 5364        mrxsmb - ok

14:54:01.0623 5364        mrxsmb10        (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:54:01.0642 5364        mrxsmb10 - ok

14:54:01.0691 5364        mrxsmb20        (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:54:01.0707 5364        mrxsmb20 - ok

14:54:01.0759 5364        msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

14:54:01.0780 5364        msahci - ok

14:54:01.0871 5364        msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

14:54:01.0893 5364        msdsm - ok

14:54:01.0928 5364        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

14:54:01.0960 5364        Msfs - ok

14:54:01.0976 5364        mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

14:54:02.0007 5364        mshidkmdf - ok

14:54:02.0036 5364        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

14:54:02.0047 5364        msisadrv - ok

14:54:02.0110 5364        MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

14:54:02.0144 5364        MSKSSRV - ok

14:54:02.0165 5364        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

14:54:02.0196 5364        MSPCLOCK - ok

14:54:02.0215 5364        MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

14:54:02.0244 5364        MSPQM - ok

14:54:02.0265 5364        MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

14:54:02.0276 5364        MsRPC - ok

14:54:02.0316 5364        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

14:54:02.0326 5364        mssmbios - ok

14:54:02.0350 5364        MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

14:54:02.0382 5364        MSTEE - ok

14:54:02.0421 5364        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

14:54:02.0448 5364        MTConfig - ok

14:54:02.0471 5364        Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

14:54:02.0482 5364        Mup - ok

14:54:02.0526 5364        NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

14:54:02.0547 5364        NativeWifiP - ok

14:54:02.0582 5364        NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

14:54:02.0603 5364        NDIS - ok

14:54:02.0640 5364        NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

14:54:02.0671 5364        NdisCap - ok

14:54:02.0715 5364        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

14:54:02.0746 5364        NdisTapi - ok

14:54:02.0772 5364        Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

14:54:02.0803 5364        Ndisuio - ok

14:54:02.0827 5364        NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

14:54:02.0862 5364        NdisWan - ok

14:54:02.0895 5364        NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

14:54:02.0926 5364        NDProxy - ok

14:54:03.0030 5364        NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

14:54:03.0075 5364        NetBIOS - ok

14:54:03.0093 5364        NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

14:54:03.0127 5364        NetBT - ok

14:54:03.0244 5364        nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

14:54:03.0266 5364        nfrd960 - ok

14:54:03.0320 5364        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

14:54:03.0364 5364        Npfs - ok

14:54:03.0383 5364        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

14:54:03.0414 5364        nsiproxy - ok

14:54:03.0468 5364        Ntfs            (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys

14:54:03.0502 5364        Ntfs - ok

14:54:03.0528 5364        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

14:54:03.0558 5364        Null - ok

14:54:03.0604 5364        nvraid          (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys

14:54:03.0616 5364        nvraid - ok

14:54:03.0641 5364        nvstor          (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys

14:54:03.0653 5364        nvstor - ok

14:54:03.0696 5364        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

14:54:03.0709 5364        nv_agp - ok

14:54:03.0752 5364        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

14:54:03.0768 5364        ohci1394 - ok

14:54:03.0961 5364        Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

14:54:03.0988 5364        Parport - ok

14:54:04.0022 5364        partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

14:54:04.0040 5364        partmgr - ok

14:54:04.0067 5364        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

14:54:04.0082 5364        Parvdm - ok

14:54:04.0129 5364        pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

14:54:04.0142 5364        pci - ok

14:54:04.0177 5364        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

14:54:04.0188 5364        pciide - ok

14:54:04.0233 5364        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

14:54:04.0247 5364        pcmcia - ok

14:54:04.0279 5364        pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

14:54:04.0291 5364        pcw - ok

14:54:04.0322 5364        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

14:54:04.0363 5364        PEAUTH - ok

14:54:04.0507 5364        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

14:54:04.0557 5364        PptpMiniport - ok

14:54:04.0595 5364        Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

14:54:04.0608 5364        Processor - ok

14:54:04.0666 5364        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

14:54:04.0701 5364        Psched - ok

14:54:04.0850 5364        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

14:54:04.0896 5364        ql2300 - ok

14:54:04.0933 5364        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

14:54:04.0945 5364        ql40xx - ok

14:54:04.0978 5364        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

14:54:04.0997 5364        QWAVEdrv - ok

14:54:05.0025 5364        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

14:54:05.0062 5364        RasAcd - ok

14:54:05.0108 5364        RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

14:54:05.0144 5364        RasAgileVpn - ok

14:54:05.0171 5364        Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:54:05.0204 5364        Rasl2tp - ok

14:54:05.0234 5364        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

14:54:05.0268 5364        RasPppoe - ok

14:54:05.0368 5364        RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

14:54:05.0423 5364        RasSstp - ok

14:54:05.0445 5364        rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

14:54:05.0479 5364        rdbss - ok

14:54:05.0516 5364        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

14:54:05.0532 5364        rdpbus - ok

14:54:05.0566 5364        RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:54:05.0596 5364        RDPCDD - ok

14:54:05.0632 5364        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

14:54:05.0663 5364        RDPENCDD - ok

14:54:05.0683 5364        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

14:54:05.0717 5364        RDPREFMP - ok

14:54:05.0745 5364        RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

14:54:05.0777 5364        RDPWD - ok

14:54:05.0810 5364        rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

14:54:05.0823 5364        rdyboost - ok

14:54:05.0947 5364        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

14:54:05.0999 5364        rspndr - ok

14:54:06.0095 5364        RSUSBSTOR       (0340a381b920a6e68178b832889f33f8) C:\Windows\System32\Drivers\RtsUStor.sys

14:54:06.0115 5364        RSUSBSTOR - ok

14:54:06.0182 5364        rtl8192se       (cfd6c307bf5db3b339be9f92b95433b9) C:\Windows\system32\DRIVERS\rtl8192se.sys

14:54:06.0210 5364        rtl8192se - ok

14:54:06.0311 5364        sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

14:54:06.0338 5364        sbp2port - ok

14:54:06.0392 5364        scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

14:54:06.0428 5364        scfilter - ok

14:54:06.0465 5364        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

14:54:06.0500 5364        secdrv - ok

14:54:06.0602 5364        Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

14:54:06.0626 5364        Serenum - ok

14:54:06.0657 5364        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

14:54:06.0675 5364        Serial - ok

14:54:06.0720 5364        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

14:54:06.0746 5364        sermouse - ok

14:54:06.0781 5364        sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

14:54:06.0793 5364        sffdisk - ok

14:54:06.0813 5364        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

14:54:06.0827 5364        sffp_mmc - ok

14:54:06.0849 5364        sffp_sd         (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys

14:54:06.0861 5364        sffp_sd - ok

14:54:06.0888 5364        sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

14:54:06.0904 5364        sfloppy - ok

14:54:06.0971 5364        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

14:54:06.0991 5364        sisagp - ok

14:54:07.0011 5364        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

14:54:07.0028 5364        SiSRaid2 - ok

14:54:07.0068 5364        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

14:54:07.0080 5364        SiSRaid4 - ok

14:54:07.0125 5364        Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

14:54:07.0161 5364        Smb - ok

14:54:07.0189 5364        spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

14:54:07.0199 5364        spldr - ok

14:54:07.0346 5364        sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

14:54:07.0346 5364        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

14:54:07.0353 5364        sptd ( LockedFile.Multi.Generic ) - warning

14:54:07.0353 5364        sptd - detected LockedFile.Multi.Generic (1)

14:54:07.0391 5364        srv             (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys

14:54:07.0417 5364        srv - ok

14:54:07.0451 5364        srv2            (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys

14:54:07.0469 5364        srv2 - ok

14:54:07.0498 5364        srvnet          (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys

14:54:07.0513 5364        srvnet - ok

14:54:07.0559 5364        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

14:54:07.0574 5364        ssmdrv - ok

14:54:07.0619 5364        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

14:54:07.0633 5364        stexstor - ok

14:54:07.0741 5364        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

14:54:07.0753 5364        swenum - ok

14:54:07.0864 5364        SynTP           (d776eb85a20696d9d43129ccf6e703e2) C:\Windows\system32\DRIVERS\SynTP.sys

14:54:07.0883 5364        SynTP - ok

14:54:07.0960 5364        Tcpip           (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys

14:54:08.0003 5364        Tcpip - ok

14:54:08.0054 5364        TCPIP6          (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys

14:54:08.0092 5364        TCPIP6 - ok

14:54:08.0127 5364        tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

14:54:08.0156 5364        tcpipreg - ok

14:54:08.0176 5364        TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

14:54:08.0205 5364        TDPIPE - ok

14:54:08.0229 5364        TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

14:54:08.0258 5364        TDTCP - ok

14:54:08.0285 5364        tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

14:54:08.0316 5364        tdx - ok

14:54:08.0353 5364        TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

14:54:08.0363 5364        TermDD - ok

14:54:08.0420 5364        tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:54:08.0452 5364        tssecsrv - ok

14:54:08.0523 5364        tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

14:54:08.0580 5364        tunnel - ok

14:54:08.0607 5364        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

14:54:08.0617 5364        uagp35 - ok

14:54:08.0650 5364        udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

14:54:08.0684 5364        udfs - ok

14:54:08.0727 5364        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

14:54:08.0750 5364        uliagpkx - ok

14:54:08.0826 5364        umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

14:54:08.0843 5364        umbus - ok

14:54:08.0927 5364        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

14:54:08.0949 5364        UmPass - ok

14:54:08.0985 5364        usbccgp         (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys

14:54:08.0998 5364        usbccgp - ok

14:54:09.0050 5364        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

14:54:09.0083 5364        usbcir - ok

14:54:09.0100 5364        usbehci         (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\drivers\usbehci.sys

14:54:09.0113 5364        usbehci - ok

14:54:09.0146 5364        usbhub          (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys

14:54:09.0163 5364        usbhub - ok

14:54:09.0196 5364        usbohci         (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys

14:54:09.0211 5364        usbohci - ok

14:54:09.0289 5364        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

14:54:09.0315 5364        usbprint - ok

14:54:09.0355 5364        usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

14:54:09.0371 5364        usbscan - ok

14:54:09.0400 5364        USBSTOR         (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:54:09.0414 5364        USBSTOR - ok

14:54:09.0457 5364        usbuhci         (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys

14:54:09.0471 5364        usbuhci - ok

14:54:09.0612 5364        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

14:54:09.0631 5364        vdrvroot - ok

14:54:09.0670 5364        vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

14:54:09.0694 5364        vga - ok

14:54:09.0713 5364        VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

14:54:09.0743 5364        VgaSave - ok

14:54:09.0787 5364        vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

14:54:09.0800 5364        vhdmp - ok

14:54:09.0852 5364        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

14:54:09.0865 5364        viaagp - ok

14:54:09.0883 5364        ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

14:54:09.0902 5364        ViaC7 - ok

14:54:09.0936 5364        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

14:54:09.0947 5364        viaide - ok

14:54:09.0986 5364        volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

14:54:09.0999 5364        volmgr - ok

14:54:10.0034 5364        volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

14:54:10.0051 5364        volmgrx - ok

14:54:10.0092 5364        volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

14:54:10.0108 5364        volsnap - ok

14:54:10.0152 5364        vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

14:54:10.0164 5364        vsmraid - ok

14:54:10.0201 5364        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

14:54:10.0216 5364        vwifibus - ok

14:54:10.0232 5364        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

14:54:10.0248 5364        vwififlt - ok

14:54:10.0291 5364        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

14:54:10.0304 5364        WacomPen - ok

14:54:10.0349 5364        WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

14:54:10.0383 5364        WANARP - ok

14:54:10.0386 5364        Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

14:54:10.0419 5364        Wanarpv6 - ok

14:54:10.0499 5364        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

14:54:10.0520 5364        Wd - ok

14:54:10.0560 5364        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

14:54:10.0582 5364        Wdf01000 - ok

14:54:10.0674 5364        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

14:54:10.0719 5364        WfpLwf - ok

14:54:10.0739 5364        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

14:54:10.0750 5364        WIMMount - ok

14:54:10.0878 5364        WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys

14:54:10.0902 5364        WinUsb - ok

14:54:10.0989 5364        WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

14:54:11.0013 5364        WmiAcpi - ok

14:54:11.0138 5364        ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

14:54:11.0181 5364        ws2ifsl - ok

14:54:11.0218 5364        WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

14:54:11.0252 5364        WudfPf - ok

14:54:11.0272 5364        WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:54:11.0304 5364        WUDFRd - ok

14:54:11.0348 5364        MBR (0x1B8)     (8a1c59e4dfef87510470928550466632) \Device\Harddisk0\DR0

14:54:14.0280 5364        \Device\Harddisk0\DR0 - ok

14:54:14.0317 5364        Boot (0x1200)   (f31dc2512ad53822a7e28369d1c5e63f) \Device\Harddisk0\DR0\Partition0

14:54:14.0319 5364        \Device\Harddisk0\DR0\Partition0 - ok

14:54:14.0333 5364        Boot (0x1200)   (880637bea931fe8c03abed6dd053f59b) \Device\Harddisk0\DR0\Partition1

14:54:14.0335 5364        \Device\Harddisk0\DR0\Partition1 - ok

14:54:14.0371 5364        Boot (0x1200)   (41300ec0d0bbc9dab6d46fb8d03c5f51) \Device\Harddisk0\DR0\Partition2

14:54:14.0373 5364        \Device\Harddisk0\DR0\Partition2 - ok

14:54:14.0374 5364        ============================================================

14:54:14.0374 5364        Scan finished

14:54:14.0374 5364        ============================================================

14:54:14.0389 5616        Detected object count: 2

14:54:14.0389 5616        Actual detected object count: 2

Irgendwie ist das Log unvollstöndig, die untere Zusammenfassung vermisse ich

Code:

 14:52:49.0829 6076        TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

14:52:49.0850 6076        ============================================================

14:52:49.0850 6076        Current date / time: 2012/02/23 14:52:49.0850

14:52:49.0850 6076        SystemInfo:

14:52:49.0850 6076        

14:52:49.0850 6076        OS Version: 6.1.7600 ServicePack: 0.0

14:52:49.0850 6076        Product type: Workstation

14:52:49.0850 6076        ComputerName: MARKUS-PC

14:52:49.0851 6076        UserName: Markus

14:52:49.0851 6076        Windows directory: C:\Windows

14:52:49.0851 6076        System windows directory: C:\Windows

14:52:49.0851 6076        Processor architecture: Intel x86

14:52:49.0851 6076        Number of processors: 4

14:52:49.0851 6076        Page size: 0x1000

14:52:49.0851 6076        Boot type: Normal boot

14:52:49.0851 6076        ============================================================

14:52:50.0262 6076        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

14:52:50.0264 6076        \Device\Harddisk0\DR0:

14:52:50.0264 6076        MBR used

14:52:50.0264 6076        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

14:52:50.0264 6076        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x35152000

14:52:50.0264 6076        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x35184800, BlocksNum 0x5000000

14:52:50.0360 6076        Initialize success

14:52:50.0360 6076        ============================================================

14:53:50.0262 5364        ============================================================

14:53:50.0262 5364        Scan started

14:53:50.0262 5364        Mode: Manual; SigCheck; TDLFS; 

14:53:50.0262 5364        ============================================================

14:53:50.0511 5364        1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

14:53:50.0595 5364        1394ohci - ok

14:53:50.0640 5364        ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

14:53:50.0672 5364        ACPI - ok

14:53:50.0769 5364        AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

14:53:50.0796 5364        AcpiPmi - ok

14:53:50.0866 5364        adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

14:53:50.0887 5364        adp94xx - ok

14:53:51.0017 5364        adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

14:53:51.0043 5364        adpahci - ok

14:53:51.0175 5364        adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

14:53:51.0201 5364        adpu320 - ok

14:53:51.0340 5364        Afc             (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys

14:53:51.0382 5364        Afc - ok

14:53:51.0431 5364        AFD             (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys

14:53:51.0455 5364        AFD - ok

14:53:51.0538 5364        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

14:53:51.0560 5364        agp440 - ok

14:53:51.0669 5364        aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

14:53:51.0690 5364        aic78xx - ok

14:53:51.0814 5364        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

14:53:51.0834 5364        aliide - ok

14:53:51.0893 5364        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

14:53:51.0915 5364        amdagp - ok

14:53:52.0027 5364        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

14:53:52.0045 5364        amdide - ok

14:53:52.0089 5364        AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

14:53:52.0111 5364        AmdK8 - ok

14:53:52.0132 5364        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

14:53:52.0147 5364        AmdPPM - ok

14:53:52.0187 5364        amdsata         (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys

14:53:52.0209 5364        amdsata - ok

14:53:52.0239 5364        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

14:53:52.0253 5364        amdsbs - ok

14:53:52.0286 5364        amdxata         (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys

14:53:52.0298 5364        amdxata - ok

14:53:52.0465 5364        APL531          (1fc8a7e5c3aed31f00940c6ab2fd9b49) C:\Windows\system32\Drivers\ov550i.sys

14:53:52.0489 5364        APL531 ( UnsignedFile.Multi.Generic ) - warning

14:53:52.0489 5364        APL531 - detected UnsignedFile.Multi.Generic (1)

14:53:52.0542 5364        AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

14:53:52.0562 5364        AppID - ok

14:53:52.0679 5364        arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

14:53:52.0701 5364        arc - ok

14:53:52.0730 5364        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

14:53:52.0744 5364        arcsas - ok

14:53:52.0792 5364        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

14:53:52.0839 5364        AsyncMac - ok

14:53:52.0956 5364        atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

14:53:52.0975 5364        atapi - ok

14:53:53.0037 5364        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys

14:53:53.0053 5364        avgntflt - ok

14:53:53.0073 5364        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys

14:53:53.0088 5364        avipbb - ok

14:53:53.0202 5364        b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

14:53:53.0232 5364        b06bdrv - ok

14:53:53.0277 5364        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

14:53:53.0294 5364        b57nd60x - ok

14:53:53.0411 5364        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

14:53:53.0458 5364        Beep - ok

14:53:53.0496 5364        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

14:53:53.0510 5364        blbdrive - ok

14:53:53.0539 5364        bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

14:53:53.0553 5364        bowser - ok

14:53:53.0591 5364        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

14:53:53.0609 5364        BrFiltLo - ok

14:53:53.0623 5364        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

14:53:53.0639 5364        BrFiltUp - ok

14:53:53.0772 5364        Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

14:53:53.0795 5364        Brserid - ok

14:53:53.0810 5364        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

14:53:53.0826 5364        BrSerWdm - ok

14:53:53.0852 5364        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

14:53:53.0869 5364        BrUsbMdm - ok

14:53:53.0897 5364        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

14:53:53.0912 5364        BrUsbSer - ok

14:53:53.0938 5364        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

14:53:53.0955 5364        BTHMODEM - ok

14:53:54.0057 5364        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

14:53:54.0096 5364        cdfs - ok

14:53:54.0184 5364        cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

14:53:54.0211 5364        cdrom - ok

14:53:54.0318 5364        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

14:53:54.0342 5364        circlass - ok

14:53:54.0398 5364        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

14:53:54.0422 5364        CLFS - ok

14:53:54.0463 5364        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

14:53:54.0479 5364        CmBatt - ok

14:53:54.0507 5364        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

14:53:54.0520 5364        cmdide - ok

14:53:54.0564 5364        CNG             (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys

14:53:54.0590 5364        CNG - ok

14:53:54.0628 5364        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

14:53:54.0641 5364        Compbatt - ok

14:53:54.0743 5364        CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

14:53:54.0769 5364        CompositeBus - ok

14:53:54.0808 5364        crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

14:53:54.0819 5364        crcdisk - ok

14:53:54.0921 5364        DfsC            (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys

14:53:54.0942 5364        DfsC - ok

14:53:54.0991 5364        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

14:53:55.0024 5364        discache - ok

14:53:55.0124 5364        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

14:53:55.0143 5364        Disk - ok

14:53:55.0268 5364        Dot4            (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys

14:53:55.0298 5364        Dot4 - ok

14:53:55.0325 5364        Dot4Print       (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys

14:53:55.0342 5364        Dot4Print - ok

14:53:55.0373 5364        dot4usb         (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys

14:53:55.0390 5364        dot4usb - ok

14:53:55.0432 5364        drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

14:53:55.0460 5364        drmkaud - ok

14:53:55.0504 5364        DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

14:53:55.0526 5364        DXGKrnl - ok

14:53:55.0657 5364        ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

14:53:55.0711 5364        ebdrv - ok

14:53:55.0772 5364        elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

14:53:55.0791 5364        elxstor - ok

14:53:55.0929 5364        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

14:53:55.0951 5364        ErrDev - ok

14:53:56.0110 5364        exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

14:53:56.0156 5364        exfat - ok

14:53:56.0177 5364        fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

14:53:56.0209 5364        fastfat - ok

14:53:56.0243 5364        fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

14:53:56.0256 5364        fdc - ok

14:53:56.0303 5364        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

14:53:56.0315 5364        FileInfo - ok

14:53:56.0328 5364        Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

14:53:56.0362 5364        Filetrace - ok

14:53:56.0393 5364        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

14:53:56.0407 5364        flpydisk - ok

14:53:56.0458 5364        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

14:53:56.0473 5364        FltMgr - ok

14:53:56.0590 5364        FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

14:53:56.0610 5364        FsDepends - ok

14:53:56.0639 5364        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

14:53:56.0654 5364        Fs_Rec - ok

14:53:56.0728 5364        fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

14:53:56.0758 5364        fvevol - ok

14:53:56.0813 5364        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

14:53:56.0830 5364        gagp30kx - ok

14:53:56.0865 5364        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

14:53:56.0888 5364        hcw85cir - ok

14:53:56.0947 5364        HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

14:53:56.0969 5364        HdAudAddService - ok

14:53:57.0085 5364        HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

14:53:57.0115 5364        HDAudBus - ok

14:53:57.0216 5364        HECI            (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys

14:53:57.0238 5364        HECI - ok

14:53:57.0253 5364        HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

14:53:57.0269 5364        HidBatt - ok

14:53:57.0302 5364        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

14:53:57.0319 5364        HidBth - ok

14:53:57.0371 5364        HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

14:53:57.0389 5364        HidIr - ok

14:53:57.0500 5364        HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

14:53:57.0527 5364        HidUsb - ok

14:53:57.0650 5364        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

14:53:57.0668 5364        HpSAMD - ok

14:53:57.0798 5364        HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

14:53:57.0849 5364        HTTP - ok

14:53:57.0864 5364        hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

14:53:57.0874 5364        hwpolicy - ok

14:53:57.0991 5364        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

14:53:58.0014 5364        i8042prt - ok

14:53:58.0061 5364        iaStor          (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys

14:53:58.0085 5364        iaStor - ok

14:53:58.0190 5364        iaStorV         (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys

14:53:58.0222 5364        iaStorV - ok

14:53:58.0454 5364        igfx            (8e9da2e49347af49901526dcd4d0f397) C:\Windows\system32\DRIVERS\igdkmd32.sys

14:53:58.0572 5364        igfx - ok

14:53:58.0689 5364        iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

14:53:58.0708 5364        iirsp - ok

14:53:58.0828 5364        Impcd           (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys

14:53:58.0848 5364        Impcd - ok

14:53:59.0036 5364        IntcAzAudAddService (5f9882ba31b7755341bc7773cb1ead62) C:\Windows\system32\drivers\RTKVHDA.sys

14:53:59.0107 5364        IntcAzAudAddService - ok

14:53:59.0209 5364        IntcDAud        (bf31740828a26ab451803e3b35432651) C:\Windows\system32\DRIVERS\IntcDAud.sys

14:53:59.0236 5364        IntcDAud - ok

14:53:59.0269 5364        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

14:53:59.0280 5364        intelide - ok

14:53:59.0322 5364        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

14:53:59.0338 5364        intelppm - ok

14:53:59.0389 5364        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:53:59.0435 5364        IpFilterDriver - ok

14:53:59.0469 5364        IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

14:53:59.0483 5364        IPMIDRV - ok

14:53:59.0525 5364        IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

14:53:59.0560 5364        IPNAT - ok

14:53:59.0597 5364        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

14:53:59.0629 5364        IRENUM - ok

14:53:59.0670 5364        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

14:53:59.0692 5364        isapnp - ok

14:53:59.0736 5364        iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

14:53:59.0754 5364        iScsiPrt - ok

14:53:59.0819 5364        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

14:53:59.0842 5364        kbdclass - ok

14:53:59.0877 5364        kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

14:53:59.0898 5364        kbdhid - ok

14:53:59.0963 5364        KSecDD          (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys

14:53:59.0986 5364        KSecDD - ok

14:54:00.0013 5364        KSecPkg         (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys

14:54:00.0025 5364        KSecPkg - ok

14:54:00.0125 5364        L1C             (4566fd5f4416e7fef3600e4b30d086c3) C:\Windows\system32\DRIVERS\L1C62x86.sys

14:54:00.0143 5364        L1C - ok

14:54:00.0260 5364        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

14:54:00.0309 5364        lltdio - ok

14:54:00.0409 5364        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

14:54:00.0429 5364        LSI_FC - ok

14:54:00.0473 5364        LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

14:54:00.0497 5364        LSI_SAS - ok

14:54:00.0534 5364        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

14:54:00.0546 5364        LSI_SAS2 - ok

14:54:00.0572 5364        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

14:54:00.0585 5364        LSI_SCSI - ok

14:54:00.0631 5364        luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

14:54:00.0682 5364        luafv - ok

14:54:00.0745 5364        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

14:54:00.0764 5364        MBAMProtector - ok

14:54:00.0812 5364        megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

14:54:00.0832 5364        megasas - ok

14:54:00.0882 5364        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

14:54:00.0899 5364        MegaSR - ok

14:54:00.0964 5364        Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

14:54:01.0002 5364        Modem - ok

14:54:01.0038 5364        monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

14:54:01.0070 5364        monitor - ok

14:54:01.0179 5364        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

14:54:01.0199 5364        mouclass - ok

14:54:01.0223 5364        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

14:54:01.0238 5364        mouhid - ok

14:54:01.0333 5364        mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

14:54:01.0354 5364        mountmgr - ok

14:54:01.0391 5364        mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

14:54:01.0410 5364        mpio - ok

14:54:01.0448 5364        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

14:54:01.0492 5364        mpsdrv - ok

14:54:01.0515 5364        MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

14:54:01.0533 5364        MRxDAV - ok

14:54:01.0568 5364        mrxsmb          (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:54:01.0584 5364        mrxsmb - ok

14:54:01.0623 5364        mrxsmb10        (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:54:01.0642 5364        mrxsmb10 - ok

14:54:01.0691 5364        mrxsmb20        (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:54:01.0707 5364        mrxsmb20 - ok

14:54:01.0759 5364        msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

14:54:01.0780 5364        msahci - ok

14:54:01.0871 5364        msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

14:54:01.0893 5364        msdsm - ok

14:54:01.0928 5364        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

14:54:01.0960 5364        Msfs - ok

14:54:01.0976 5364        mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

14:54:02.0007 5364        mshidkmdf - ok

14:54:02.0036 5364        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

14:54:02.0047 5364        msisadrv - ok

14:54:02.0110 5364        MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

14:54:02.0144 5364        MSKSSRV - ok

14:54:02.0165 5364        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

14:54:02.0196 5364        MSPCLOCK - ok

14:54:02.0215 5364        MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

14:54:02.0244 5364        MSPQM - ok

14:54:02.0265 5364        MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

14:54:02.0276 5364        MsRPC - ok

14:54:02.0316 5364        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

14:54:02.0326 5364        mssmbios - ok

14:54:02.0350 5364        MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

14:54:02.0382 5364        MSTEE - ok

14:54:02.0421 5364        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

14:54:02.0448 5364        MTConfig - ok

14:54:02.0471 5364        Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

14:54:02.0482 5364        Mup - ok

14:54:02.0526 5364        NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

14:54:02.0547 5364        NativeWifiP - ok

14:54:02.0582 5364        NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

14:54:02.0603 5364        NDIS - ok

14:54:02.0640 5364        NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

14:54:02.0671 5364        NdisCap - ok

14:54:02.0715 5364        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

14:54:02.0746 5364        NdisTapi - ok

14:54:02.0772 5364        Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

14:54:02.0803 5364        Ndisuio - ok

14:54:02.0827 5364        NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

14:54:02.0862 5364        NdisWan - ok

14:54:02.0895 5364        NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

14:54:02.0926 5364        NDProxy - ok

14:54:03.0030 5364        NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

14:54:03.0075 5364        NetBIOS - ok

14:54:03.0093 5364        NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

14:54:03.0127 5364        NetBT - ok

14:54:03.0244 5364        nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

14:54:03.0266 5364        nfrd960 - ok

14:54:03.0320 5364        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

14:54:03.0364 5364        Npfs - ok

14:54:03.0383 5364        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

14:54:03.0414 5364        nsiproxy - ok

14:54:03.0468 5364        Ntfs            (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys

14:54:03.0502 5364        Ntfs - ok

14:54:03.0528 5364        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

14:54:03.0558 5364        Null - ok

14:54:03.0604 5364        nvraid          (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys

14:54:03.0616 5364        nvraid - ok

14:54:03.0641 5364        nvstor          (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys

14:54:03.0653 5364        nvstor - ok

14:54:03.0696 5364        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

14:54:03.0709 5364        nv_agp - ok

14:54:03.0752 5364        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

14:54:03.0768 5364        ohci1394 - ok

14:54:03.0961 5364        Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

14:54:03.0988 5364        Parport - ok

14:54:04.0022 5364        partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

14:54:04.0040 5364        partmgr - ok

14:54:04.0067 5364        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

14:54:04.0082 5364        Parvdm - ok

14:54:04.0129 5364        pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

14:54:04.0142 5364        pci - ok

14:54:04.0177 5364        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

14:54:04.0188 5364        pciide - ok

14:54:04.0233 5364        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

14:54:04.0247 5364        pcmcia - ok

14:54:04.0279 5364        pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

14:54:04.0291 5364        pcw - ok

14:54:04.0322 5364        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

14:54:04.0363 5364        PEAUTH - ok

14:54:04.0507 5364        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

14:54:04.0557 5364        PptpMiniport - ok

14:54:04.0595 5364        Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

14:54:04.0608 5364        Processor - ok

14:54:04.0666 5364        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

14:54:04.0701 5364        Psched - ok

14:54:04.0850 5364        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

14:54:04.0896 5364        ql2300 - ok

14:54:04.0933 5364        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

14:54:04.0945 5364        ql40xx - ok

14:54:04.0978 5364        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

14:54:04.0997 5364        QWAVEdrv - ok

14:54:05.0025 5364        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

14:54:05.0062 5364        RasAcd - ok

14:54:05.0108 5364        RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

14:54:05.0144 5364        RasAgileVpn - ok

14:54:05.0171 5364        Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:54:05.0204 5364        Rasl2tp - ok

14:54:05.0234 5364        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

14:54:05.0268 5364        RasPppoe - ok

14:54:05.0368 5364        RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

14:54:05.0423 5364        RasSstp - ok

14:54:05.0445 5364        rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

14:54:05.0479 5364        rdbss - ok

14:54:05.0516 5364        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

14:54:05.0532 5364        rdpbus - ok

14:54:05.0566 5364        RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:54:05.0596 5364        RDPCDD - ok

14:54:05.0632 5364        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

14:54:05.0663 5364        RDPENCDD - ok

14:54:05.0683 5364        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

14:54:05.0717 5364        RDPREFMP - ok

14:54:05.0745 5364        RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

14:54:05.0777 5364        RDPWD - ok

14:54:05.0810 5364        rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

14:54:05.0823 5364        rdyboost - ok

14:54:05.0947 5364        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

14:54:05.0999 5364        rspndr - ok

14:54:06.0095 5364        RSUSBSTOR       (0340a381b920a6e68178b832889f33f8) C:\Windows\System32\Drivers\RtsUStor.sys

14:54:06.0115 5364        RSUSBSTOR - ok

14:54:06.0182 5364        rtl8192se       (cfd6c307bf5db3b339be9f92b95433b9) C:\Windows\system32\DRIVERS\rtl8192se.sys

14:54:06.0210 5364        rtl8192se - ok

14:54:06.0311 5364        sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

14:54:06.0338 5364        sbp2port - ok

14:54:06.0392 5364        scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

14:54:06.0428 5364        scfilter - ok

14:54:06.0465 5364        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

14:54:06.0500 5364        secdrv - ok

14:54:06.0602 5364        Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

14:54:06.0626 5364        Serenum - ok

14:54:06.0657 5364        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

14:54:06.0675 5364        Serial - ok

14:54:06.0720 5364        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

14:54:06.0746 5364        sermouse - ok

14:54:06.0781 5364        sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

14:54:06.0793 5364        sffdisk - ok

14:54:06.0813 5364        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

14:54:06.0827 5364        sffp_mmc - ok

14:54:06.0849 5364        sffp_sd         (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys

14:54:06.0861 5364        sffp_sd - ok

14:54:06.0888 5364        sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

14:54:06.0904 5364        sfloppy - ok

14:54:06.0971 5364        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

14:54:06.0991 5364        sisagp - ok

14:54:07.0011 5364        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

14:54:07.0028 5364        SiSRaid2 - ok

14:54:07.0068 5364        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

14:54:07.0080 5364        SiSRaid4 - ok

14:54:07.0125 5364        Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

14:54:07.0161 5364        Smb - ok

14:54:07.0189 5364        spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

14:54:07.0199 5364        spldr - ok

14:54:07.0346 5364        sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

14:54:07.0346 5364        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

14:54:07.0353 5364        sptd ( LockedFile.Multi.Generic ) - warning

14:54:07.0353 5364        sptd - detected LockedFile.Multi.Generic (1)

14:54:07.0391 5364        srv             (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys

14:54:07.0417 5364        srv - ok

14:54:07.0451 5364        srv2            (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys

14:54:07.0469 5364        srv2 - ok

14:54:07.0498 5364        srvnet          (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys

14:54:07.0513 5364        srvnet - ok

14:54:07.0559 5364        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

14:54:07.0574 5364        ssmdrv - ok

14:54:07.0619 5364        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

14:54:07.0633 5364        stexstor - ok

14:54:07.0741 5364        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

14:54:07.0753 5364        swenum - ok

14:54:07.0864 5364        SynTP           (d776eb85a20696d9d43129ccf6e703e2) C:\Windows\system32\DRIVERS\SynTP.sys

14:54:07.0883 5364        SynTP - ok

14:54:07.0960 5364        Tcpip           (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys

14:54:08.0003 5364        Tcpip - ok

14:54:08.0054 5364        TCPIP6          (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys

14:54:08.0092 5364        TCPIP6 - ok

14:54:08.0127 5364        tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

14:54:08.0156 5364        tcpipreg - ok

14:54:08.0176 5364        TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

14:54:08.0205 5364        TDPIPE - ok

14:54:08.0229 5364        TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

14:54:08.0258 5364        TDTCP - ok

14:54:08.0285 5364        tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

14:54:08.0316 5364        tdx - ok

14:54:08.0353 5364        TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

14:54:08.0363 5364        TermDD - ok

14:54:08.0420 5364        tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:54:08.0452 5364        tssecsrv - ok

14:54:08.0523 5364        tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

14:54:08.0580 5364        tunnel - ok

14:54:08.0607 5364        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

14:54:08.0617 5364        uagp35 - ok

14:54:08.0650 5364        udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

14:54:08.0684 5364        udfs - ok

14:54:08.0727 5364        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

14:54:08.0750 5364        uliagpkx - ok

14:54:08.0826 5364        umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

14:54:08.0843 5364        umbus - ok

14:54:08.0927 5364        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

14:54:08.0949 5364        UmPass - ok

14:54:08.0985 5364        usbccgp         (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys

14:54:08.0998 5364        usbccgp - ok

14:54:09.0050 5364        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

14:54:09.0083 5364        usbcir - ok

14:54:09.0100 5364        usbehci         (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\drivers\usbehci.sys

14:54:09.0113 5364        usbehci - ok

14:54:09.0146 5364        usbhub          (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys

14:54:09.0163 5364        usbhub - ok

14:54:09.0196 5364        usbohci         (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys

14:54:09.0211 5364        usbohci - ok

14:54:09.0289 5364        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

14:54:09.0315 5364        usbprint - ok

14:54:09.0355 5364        usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

14:54:09.0371 5364        usbscan - ok

14:54:09.0400 5364        USBSTOR         (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:54:09.0414 5364        USBSTOR - ok

14:54:09.0457 5364        usbuhci         (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys

14:54:09.0471 5364        usbuhci - ok

14:54:09.0612 5364        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

14:54:09.0631 5364        vdrvroot - ok

14:54:09.0670 5364        vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

14:54:09.0694 5364        vga - ok

14:54:09.0713 5364        VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

14:54:09.0743 5364        VgaSave - ok

14:54:09.0787 5364        vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

14:54:09.0800 5364        vhdmp - ok

14:54:09.0852 5364        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

14:54:09.0865 5364        viaagp - ok

14:54:09.0883 5364        ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

14:54:09.0902 5364        ViaC7 - ok

14:54:09.0936 5364        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

14:54:09.0947 5364        viaide - ok

14:54:09.0986 5364        volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

14:54:09.0999 5364        volmgr - ok

14:54:10.0034 5364        volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

14:54:10.0051 5364        volmgrx - ok

14:54:10.0092 5364        volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

14:54:10.0108 5364        volsnap - ok

14:54:10.0152 5364        vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

14:54:10.0164 5364        vsmraid - ok

14:54:10.0201 5364        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

14:54:10.0216 5364        vwifibus - ok

14:54:10.0232 5364        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

14:54:10.0248 5364        vwififlt - ok

14:54:10.0291 5364        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

14:54:10.0304 5364        WacomPen - ok

14:54:10.0349 5364        WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

14:54:10.0383 5364        WANARP - ok

14:54:10.0386 5364        Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

14:54:10.0419 5364        Wanarpv6 - ok

14:54:10.0499 5364        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

14:54:10.0520 5364        Wd - ok

14:54:10.0560 5364        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

14:54:10.0582 5364        Wdf01000 - ok

14:54:10.0674 5364        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

14:54:10.0719 5364        WfpLwf - ok

14:54:10.0739 5364        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

14:54:10.0750 5364        WIMMount - ok

14:54:10.0878 5364        WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys

14:54:10.0902 5364        WinUsb - ok

14:54:10.0989 5364        WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

14:54:11.0013 5364        WmiAcpi - ok

14:54:11.0138 5364        ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

14:54:11.0181 5364        ws2ifsl - ok

14:54:11.0218 5364        WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

14:54:11.0252 5364        WudfPf - ok

14:54:11.0272 5364        WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:54:11.0304 5364        WUDFRd - ok

14:54:11.0348 5364        MBR (0x1B8)     (8a1c59e4dfef87510470928550466632) \Device\Harddisk0\DR0

14:54:14.0280 5364        \Device\Harddisk0\DR0 - ok

14:54:14.0317 5364        Boot (0x1200)   (f31dc2512ad53822a7e28369d1c5e63f) \Device\Harddisk0\DR0\Partition0

14:54:14.0319 5364        \Device\Harddisk0\DR0\Partition0 - ok

14:54:14.0333 5364        Boot (0x1200)   (880637bea931fe8c03abed6dd053f59b) \Device\Harddisk0\DR0\Partition1

14:54:14.0335 5364        \Device\Harddisk0\DR0\Partition1 - ok

14:54:14.0371 5364        Boot (0x1200)   (41300ec0d0bbc9dab6d46fb8d03c5f51) \Device\Harddisk0\DR0\Partition2

14:54:14.0373 5364        \Device\Harddisk0\DR0\Partition2 - ok

14:54:14.0374 5364        ============================================================

14:54:14.0374 5364        Scan finished

14:54:14.0374 5364        ============================================================

14:54:14.0389 5616        Detected object count: 2

14:54:14.0389 5616        Actual detected object count: 2

15:27:33.0035 5616        APL531 ( UnsignedFile.Multi.Generic ) - skipped by user

15:27:33.0035 5616        APL531 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:27:33.0035 5616        sptd ( LockedFile.Multi.Generic ) - skipped by user

15:27:33.0036 5616        sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Combofix Logfile:

Code:

ComboFix 12-02-25.02 - Markus 27.02.2012  14:12:10.1.4 - x86

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.2935.2032 [GMT 1:00]

ausgeführt von:: c:\users\Markus\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Setup.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-01-27 bis 2012-02-27  ))))))))))))))))))))))))))))))

.

.

2012-02-27 13:17 . 2012-02-27 13:18        --------        d-----w-        c:\users\Markus\AppData\Local\temp

2012-02-27 13:17 . 2012-02-27 13:17        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-02-24 16:02 . 2012-02-24 16:02        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3B6AACE-6EDE-444D-91DF-160895B5B1D0}\offreg.dll

2012-02-24 11:07 . 2012-02-08 06:03        6552120        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3B6AACE-6EDE-444D-91DF-160895B5B1D0}\mpengine.dll

2012-02-23 12:04 . 2012-02-23 12:04        --------        d-----w-        C:\_OTL

2012-02-22 11:22 . 2012-02-16 14:55        134104        ----a-w-        c:\program files\Mozilla Firefox\components\browsercomps.dll

2012-02-15 09:05 . 2011-12-16 07:59        690688        ----a-w-        c:\windows\system32\msvcrt.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-29 04:10 . 2010-06-28 23:04        237072        ------w-        c:\windows\system32\MpSigStub.exe

2011-12-10 14:24 . 2012-01-23 16:01        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-05-25 18:43 . 2010-05-25 18:43        3099136        ----a-w-        c:\program files\openofficeorg32.msi

2012-02-16 14:55 . 2012-02-22 11:22        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-23 9177632]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-23 1423904]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-21 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-21 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-21 170008]

"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]

"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-12-11 348960]

"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2010-01-13 413696]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-11 1594664]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Markus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]

path=c:\users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37        843712        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58        37296        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]

2009-11-02 21:21        103720        ------w-        c:\program files\CyberLink\Power2Go\CLMLSvc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2010-04-01 09:16        357696        ----a-w-        c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-07-28 23:08        1259376        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-05-08 14:24        54840        ----a-w-        c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]

2010-10-27 12:20        133432        ----a-w-        c:\program files\ICQ7.2\ICQ.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 APL531;OVT Scanner;c:\windows\system32\Drivers\ov550i.sys [2006-07-31 580992]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 193056]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-13 691696]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]

S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-07-01 428200]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-10 2320920]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]

S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-03-04 67624]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-03-02 1006624]

S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-10-23 118560]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 45998594

*NewlyCreated* - 74097575

*Deregistered* - 45998594

*Deregistered* - 74097575

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

HPService        REG_MULTI_SZ           HPSLPSVC

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

Inhalt des "geplante Tasks" Ordners

.

2012-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3449834995-2028289882-1275101535-1000Core.job

- c:\users\Markus\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-06 14:21]

.

2012-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3449834995-2028289882-1275101535-1000UA.job

- c:\users\Markus\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-06 14:21]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.178.1

TCP: Interfaces\{010B9879-A692-401A-AE4C-02616152CCA3}: DhcpNameServer = 192.168.178.1

TCP: Interfaces\{010B9879-A692-401A-AE4C-02616152CCA3}\D416D65737E45647: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\

FF - prefs.js: browser.search.selectedEngine - Google

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

SafeBoot-BsScanner

AddRemove-OVT Scanner - c:\windows\omniuns.exe USB\Vid_05a9&PID_1550 OVT Scanner

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-02-27  14:19:27

ComboFix-quarantined-files.txt  2012-02-27 13:19

.

Vor Suchlauf: 10 Verzeichnis(se), 374.078.517.248 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 373.988.286.464 Bytes frei

.

- - End Of File - - 708BE9516E5A44EB0325DF72AD3B5A5F

--- --- ---

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.