Trojaner-Board - TR/PSW.Karagany, TR/Dldr.Karagany, TR/Crypt.XPACK, TR/Fakesysdef unter W7

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - TR/PSW.Karagany, TR/Dldr.Karagany, TR/Crypt.XPACK, TR/Fakesysdef unter W7 (https://www.trojaner-board.de/109427-tr-psw-karagany-tr-dldr-karagany-tr-crypt-xpack-tr-fakesysdef-w7.html)

Das ist ein Fehlalarm! Virenscanner deaktivieren und TDSS-Killer ausführen

Hallo Arne,

hatte schon fast sowas vermutet. Habe mich aber nicht so recht getraut, es ohne Virenscanner zu versuchen, auf das Abschalten war ja immer explizit hingewiesen worden.
Ohne hat es aber prima geklappt, hier das Log.

Gruß -

dedza

Code:

17:26:46.0094 3300        TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

17:26:46.0204 3300        ============================================================

17:26:46.0204 3300        Current date / time: 2012/02/17 17:26:46.0204

17:26:46.0204 3300        SystemInfo:

17:26:46.0204 3300        

17:26:46.0204 3300        OS Version: 6.1.7600 ServicePack: 0.0

17:26:46.0204 3300        Product type: Workstation

17:26:46.0204 3300        ComputerName: COMPI

17:26:46.0204 3300        UserName: trudi

17:26:46.0204 3300        Windows directory: C:\Windows

17:26:46.0204 3300        System windows directory: C:\Windows

17:26:46.0204 3300        Running under WOW64

17:26:46.0204 3300        Processor architecture: Intel x64

17:26:46.0204 3300        Number of processors: 4

17:26:46.0204 3300        Page size: 0x1000

17:26:46.0204 3300        Boot type: Normal boot

17:26:46.0204 3300        ============================================================

17:26:49.0090 3300        Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:26:49.0105 3300        \Device\Harddisk0\DR0:

17:26:49.0105 3300        MBR used

17:26:49.0105 3300        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

17:26:49.0105 3300        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48A76000

17:26:49.0105 3300        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48ADA000, BlocksNum 0x1D4A000

17:26:49.0105 3300        \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0

17:26:49.0199 3300        Initialize success

17:26:49.0199 3300        ============================================================

17:27:42.0925 4072        ============================================================

17:27:42.0925 4072        Scan started

17:27:42.0925 4072        Mode: Manual; SigCheck; TDLFS; 

17:27:42.0925 4072        ============================================================

17:27:45.0733 4072        1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

17:27:45.0889 4072        1394ohci - ok

17:27:46.0778 4072        ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

17:27:46.0810 4072        ACPI - ok

17:27:47.0387 4072        AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

17:27:47.0543 4072        AcpiPmi - ok

17:27:48.0370 4072        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

17:27:48.0432 4072        adp94xx - ok

17:27:49.0087 4072        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

17:27:49.0165 4072        adpahci - ok

17:27:49.0696 4072        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

17:27:49.0727 4072        adpu320 - ok

17:27:50.0366 4072        AFD             (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

17:27:50.0444 4072        AFD - ok

17:27:51.0006 4072        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

17:27:51.0037 4072        agp440 - ok

17:27:51.0755 4072        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

17:27:51.0770 4072        aliide - ok

17:27:52.0597 4072        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

17:27:52.0628 4072        amdide - ok

17:27:53.0408 4072        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

17:27:53.0486 4072        AmdK8 - ok

17:27:54.0734 4072        amdkmdag        (55e2968133cd22614f102add2fcffe46) C:\Windows\system32\DRIVERS\atikmdag.sys

17:27:55.0156 4072        amdkmdag - ok

17:27:55.0858 4072        amdkmdap        (93e44e7d300b2dbc805fec7005bb12ce) C:\Windows\system32\DRIVERS\atikmpag.sys

17:27:55.0904 4072        amdkmdap - ok

17:27:56.0528 4072        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

17:27:56.0591 4072        AmdPPM - ok

17:27:57.0355 4072        amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

17:27:57.0386 4072        amdsata - ok

17:27:58.0151 4072        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

17:27:58.0182 4072        amdsbs - ok

17:27:58.0868 4072        amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

17:27:58.0900 4072        amdxata - ok

17:27:59.0414 4072        AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

17:27:59.0492 4072        AppID - ok

17:27:59.0867 4072        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

17:27:59.0882 4072        arc - ok

17:28:00.0413 4072        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

17:28:00.0428 4072        arcsas - ok

17:28:00.0928 4072        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

17:28:01.0130 4072        AsyncMac - ok

17:28:01.0723 4072        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

17:28:01.0754 4072        atapi - ok

17:28:02.0254 4072        AthBTPort       (c647c19b70b4717106f6b59e80d6f38f) C:\Windows\system32\DRIVERS\btath_flt.sys

17:28:02.0316 4072        AthBTPort - ok

17:28:02.0924 4072        AthDfu          (17d367ae1ad05852303a8bdfab5d028b) C:\Windows\system32\Drivers\AthDfu.sys

17:28:02.0971 4072        AthDfu - ok

17:28:03.0845 4072        athr            (96abf88241f90ff647e55c934c55c2f1) C:\Windows\system32\DRIVERS\athrx.sys

17:28:03.0970 4072        athr - ok

17:28:04.0921 4072        avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys

17:28:04.0968 4072        avgntflt - ok

17:28:05.0764 4072        avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys

17:28:05.0779 4072        avipbb - ok

17:28:06.0450 4072        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

17:28:06.0528 4072        b06bdrv - ok

17:28:07.0105 4072        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

17:28:07.0168 4072        b57nd60a - ok

17:28:07.0714 4072        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

17:28:07.0823 4072        Beep - ok

17:28:08.0494 4072        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

17:28:08.0556 4072        blbdrive - ok

17:28:09.0430 4072        bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

17:28:09.0539 4072        bowser - ok

17:28:10.0553 4072        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

17:28:10.0647 4072        BrFiltLo - ok

17:28:11.0520 4072        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

17:28:11.0551 4072        BrFiltUp - ok

17:28:11.0895 4072        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

17:28:11.0941 4072        Brserid - ok

17:28:12.0425 4072        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

17:28:12.0487 4072        BrSerWdm - ok

17:28:13.0049 4072        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

17:28:13.0096 4072        BrUsbMdm - ok

17:28:13.0533 4072        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

17:28:13.0595 4072        BrUsbSer - ok

17:28:14.0141 4072        BTATH_A2DP      (f5b0c8426147f8455a58470753355a86) C:\Windows\system32\drivers\btath_a2dp.sys

17:28:14.0219 4072        BTATH_A2DP - ok

17:28:14.0781 4072        BTATH_BUS       (613a1fd0db78f8df45fc0091868f1032) C:\Windows\system32\DRIVERS\btath_bus.sys

17:28:14.0874 4072        BTATH_BUS - ok

17:28:15.0467 4072        BTATH_HCRP      (30c1769f1dbf567a2f31492e819cbdc2) C:\Windows\system32\DRIVERS\btath_hcrp.sys

17:28:15.0514 4072        BTATH_HCRP - ok

17:28:16.0075 4072        BTATH_RCP       (6b476536c991f953ded4b92cc505b3a8) C:\Windows\system32\DRIVERS\btath_rcp.sys

17:28:16.0122 4072        BTATH_RCP - ok

17:28:16.0637 4072        BtFilter        (e808a9b7dbd8db51d6a02beba677ae88) C:\Windows\system32\DRIVERS\btfilter.sys

17:28:16.0699 4072        BtFilter - ok

17:28:17.0277 4072        BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys

17:28:17.0339 4072        BthEnum - ok

17:28:17.0869 4072        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

17:28:17.0932 4072        BTHMODEM - ok

17:28:18.0462 4072        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

17:28:18.0525 4072        BthPan - ok

17:28:19.0055 4072        BTHPORT         (538392664fee486620dfea146f2500bc) C:\Windows\system32\Drivers\BTHport.sys

17:28:19.0117 4072        BTHPORT - ok

17:28:19.0710 4072        BTHUSB          (6e71522e317b22257d8e37a1584b5829) C:\Windows\system32\Drivers\BTHUSB.sys

17:28:19.0773 4072        BTHUSB - ok

17:28:20.0397 4072        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

17:28:20.0490 4072        cdfs - ok

17:28:21.0130 4072        cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

17:28:21.0161 4072        cdrom - ok

17:28:21.0723 4072        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

17:28:21.0754 4072        circlass - ok

17:28:22.0159 4072        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

17:28:22.0191 4072        CLFS - ok

17:28:22.0768 4072        clwvd           (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys

17:28:22.0783 4072        clwvd - ok

17:28:23.0548 4072        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

17:28:23.0595 4072        CmBatt - ok

17:28:24.0078 4072        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

17:28:24.0109 4072        cmdide - ok

17:28:24.0655 4072        CNG             (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys

17:28:24.0749 4072        CNG - ok

17:28:25.0373 4072        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

17:28:25.0404 4072        Compbatt - ok

17:28:26.0044 4072        CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

17:28:26.0075 4072        CompositeBus - ok

17:28:26.0699 4072        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

17:28:26.0715 4072        crcdisk - ok

17:28:27.0479 4072        DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

17:28:27.0557 4072        DfsC - ok

17:28:28.0072 4072        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

17:28:28.0165 4072        discache - ok

17:28:28.0852 4072        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

17:28:28.0883 4072        Disk - ok

17:28:29.0491 4072        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

17:28:29.0538 4072        drmkaud - ok

17:28:30.0459 4072        DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

17:28:30.0505 4072        DXGKrnl - ok

17:28:31.0925 4072        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

17:28:32.0065 4072        ebdrv - ok

17:28:33.0189 4072        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

17:28:33.0267 4072        elxstor - ok

17:28:34.0249 4072        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

17:28:34.0343 4072        ErrDev - ok

17:28:35.0685 4072        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

17:28:35.0763 4072        exfat - ok

17:28:36.0324 4072        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

17:28:36.0418 4072        fastfat - ok

17:28:36.0964 4072        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

17:28:37.0026 4072        fdc - ok

17:28:37.0557 4072        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

17:28:37.0588 4072        FileInfo - ok

17:28:38.0305 4072        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

17:28:38.0399 4072        Filetrace - ok

17:28:38.0773 4072        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

17:28:38.0820 4072        flpydisk - ok

17:28:39.0397 4072        FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

17:28:39.0444 4072        FltMgr - ok

17:28:39.0975 4072        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

17:28:40.0006 4072        FsDepends - ok

17:28:40.0599 4072        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

17:28:40.0630 4072        Fs_Rec - ok

17:28:41.0020 4072        fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

17:28:41.0051 4072        fvevol - ok

17:28:41.0550 4072        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

17:28:41.0581 4072        gagp30kx - ok

17:28:42.0065 4072        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

17:28:42.0096 4072        hcw85cir - ok

17:28:42.0907 4072        HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

17:28:43.0001 4072        HdAudAddService - ok

17:28:43.0843 4072        HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

17:28:43.0921 4072        HDAudBus - ok

17:28:44.0717 4072        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

17:28:44.0764 4072        HidBatt - ok

17:28:45.0372 4072        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

17:28:45.0435 4072        HidBth - ok

17:28:45.0887 4072        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

17:28:45.0949 4072        HidIr - ok

17:28:46.0542 4072        HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

17:28:46.0589 4072        HidUsb - ok

17:28:47.0197 4072        HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

17:28:47.0229 4072        HpSAMD - ok

17:28:47.0915 4072        HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

17:28:48.0055 4072        HTTP - ok

17:28:48.0523 4072        hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

17:28:48.0539 4072        hwpolicy - ok

17:28:49.0163 4072        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

17:28:49.0194 4072        i8042prt - ok

17:28:49.0803 4072        iaStor          (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys

17:28:49.0849 4072        iaStor - ok

17:28:50.0614 4072        iaStorV         (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

17:28:50.0645 4072        iaStorV - ok

17:28:52.0408 4072        igfx            (0ac9e321d604be48a0d72b69ba484bdc) C:\Windows\system32\DRIVERS\igdkmd64.sys

17:28:52.0767 4072        igfx - ok

17:28:53.0313 4072        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

17:28:53.0344 4072        iirsp - ok

17:28:53.0921 4072        IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

17:28:53.0999 4072        IntcDAud - ok

17:28:54.0467 4072        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

17:28:54.0483 4072        intelide - ok

17:28:56.0526 4072        intelkmd        (0ac9e321d604be48a0d72b69ba484bdc) C:\Windows\system32\DRIVERS\igdpmd64.sys

17:28:56.0869 4072        intelkmd - ok

17:28:57.0478 4072        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

17:28:57.0540 4072        intelppm - ok

17:28:58.0195 4072        IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:28:58.0289 4072        IpFilterDriver - ok

17:28:58.0944 4072        IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

17:28:58.0991 4072        IPMIDRV - ok

17:28:59.0521 4072        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

17:28:59.0631 4072        IPNAT - ok

17:29:00.0192 4072        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

17:29:00.0301 4072        IRENUM - ok

17:29:01.0144 4072        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

17:29:01.0175 4072        isapnp - ok

17:29:02.0017 4072        iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

17:29:02.0080 4072        iScsiPrt - ok

17:29:02.0766 4072        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

17:29:02.0782 4072        kbdclass - ok

17:29:03.0484 4072        kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

17:29:03.0531 4072        kbdhid - ok

17:29:04.0311 4072        KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys

17:29:04.0342 4072        KSecDD - ok

17:29:05.0059 4072        KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys

17:29:05.0091 4072        KSecPkg - ok

17:29:05.0652 4072        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

17:29:05.0761 4072        ksthunk - ok

17:29:06.0417 4072        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

17:29:06.0541 4072        lltdio - ok

17:29:07.0197 4072        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

17:29:07.0212 4072        LSI_FC - ok

17:29:07.0945 4072        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

17:29:07.0977 4072        LSI_SAS - ok

17:29:08.0413 4072        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

17:29:08.0445 4072        LSI_SAS2 - ok

17:29:08.0991 4072        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

17:29:09.0022 4072        LSI_SCSI - ok

17:29:09.0396 4072        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

17:29:09.0490 4072        luafv - ok

17:29:10.0114 4072        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

17:29:10.0145 4072        megasas - ok

17:29:10.0738 4072        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

17:29:10.0769 4072        MegaSR - ok

17:29:11.0455 4072        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

17:29:11.0471 4072        MEIx64 - ok

17:29:12.0157 4072        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

17:29:12.0267 4072        Modem - ok

17:29:12.0859 4072        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

17:29:12.0922 4072        monitor - ok

17:29:13.0639 4072        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

17:29:13.0655 4072        mouclass - ok

17:29:14.0201 4072        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

17:29:14.0279 4072        mouhid - ok

17:29:15.0059 4072        mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

17:29:15.0075 4072        mountmgr - ok

17:29:15.0777 4072        mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

17:29:15.0792 4072        mpio - ok

17:29:16.0447 4072        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

17:29:16.0510 4072        mpsdrv - ok

17:29:17.0087 4072        MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

17:29:17.0149 4072        MRxDAV - ok

17:29:17.0664 4072        mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:29:17.0711 4072        mrxsmb - ok

17:29:18.0335 4072        mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:29:18.0397 4072        mrxsmb10 - ok

17:29:18.0975 4072        mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:29:19.0037 4072        mrxsmb20 - ok

17:29:19.0599 4072        msahci          (2ba4ff3d5eb68587dd662a896f649c7d) C:\Windows\system32\DRIVERS\msahci.sys

17:29:19.0614 4072        msahci - ok

17:29:20.0082 4072        msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

17:29:20.0098 4072        msdsm - ok

17:29:20.0753 4072        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

17:29:20.0815 4072        Msfs - ok

17:29:21.0471 4072        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

17:29:21.0564 4072        mshidkmdf - ok

17:29:22.0157 4072        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

17:29:22.0173 4072        msisadrv - ok

17:29:22.0750 4072        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

17:29:22.0859 4072        MSKSSRV - ok

17:29:23.0389 4072        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

17:29:23.0499 4072        MSPCLOCK - ok

17:29:24.0091 4072        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

17:29:24.0201 4072        MSPQM - ok

17:29:24.0731 4072        MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

17:29:24.0762 4072        MsRPC - ok

17:29:25.0480 4072        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

17:29:25.0511 4072        mssmbios - ok

17:29:25.0995 4072        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

17:29:26.0151 4072        MSTEE - ok

17:29:26.0681 4072        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

17:29:26.0743 4072        MTConfig - ok

17:29:27.0336 4072        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

17:29:27.0352 4072        Mup - ok

17:29:27.0945 4072        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

17:29:28.0023 4072        NativeWifiP - ok

17:29:28.0709 4072        NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

17:29:28.0771 4072        NDIS - ok

17:29:29.0286 4072        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

17:29:29.0395 4072        NdisCap - ok

17:29:29.0957 4072        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

17:29:30.0035 4072        NdisTapi - ok

17:29:30.0550 4072        Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

17:29:30.0643 4072        Ndisuio - ok

17:29:31.0189 4072        NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

17:29:31.0267 4072        NdisWan - ok

17:29:32.0047 4072        NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

17:29:32.0157 4072        NDProxy - ok

17:29:32.0703 4072        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

17:29:32.0843 4072        NetBIOS - ok

17:29:33.0295 4072        NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

17:29:33.0389 4072        NetBT - ok

17:29:34.0575 4072        netw5v64        (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

17:29:34.0762 4072        netw5v64 - ok

17:29:35.0479 4072        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

17:29:35.0511 4072        nfrd960 - ok

17:29:36.0072 4072        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

17:29:36.0181 4072        Npfs - ok

17:29:36.0852 4072        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

17:29:36.0961 4072        nsiproxy - ok

17:29:37.0695 4072        Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

17:29:37.0819 4072        Ntfs - ok

17:29:38.0350 4072        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

17:29:38.0428 4072        Null - ok

17:29:39.0083 4072        nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

17:29:39.0114 4072        nvraid - ok

17:29:39.0754 4072        nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

17:29:39.0769 4072        nvstor - ok

17:29:40.0503 4072        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

17:29:40.0518 4072        nv_agp - ok

17:29:41.0095 4072        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

17:29:41.0158 4072        ohci1394 - ok

17:29:41.0719 4072        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

17:29:41.0751 4072        Parport - ok

17:29:42.0468 4072        partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

17:29:42.0499 4072        partmgr - ok

17:29:43.0404 4072        pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

17:29:43.0435 4072        pci - ok

17:29:43.0950 4072        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

17:29:43.0966 4072        pciide - ok

17:29:44.0434 4072        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

17:29:44.0481 4072        pcmcia - ok

17:29:44.0980 4072        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

17:29:44.0995 4072        pcw - ok

17:29:45.0557 4072        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

17:29:45.0713 4072        PEAUTH - ok

17:29:46.0337 4072        PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

17:29:46.0431 4072        PptpMiniport - ok

17:29:47.0133 4072        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

17:29:47.0179 4072        Processor - ok

17:29:47.0897 4072        Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

17:29:47.0975 4072        Psched - ok

17:29:48.0693 4072        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

17:29:48.0802 4072        ql2300 - ok

17:29:49.0348 4072        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

17:29:49.0379 4072        ql40xx - ok

17:29:49.0847 4072        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

17:29:49.0909 4072        QWAVEdrv - ok

17:29:50.0580 4072        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

17:29:50.0705 4072        RasAcd - ok

17:29:51.0251 4072        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

17:29:51.0345 4072        RasAgileVpn - ok

17:29:52.0062 4072        Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:29:52.0171 4072        Rasl2tp - ok

17:29:52.0749 4072        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

17:29:52.0858 4072        RasPppoe - ok

17:29:53.0419 4072        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

17:29:53.0513 4072        RasSstp - ok

17:29:54.0121 4072        rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

17:29:54.0262 4072        rdbss - ok

17:29:54.0839 4072        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

17:29:54.0886 4072        rdpbus - ok

17:29:55.0666 4072        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:29:55.0759 4072        RDPCDD - ok

17:29:56.0383 4072        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

17:29:56.0477 4072        RDPENCDD - ok

17:29:57.0070 4072        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

17:29:57.0148 4072        RDPREFMP - ok

17:29:57.0912 4072        RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

17:29:58.0006 4072        RDPWD - ok

17:29:58.0723 4072        rdyboost        (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys

17:29:58.0755 4072        rdyboost - ok

17:29:59.0504 4072        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

17:29:59.0582 4072        RFCOMM - ok

17:30:00.0330 4072        RSPCIESTOR      (ca327a84085f68200452e6761f943298) C:\Windows\system32\DRIVERS\RtsPStor.sys

17:30:00.0362 4072        RSPCIESTOR - ok

17:30:00.0986 4072        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

17:30:01.0110 4072        rspndr - ok

17:30:01.0812 4072        RTL8167         (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys

17:30:01.0844 4072        RTL8167 - ok

17:30:02.0436 4072        sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

17:30:02.0468 4072        sbp2port - ok

17:30:03.0076 4072        scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

17:30:03.0170 4072        scfilter - ok

17:30:03.0731 4072        sdbus           (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys

17:30:03.0778 4072        sdbus - ok

17:30:04.0527 4072        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

17:30:04.0620 4072        secdrv - ok

17:30:05.0260 4072        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

17:30:05.0291 4072        Serenum - ok

17:30:05.0822 4072        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

17:30:05.0884 4072        Serial - ok

17:30:06.0508 4072        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

17:30:06.0555 4072        sermouse - ok

17:30:06.0992 4072        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

17:30:07.0038 4072        sffdisk - ok

17:30:07.0662 4072        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

17:30:07.0709 4072        sffp_mmc - ok

17:30:08.0240 4072        sffp_sd         (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

17:30:08.0286 4072        sffp_sd - ok

17:30:08.0754 4072        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

17:30:08.0770 4072        sfloppy - ok

17:30:09.0113 4072        Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

17:30:09.0160 4072        Sftfs - ok

17:30:09.0644 4072        Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

17:30:09.0659 4072        Sftplay - ok

17:30:10.0174 4072        Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

17:30:10.0190 4072        Sftredir - ok

17:30:10.0798 4072        Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

17:30:10.0814 4072        Sftvol - ok

17:30:11.0516 4072        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

17:30:11.0547 4072        SiSRaid2 - ok

17:30:12.0124 4072        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

17:30:12.0155 4072        SiSRaid4 - ok

17:30:12.0701 4072        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

17:30:12.0810 4072        Smb - ok

17:30:13.0310 4072        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

17:30:13.0341 4072        spldr - ok

17:30:14.0168 4072        srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

17:30:14.0246 4072        srv - ok

17:30:14.0823 4072        srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

17:30:14.0901 4072        srv2 - ok

17:30:15.0587 4072        SrvHsfHDA       (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

17:30:15.0634 4072        SrvHsfHDA - ok

17:30:16.0476 4072        SrvHsfV92       (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

17:30:16.0632 4072        SrvHsfV92 - ok

17:30:17.0350 4072        SrvHsfWinac     (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

17:30:17.0444 4072        SrvHsfWinac - ok

17:30:18.0099 4072        srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

17:30:18.0146 4072        srvnet - ok

17:30:19.0144 4072        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

17:30:19.0160 4072        stexstor - ok

17:30:20.0392 4072        STHDA           (0aad250a31a7ee96e0945ab9e1f3baa7) C:\Windows\system32\DRIVERS\stwrt64.sys

17:30:20.0548 4072        STHDA - ok

17:30:21.0312 4072        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

17:30:21.0344 4072        swenum - ok

17:30:21.0890 4072        SynTP           (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys

17:30:21.0936 4072        SynTP - ok

17:30:22.0670 4072        Tcpip           (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys

17:30:22.0888 4072        Tcpip - ok

17:30:24.0089 4072        TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys

17:30:24.0136 4072        TCPIP6 - ok

17:30:24.0807 4072        tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

17:30:24.0885 4072        tcpipreg - ok

17:30:25.0478 4072        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

17:30:25.0556 4072        TDPIPE - ok

17:30:26.0055 4072        TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

17:30:26.0148 4072        TDTCP - ok

17:30:26.0772 4072        tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

17:30:26.0850 4072        tdx - ok

17:30:27.0178 4072        TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

17:30:27.0209 4072        TermDD - ok

17:30:27.0771 4072        tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:30:27.0833 4072        tssecsrv - ok

17:30:28.0535 4072        tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

17:30:28.0644 4072        tunnel - ok

17:30:29.0159 4072        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

17:30:29.0190 4072        uagp35 - ok

17:30:29.0799 4072        udfs            (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys

17:30:29.0846 4072        udfs - ok

17:30:30.0314 4072        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

17:30:30.0345 4072        uliagpkx - ok

17:30:31.0016 4072        umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

17:30:31.0062 4072        umbus - ok

17:30:31.0655 4072        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

17:30:31.0702 4072        UmPass - ok

17:30:32.0326 4072        usbccgp         (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys

17:30:32.0388 4072        usbccgp - ok

17:30:32.0919 4072        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

17:30:32.0981 4072        usbcir - ok

17:30:33.0621 4072        usbehci         (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys

17:30:33.0652 4072        usbehci - ok

17:30:34.0401 4072        usbhub          (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys

17:30:34.0448 4072        usbhub - ok

17:30:34.0994 4072        usbohci         (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys

17:30:35.0040 4072        usbohci - ok

17:30:35.0586 4072        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

17:30:35.0664 4072        usbprint - ok

17:30:36.0210 4072        usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

17:30:36.0273 4072        usbscan - ok

17:30:36.0850 4072        USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:30:36.0881 4072        USBSTOR - ok

17:30:37.0505 4072        usbuhci         (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys

17:30:37.0552 4072        usbuhci - ok

17:30:38.0160 4072        usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys

17:30:38.0238 4072        usbvideo - ok

17:30:38.0738 4072        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

17:30:38.0769 4072        vdrvroot - ok

17:30:39.0299 4072        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

17:30:39.0330 4072        vga - ok

17:30:40.0142 4072        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

17:30:40.0235 4072        VgaSave - ok

17:30:40.0890 4072        vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

17:30:40.0922 4072        vhdmp - ok

17:30:41.0421 4072        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

17:30:41.0452 4072        viaide - ok

17:30:41.0936 4072        volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

17:30:41.0951 4072        volmgr - ok

17:30:42.0747 4072        volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

17:30:42.0809 4072        volmgrx - ok

17:30:43.0464 4072        volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

17:30:43.0496 4072        volsnap - ok

17:30:43.0964 4072        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

17:30:43.0995 4072        vsmraid - ok

17:30:44.0650 4072        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

17:30:44.0697 4072        vwifibus - ok

17:30:45.0305 4072        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

17:30:45.0368 4072        vwififlt - ok

17:30:45.0898 4072        vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

17:30:45.0945 4072        vwifimp - ok

17:30:46.0569 4072        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

17:30:46.0631 4072        WacomPen - ok

17:30:47.0302 4072        WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

17:30:47.0396 4072        WANARP - ok

17:30:47.0458 4072        Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

17:30:47.0505 4072        Wanarpv6 - ok

17:30:48.0191 4072        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

17:30:48.0207 4072        Wd - ok

17:30:48.0800 4072        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

17:30:48.0846 4072        Wdf01000 - ok

17:30:49.0408 4072        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

17:30:49.0486 4072        WfpLwf - ok

17:30:50.0001 4072        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

17:30:50.0032 4072        WIMMount - ok

17:30:50.0640 4072        WinUsb          (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys

17:30:50.0703 4072        WinUsb - ok

17:30:51.0280 4072        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

17:30:51.0327 4072        WmiAcpi - ok

17:30:51.0966 4072        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

17:30:52.0060 4072        ws2ifsl - ok

17:30:52.0762 4072        WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

17:30:52.0871 4072        WudfPf - ok

17:30:53.0433 4072        WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:30:53.0511 4072        WUDFRd - ok

17:30:54.0166 4072        yukonw7         (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

17:30:54.0244 4072        yukonw7 - ok

17:30:54.0338 4072        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

17:30:54.0587 4072        \Device\Harddisk0\DR0 - ok

17:30:54.0634 4072        Boot (0x1200)   (64946ef165bad6d6d45ac275099325f6) \Device\Harddisk0\DR0\Partition0

17:30:54.0634 4072        \Device\Harddisk0\DR0\Partition0 - ok

17:30:54.0650 4072        Boot (0x1200)   (04f88cdb514fda32b18975d5b1afcb11) \Device\Harddisk0\DR0\Partition1

17:30:54.0650 4072        \Device\Harddisk0\DR0\Partition1 - ok

17:30:54.0696 4072        Boot (0x1200)   (9e13157db14d68c71737766e4ea843f7) \Device\Harddisk0\DR0\Partition2

17:30:54.0696 4072        \Device\Harddisk0\DR0\Partition2 - ok

17:30:54.0743 4072        Boot (0x1200)   (cebd86535535586811ca897a22193fb2) \Device\Harddisk0\DR0\Partition3

17:30:54.0743 4072        \Device\Harddisk0\DR0\Partition3 - ok

17:30:54.0759 4072        ============================================================

17:30:54.0759 4072        Scan finished

17:30:54.0759 4072        ============================================================

17:30:54.0774 3552        Detected object count: 0

17:30:54.0774 3552        Actual detected object count: 0

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hallo Arne,

Combofix ist ausgeführt, hier die Datei.

Gruß -

dedza

Code:

ComboFix 12-02-17.02 - trudi 17.02.2012  23:45:23.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.6092.4627 [GMT 1:00]

ausgeführt von:: c:\users\trudi\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\trudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-01-17 bis 2012-02-17  ))))))))))))))))))))))))))))))

.

.

2012-02-17 22:49 . 2012-02-17 22:49        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-02-15 09:07 . 2012-02-15 09:07        --------        d-----w-        C:\_OTL

2012-02-11 23:01 . 2012-02-12 20:31        --------        d-----w-        C:\2012

2012-02-11 19:47 . 2012-02-12 20:21        --------        d-----w-        C:\2011.1

2012-02-10 21:05 . 2012-02-10 21:05        --------        d-----w-        c:\program files (x86)\ESET

2012-02-10 20:46 . 2012-02-10 20:46        --------        d-----w-        c:\users\trudi\AppData\Roaming\Malwarebytes

2012-02-10 20:46 . 2012-02-10 20:46        --------        d-----w-        c:\programdata\Malwarebytes

2012-02-10 20:46 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-02-10 20:46 . 2012-02-10 20:46        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-02-09 22:31 . 2012-02-09 22:31        --------        d-----w-        C:\HP_TOOLS_mountHPSF

2012-01-26 20:55 . 2011-11-17 05:39        314368        ----a-w-        c:\windows\SysWow64\webio.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-17 336384]

"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]

R3 AthDfu;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]

R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-05 291896]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-03 92216]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]

S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-11-22 12:18        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-11-09 22:16        2238976        ----a-w-        c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-11-09 22:16        2238976        ----a-w-        c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-11-09 22:16        2238976        ----a-w-        c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-11-09 22:16        2238976        ----a-w-        c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-11-09 22:16        2238976        ----a-w-        c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-29 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-29 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-29 417304]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-13 524800]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2009-10-28 388608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

uLocal Page = c:\windows\system32\blank.htm

mStart Page = 

mLocal Page = 

TCP: DhcpNameServer = 192.168.178.1

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4} - c:\program files (x86)\InstallShield Installation Information\{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}\setup.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-02-17  23:51:25

ComboFix-quarantined-files.txt  2012-02-17 22:51

.

Vor Suchlauf: 12 Verzeichnis(se), 569.264.779.264 Bytes frei

Nach Suchlauf: 22 Verzeichnis(se), 569.168.183.296 Bytes frei

.

- - End Of File - - 9296B4D4F3986D3FEADB26A37C26DA35

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Hallo Arne,

das Tool hat nach einigen Sekunden Scan zunächst mal Windows abstürzen lassen, nach dem Neustart ging es dann aber. Hier aswMBR.txt.

Gruß -

dedza

Code:

aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software

Run date: 2012-02-20 16:47:08

-----------------------------

16:47:08.514    OS Version: Windows x64 6.1.7600 

16:47:08.514    Number of processors: 4 586 0x2A07

16:47:08.514    ComputerName: COMPI  UserName: trudi

16:47:09.809    Initialze error C0000034 - driver not loaded

16:47:15.768    AVAST engine defs: 12022001

16:47:22.554    Service scanning

16:48:00.291    Modules scanning

16:48:00.291    Disk 0 trace - called modules:

16:48:00.291    

16:48:04.097    AVAST engine scan C:\Windows

16:48:10.446    AVAST engine scan C:\Windows\system32

16:50:00.208    AVAST engine scan C:\Windows\system32\drivers

16:50:13.811    AVAST engine scan C:\Users\trudi

16:52:56.520    AVAST engine scan C:\ProgramData

16:53:41.338    Scan finished successfully

16:54:06.657    The log file has been saved successfully to "C:\Users\trudi\Desktop\aswMBR.txt"

Das Log ist nicht so das was ich wollte. Füh aswMBR nochmal aus. Per Rechtsklick als Admin starten!

Hallo Arne,

hier ein neuer versuch, sieht besser aus...

Gruß-

dedza

Code:

aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software

Run date: 2012-02-20 21:41:35

-----------------------------

21:41:35.731    OS Version: Windows x64 6.1.7600 

21:41:35.731    Number of processors: 4 586 0x2A07

21:41:35.746    ComputerName: COMPI  UserName: trudi

21:41:37.244    Initialize success

21:41:40.005    AVAST engine defs: 12022001

21:41:45.637    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

21:41:45.637    Disk 0 Vendor: ST964032 0002 Size: 610480MB BusType: 3

21:41:45.699    Disk 0 MBR read successfully

21:41:45.715    Disk 0 MBR scan

21:41:45.715    Disk 0 Windows 7 default MBR code

21:41:45.730    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048

21:41:45.761    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       595180 MB offset 409600

21:41:45.808    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        14996 MB offset 1219338240

21:41:45.839    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      103 MB offset 1250050048

21:41:45.855    Service scanning

21:42:20.050    Modules scanning

21:42:20.066    Disk 0 trace - called modules:

21:42:20.128    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 

21:42:20.643    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008421060]

21:42:20.643    3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006522050]

21:42:22.562    AVAST engine scan C:\Windows

21:42:28.209    AVAST engine scan C:\Windows\system32

21:44:18.330    AVAST engine scan C:\Windows\system32\drivers

21:44:34.912    AVAST engine scan C:\Users\trudi

21:46:50.555    AVAST engine scan C:\ProgramData

21:47:31.973    Scan finished successfully

21:47:49.070    Disk 0 MBR has been saved successfully to "C:\Users\trudi\Desktop\MBR.dat"

21:47:49.070    The log file has been saved successfully to "C:\Users\trudi\Desktop\aswMBR.txt"

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Hallo Arne,

hier das Ergebnis von Malwarebyte:

Code:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.02.21.05
 

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

trudi :: COMPI [Administrator]
 

21.02.2012 21:12:51

mbam-log-2012-02-21 (21-12-51).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 357152

Laufzeit: 54 Minute(n), 30 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

und von SuperAntiSpyware:

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 02/22/2012 at 00:01 AM
 

Application Version : 5.0.1144
 

Core Rules Database Version : 8262

Trace Rules Database Version: 6074
 

Scan type       : Complete Scan

Total Scan Time : 01:33:44
 

Operating System Information

Windows 7 Home Premium 64-bit (Build 6.01.7600)

UAC On - Administrator
 

Memory items scanned      : 742

Memory threats detected   : 0

Registry items scanned    : 64686

Registry threats detected : 0

File items scanned        : 167517

File threats detected     : 113
 

Adware.Tracking Cookie

        C:\Users\trudi\AppData\Roaming\Microsoft\Windows\Cookies\PZJ8HGQ0.txt [ /c.atdmt.com ]

        C:\Users\trudi\AppData\Roaming\Microsoft\Windows\Cookies\NMI26PYG.txt [ /smartadserver.com ]

        C:\Users\trudi\AppData\Roaming\Microsoft\Windows\Cookies\E8133IG8.txt [ /mediaplex.com ]

        C:\Users\trudi\AppData\Roaming\Microsoft\Windows\Cookies\GSNU6BLQ.txt [ /doubleclick.net ]

        C:\Users\trudi\AppData\Roaming\Microsoft\Windows\Cookies\JS9J0EOG.txt [ /apmebf.com ]

        C:\Users\trudi\AppData\Roaming\Microsoft\Windows\Cookies\69L1SMZG.txt [ /atdmt.com ]

        C:\USERS\STANDARD\AppData\Roaming\Microsoft\Windows\Cookies\HIOOQY78.txt [ Cookie:standard@smartadserver.com/ ]

        C:\USERS\STANDARD\AppData\Roaming\Microsoft\Windows\Cookies\GZ285CYJ.txt [ Cookie:standard@apmebf.com/ ]

        C:\USERS\STANDARD\AppData\Roaming\Microsoft\Windows\Cookies\24Y0VM31.txt [ Cookie:standard@mediaplex.com/ ]

        C:\USERS\STANDARD\AppData\Roaming\Microsoft\Windows\Cookies\Low\0I8ZKBMB.txt [ Cookie:standard@c.atdmt.com/ ]

        C:\USERS\STANDARD\AppData\Roaming\Microsoft\Windows\Cookies\Low\OQQ1DSA9.txt [ Cookie:standard@doubleclick.net/ ]

        C:\USERS\STANDARD\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZIUCDBMD.txt [ Cookie:standard@atdmt.com/ ]

        C:\USERS\STANDARD\Cookies\HIOOQY78.txt [ Cookie:standard@smartadserver.com/ ]

        C:\USERS\STANDARD\Cookies\GZ285CYJ.txt [ Cookie:standard@apmebf.com/ ]

        C:\USERS\STANDARD\Cookies\24Y0VM31.txt [ Cookie:standard@mediaplex.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\MVKP6CM8.txt [ Cookie:trudi@c.atdmt.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\W9UMEK2T.txt [ Cookie:trudi@fr.sitestat.com/renault-group/dacia-de/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\5FMS3G9A.txt [ Cookie:trudi@ad4.adfarm1.adition.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\FH0NV32M.txt [ Cookie:trudi@questionmarket.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\C9TD0K4S.txt [ Cookie:trudi@adfarm1.adition.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\YOJ65EY3.txt [ Cookie:trudi@tribalfusion.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\P0SG1055.txt [ Cookie:trudi@smartadserver.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\4MGPVUQ3.txt [ Cookie:trudi@invitemedia.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\YRRG6HA3.txt [ Cookie:trudi@eas.apm.emediate.eu/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\FF7TW9AG.txt [ Cookie:trudi@lfstmedia.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\9N2LQJAD.txt [ Cookie:trudi@ad.adserver01.de/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\6ZSTG61F.txt [ Cookie:trudi@media.campartner.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\GD4HA009.txt [ Cookie:trudi@ww251.smartadserver.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\HUYZMEQM.txt [ Cookie:trudi@ad2.adfarm1.adition.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\10IQX5FP.txt [ Cookie:trudi@ad.zanox.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\EMFEW5KT.txt [ Cookie:trudi@unitymedia.de/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\VKAAQPKO.txt [ Cookie:trudi@snapfish.112.2o7.net/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\RAOKPT26.txt [ Cookie:trudi@www.googleadservices.com/pagead/conversion/1069804837/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\5QDQ9228.txt [ Cookie:trudi@yieldmanager.net/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\HTAOE3XP.txt [ Cookie:trudi@countomat.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\CGRBTD67.txt [ Cookie:trudi@clickfuse.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\EF6F6RXE.txt [ Cookie:trudi@adtech.de/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\KUW670N9.txt [ Cookie:trudi@tracking.mindshare.de/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\5YBVONDD.txt [ Cookie:trudi@mediaplex.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\78SH0R8O.txt [ Cookie:trudi@liveperson.net/hc/36005843 ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\4SPZMY7X.txt [ Cookie:trudi@tradedoubler.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\3WENMOE6.txt [ Cookie:trudi@dyntracker.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\N1AKXJIY.txt [ Cookie:trudi@doubleclick.net/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\LW1QMJ9H.txt [ Cookie:trudi@tracking.quisma.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\5L2XHUML.txt [ Cookie:trudi@imrworldwide.com/cgi-bin ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\MPX7DC2C.txt [ Cookie:trudi@ad1.dyntracker.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\BNPKLPWX.txt [ Cookie:trudi@generaltracking.de/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\5GKG7YN6.txt [ Cookie:trudi@webmasterplan.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\CGEZ9LLP.txt [ Cookie:trudi@ad.dyntracker.de/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\V3BXLU46.txt [ Cookie:trudi@apmebf.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\GG2DYCA1.txt [ Cookie:trudi@track.webtrekk.de/562243648792138/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\8YGAYY75.txt [ Cookie:trudi@partners.webmasterplan.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\C47C2S2H.txt [ Cookie:trudi@www.googleadservices.com/pagead/conversion/1041120653/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\VKFA454D.txt [ Cookie:trudi@tracking.mlsat02.de/buttinette/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\00K55W82.txt [ Cookie:trudi@bizrate.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\QLQUCO2P.txt [ Cookie:trudi@adform.net/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\FTC9Z8KS.txt [ Cookie:trudi@ad3.adfarm1.adition.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\trudi@secmedia[1].txt [ Cookie:trudi@secmedia.de/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\EV3FQIH3.txt [ Cookie:trudi@adbrite.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\CEMW47OU.txt [ Cookie:trudi@ad1.adfarm1.adition.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\2B0RIWUO.txt [ Cookie:trudi@im.banner.t-online.de/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\MADGY5J6.txt [ Cookie:trudi@a.revenuemax.de/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\0UIGZI0H.txt [ Cookie:trudi@int.sitestat.com/panasonic/de/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\NVT5ZF5V.txt [ Cookie:trudi@revsci.net/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\WP263AED.txt [ Cookie:trudi@guj.122.2o7.net/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\UEJI20VQ.txt [ Cookie:trudi@ad.adnet.de/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\EKALZFQQ.txt [ Cookie:trudi@int.sitestat.com/panasonic/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\IVPJXEMH.txt [ Cookie:trudi@liveperson.net/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\VCFLTMDE.txt [ Cookie:trudi@content.yieldmanager.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\TIKTXTJQ.txt [ Cookie:trudi@www.etracker.de/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\04GWVIVZ.txt [ Cookie:trudi@serving-sys.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\BVMDISFV.txt [ Cookie:trudi@zanox-affiliate.de/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q6ALN5NT.txt [ Cookie:trudi@www.networkadvertising.org/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\28K1AV96.txt [ Cookie:trudi@xiti.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\UCJEPNV5.txt [ Cookie:trudi@bs.serving-sys.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\HIRW4EFQ.txt [ Cookie:trudi@ad.yieldmanager.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\RSJX65J3.txt [ Cookie:trudi@collective-media.net/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\4K30VQZ6.txt [ Cookie:trudi@clicks.pangora.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\316SHFAP.txt [ Cookie:trudi@microsoftwindows.112.2o7.net/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\LK9GIF4H.txt [ Cookie:trudi@fr.sitestat.com/renault-group/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\TD4TYSKT.txt [ Cookie:trudi@kontera.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\CI4NFF13.txt [ Cookie:trudi@unister-adservices.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\WR14ASEW.txt [ Cookie:trudi@legolas-media.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\4VSHMQQN.txt [ Cookie:trudi@casalemedia.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\HOA7GM0A.txt [ Cookie:trudi@autoscout24.112.2o7.net/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\F0AMPGF3.txt [ Cookie:trudi@adserver2.clipkit.de/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\226VA97Q.txt [ Cookie:trudi@cunda.122.2o7.net/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\2QSQV6VO.txt [ Cookie:trudi@specificmedia.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\B88HD6N8.txt [ Cookie:trudi@www.googleadservices.com/pagead/conversion/1054681775/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\AXBQ5MU3.txt [ Cookie:trudi@www.googleadservices.com/pagead/conversion/1070307116/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\230D7QPL.txt [ Cookie:trudi@adserver.trojaner-info.de/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\P9IH0R9N.txt [ Cookie:trudi@tracking.mobile.de/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\K748A4ZW.txt [ Cookie:trudi@advertising.com/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\AZL4V3NY.txt [ Cookie:trudi@www.googleadservices.com/pagead/conversion/1072331127/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\J2ZA2H2H.txt [ Cookie:trudi@www.googleadservices.com/pagead/conversion/1071209279/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\RG90YAJI.txt [ Cookie:trudi@adx.chip.de/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\UA0Q7V1Y.txt [ Cookie:trudi@www.googleadservices.com/pagead/conversion/954736752/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\8A0WSGFM.txt [ Cookie:trudi@sales.liveperson.net/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\80CHURDT.txt [ Cookie:trudi@www.googleadservices.com/pagead/conversion/1041113907/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\S6JTT72W.txt [ Cookie:trudi@www.zanox-affiliate.de/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\GNXZ8XGB.txt [ Cookie:trudi@www.googleadservices.com/pagead/conversion/950437851/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\YJ68PBNO.txt [ Cookie:trudi@komtrack.com/tr ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\LV2RJWNU.txt [ Cookie:trudi@www.googleadservices.com/pagead/conversion/1071214352/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\I1HW9TU6.txt [ Cookie:trudi@www.googleadservices.com/pagead/conversion/1064075388/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\KU28Q97I.txt [ Cookie:trudi@www.googleadservices.com/pagead/conversion/1038913304/ ]

        C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\YDN6PK42.txt [ Cookie:trudi@adtechus.com/ ]

        C:\USERS\TRUDI\Cookies\PZJ8HGQ0.txt [ Cookie:trudi@c.atdmt.com/ ]

        C:\USERS\TRUDI\Cookies\NMI26PYG.txt [ Cookie:trudi@smartadserver.com/ ]

        C:\USERS\TRUDI\Cookies\E8133IG8.txt [ Cookie:trudi@mediaplex.com/ ]

        C:\USERS\TRUDI\Cookies\GSNU6BLQ.txt [ Cookie:trudi@doubleclick.net/ ]

        C:\USERS\TRUDI\Cookies\JS9J0EOG.txt [ Cookie:trudi@apmebf.com/ ]

        C:\USERS\TRUDI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TRUDI@ADS.CREATIVE-SERVING[2].TXT [ /ADS.CREATIVE-SERVING ]

        C:\USERS\TRUDI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TRUDI@PARTY-DISCOUNT[1].TXT [ /PARTY-DISCOUNT ]

Viele Grüße -

dedza

Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Hallo Arne,

zunächst vielen Dank für die Mühe!!

Zitat:

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Anscheinend "in Ordnung" war das System ja unmittelbar nach dem Start von der Notfall-CD und dem Herstellen nach dem letzten Wiederherstellungspunkt - alles läuft ohne Probleme und der Datenverlust war minimal und auch nur Dateien von der Festplatte betroffen, die waren aber alle extern gesichert.
Allerdings war ich nicht sicher, ob durch das Verschieben in die Avira-Quarantäne alles sicher gefunden und unschädlich gemacht wurde.
Von all den durchgeführten Checks hatte dann ja nur eset einen Fund gemeldet.
Ist der Rechner jetzt clean ?

Das waren ja nun einige Trojaner-Funde auf einmal. Wie gefährlich waren die Burschen eigentlich? Beim Googeln findet man eher selten eine gut erklärte aktuelle Virenliste. Kann ich das System besser schützen? Habe ein wenig im Forum gelesen, auch im Bezug auf Virenscanner. Sollte ich Avira ersetzen - Du empfiehlst Avast. Oder ein Produkt kaufen (Kaspersky?).

Zitat:

Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung

Ad-Cookies kann man doch angeblich über den Browser einschränken, bei networkadvertising.org ? Habe das mal am "stationären Computer" gemacht, am Laptop noch nicht...
Macht das Sinn und verhindert die Cookies?

HTML-Code:

www.networkadvertising.org/managing/opt_out.asp

Kann ich jetzt die ganzen Online-Scanner deinstalliern oder empfiehlt es sich, z. Bsp. malwarebytes für Checks bei Verdacht zu belassen?

Also nochmals vielen Dank :dankeschoen: und viele Grüße -

dedza

Zitat:

Macht das Sinn und verhindert die Cookies?

Du kannst den Browser so einstellen, dass er jedes Mal nachfragt ob das Cookie angenommen werden soll oder nicht, kann aber lästig sein. Oder du sagst deinem Browser er soll die Cookies nach jeder Sitzung wegschmeißen (beim Beenden)

Wie gesagt sind Cookies aber keine Gefahr

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Hallo Arne,

danke für die ausführliche Antwort mit den vielen Hinweisen.
Allerdings funktioniert die Deinstallation von Combofix tatsächlich nicht so ganz.:heulen:
Nach der Eingabe der uninstall-Anweisung werden in einem Fenster schnell viele Dekomprimierungen angezeigt, dann zeigt eine Meldung:

Zitat:

Heutiges Datum ist der 23.02.2012. Combofix ist abgelaufen. Klicke "Ja" um Combofix in REDUZIERTER FUNKTIONALITÄT auszuführen. Klicke "Nein" um Combofix zu beenden.

Bei "Ja" startet sofort ein neuer Scan.

Viele Grüße -

dedza

Downloade dir bitte CF_UNINST.exe und speichere diese auf deinem Desktop.

Starte die CF_UNINST.exe
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Folge den Anweisungen auf dem Desktop.
Wenn das Tool fertig ist sollte sich ein Fenster mit folgendem Inhalt öffnen: Done