Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojaner Windows blockiert (https://www.trojaner-board.de/110128-trojaner-windows-blockiert.html)

Flixbob 18.02.2012 18:03
Trojaner Windows blockiert
 
Hallo liebe Helfer!

Auch mich hat's erwischt. Nach den Systemstart ist Windows gesperrt und das Fenster mit der Deutschlandfahne und dem Hinweis Windows wurde aus Sicherheitsgründen gesperrt öffnet sich. Verbunden mit der Aufforderung 50 € zu bezahlen um Windows zu entsperren.

Anbei die Log-Files

cosinus 19.02.2012 20:03
Zitat:
Boot Mode: SafeMode with Networking |
na wenn der Modus geht wirst du erstmal MBAM/ESET probieren können:

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Flixbob 19.02.2012 20:10
Hier kommt schonmal der Vollscan von Malwarebytes.
Den ESET Scan werde ich jetzt machen.

cosinus 19.02.2012 20:13
Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

Flixbob 20.02.2012 00:44
hier kommt die angeforderte lot.txt
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2694242764612c4981c2947387cf07d5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-19 11:41:09
# local_time=2012-02-20 12:41:09 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1792 16777215 100 0 10879989 10879989 0 0
# compatibility_mode=5893 16776573 100 94 107564 82084853 0 0
# compatibility_mode=8192 67108863 100 0 3740 3740 0 0
# scanned=321758
# found=4
# cleaned=0
# scan_time=15687
C:\Users\Felix\Desktop\Downloads\SoftonicDownloader_fuer_codec-pack-all-in-one.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Felix\Desktop\Downloads\SoftonicDownloader_fuer_flash-video-downloader.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Felix\Desktop\Downloads\SoftonicDownloader_fuer_gspot.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
D:\Installationsdateien\SoftonicDownloader42460.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

Flixbob 20.02.2012 08:52
hab noch Malwarebytes drüber laufen lassen!
Hier ist der Log.
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.18.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
**** :: ***** [limitiert]

20.02.2012 00:45:53
mbam-log-2012-02-20 (00-45-53).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 445716
Laufzeit: 2 Stunde(n), 1 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 11
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Löschen bei Neustart.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Löschen bei Neustart.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Löschen bei Neustart.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Löschen bei Neustart.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Löschen bei Neustart.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Löschen bei Neustart.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Löschen bei Neustart.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Löschen bei Neustart.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Löschen bei Neustart.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Löschen bei Neustart.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Löschen bei Neustart.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Löschen bei Neustart.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1) Gut: (hxxp://www.google.com) -> Löschen bei Neustart.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Löschen bei Neustart.

(Ende)

cosinus 20.02.2012 12:25
Zitat:
**** :: ***** [limitiert]
Sry wieso machst du einen MBAM-Scan ohne Adminrechte? Das ist sinnfrei!

Flixbob 20.02.2012 16:52
so jetzt aber als Admin;)
hoffe so ist jetzt alles ok!

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.18.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
**** :: **** [Administrator]

Schutz: Aktiviert

20.02.2012 13:13:48
mbam-log-2012-02-20 (13-13-48).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 494019
Laufzeit: 2 Stunde(n), 49 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 11
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus 20.02.2012 20:50
Funktioniert der normale Modus wieder? Wenn nicht einfach im abgesicherten mit Netzwerk erstmal weitermachen:

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Flixbob 20.02.2012 22:37
Nach 10 Minuten Scan meldet OTL immer " Out of memory".
Weiss nicht woran es liegt!

Flixbob 20.02.2012 22:53
Hab OTL jetzt nochmal laufen lassen, indem ich bei Extra-Regstrierung, Beutze Safe-List angekreuzt haben und dann auf Scan geklickt habe.
Hier ist OTL.txt dazu.

OTL Logfile:
Code:
OTL logfile created on: 20.02.2012 22:45:10 - Run 3
OTL by OldTimer - Version 3.2.32.0    Folder = C:\Users\Felix\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 68,50% Memory free
8,00 Gb Paging File | 6,49 Gb Available in Paging File | 81,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 92,04 Gb Free Space | 61,75% Space Free | Partition Type: NTFS
Drive D: | 137,33 Gb Total Space | 19,50 Gb Free Space | 14,20% Space Free | Partition Type: NTFS
Drive E: | 244,68 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: JFGR-PC | User Name: JFGR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Felix\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - D:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Hamachi2Svc) -- D:\Programme\Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TunngleService) -- D:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (OpenVPNService) -- C:\Program Files (x86)\RWTH OpenVPN Client\bin\openvpnserv.exe ()
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2191024634-1259103323-1375288803-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2191024634-1259103323-1375288803-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2191024634-1259103323-1375288803-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-2191024634-1259103323-1375288803-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2191024634-1259103323-1375288803-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2191024634-1259103323-1375288803-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B 2A 2E 24 5C 7C CC 01  [binary data]
IE - HKU\S-1-5-21-2191024634-1259103323-1375288803-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://startsear.ch/?aff=1"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?aff=1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: D:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: D:\Programme\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2012.01.29 11:57:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012.01.30 01:14:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_4.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_4.0 [2012.02.07 22:25:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.10 23:33:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.02.18 11:52:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012.01.20 08:17:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.07 22:25:37 | 000,000,000 | ---D | M]
 
[2011.01.07 20:19:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JFGR\AppData\Roaming\mozilla\Extensions
[2011.01.07 20:19:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JFGR\AppData\Roaming\mozilla\Firefox\Profiles\16dfcxuc.default\extensions
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\JFGR\AppData\Roaming\Mozilla\Firefox\Profiles\16dfcxuc.default\searchplugins\startsear.xml
[2012.02.03 20:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.08.11 16:48:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.11 16:48:32 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKU\S-1-5-21-2191024634-1259103323-1375288803-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-2191024634-1259103323-1375288803-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Programme\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2191024634-1259103323-1375288803-1001..\Run: []  File not found
O4 - HKU\S-1-5-21-2191024634-1259103323-1375288803-1001..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll] C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2191024634-1259103323-1375288803-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O4 - Startup: C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll ()
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.130.180.5 134.130.5.1 134.130.4.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44B41311-2147-4296-968E-74872810B4F9}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81B22B5B-4830-46FD-8C58-4D8D09278F50}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9A1C553-F2FA-4F6C-AF49-45BCF100514B}: DhcpNameServer = 134.130.4.1 134.130.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7BA71A2-0EA0-445D-9FEA-7081962ED268}: DhcpNameServer = 134.130.180.5 134.130.5.1 134.130.4.1
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0af1e32b-a322-11df-8c2d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0af1e32b-a322-11df-8c2d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.20 10:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2012.02.20 10:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2012.02.19 20:17:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.02.18 17:24:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.02.18 17:21:52 | 000,000,000 | ---D | C] -- C:\Users\JFGR\AppData\Roaming\Malwarebytes
[2012.02.18 17:21:46 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.18 17:21:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.18 17:21:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.18 17:21:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.15 14:23:56 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.02.15 14:23:55 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012.02.15 14:23:55 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012.02.15 14:23:45 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.02.15 14:23:28 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.02.15 14:23:28 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.02.15 14:23:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.02.15 14:23:27 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.02.15 14:23:27 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.02.15 14:23:27 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.02.15 14:23:27 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.02.15 14:23:27 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.02.15 14:23:27 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.02.15 14:23:27 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.02.15 14:23:26 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.02.15 14:23:26 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.02.15 14:23:26 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.02.15 14:23:26 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.02.15 14:23:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.02.10 08:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.02.07 22:26:30 | 000,000,000 | ---D | C] -- C:\Users\JFGR\AppData\Roaming\Nokia
[2012.02.07 22:26:30 | 000,000,000 | ---D | C] -- C:\Users\JFGR\AppData\Local\Nokia
[2012.02.07 22:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2012.02.07 22:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2012.02.07 22:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia
[2012.02.07 22:25:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia
[2012.02.07 22:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012.02.07 22:24:47 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2012.02.07 22:24:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2012.02.07 22:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2012.02.07 22:21:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
[2012.02.04 18:56:38 | 000,000,000 | ---D | C] -- C:\Users\JFGR\AppData\Roaming\Avira
[2012.02.04 18:52:16 | 000,000,000 | ---D | C] -- C:\Users\JFGR\AppData\Local\Diagnostics
[2012.01.29 12:00:17 | 000,000,000 | ---D | C] -- C:\Users\JFGR\AppData\Roaming\HP
[2012.01.29 11:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2012.01.29 11:57:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2012.01.29 11:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012.01.29 11:56:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2012.01.29 11:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2012.01.29 11:54:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012.01.29 11:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012.01.29 11:52:35 | 000,906,240 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpwwiax5.dll
[2012.01.29 11:52:34 | 001,422,848 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpwtiop4.dll
[2012.01.29 11:52:33 | 000,553,472 | ---- | C] (Hewlett Packard) -- C:\Windows\SysNative\hppldcoi.dll
[2012.01.29 11:52:33 | 000,488,960 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpovst11.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.20 22:33:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.20 19:54:54 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.20 19:50:00 | 000,013,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.20 19:50:00 | 000,013,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.20 19:42:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.20 19:42:13 | 3220,652,032 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.20 17:22:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2012.02.18 17:21:47 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.16 21:48:41 | 000,132,320 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.02.15 21:47:54 | 000,290,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.15 16:57:58 | 001,520,734 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.15 16:57:58 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.15 16:57:58 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.15 16:57:58 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.15 16:57:58 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.10 23:15:09 | 000,001,581 | ---- | M] () -- C:\Users\JFGR\Desktop\DivX Movies.lnk
[2012.02.07 22:27:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.02.07 22:18:54 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2012.02.06 21:34:32 | 376,798,833 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.01.29 12:00:16 | 000,222,950 | ---- | M] () -- C:\Windows\hpwins22.dat
 
========== Files Created - No Company Name ==========
 
[2012.02.18 17:21:47 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.07 22:27:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.02.07 22:18:54 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2012.02.03 21:23:04 | 000,015,360 | ---- | C] () -- C:\Windows\SysNative\KOAZCA_L.DLL
[2012.01.29 11:57:39 | 000,001,387 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
[2012.01.29 11:57:17 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012.01.29 11:53:18 | 000,222,950 | ---- | C] () -- C:\Windows\hpwins22.dat
[2012.01.29 11:53:18 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat
[2011.04.17 22:15:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.03.21 18:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.01.13 04:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.10.29 16:12:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.10 20:40:40 | 000,000,980 | ---- | C] () -- C:\Windows\eReg.dat
[2010.08.30 20:18:29 | 000,007,605 | ---- | C] () -- C:\Users\JFGR\AppData\Local\Resmon.ResmonCfg
[2010.08.10 12:27:48 | 000,011,124 | ---- | C] () -- C:\Users\JFGR\AppData\Roaming\SmarThruOptions.xml
[2010.08.10 12:27:35 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe
[2010.08.10 12:27:27 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SecSNMP.dll
[2010.08.10 12:27:17 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini
[2010.08.10 12:27:14 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll
[2010.08.10 12:25:30 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2010.08.10 12:23:54 | 000,110,592 | R--- | C] () -- C:\Windows\WiaInst.exe
[2010.08.08 20:23:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005.10.14 10:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2005.10.14 10:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\VorbisEnc.dll
[2005.10.14 10:56:50 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2005.10.14 10:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2005.10.14 10:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2005.10.14 10:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2005.10.14 10:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2005.10.14 10:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll

< End of report >
--- --- ---

cosinus 21.02.2012 12:54
Das war KEIN CustomScan. Beachte bitte die Anleitung!

Flixbob 21.02.2012 14:54
Zitat:
Zitat von Flixbob (Beitrag 777734)
Nach 10 Minuten Scan meldet OTL immer " Out of memory".
Weiss nicht woran es liegt!
Weiss nicht woran es liegt, deswegen hatte ich nochmal den normalen Scan gemacht.

cosinus 21.02.2012 18:37
Hab Posting #10 nicht gesehen. Probier den CustomScan bitte im abgesicherten Modus

Flixbob 21.02.2012 20:22
Liste der Anhänge anzeigen (Anzahl: 1)
Auch im abgesicherten Modus kommt die gleiche Meldung.
Anbei ist ein Screenshot von der OTL mit der Meldung.

cosinus 21.02.2012 20:57
Dann mach es so, aber auch den Haken bei alle Benutzer setzen!

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Flixbob 21.02.2012 21:39
Langsam verzweifel ich, auch wenn ich run scan machen kommt die Fehlermeldung " Out of Memory" nach ca. 15 Minuten.
Hab alles gemacht wie gesagt, also Häkchen bei alle Benutzer, den Text eingefügt und Use Safe List bei Extra Registrierung.

cosinus 21.02.2012 21:42
Dann nehm ich dein letztes OTL-Log als Grundlage

cosinus 21.02.2012 21:46
Zitat:
O2 - BHO: (DivX Plus Web Player HTML5 <video>)
Sagmal, gehörst du auch zur der Fraktion, die sich Serien und Kinofilme über dubiose Portale anschauen?
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten!

Flixbob 21.02.2012 22:01
Ja, nach den Erfahrungen jetzt lasse ich das echt besser sein, bin viel zu sehr auf einen funktionierenden Computer angewiesen.

cosinus 21.02.2012 22:41
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\S-1-5-21-2191024634-1259103323-1375288803-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2191024634-1259103323-1375288803-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2191024634-1259103323-1375288803-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B 2A 2E 24 5C 7C CC 01  [binary data]
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://startsear.ch/?aff=1"
FF - prefs.js..keyword.URL: "http://startsear.ch/?aff=1&q="
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKU\S-1-5-21-2191024634-1259103323-1375288803-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-2191024634-1259103323-1375288803-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKU\S-1-5-21-2191024634-1259103323-1375288803-1001..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0af1e32b-a322-11df-8c2d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0af1e32b-a322-11df-8c2d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Flixbob 22.02.2012 09:56
Hier ist das Log zum Fix.

Code:
All processes killed
========== OTL ==========
HKU\S-1-5-21-2191024634-1259103323-1375288803-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-2191024634-1259103323-1375288803-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-2191024634-1259103323-1375288803-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Prefs.js: "Web Search" removed from browser.search.defaultengine
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: "Web Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://startsear.ch/?aff=1" removed from browser.startup.homepage
Prefs.js: "hxxp://startsear.ch/?aff=1&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
64bit-Registry value HKEY_USERS\S-1-5-21-2191024634-1259103323-1375288803-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
Registry value HKEY_USERS\S-1-5-21-2191024634-1259103323-1375288803-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2191024634-1259103323-1375288803-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0af1e32b-a322-11df-8c2d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0af1e32b-a322-11df-8c2d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0af1e32b-a322-11df-8c2d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0af1e32b-a322-11df-8c2d-806e6f6e6963}\ not found.
File E:\Autorun.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Felix
->Temp folder emptied: 250481759 bytes
->Temporary Internet Files folder emptied: 1307364 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 50050738 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 657 bytes
 
User: JFGR
->Temp folder emptied: 180224 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44761331 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 126866 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 331,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.32.0 log created on 02222012_094956

cosinus 22.02.2012 10:45
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Flixbob 22.02.2012 11:39
hier kommt der Log zum TDSSKiller
Code:
11:30:02.0027 3156        TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
11:30:02.0217 3156        ============================================================
11:30:02.0217 3156        Current date / time: 2012/02/22 11:30:02.0217
11:30:02.0217 3156        SystemInfo:
11:30:02.0217 3156       
11:30:02.0217 3156        OS Version: 6.1.7600 ServicePack: 0.0
11:30:02.0217 3156        Product type: Workstation
11:30:02.0217 3156        ComputerName: JFGR-PC
11:30:02.0217 3156        UserName: JFGR
11:30:02.0217 3156        Windows directory: C:\Windows
11:30:02.0217 3156        System windows directory: C:\Windows
11:30:02.0217 3156        Running under WOW64
11:30:02.0217 3156        Processor architecture: Intel x64
11:30:02.0217 3156        Number of processors: 2
11:30:02.0217 3156        Page size: 0x1000
11:30:02.0217 3156        Boot type: Normal boot
11:30:02.0217 3156        ============================================================
11:30:03.0489 3156        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:30:03.0489 3156        \Device\Harddisk0\DR0:
11:30:03.0489 3156        MBR used
11:30:03.0489 3156        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770D7A, BlocksNum 0x12A14C00
11:30:03.0519 3156        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x141859B9, BlocksNum 0x112A7D08
11:30:03.0589 3156        Initialize success
11:30:03.0589 3156        ============================================================
11:31:26.0243 4516        ============================================================
11:31:26.0243 4516        Scan started
11:31:26.0243 4516        Mode: Manual; SigCheck; TDLFS;
11:31:26.0243 4516        ============================================================
11:31:26.0923 4516        1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
11:31:27.0153 4516        1394ohci - ok
11:31:27.0303 4516        ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
11:31:27.0333 4516        ACPI - ok
11:31:27.0453 4516        AcpiPmi        (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
11:31:27.0543 4516        AcpiPmi - ok
11:31:27.0723 4516        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:31:27.0763 4516        adp94xx - ok
11:31:27.0913 4516        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:31:27.0943 4516        adpahci - ok
11:31:28.0093 4516        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:31:28.0113 4516        adpu320 - ok
11:31:28.0283 4516        AFD            (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
11:31:28.0373 4516        AFD - ok
11:31:28.0593 4516        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
11:31:28.0613 4516        agp440 - ok
11:31:28.0723 4516        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
11:31:28.0743 4516        aliide - ok
11:31:28.0893 4516        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
11:31:28.0913 4516        amdide - ok
11:31:29.0053 4516        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:31:29.0113 4516        AmdK8 - ok
11:31:29.0495 4516        amdkmdag        (bfa9657adf7ddc29242a6e0e88de36fa) C:\Windows\system32\DRIVERS\atikmdag.sys
11:31:29.0935 4516        amdkmdag - ok
11:31:30.0067 4516        amdkmdap        (8c493027d9b2399283e724e9862ebb42) C:\Windows\system32\DRIVERS\atikmpag.sys
11:31:30.0127 4516        amdkmdap - ok
11:31:30.0257 4516        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:31:30.0307 4516        AmdPPM - ok
11:31:30.0467 4516        amdsata        (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
11:31:30.0497 4516        amdsata - ok
11:31:30.0637 4516        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:31:30.0657 4516        amdsbs - ok
11:31:30.0807 4516        amdxata        (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
11:31:30.0827 4516        amdxata - ok
11:31:31.0047 4516        AppID          (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
11:31:31.0147 4516        AppID - ok
11:31:31.0337 4516        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:31:31.0357 4516        arc - ok
11:31:31.0507 4516        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:31:31.0527 4516        arcsas - ok
11:31:31.0637 4516        ASMMAP64        (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
11:31:43.0419 4516        ASMMAP64 - ok
11:31:43.0559 4516        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:31:43.0709 4516        AsyncMac - ok
11:31:43.0829 4516        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
11:31:43.0849 4516        atapi - ok
11:31:44.0041 4516        athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
11:31:44.0131 4516        athr - ok
11:31:44.0301 4516        AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
11:31:44.0321 4516        AtiHDAudioService - ok
11:31:44.0739 4516        atikmdag        (bfa9657adf7ddc29242a6e0e88de36fa) C:\Windows\system32\DRIVERS\atikmdag.sys
11:31:44.0963 4516        atikmdag - ok
11:31:45.0183 4516        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
11:31:45.0203 4516        avgntflt - ok
11:31:45.0293 4516        avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
11:31:45.0313 4516        avipbb - ok
11:31:45.0333 4516        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
11:31:45.0353 4516        avkmgr - ok
11:31:45.0443 4516        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:31:45.0523 4516        b06bdrv - ok
11:31:45.0663 4516        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:31:45.0713 4516        b57nd60a - ok
11:31:45.0873 4516        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:31:45.0963 4516        Beep - ok
11:31:46.0133 4516        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:31:46.0173 4516        blbdrive - ok
11:31:46.0333 4516        bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
11:31:46.0403 4516        bowser - ok
11:31:46.0483 4516        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:31:46.0533 4516        BrFiltLo - ok
11:31:46.0573 4516        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:31:46.0603 4516        BrFiltUp - ok
11:31:46.0643 4516        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:31:46.0703 4516        Brserid - ok
11:31:46.0843 4516        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:31:46.0893 4516        BrSerWdm - ok
11:31:47.0035 4516        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:31:47.0095 4516        BrUsbMdm - ok
11:31:47.0225 4516        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:31:47.0265 4516        BrUsbSer - ok
11:31:47.0405 4516        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:31:47.0445 4516        BTHMODEM - ok
11:31:47.0605 4516        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:31:47.0685 4516        cdfs - ok
11:31:47.0845 4516        cdrom          (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
11:31:47.0885 4516        cdrom - ok
11:31:48.0035 4516        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:31:48.0075 4516        circlass - ok
11:31:48.0165 4516        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:31:48.0195 4516        CLFS - ok
11:31:48.0395 4516        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:31:48.0435 4516        CmBatt - ok
11:31:48.0555 4516        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
11:31:48.0575 4516        cmdide - ok
11:31:48.0715 4516        CNG            (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
11:31:48.0765 4516        CNG - ok
11:31:48.0905 4516        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:31:48.0925 4516        Compbatt - ok
11:31:49.0055 4516        CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:31:49.0105 4516        CompositeBus - ok
11:31:49.0245 4516        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:31:49.0265 4516        crcdisk - ok
11:31:49.0435 4516        CSC            (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
11:31:49.0505 4516        CSC - ok
11:31:49.0705 4516        DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
11:31:49.0765 4516        DfsC - ok
11:31:49.0895 4516        DgiVecp        (2d589a2c024b2fb238535db9f7b3597d) C:\Windows\system32\Drivers\DgiVecp.sys
11:31:49.0915 4516        DgiVecp - ok
11:31:50.0045 4516        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:31:50.0145 4516        discache - ok
11:31:50.0315 4516        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:31:50.0345 4516        Disk - ok
11:31:50.0507 4516        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:31:50.0557 4516        drmkaud - ok
11:31:50.0717 4516        DXGKrnl        (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
11:31:50.0767 4516        DXGKrnl - ok
11:31:50.0987 4516        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:31:51.0149 4516        ebdrv - ok
11:31:51.0331 4516        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:31:51.0361 4516        elxstor - ok
11:31:51.0491 4516        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
11:31:51.0531 4516        ErrDev - ok
11:31:51.0691 4516        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:31:51.0771 4516        exfat - ok
11:31:51.0911 4516        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:31:51.0991 4516        fastfat - ok
11:31:52.0141 4516        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:31:52.0161 4516        fdc - ok
11:31:52.0321 4516        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:31:52.0341 4516        FileInfo - ok
11:31:52.0481 4516        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:31:52.0561 4516        Filetrace - ok
11:31:52.0691 4516        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:31:52.0731 4516        flpydisk - ok
11:31:52.0891 4516        FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
11:31:52.0921 4516        FltMgr - ok
11:31:53.0061 4516        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:31:53.0091 4516        FsDepends - ok
11:31:53.0211 4516        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:31:53.0241 4516        Fs_Rec - ok
11:31:53.0381 4516        fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:31:53.0421 4516        fvevol - ok
11:31:53.0561 4516        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:31:53.0581 4516        gagp30kx - ok
11:31:53.0721 4516        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:31:53.0741 4516        GEARAspiWDM - ok
11:31:53.0941 4516        hamachi        (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
11:31:53.0981 4516        hamachi - ok
11:31:54.0193 4516        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:31:54.0253 4516        hcw85cir - ok
11:31:54.0403 4516        HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
11:31:54.0464 4516        HdAudAddService - ok
11:31:54.0605 4516        HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:31:54.0670 4516        HDAudBus - ok
11:31:54.0807 4516        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:31:54.0857 4516        HidBatt - ok
11:31:54.0999 4516        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:31:55.0059 4516        HidBth - ok
11:31:55.0251 4516        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:31:55.0301 4516        HidIr - ok
11:31:55.0464 4516        HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
11:31:55.0547 4516        HidUsb - ok
11:31:55.0747 4516        HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
11:31:55.0767 4516        HpSAMD - ok
11:31:55.0957 4516        HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
11:31:56.0047 4516        HTTP - ok
11:31:56.0167 4516        hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
11:31:56.0197 4516        hwpolicy - ok
11:31:56.0347 4516        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:31:56.0367 4516        i8042prt - ok
11:31:56.0527 4516        iaStorV        (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
11:31:56.0557 4516        iaStorV - ok
11:31:56.0707 4516        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:31:56.0727 4516        iirsp - ok
11:31:56.0867 4516        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
11:31:56.0887 4516        intelide - ok
11:31:57.0027 4516        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:31:57.0057 4516        intelppm - ok
11:31:57.0197 4516        IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:31:57.0277 4516        IpFilterDriver - ok
11:31:57.0417 4516        IPMIDRV        (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:31:57.0457 4516        IPMIDRV - ok
11:31:57.0597 4516        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:31:57.0697 4516        IPNAT - ok
11:31:57.0869 4516        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:31:57.0959 4516        IRENUM - ok
11:31:58.0089 4516        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
11:31:58.0119 4516        isapnp - ok
11:31:58.0259 4516        iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
11:31:58.0279 4516        iScsiPrt - ok
11:31:58.0379 4516        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:31:58.0399 4516        kbdclass - ok
11:31:58.0459 4516        kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
11:31:58.0499 4516        kbdhid - ok
11:31:58.0649 4516        KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
11:31:58.0669 4516        KSecDD - ok
11:31:58.0809 4516        KSecPkg        (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
11:31:58.0839 4516        KSecPkg - ok
11:31:58.0979 4516        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:31:59.0059 4516        ksthunk - ok
11:31:59.0239 4516        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:31:59.0319 4516        lltdio - ok
11:31:59.0479 4516        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:31:59.0509 4516        LSI_FC - ok
11:31:59.0639 4516        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:31:59.0659 4516        LSI_SAS - ok
11:31:59.0789 4516        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:31:59.0819 4516        LSI_SAS2 - ok
11:31:59.0971 4516        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:31:59.0991 4516        LSI_SCSI - ok
11:32:00.0121 4516        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:32:00.0211 4516        luafv - ok
11:32:00.0381 4516        MBAMProtector  (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
11:32:00.0391 4516        MBAMProtector - ok
11:32:00.0541 4516        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:32:00.0561 4516        megasas - ok
11:32:00.0701 4516        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:32:00.0731 4516        MegaSR - ok
11:32:00.0871 4516        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:32:00.0951 4516        Modem - ok
11:32:01.0101 4516        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:32:01.0151 4516        monitor - ok
11:32:01.0281 4516        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:32:01.0301 4516        mouclass - ok
11:32:01.0441 4516        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:32:01.0481 4516        mouhid - ok
11:32:01.0621 4516        mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
11:32:01.0641 4516        mountmgr - ok
11:32:01.0781 4516        mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
11:32:01.0801 4516        mpio - ok
11:32:01.0941 4516        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:32:02.0041 4516        mpsdrv - ok
11:32:02.0191 4516        MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
11:32:02.0231 4516        MRxDAV - ok
11:32:02.0381 4516        mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:32:02.0411 4516        mrxsmb - ok
11:32:02.0571 4516        mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:32:02.0621 4516        mrxsmb10 - ok
11:32:02.0751 4516        mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:32:02.0791 4516        mrxsmb20 - ok
11:32:02.0921 4516        msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
11:32:02.0941 4516        msahci - ok
11:32:03.0071 4516        msdsm          (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
11:32:03.0101 4516        msdsm - ok
11:32:03.0271 4516        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:32:03.0341 4516        Msfs - ok
11:32:03.0491 4516        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:32:03.0571 4516        mshidkmdf - ok
11:32:03.0701 4516        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
11:32:03.0721 4516        msisadrv - ok
11:32:03.0881 4516        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:32:03.0961 4516        MSKSSRV - ok
11:32:04.0103 4516        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:32:04.0183 4516        MSPCLOCK - ok
11:32:04.0323 4516        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:32:04.0413 4516        MSPQM - ok
11:32:04.0573 4516        MsRPC          (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
11:32:04.0603 4516        MsRPC - ok
11:32:04.0733 4516        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:32:04.0753 4516        mssmbios - ok
11:32:04.0893 4516        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:32:04.0973 4516        MSTEE - ok
11:32:05.0103 4516        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:32:05.0143 4516        MTConfig - ok
11:32:05.0293 4516        MTsensor        (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
11:32:05.0313 4516        MTsensor - ok
11:32:05.0453 4516        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:32:05.0473 4516        Mup - ok
11:32:05.0643 4516        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:32:05.0703 4516        NativeWifiP - ok
11:32:05.0873 4516        NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
11:32:05.0923 4516        NDIS - ok
11:32:06.0053 4516        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:32:06.0151 4516        NdisCap - ok
11:32:06.0285 4516        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:32:06.0365 4516        NdisTapi - ok
11:32:06.0507 4516        Ndisuio        (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
11:32:06.0577 4516        Ndisuio - ok
11:32:06.0719 4516        NdisWan        (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:32:06.0789 4516        NdisWan - ok
11:32:06.0919 4516        NDProxy        (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
11:32:07.0009 4516        NDProxy - ok
11:32:07.0191 4516        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:32:07.0271 4516        NetBIOS - ok
11:32:07.0411 4516        NetBT          (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
11:32:07.0501 4516        NetBT - ok
11:32:07.0671 4516        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:32:07.0701 4516        nfrd960 - ok
11:32:07.0841 4516        nmwcd          (5fe6f8c05f0769bbb74afac11453b182) C:\Windows\system32\drivers\ccdcmbx64.sys
11:32:07.0911 4516        nmwcd - ok
11:32:08.0061 4516        nmwcdc          (73c929945c0850b8d1fe2fea05fdf05d) C:\Windows\system32\drivers\ccdcmbox64.sys
11:32:08.0111 4516        nmwcdc - ok
11:32:08.0281 4516        nmwcdnsucx64    (697ca586209e022d15dd0c838b235d6a) C:\Windows\system32\drivers\nmwcdnsucx64.sys
11:32:08.0331 4516        nmwcdnsucx64 - ok
11:32:08.0491 4516        nmwcdnsux64    (292ddf13f91f2cb2482b57aacd6aeb9b) C:\Windows\system32\drivers\nmwcdnsux64.sys
11:32:08.0561 4516        nmwcdnsux64 - ok
11:32:08.0701 4516        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:32:08.0771 4516        Npfs - ok
11:32:08.0921 4516        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:32:09.0001 4516        nsiproxy - ok
11:32:09.0201 4516        Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
11:32:09.0281 4516        Ntfs - ok
11:32:09.0421 4516        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:32:09.0501 4516        Null - ok
11:32:09.0641 4516        nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
11:32:09.0671 4516        nvraid - ok
11:32:09.0811 4516        nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
11:32:09.0831 4516        nvstor - ok
11:32:09.0971 4516        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
11:32:09.0991 4516        nv_agp - ok
11:32:10.0131 4516        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
11:32:10.0171 4516        ohci1394 - ok
11:32:10.0351 4516        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:32:10.0381 4516        Parport - ok
11:32:10.0523 4516        partmgr        (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
11:32:10.0543 4516        partmgr - ok
11:32:10.0723 4516        pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
11:32:10.0753 4516        pccsmcfd - ok
11:32:10.0883 4516        pci            (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
11:32:10.0913 4516        pci - ok
11:32:11.0043 4516        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
11:32:11.0063 4516        pciide - ok
11:32:11.0223 4516        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:32:11.0243 4516        pcmcia - ok
11:32:11.0373 4516        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:32:11.0403 4516        pcw - ok
11:32:11.0553 4516        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:32:11.0650 4516        PEAUTH - ok
11:32:11.0915 4516        PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
11:32:11.0995 4516        PptpMiniport - ok
11:32:12.0135 4516        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:32:12.0175 4516        Processor - ok
11:32:12.0345 4516        Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
11:32:12.0415 4516        Psched - ok
11:32:12.0555 4516        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:32:12.0636 4516        ql2300 - ok
11:32:12.0777 4516        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:32:12.0797 4516        ql40xx - ok
11:32:12.0947 4516        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:32:12.0997 4516        QWAVEdrv - ok
11:32:13.0127 4516        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:32:13.0207 4516        RasAcd - ok
11:32:13.0357 4516        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:32:13.0437 4516        RasAgileVpn - ok
11:32:13.0567 4516        Rasl2tp        (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:32:13.0657 4516        Rasl2tp - ok
11:32:13.0797 4516        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:32:13.0887 4516        RasPppoe - ok
11:32:14.0017 4516        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:32:14.0097 4516        RasSstp - ok
11:32:14.0237 4516        rdbss          (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
11:32:14.0327 4516        rdbss - ok
11:32:14.0457 4516        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:32:14.0497 4516        rdpbus - ok
11:32:14.0637 4516        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:32:14.0727 4516        RDPCDD - ok
11:32:14.0877 4516        RDPDR          (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
11:32:14.0927 4516        RDPDR - ok
11:32:15.0067 4516        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:32:15.0147 4516        RDPENCDD - ok
11:32:15.0277 4516        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:32:15.0347 4516        RDPREFMP - ok
11:32:15.0477 4516        RDPWD          (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
11:32:15.0567 4516        RDPWD - ok
11:32:15.0737 4516        rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
11:32:15.0757 4516        rdyboost - ok
11:32:15.0937 4516        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:32:16.0017 4516        rspndr - ok
11:32:16.0157 4516        s3cap          (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
11:32:16.0217 4516        s3cap - ok
11:32:16.0357 4516        sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
11:32:16.0377 4516        sbp2port - ok
11:32:16.0527 4516        scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
11:32:16.0607 4516        scfilter - ok
11:32:16.0777 4516        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:32:16.0857 4516        secdrv - ok
11:32:17.0007 4516        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:32:17.0027 4516        Serenum - ok
11:32:17.0167 4516        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:32:17.0207 4516        Serial - ok
11:32:17.0337 4516        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:32:17.0367 4516        sermouse - ok
11:32:17.0547 4516        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
11:32:17.0587 4516        sffdisk - ok
11:32:17.0717 4516        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:32:17.0757 4516        sffp_mmc - ok
11:32:17.0897 4516        sffp_sd        (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
11:32:17.0937 4516        sffp_sd - ok
11:32:18.0077 4516        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:32:18.0117 4516        sfloppy - ok
11:32:18.0267 4516        SiSGbeLH        (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
11:32:18.0317 4516        SiSGbeLH - ok
11:32:18.0467 4516        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:32:18.0487 4516        SiSRaid2 - ok
11:32:18.0637 4516        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:32:18.0657 4516        SiSRaid4 - ok
11:32:18.0797 4516        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:32:18.0889 4516        Smb - ok
11:32:19.0059 4516        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:32:19.0079 4516        spldr - ok
11:32:19.0319 4516        sptd            (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
11:32:19.0319 4516        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
11:32:19.0339 4516        sptd ( LockedFile.Multi.Generic ) - warning
11:32:19.0339 4516        sptd - detected LockedFile.Multi.Generic (1)
11:32:19.0479 4516        srv            (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
11:32:19.0549 4516        srv - ok
11:32:19.0699 4516        srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
11:32:19.0729 4516        srv2 - ok
11:32:19.0869 4516        srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
11:32:19.0909 4516        srvnet - ok
11:32:20.0049 4516        SSPORT          (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
11:32:20.0069 4516        SSPORT - ok
11:32:20.0209 4516        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:32:20.0229 4516        stexstor - ok
11:32:20.0369 4516        StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
11:32:20.0419 4516        StillCam - ok
11:32:20.0569 4516        storflt        (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
11:32:20.0589 4516        storflt - ok
11:32:20.0741 4516        storvsc        (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
11:32:20.0761 4516        storvsc - ok
11:32:20.0881 4516        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:32:20.0901 4516        swenum - ok
11:32:21.0063 4516        tap0901        (024adc7f69d1776d72cc5d031b41ce4f) C:\Windows\system32\DRIVERS\tap0901.sys
11:32:21.0113 4516        tap0901 - ok
11:32:21.0263 4516        tap0901t        (b08740047145b9bce15bf75ca0f9718a) C:\Windows\system32\DRIVERS\tap0901t.sys
11:32:21.0303 4516        tap0901t ( UnsignedFile.Multi.Generic ) - warning
11:32:21.0303 4516        tap0901t - detected UnsignedFile.Multi.Generic (1)
11:32:21.0513 4516        Tcpip          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
11:32:21.0603 4516        Tcpip - ok
11:32:21.0813 4516        TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
11:32:21.0883 4516        TCPIP6 - ok
11:32:22.0023 4516        tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
11:32:22.0103 4516        tcpipreg - ok
11:32:22.0263 4516        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:32:22.0333 4516        TDPIPE - ok
11:32:22.0483 4516        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:32:22.0573 4516        TDTCP - ok
11:32:22.0713 4516        tdx            (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
11:32:22.0803 4516        tdx - ok
11:32:22.0943 4516        TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
11:32:22.0973 4516        TermDD - ok
11:32:23.0143 4516        tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:32:23.0213 4516        tssecsrv - ok
11:32:23.0383 4516        tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
11:32:23.0463 4516        tunnel - ok
11:32:23.0613 4516        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:32:23.0633 4516        uagp35 - ok
11:32:23.0783 4516        udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
11:32:23.0873 4516        udfs - ok
11:32:24.0033 4516        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
11:32:24.0053 4516        uliagpkx - ok
11:32:24.0193 4516        umbus          (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
11:32:24.0233 4516        umbus - ok
11:32:24.0353 4516        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:32:24.0393 4516        UmPass - ok
11:32:24.0565 4516        upperdev        (34afb83c7bba370e404e52cc2290350c) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
11:32:24.0625 4516        upperdev - ok
11:32:24.0785 4516        USBAAPL64      (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
11:32:24.0835 4516        USBAAPL64 - ok
11:32:24.0975 4516        usbccgp        (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
11:32:25.0035 4516        usbccgp - ok
11:32:25.0165 4516        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
11:32:25.0215 4516        usbcir - ok
11:32:25.0357 4516        usbehci        (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
11:32:25.0397 4516        usbehci - ok
11:32:25.0557 4516        usbhub          (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
11:32:25.0607 4516        usbhub - ok
11:32:25.0749 4516        usbohci        (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
11:32:25.0789 4516        usbohci - ok
11:32:25.0919 4516        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:32:25.0969 4516        usbprint - ok
11:32:26.0099 4516        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:32:26.0129 4516        usbscan - ok
11:32:26.0289 4516        usbser          (0f0c72a657c622286013788b886968ad) C:\Windows\system32\drivers\usbser.sys
11:32:26.0339 4516        usbser - ok
11:32:26.0449 4516        UsbserFilt      (aa75e1efbee7186b4cbaaacf1f15e6ca) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
11:32:26.0499 4516        UsbserFilt - ok
11:32:26.0539 4516        USBSTOR        (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:32:26.0599 4516        USBSTOR - ok
11:32:26.0739 4516        usbuhci        (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
11:32:26.0779 4516        usbuhci - ok
11:32:26.0939 4516        usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
11:32:26.0999 4516        usbvideo - ok
11:32:27.0171 4516        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
11:32:27.0191 4516        vdrvroot - ok
11:32:27.0363 4516        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:32:27.0393 4516        vga - ok
11:32:27.0523 4516        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:32:27.0613 4516        VgaSave - ok
11:32:27.0743 4516        vhdmp          (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
11:32:27.0763 4516        vhdmp - ok
11:32:27.0903 4516        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
11:32:27.0923 4516        viaide - ok
11:32:28.0043 4516        vmbus          (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
11:32:28.0073 4516        vmbus - ok
11:32:28.0193 4516        VMBusHID        (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
11:32:28.0233 4516        VMBusHID - ok
11:32:28.0353 4516        volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
11:32:28.0383 4516        volmgr - ok
11:32:28.0503 4516        volmgrx        (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
11:32:28.0533 4516        volmgrx - ok
11:32:28.0683 4516        volsnap        (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
11:32:28.0713 4516        volsnap - ok
11:32:28.0843 4516        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:32:28.0873 4516        vsmraid - ok
11:32:29.0003 4516        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:32:29.0033 4516        vwifibus - ok
11:32:29.0153 4516        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:32:29.0203 4516        vwififlt - ok
11:32:29.0343 4516        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
11:32:29.0373 4516        vwifimp - ok
11:32:29.0515 4516        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:32:29.0555 4516        WacomPen - ok
11:32:29.0715 4516        WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:32:29.0795 4516        WANARP - ok
11:32:29.0825 4516        Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:32:29.0895 4516        Wanarpv6 - ok
11:32:30.0045 4516        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:32:30.0065 4516        Wd - ok
11:32:30.0205 4516        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:32:30.0255 4516        Wdf01000 - ok
11:32:30.0437 4516        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:32:30.0497 4516        WfpLwf - ok
11:32:30.0627 4516        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:32:30.0647 4516        WIMMount - ok
11:32:30.0887 4516        WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
11:32:30.0917 4516        WinUsb - ok
11:32:31.0057 4516        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:32:31.0107 4516        WmiAcpi - ok
11:32:31.0269 4516        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:32:31.0349 4516        ws2ifsl - ok
11:32:31.0519 4516        WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
11:32:31.0556 4516        WSDPrintDevice - ok
11:32:31.0691 4516        WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
11:32:31.0771 4516        WudfPf - ok
11:32:31.0921 4516        WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:32:31.0991 4516        WUDFRd - ok
11:32:32.0081 4516        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:32:32.0231 4516        \Device\Harddisk0\DR0 - ok
11:32:32.0241 4516        Boot (0x1200)  (a054ea219235462a3cd6f74bf46aff6d) \Device\Harddisk0\DR0\Partition0
11:32:32.0241 4516        \Device\Harddisk0\DR0\Partition0 - ok
11:32:32.0251 4516        Boot (0x1200)  (a9ec316e4ae1cd7b1cb8e1cb4e7f9ef6) \Device\Harddisk0\DR0\Partition1
11:32:32.0251 4516        \Device\Harddisk0\DR0\Partition1 - ok
11:32:32.0261 4516        ============================================================
11:32:32.0261 4516        Scan finished
11:32:32.0261 4516        ============================================================
11:32:32.0281 4836        Detected object count: 2
11:32:32.0281 4836        Actual detected object count: 2
11:38:22.0814 4836        sptd ( LockedFile.Multi.Generic ) - skipped by user
11:38:22.0814 4836        sptd ( LockedFile.Multi.Generic ) - User select action: Skip
11:38:22.0814 4836        tap0901t ( UnsignedFile.Multi.Generic ) - skipped by user
11:38:22.0814 4836        tap0901t ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 22.02.2012 13:09
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Flixbob 22.02.2012 14:26
Hier das Log von ComboFix!

Combofix Logfile:
Code:
ComboFix 12-02-22.01 - JFGR 22.02.2012  13:41:44.1.2 - x64
Microsoft Windows 7 Professional  6.1.7600.0.1252.49.1031.18.4095.2871 [GMT 1:00]
ausgeführt von:: c:\users\Felix\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-22 bis 2012-02-22  ))))))))))))))))))))))))))))))
.
.
2012-02-22 13:02 . 2012-02-22 13:02        --------        d-----w-        c:\users\JFGR\AppData\Roaming\PC Suite
2012-02-22 12:52 . 2012-02-22 13:03        --------        d-----w-        c:\users\JFGR\AppData\Local\temp
2012-02-22 12:52 . 2012-02-22 12:52        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-02-21 09:38 . 2012-02-08 07:13        8643640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1DFF0251-5B3E-4D11-A17F-779BCAA9FA27}\mpengine.dll
2012-02-20 09:16 . 2012-02-20 09:16        --------        d-----w-        c:\program files\Defraggler
2012-02-19 19:17 . 2012-02-19 19:17        --------        d-----w-        c:\program files (x86)\ESET
2012-02-18 17:17 . 2012-02-18 17:17        --------        d-----w-        c:\users\Felix\AppData\Roaming\Malwarebytes
2012-02-18 16:24 . 2012-02-18 16:24        --------        d-----w-        C:\_OTL
2012-02-18 16:21 . 2012-02-18 16:21        --------        d-----w-        c:\users\JFGR\AppData\Roaming\Malwarebytes
2012-02-18 16:21 . 2012-02-18 16:21        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-18 16:21 . 2012-02-18 16:21        --------        d-----w-        c:\programdata\Malwarebytes
2012-02-18 16:21 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-02-10 22:35 . 2012-02-10 22:35        --------        d-----w-        c:\users\Felix\AppData\Local\DDMSettings
2012-02-07 21:26 . 2012-02-07 21:26        --------        d-----w-        c:\users\Felix\AppData\Roaming\Nokia
2012-02-07 21:26 . 2012-02-07 21:26        --------        d-----w-        c:\users\Felix\AppData\Local\Nokia
2012-02-07 21:26 . 2012-02-22 13:02        --------        d-----w-        c:\users\JFGR\AppData\Local\Nokia
2012-02-07 21:26 . 2012-02-07 21:26        --------        d-----w-        c:\users\JFGR\AppData\Roaming\Nokia
2012-02-07 21:26 . 2012-02-07 21:27        --------        d-----w-        c:\programdata\PC Suite
2012-02-07 21:26 . 2012-02-07 21:28        --------        d-----w-        c:\users\Felix\AppData\Roaming\PC Suite
2012-02-07 21:25 . 2012-02-07 21:25        --------        d-----w-        c:\program files (x86)\Common Files\Nokia
2012-02-07 21:25 . 2012-02-07 21:25        --------        d-----w-        c:\programdata\Nokia
2012-02-07 21:24 . 2012-02-07 21:24        --------        d-----w-        c:\program files\DIFX
2012-02-07 21:24 . 2008-08-28 10:44        25600        ----a-w-        c:\windows\system32\drivers\pccsmcfdx64.sys
2012-02-07 21:24 . 2012-02-07 21:24        --------        d-----w-        c:\program files (x86)\PC Connectivity Solution
2012-02-07 21:21 . 2012-02-07 21:25        --------        d-----w-        c:\program files (x86)\Nokia
2012-02-04 17:56 . 2012-02-04 17:56        --------        d-----w-        c:\users\JFGR\AppData\Roaming\Avira
2012-02-04 17:52 . 2012-02-04 17:52        --------        d-----w-        c:\users\JFGR\AppData\Local\Diagnostics
2012-02-03 20:35 . 2010-03-08 04:38        41984        ----a-w-        c:\windows\system32\Spool\prtprocs\x64\KOAZCA_P.DLL
2012-02-03 20:23 . 2009-10-01 08:08        15360        ----a-w-        c:\windows\system32\KOAZCA_L.DLL
2012-01-29 11:00 . 2012-01-29 11:00        --------        d-----w-        c:\users\JFGR\AppData\Roaming\HP
2012-01-29 10:57 . 2012-01-29 10:57        --------        d-----w-        c:\program files (x86)\MSN Toolbar
2012-01-29 10:57 . 2012-01-29 10:57        --------        d-----w-        c:\program files (x86)\Bing Bar Installer
2012-01-29 10:56 . 2012-01-29 10:56        --------        d-----w-        c:\program files (x86)\Common Files\HP
2012-01-29 10:56 . 2012-01-29 10:56        --------        d-----w-        c:\program files (x86)\Common Files\Hewlett-Packard
2012-01-29 10:54 . 2012-01-29 10:55        --------        d-----w-        c:\program files (x86)\HP
2012-01-29 10:53 . 2012-01-29 10:55        --------        d-----w-        c:\programdata\HP
2012-01-29 10:52 . 2010-05-13 10:25        906240        ----a-w-        c:\windows\system32\hpwwiax5.dll
2012-01-29 10:52 . 2010-05-13 10:25        1422848        ----a-w-        c:\windows\system32\hpwtiop4.dll
2012-01-29 10:52 . 2010-05-13 10:29        553472        ----a-w-        c:\windows\system32\hppldcoi.dll
2012-01-29 10:52 . 2010-02-01 06:54        488960        ----a-w-        c:\windows\system32\hpovst11.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 20:48 . 2011-10-16 21:06        132320        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-01-29 04:10 . 2010-08-08 20:02        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-01-04 00:48 . 2012-01-04 00:48        354176        ----a-w-        c:\windows\SysWow64\DivXControlPanelApplet.cpl
2011-12-12 18:19 . 2011-07-05 18:04        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-03-06 552960]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-01-13 7109248]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"iTunesHelper"="d:\programme\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"StartCCC"="c:\program files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"LogMeIn Hamachi Ui"="d:\programme\Hamachi\hamachi-2-ui.exe" [2012-02-07 1987976]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\JFGR\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 136176]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\programme\Hamachi\hamachi-2.exe [2012-02-07 2343816]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 TunngleService;TunngleService;d:\programme\Tunngle\TnglCtrl.exe [2010-11-22 718072]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 SiSGbeLH;NDIS 6.0-Treiber für SiS191/SiS190-Ethernet-Gerät;c:\windows\system32\DRIVERS\SiSG664.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 12:09]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 12:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: SmarThru4 Capture Selection - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll
TCP: DhcpNameServer = 134.130.4.1 134.130.5.1
FF - ProfilePath - c:\users\JFGR\AppData\Roaming\Mozilla\Firefox\Profiles\16dfcxuc.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-S3 - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2191024634-1259103323-1375288803-1001\Software\SecuROM\License information*]
"datasecu"=hex:a9,bd,a5,56,e9,5c,5b,c2,eb,72,d9,dc,e7,b9,9a,86,36,82,c4,10,cb,
  e9,03,9d,a3,9c,6f,59,6b,7f,01,e1,90,93,52,ea,aa,0f,0b,22,73,22,97,80,84,df,\
"rkeysecu"=hex:18,21,db,9b,42,82,55,92,68,34,1c,ef,81,9b,0e,e3
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-22  14:20:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-22 13:20
.
Vor Suchlauf: 15 Verzeichnis(se), 96.625.496.064 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 96.261.509.120 Bytes frei
.
- - End Of File - - E7761A2DB5128DF3AA66E17A5BA1C623
--- --- ---

cosinus 22.02.2012 19:08
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Flixbob 22.02.2012 19:43
Hier kommt die aswMBR.txt!

Code:
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-22 19:33:53
-----------------------------
19:33:53.083    OS Version: Windows x64 6.1.7600
19:33:53.083    Number of processors: 2 586 0x170A
19:33:53.083    ComputerName: JFGR-PC  UserName: JFGR
19:33:53.645    Initialize success
19:34:00.993    AVAST engine defs: 12022200
19:35:14.718    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
19:35:14.718    Disk 0 Vendor: Hitachi_HTS543232L9A300 FB4OC40C Size: 305245MB BusType: 3
19:35:14.749    Disk 0 MBR read successfully
19:35:14.749    Disk 0 MBR scan
19:35:14.765    Disk 0 Windows 7 default MBR code
19:35:14.781    Disk 0 Partition 1 00    1C Hidd FAT32 LBA MSDOS5.0    12001 MB offset 63
19:35:14.781    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      152617 MB offset 24579450
19:35:14.796    Disk 0 Partition - 00    0F Extended LBA            140623 MB offset 337140090
19:35:14.827    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      140623 MB offset 337140153
19:35:14.859    Disk 0 scanning C:\Windows\system32\drivers
19:35:23.797    Service scanning
19:35:49.038    Modules scanning
19:35:49.038    Disk 0 trace - called modules:
19:35:49.070    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:35:49.085    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bb2060]
19:35:49.085    3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8004a1b530]
19:35:49.085    5 ACPI.sys[fffff8800100b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0xfffffa8004a21680]
19:35:49.616    AVAST engine scan C:\Windows
19:35:52.049    AVAST engine scan C:\Windows\system32
19:39:20.075    AVAST engine scan C:\Windows\system32\drivers
19:39:30.777    AVAST engine scan C:\Users\JFGR
19:39:53.382    AVAST engine scan C:\ProgramData
19:41:22.785    Scan finished successfully
19:41:38.510    Disk 0 MBR has been saved successfully to "C:\Users\Felix\Desktop\MBR.dat"
19:41:38.510    The log file has been saved successfully to "C:\Users\Felix\Desktop\aswMBR.txt"

cosinus 22.02.2012 20:48
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Flixbob 23.02.2012 11:40
SASW-Log:
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 02/23/2012 at 11:26 AM

Application Version : 5.0.1144

Core Rules Database Version : 8268
Trace Rules Database Version: 6080

Scan type      : Complete Scan
Total Scan Time : 01:40:09

Operating System Information
Windows 7 Professional 64-bit (Build 6.01.7600)
UAC Off - Limited User

Memory items scanned      : 673
Memory threats detected  : 0
Registry items scanned    : 70055
Registry threats detected : 6
File items scanned        : 120669
File threats detected    : 140

Adware.Tracking Cookie
        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@adbrite[2].txt [ /adbrite ]
        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@ads.adk2[2].txt [ /ads.adk2 ]
        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@adtech[1].txt [ /adtech ]
        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@apmebf[1].txt [ /apmebf ]
        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@atdmt.combing[2].txt [ /atdmt.combing ]
        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@atwola[2].txt [ /atwola ]
        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@bs.serving-sys[1].txt [ /bs.serving-sys ]
        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@content.yieldmanager[1].txt [ /content.yieldmanager ]
        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@content.yieldmanager[3].txt [ /content.yieldmanager ]
        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@doubleclick[1].txt [ /doubleclick ]
        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@fastclick[1].txt [ /fastclick ]
        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@revsci[2].txt [ /revsci ]
        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@serving-sys[1].txt [ /serving-sys ]
        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@tradedoubler[2].txt [ /tradedoubler ]
        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@weborama[2].txt [ /weborama ]
        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@www.active-tracking[1].txt [ /www.active-tracking ]
        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\felix@yadro[2].txt [ /yadro ]
        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\VUOTFSHH.txt [ /ad.yieldmanager.com ]
        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\SR9FY4ZW.txt [ /mediaplex.com ]
        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\HWLNKYR5.txt [ /adserver.adtechus.com ]
        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\QQ7D8LLO.txt [ /imrworldwide.com ]
        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\MACUO8S4.txt [ /smartadserver.com ]
        C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Cookies\GI6BNT0I.txt [ /adbrite.com ]
        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@statcounter[2].txt [ Cookie:felix@statcounter.com/ ]
        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@ad.yieldmanager[2].txt [ Cookie:felix@ad.yieldmanager.com/ ]
        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@traffictrack[2].txt [ Cookie:felix@traffictrack.de/ ]
        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@mediaplex[2].txt [ Cookie:felix@mediaplex.com/ ]
        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@tradedoubler[1].txt [ Cookie:felix@tradedoubler.com/ ]
        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@fastclick[1].txt [ Cookie:felix@fastclick.net/ ]
        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@www.active-tracking[2].txt [ Cookie:felix@www.active-tracking.de/ ]
        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@doubleclick[1].txt [ Cookie:felix@doubleclick.net/ ]
        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@interclick[1].txt [ Cookie:felix@interclick.com/ ]
        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@adfarm1.adition[1].txt [ Cookie:felix@adfarm1.adition.com/ ]
        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@ad.zanox[1].txt [ Cookie:felix@ad.zanox.com/ ]
        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@statse.webtrendslive[2].txt [ Cookie:felix@statse.webtrendslive.com/ ]
        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@tracking.mlsat02[1].txt [ Cookie:felix@tracking.mlsat02.de/tmobile/ ]
        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@zanox[2].txt [ Cookie:felix@zanox.com/ ]
        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@serving-sys[1].txt [ Cookie:felix@serving-sys.com/ ]
        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@www.zanox-affiliate[1].txt [ Cookie:felix@www.zanox-affiliate.de/ ]
        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@ad2.adfarm1.adition[1].txt [ Cookie:felix@ad2.adfarm1.adition.com/ ]
        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@tracking.quisma[1].txt [ Cookie:felix@tracking.quisma.com/ ]
        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@apmebf[1].txt [ Cookie:felix@apmebf.com/ ]
        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\R770M2KS.txt [ Cookie:felix@atdmt.com/ ]
        C:\USERS\FELIX\AppData\Roaming\Microsoft\Windows\Cookies\Low\felix@zanox-affiliate[1].txt [ Cookie:felix@zanox-affiliate.de/ ]
        C:\USERS\FELIX\Cookies\felix@atdmt.combing[2].txt [ Cookie:felix@atdmt.combing.com/ ]
        C:\USERS\FELIX\Cookies\VUOTFSHH.txt [ Cookie:felix@ad.yieldmanager.com/ ]
        C:\USERS\FELIX\Cookies\felix@content.yieldmanager[3].txt [ Cookie:felix@content.yieldmanager.com/ak/ ]
        C:\USERS\FELIX\Cookies\SR9FY4ZW.txt [ Cookie:felix@mediaplex.com/ ]
        C:\USERS\FELIX\Cookies\felix@tradedoubler[2].txt [ Cookie:felix@tradedoubler.com/ ]
        C:\USERS\FELIX\Cookies\felix@content.yieldmanager[1].txt [ Cookie:felix@content.yieldmanager.com/ ]
        C:\USERS\FELIX\Cookies\felix@www.active-tracking[1].txt [ Cookie:felix@www.active-tracking.de/ ]
        C:\USERS\FELIX\Cookies\felix@fastclick[1].txt [ Cookie:felix@fastclick.net/ ]
        C:\USERS\FELIX\Cookies\felix@doubleclick[1].txt [ Cookie:felix@doubleclick.net/ ]
        C:\USERS\FELIX\Cookies\HWLNKYR5.txt [ Cookie:felix@adserver.adtechus.com/ ]
        C:\USERS\FELIX\Cookies\felix@serving-sys[1].txt [ Cookie:felix@serving-sys.com/ ]
        C:\USERS\FELIX\Cookies\QQ7D8LLO.txt [ Cookie:felix@imrworldwide.com/cgi-bin ]
        C:\USERS\FELIX\Cookies\felix@weborama[2].txt [ Cookie:felix@weborama.fr/ ]
        C:\USERS\FELIX\Cookies\MACUO8S4.txt [ Cookie:felix@smartadserver.com/ ]
        C:\USERS\FELIX\Cookies\felix@apmebf[1].txt [ Cookie:felix@apmebf.com/ ]
        C:\USERS\FELIX\Cookies\felix@atwola[2].txt [ Cookie:felix@atwola.com/ ]
        C:\USERS\FELIX\Cookies\felix@adtech[1].txt [ Cookie:felix@adtech.de/ ]
        C:\USERS\JFGR\AppData\Roaming\Microsoft\Windows\Cookies\HRMZ2LBQ.txt [ Cookie:jfgr@apmebf.com/ ]
        C:\USERS\JFGR\AppData\Roaming\Microsoft\Windows\Cookies\OS0RDG6S.txt [ Cookie:jfgr@smartadserver.com/ ]
        C:\USERS\JFGR\AppData\Roaming\Microsoft\Windows\Cookies\jfgr@doubleclick[2].txt [ Cookie:jfgr@doubleclick.net/ ]
        C:\USERS\JFGR\AppData\Roaming\Microsoft\Windows\Cookies\7FNK7BED.txt [ Cookie:jfgr@ad.yieldmanager.com/ ]
        C:\USERS\JFGR\AppData\Roaming\Microsoft\Windows\Cookies\V0W3NCMJ.txt [ Cookie:jfgr@mediaplex.com/ ]
        C:\USERS\JFGR\AppData\Roaming\Microsoft\Windows\Cookies\jfgr@atdmt[2].txt [ Cookie:jfgr@atdmt.com/ ]
        C:\USERS\JFGR\AppData\Roaming\Microsoft\Windows\Cookies\jfgr@adbrite[1].txt [ Cookie:jfgr@adbrite.com/ ]
        C:\USERS\JFGR\Cookies\HRMZ2LBQ.txt [ Cookie:jfgr@apmebf.com/ ]
        C:\USERS\JFGR\Cookies\OS0RDG6S.txt [ Cookie:jfgr@smartadserver.com/ ]
        C:\USERS\JFGR\Cookies\jfgr@doubleclick[2].txt [ Cookie:jfgr@doubleclick.net/ ]
        C:\USERS\JFGR\Cookies\7FNK7BED.txt [ Cookie:jfgr@ad.yieldmanager.com/ ]
        C:\USERS\JFGR\Cookies\V0W3NCMJ.txt [ Cookie:jfgr@mediaplex.com/ ]
        C:\USERS\JFGR\Cookies\jfgr@atdmt[2].txt [ Cookie:jfgr@atdmt.com/ ]
        C:\USERS\JFGR\Cookies\jfgr@adbrite[1].txt [ Cookie:jfgr@adbrite.com/ ]
        statse.webtrendslive.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .divx.112.2o7.net [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .content.yieldmanager.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        rgadvert.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        1.bfugmedia.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        rgadvert.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        rgadvert.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .gostats.de [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        tracking.mlsat02.de [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        rts.pgmediaserve.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        rts.pgmediaserve.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        rts.pgmediaserve.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\WINDOWS.OLD\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZJYKOIE.DEFAULT\COOKIES.SQLITE ]
        C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JFGR@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
        C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JFGR@STATSE.WEBTRENDSLIVE[2].TXT [ /STATSE.WEBTRENDSLIVE ]
        .adtech.de [ C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLR0B1UW.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLR0B1UW.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLR0B1UW.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLR0B1UW.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLR0B1UW.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLR0B1UW.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLR0B1UW.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\WINDOWS.OLD\USERS\JFGR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLR0B1UW.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-UsrMgr
        (x86) HKLM\System\ControlSet001\Services\OPENVPNSERVICE
        C:\PROGRAM FILES (X86)\RWTH OPENVPN CLIENT\BIN\OPENVPNSERV.EXE
        (x86) HKLM\System\ControlSet001\Enum\Root\LEGACY_OPENVPNSERVICE
        (x86) HKLM\System\ControlSet002\Services\OPENVPNSERVICE
        (x86) HKLM\System\ControlSet002\Enum\Root\LEGACY_OPENVPNSERVICE
        (x86) HKLM\System\CurrentControlSet\Services\OPENVPNSERVICE
        (x86) HKLM\System\CurrentControlSet\Enum\Root\LEGACY_OPENVPNSERVICE

Trojan.Agent/Gen-SoftonicDownloader
        C:\USERS\FELIX\DESKTOP\DOWNLOADS\SOFTONICDOWNLOADER_FUER_CODEC-PACK-ALL-IN-ONE.EXE
        C:\USERS\FELIX\DESKTOP\DOWNLOADS\SOFTONICDOWNLOADER_FUER_GSPOT.EXE
Der Malware-Log:

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.22.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Felix :: JFGR-PC [limitiert]

Schutz: Aktiviert

22.02.2012 20:52:00
mbam-log-2012-02-22 (20-52-00).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 450217
Laufzeit: 3 Stunde(n), 9 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 23.02.2012 13:22
Fehlalarme, ne Menge Cookies und Softonic-Müll
Kann alles weg
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Flixbob 23.02.2012 20:03
Ok, dann lass ich die mal löschen.
Soweit ist dann wieder alles gut, es kommt mir nur so vor, als ob das der PC etwas langsamer läuft.
Weiss nicht ob es an der Behandlung bzw. dem Trojaner liegt oder ob ich mir das nur einbilde. Kann das sein?
Ansonsten schulde ich dir ein GROßES Dankeschön. Cool, dass du soviel Geduld mit mir hattest!

cosinus 23.02.2012 21:13
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:04 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131